NSW kickstarts cloud email, virtual desktop trial



news The New South Wales State Government today kicked off two trials of virtual desktop and cloud email services, in a move which could eventually signal a mass migration of some 30,000 government users into the cloud and which represents one of the first concrete steps by the state into the new cloud computing landscape.

Australia’s public sector has in the past notoriously been averse to purchasing products and services which fall under the cloud computing umbrella. While pure play cloud and software as a service vendors such as Salesforce.com, Google, Amazon Web Services and others have experienced a solid level of success in various aspects of Australia’s private sector with their solutions, the fact that most such services have been hosted offshore has prevented such companies from making strong in-roads into Australian governments at any level — federal, state and local. Similarly, companies such as Microsoft, Oracle and SAP which offer both SaaS and on-premises models have continued to see strong public sector demand for their traditional solutions, with only slow uptake of their SaaS options.

However, over the past year, the NSW Government has been giving increasing signs that it is moving to adopt the kind of ‘cloud-first’ IT procurement strategy which jurisdictions such as the United States, United Kingdom and New Zealand have pursued over the past several years, in a move which could fundamentally change the way the state buys and uses technology.

In two new tendering initiatives released today along with a statement by NSW Minister for Finance and Services Greg Pearce, the state made it clear just how serious it is about the shift to cloud computing.

The first tender document lays out NSW’s plan to trial what it described as ‘messaging as a service’ (MaaS) technologies. The state’s IT shared services group ServiceFirst currently provides Novell’s Groupwise platform for email and calendaring services to a number of departments and agencies. However, Groupwise is widely regarded as representing a legacy environment for collaboration compared with Microsoft’s dominant Outlook/Exchange platform, or even Google’s Apps (Gmail and Google Calendar) system.

In its documents, ServiceFirst stated that its trial of MaaS options would delivering serivces to about 100 staff of ServiceFirst government customers, but must be ultimately scalable to larger numbers of staff — up to 30,000.

“This call to market and the implementation of any subsequent proof‐of‐concept solution will inform the broader pilot project under the NSW Government ICT Strategy 2012,” the document stated. “This pilot project will investigate and trial new delivery models to better understand the implications of cloud based services for the NSW Government. The outcomes of the project will inform the development of whole of government policies and the implementation of service offerings on the ICT Service Catalogue. Key areas to be studied will include the technical, regulatory, cost, contractual, and usability aspects, the impact on the agencies involved and application for whole of government.”

“In order for Government to better understand the benefits and implications of the change to a service paradigm, respondents are asked to offer proposals for a proof‐of‐concept project to deliver messaging as‐a‐service to approximately 100 staff of ServiceFirst customers. Proposals must be capable of scaling up to many thousands if required.”

The state has similarly flagged plans in another tender document to kick off a trial of what it described as ‘Desktop as a Service’ (DaaS) solutions.

The definition of DaaS is a little vague. In its document, ServiceFirst described DaaS services as “s a solution that provides end users with access to typically used applications to perform their duties”, leaving it up to vendors to decide whether that would include a wholly virtualised desktop environment or perhaps just virtualised applications or applications delivered as a service. The desktop trial will similarly target just 100 staff.

In both cases, the state has placed fairly loose requirements around vendor solutions to be delivered as part of the trial, stating that the trials were an opportunity for the IT industry to provide “innovative solutions without being constrained by legacy technology and to provide alternatives including open source and non‐typical approaches to the requirements”.

However, vendors may still face the issue of data sovereignty in their responses, with the state noting that a number of pieces of state legislation would guide to storage and use of data through the cloud computing services.

ServiceFirst as an organisation currently provides a wide range of centralised IT services to government departments and agencies across NSW — serving some 8,300 staff in 46 NSW government agencies located in about 300 locations across NSW. Its current ICT infrastructure is somewhat out of date; for example, it still runs Windows XP across many desktops (although it also has Windows 7 in some places), as well as Groupwise and Novell file and print services.

Its desktop environment utilises Zenworks and Citrix for application delivery, versions of Microsoft Office ranging from Office 2003 to 2007 and 2010, and versions of Internet Explorer ranging from 7 to 9. It uses SAP’s HR and finance platforms, TRIM, Sharepoint and Objective document management platforms, Active Directory and Novell eDirectory for ID management, and BlackBerrys, iPhones and iPads for smartphones and tablets.

In a separate statement, NSW Minister for Finance and Services Greg Pearce said cloud-based IT solutions were “a large part of the future” and the NSW Government was keen to take advantage of this trend to improve government services.

“We will test multiple cloud based systems across different scenarios and environments to ensure they are cost-effective, secure and efficient and if successful we will look at how they can be rolled out across government,” said Pearce. “The trial will test technical and regulatory questions, as well as opportunities to reduce the Government’s annual ICT expenditure. Importantly we need to know whether NSW Government agencies and ICT suppliers have the technical capacity for the wider adoption of cloud based solutions across the diverse range of government services,” he said.

NSW is also planning separate pilot projects in the areas of Enterprise Resource Planning as a service, Infrastructure as a Service and shared services multi-tenanted email as a service.

Pearce said work is underway with WorkCover, Fire and Rescue NSW, the Department of Trade and Investment and Businesslink who have already engaged with suppliers of cloud-based email, finance and case management services. “Assessing the potential of cloud across a range of solutions will ensure our assessment of cloud-based opportunities is as comprehensive as possible,” said Pearce. “The Department of Finance and Services will monitor and report on all the projects throughout 2013.”

Wow. It’s absolutely fantastic to see a government such as NSW take leadership in evaluating the potential of cloud computing services to help support government service delivery, and I applaud NSW for having such vision. NSW truly is leading Australia in terms of evaluating and adopting cloud computing technologies at the moment, and while I have no doubt there will be some hiccups, this is truly a revolution which needs to come to the nation’s problem-plagued state government IT sector.

Right now I have only good things to say about the approach which the Coalition is taking to IT administration in the NSW State Government. Pearce and co truly “get it” and are forcing the public service to move forward in a positive way in this area. I haven’t been so impressed with a government IT strategy in quite some time, and I look forward to some good results from the trials announced by Pearce today. Such positive is hugely refreshing. I can only hope the other states follow where NSW is leading at the moment.


  1. When all government IT is hosted by the same cloud provider the day will be close behind that all government IT is down – or hacked.

  2. I believe that the politicians clambering to pile us on to the cloud are totally ignorant of the diverse needs of the various agencies and any trial to determine the future of all government IT should have 100 users from each of the larger agencies and a few from the smaller ones take part in it. I believe this trial is being manipulated to succeed, it’s at that point the problems will start, it’s all very good if all agency clients had Desktops with an operating system, email, Office and an antivirus but it’s not that simple. If it were then Businesslink and Service First wouldn’t be having any problems at all.
    The first and major problem will be to try to integrate all the specialist programs that each agency requires to run. Many of these programs are old and have dependencies on things like IE6 and antiquated technologies which make it a pain to update so I believe what ever the winning tender quotes as a estimate will blowout to an embarrassing amount for the government..
    I also have doubts about the potential savings of going to the cloud, I believe the savings will be minimal, you will shed some front line IT staff from the IT Service Desk, all Desktop staff , most email and a few others, you will still need back end application support and packagers. To put that into perspective, for example at Businesslink there are currently 5 staff servicing around 13,000 clients, personally I believe that’s pretty good value for money.
    I also have concerns about the security and stability of the cloud, when you hear about companies like Amazon, Apple and Sony being hacked then I have real concerns for the critical data the agencies will have bouncing around the cloud.
    The cloud is coming, there is no stopping it, IT jobs will be lost and many skilled workers gone forever causing a great deal of hardship for some. It will be only minor consolation to us to read that this has gone horribly wrong I hope the people pushing for this ridiculous plan are held accountable.

    • I disagree. Governments have to get with the market and there are numerous reasons why they need to try cloud services. The big ones though are:

      – Cost. Cloud services move IT spend from CapEx to OpEx and you don’t need to forklift upgrade anything. The service provider (particularly if it’s SaaS) is contractually required to deal with that. These guys are ALWAYS going to be better at datacentre and server management than any government agency is.

      – Users. Government struggles to attract people and retain them in a strong job market. Young employees have *zero* beef with using cloud services and expect the flexibility that a cloud platform provides. Go where the market is going or your long-term costs skyrocket.

      – It’s already “Cloud”. As soon as governments created entities such as ServiceFirst and CenITex, they were already creating cloud services. Shared environments offered as an OpEx service = cloud. To then say “our internal cloud is better than a commercially operated cloud” would be a fallacy.

      IT is a service business, but has its head up its bum focusing on technology (rather than service) instead. The more we un-wind this thinking, the better. If my client asks me for an Email system which supports 80,000 users and is fast, reliable and cheap it is my *duty* to offer them something which fits that mould. And hitting all those markers means a cloud service.

    • Hi “outsourced”,

      The thing to understand is that cloud service providers are simply shared services … that actually work (for once). Whether they work or not can be assessed up front …”cloudy is as cloudy does”.They do this because the cloud providers have the opportunity of a largely greenfield starting point, relatively new technology and control over their service catalogue. They don’t (and can’t) pander to every unique customer requirement … they simple deliver a standardised, somewhat configurable, service. This enables them to achieve massive economies of scale and to deliver this as a benefit to their customers via iterative evolution of service functionality and continual reduction in unit costs. Amazon web services, for example, has reduced its unit service costs 25 times since 2006 … all the while improving the scope and depth of functionality, speed, security, reliability etc. There is no question that cloud services will be the preferred delivery model for many categories of infrastructure and applications.

      In contrast, the old internal government shared services model has failed time and time again because it tries to be “all things to all people” in a closed ‘socialist market’ economy. Agencies are able to insist on their specialised, dedicated, customised solutions with the result that the shared services overall is too complex, too fragmented, too unsupportable … with insufficient investment … and so eventually fails to meet customer expectations.

      The question, however, for government agencies is can they make the changes in their mindset and the way they specify, procure and implement IT that are required to be an intelligent consumer of a standardised cloud service … and to avail themselves of the service benefits and costs savings?

      The only way to progress this argument is with prudent, eyes-open, hands-on experience. It cannot be an academic, theoretical, ideological discussion. The NSW government is doing exactly the right thing seeking to test the market and gain experience. Let’s stop fretting over the process and instead focus on the big picture outcomes.

      The fact is that the current model is unsustainable. If cloud services can provide a catalyst for agencies to tap into shared services that actually work and to change their mindset about the need for customised/dedicated solutions then they can spend more time and money actually delivering policy and service delivery innovations to citizens rather than mucking around duplicatively and unproductively with technology. IMHO. ;-)

      • “cloud service providers are simply shared services … that actually work (for once)”

        “In contrast, the old internal government shared services model has failed time and time again because it tries to be “all things to all people” in a closed ‘socialist market’ economy. Agencies are able to insist on their specialised, dedicated, customised solutions with the result that the shared services overall is too complex, too fragmented, too unsupportable … with insufficient investment … and so eventually fails to meet customer expectations.”

        This post, Steve, represents one of the best and most concise arguments I’ve ever seen for the use of cloud computing services in government, and really crystallised my thinking around the argument. This kind of stuff is why I often mention your name to people as someone who really “gets” the potential of cloud computing services in government. Very nice — I really appreciate your posts on Delimiter!

  3. Hi Ed,
    I appreciate your comments and consed that the premiss behind your points are correct, but instead of cost I believe a better term would be value for money and I believe that if the government chooses to go with SAAS then when they try to implement it across the agencies costs will blow out. If they try to implement a one size fits all solution across the agencies then I fear it will fail miserably.
    I’m not sure where you get the quote of “our internal cloud is better than a commercially operated cloud” but I will use that for an example of what can go wrong, the agency I work for implemented a system, while it’s not a ‘cloud’ solution it is a remote emulation using Citrix. Before this Citrix solution was implemented everything was fine but we have had nothing but problems since with slow response speeds of application and a host of other problems.
    you are right again that IT is a service business, it needs to service the needs clients who in this case have a very diverse range of critical needs and there will be applications that simply will not work in the cloud, so wheat ever solution the government go with needs flexibility.
    Even if the transition to the cloud is a monumental success, most agencies have data of a sensitive and critical nature that no one can possibly guarantee that it will be %100 is safe on the cloud. Imagine if information from Community Services or Police got into the wrong hands or if someone was able to hack NSW Parliamentary emails.
    What every you or I write here makes no difference, it is the governments agenda to push all NSW agencies on to the cloud, I’m just hoping whoever does it takes the time to understand what the agencies roles are and takes the time to ensure that their critical applications run, and cross your fingers and hope it doesn’t fail because if it does there will be no turning back.

  4. Hi Steve,
    Thanks for replying to my post, I do see where you are coming from and for companies like Amazon a cloud solution makes perfect sense one of the major drawbacks of a cloud solution is “They don’t (and can’t) pander to every unique customer requirement”. The problem is many agencies have mission critical specialist applications that most likely can’t be hosted on the cloud.
    I’m not doubting the economic sense of cloud technology, I’m not saying the IT systems we currently have aren’t flawed, my concern is that the cloud wont be flexible enough to service the needs of the agencies and since the very company you held up as an example of cloud goodness, “Amazon” has been hacked you can understand my concern for security.
    I believe this push for the cloud is being run by government officials and upper level management, on the surface cloud computing looks to to be the perfect panacea for any companies IT woes, and for many it’s the perfect solution.
    When you think of government departments, you think of large buildings with full T1 internet connectivity and yeah those do exist. But what you might not be taking into consideration is that there are hundreds of government sites, with painfully slow internet access, which for sure will have an impact on their cloud experience.
    I believe that cloud technology for a desktop solution as it stands at the moment isn’t capable to handle the demands that the various agencies will throw at it. I have concerns for security and the performance at sites with slow internet connections. I hope anyone taking on this project is aware and addresses each of those concerns, if they don’t than they can not succeed.

    • Hmmm … yes, well, “Outsourced” … you are of course correct in saying that not all government applications, data or workloads will be appropriate for cloud services – however nobody is actually suggesting that this is the case. The services need to satisfy genuine agency business requirements and operational constraints … of course. [Though having said this highly specific and customised requirements are not always genuine … we just need better ways to challenge them and steer executives towards understanding the benefits of using standardised functionality rather than insisting on unnecessary … and unaffordable … customisation].

      The fact is that cloud services are already available that are entirely appropriate for some applications, data or workloads … and as the onshore offerings mature the applicability of cloud services to government will only increase. I’ve written detailed case studies of the implementation of cloud services where the outcome was better, faster, less expensive and more secure than the in-house services that were replaced. It can, and has been, done already in the Australian public sector.

      Regarding security, you just need to read the reports published by auditor generals in every jurisdiction to dispel any mistaken belief that government ICT environments are adequately secure today. The coming period of budget cuts, technical challenges and changes in user behaviour (BYO etc.) means that, from any practical perspective, the security of in-house ICT will only weaken further. In contrast, the leading enterprise-grade cloud services providers are, and will be, highly secure and reliable. Its all about trade-offs and practical benefit vs. risk assessments. The world is not a perfect place.

      Amazon Web Services (just to use them as an example) are already being used by many federal government agencies in the USA audited up to a FISMA Moderate security level (which would address the vast majority of NSW agency security requirements). There is no real reason why AWS couldn’t deliver similar levels of security for Australian agencies out of its Sydney availability region – the general argument that “cloud services are not secure” does not actually hold up to rational analysis – sorry! [as long as we are talking about professionally established cloud services provided by enterprise-grade providers]. I’m not pushing AWS, just using them as the exemplar of a mature public cloud service.

      The best way to look at this is to concede that the current approach to government ICT is fundamentally unsustainable overall … wave the surrender flag … and acknowledge that cloud services are already OK for some things and will become progressively more robust, functional and affordable over time. From this perspective the question is really all about how to get started and how to work out where to use cloud services safely and well in order to take the pressure off agency ICT budgets and focus in-house capabilities on those areas that will add the most public value.

    • Oustsourced, if an agency has critical data that needs to be secured then they should encrypt their data from the agency end.
      That data that is stored or processed in the cloud is encrypted, all the agency are using is the compute power.

  5. Well Steve, The problem with your argument as I see it is you are failing to understand the nature of the NSW Government agencies. To start with they were all separate entities, each fending for themselves, each developing procedures and applications to for fill their function. As a result they have become totally dependent on their in house applications to function. The IT demands of Transport will be miles apart from the IT demands of Health which are miles apart from Education. There simply will not be an out of the box solution that will come close to satisfying the basic requirements of there critical services.
    Just getting back to your comment “Though having said this highly specific and customised requirements are not always genuine”. There really isn’t a lot of fat in the agencies IT services, most agencies have core, crucial applications that they simply can’t function without, many of these applications were specifically developed for them and have cost the tax payers millions to develop so I doubt if many agencies will make do with an off the shelf solution.
    As for security, I consed there are definitely are risks at the moment, and those risks to be rectified, but the analogy I would use in this case is that at the moment each agency is pretty much isolated, we are on Australian networks and we are like a very small and uninteresting targets for most world class hackers to worry about.
    Most of the best hackers are in the US, Europe and China, once an originisation as large the NSW government puts all there services on the cloud, that would make a very tempting target for world class international hackers out there.
    A major contributing factor to why there are so few successful attempts at hacking the agencies as they stand is the fact that they use propitiatory applications which the hackers don’t have access to to make sense of any data they might gleam from the agencies. Health use Firstnet CIS (Clinical information Service) Community Services have KIDS, Housing have HOMES and so on, each major agency have applications like these to make sense of the raw data at the back end and without these applications and the very specific user knowledge to use these applications to interpret the data most of the data would be meaningless.if you force agencies to use off the shelf applications then that would give potential hackers the chance to use the same applications to interpret data.
    Nearly any major US and international organisation or company be they on the cloud or not have been hacked, from Microsoft to Apple and Amazon to the US military and NASA to the Kremlin. The thing most of them have in common is that they are large and appealing targets for potential hackers. Hackers are generally very bright and ego driven people that relish a challenge and the larger the organisation they hack the more they like it and the more cu dose they earn from the hacking community.
    Steve I know you are all for a cloud solution and I consed that for things like SAP and MAAS it can make sense. But to try to replace all of IT infrastructure with cloud technology as is stands will be an expensive and embarrassing mistake but one the NSW Government is hell bent on making.
    I hope I’m wrong, I hope the implantation all goes well and it fixes all that is wrong with the system as it stands at the moment. But common sense is telling me it just won’t be that simple.

  6. Hey “Outsourced” … thanks for continuing the dialogue because what we need in this space is open dialogue and a sharing of experiences and perspectives … rather than closed thinking and ideology.

    [Whistles for hobby horse … which comes trotting in due course after a somewhat insolent delay … checks girth strap for tension … climbs into saddle, seizes reins and shouts “away!” …] Actually, I’m in a hotel room in Washington and a bit bored … so … here goes.

    I am actually well grounded in the theory and practice of the Westminster system of government and the primacy of agency autonomy. This was one element of my doctoral studies in Oxford in the late 80s and I was Director eGovernment Strategy & Policy and Deputy CIO for the Victorian government 2001-2006. Government jurisdictions (federal, state) are like a ‘corporation’ with a board (i.e. cabinet) but no head office, with a ‘chairman’ (prime minister/premier) but no ‘CEO’, ‘CFO’, ‘COO’. Each agency autonomously reports to a minister, or multiple ministers, and the structure is randomly cut and diced periodically by machinery of government changes. The primary management mechanism is outputs with loose management of overall outcomes … and agency secretaries, director generals and CEOs are left to make their own decisions on inputs such as people, processes, assets … and ICT. This structure has proven to be highly adaptive and flexible because it optimises for outputs, and to a lesser degree outcomes, while leaving agencies to make their own decentralised decisions on inputs – such as ICT.

    All good. Decentralised agency autonomy rules! But … the strategic problem is that ICT turns out in the long run to be infrastructural and expensive (think motorways) and the decentralised model is sub-optimal when one attempts to take a whole-of-government (i.e. citizen-centric) view. (Wasteful and ineffective for the traveler when agencies duplicate roads and build them to different width and surface specs for no good reason beyond the parochial). Agency autonomy creates fragmentation, sub-scale investments, duplication, silos of processes and information etc. etc. Solution? Throw the baby out with the bathwater, give the pendulum a kick back the other way, centralise ICT into shared services by WoG or clusters of agencies … one motorway with many different vehicles … simple! Problem: This is inconsistent with the core logic of the way the organisation runs. Decentralised agency autonomy rules!

    Hence, shared services tend to be unsustainable … in theory they can work with strong/consistent leadership, solid investment and intelligent/willing customers … but in practice some or all of these CSFs are usually absent. Grrr! OK. Let’s just stop this silly game and let each agency do its own ICT then. Problem: Too expensive, not enough money, not enough experienced/skilled people, ageing workforce, ageing assets. Average ICT quality too low. Also, we need systems across agencies to be more interoperable/integrated to support seamless, citizen-centric, processes. Grrr! There is no obvious ‘one best way’.

    This is the context within which we need to give serious thought to cloud services.

    As I often rant on about (apologies dear long suffering reader!) mature enterprise-grade cloud services are simply shared services that actually work because they were architected from the outset to serve a multitude of customers with diverse requirements. “Cloudy is as cloudy does”. The services are empirically proven to work because customers have voluntarily adopted them in an open competitive market … on the basis that they were better, faster, less expensive and less risky (when all things are considered).

    The strength of the cloud services model, from an agency’s perspective, is that individual agencies can make unilateral decisions about cloud services adoption and still gain the benefits of economies of scale and the use of shared platforms. It is a huge advantage that the services are abstracted, commoditised, standardised and radically externalised … because this enables the service provider to protect itself against the random diversity of its customer’s requirements and therefore deliver and sustain genuine economies of scale. The normal ‘inside-out’(give me what I want) requirements definition logic of ICT procurement is reversed. Cloud service customers need to make a positive choice to think about requirements in an ‘external-in’ (I’ll cope with the way the service works) manner.

    This is a fundamental point … in order to simplify and access economies of scale one must be prepared to make compromises on one’s individual requirements. Hence the nub of the argument. Dedicated agency-by-agency ICT is strategically un-affordable (overall). Shared services fail because governments lack the investment appetite to design and build them for success and also because the internal governance arrangements mean that customer agencies are seldom willing to make the compromises necessary to consume a standardised service offering. Cloud services can succeed (for some applications in some agencies) because they are designed and built to be successful shared services (“cloudy is as cloudy does” … the service does what it says on the label) and because their external arms-length provision means that there is no option for agencies but to consume the standardised, somewhat configured, service offering. QED.

    To address your specific arguments:

    1. Your quote: “The problem with your argument as I see it is you are failing to understand the nature of the NSW Government agencies. To start with they were all separate entities, each fending for themselves, each developing procedures and applications to for fill their function.”

    Ah! But my view is that this is exactly the reason why cloud services can work where both dedicated in-house ICT and shared services have failed! How can it be that AWS, Google, RightNow, Salesforce, ServiceNow, SuccessFactors, Workday etc. support hundreds of thousands of different and diverse customers out of standardised shared services? Each of these customer organisations are “separate entities, each fending for themselves, each developing procedures and applications to for fill their function”. The cloud services model is actually perfectly designed for the organisational diversity of government!

    2. Your quote: “There simply will not be an out of the box solution that will come close to satisfying the basic requirements of there critical services”

    This may be true for some specific applications that are tied to legislation etc, but it is not true for most relatively generic applications such as finance, HR, service management, document & records management, web content management, email, collaboration, office automation, CRM etc. In addition, there is a world-wide recognition emerging that there is a pretty generic set of functionality behind most government agencies. COTS is based on this logic, and SaaS simply reduces the entry cost of these solutions and makes them more flexible. In addition, the new architecture of SOA and configurability that underpins SaaS solutions means that it is becoming indefensible for agencies to argue that they genuinely require customised solutions for all but the most specialised use cases. Even solutions like Oracle Policy Automation (nee RuleBurst) will soon bring the ability to codify jurisdiction specific legislation and policy into commodity-like SaaS platforms. So, you are correct historically – but this perspective needs to be challenged. From a strategic perspective, it is in everyone’s interest for agencies to desist from building dedicated bespoke systems wherever possible.

    3. Your quote: “There really isn’t a lot of fat in the agencies IT services, most agencies have core, crucial applications that they simply can’t function without, many of these applications were specifically developed for them and have cost the tax payers millions to develop so I doubt if many agencies will make do with an off the shelf solution.”

    Tactically you may well be correct, but from a strategic perspective we need to look at the long run affordability of these applications. Perhaps a sunk asset can be used for many years, but as soon as it needs to be upgraded or enhanced (for example to enable mobility or web access or integration with other systems) then the whole thing often needs to be unzipped … and then a more strategic perspective is required. Also, one of the reasons that there is no fat in agency ICT budgets is because they are doing a lot of commodity-like work operating basic ICT infrastructure and systems in a sub-scale inefficient manner … no?

    4. Your quote: “once an orginisation as large the NSW government puts all their services on the cloud, that would make a very tempting target for world class international hackers out there.”

    True. This is why any move to cloud needs to be carefully considered and why agencies need hands-on experience at managing the practical process and technical security realities. I don’t think it is really sufficient to say that fragmentation = safety while consolidation = danger because there is an overarching context of increasing inter-connectedness and flow of information across agencies and jurisdictions. Agencies cannot simply say that it is safer to stay in silos because this is inconsistent with policy and service delivery reform realities – and citizen expectations.

    5. Your quote: ”if you force agencies to use off the shelf applications then that would give potential hackers the chance to use the same applications to interpret data”.

    True to some degree. It just comes down to an ‘arms race’ at the end of the day. I agree with the sentiment of ‘hiding under your desk in your office with the door closed in the far corner of the world’, but I just don’t see this as feasible given the broader issues of budget constraints and the general imperatives for these systems to become increasingly connected to other parts of government and third parties in the private sector. The question is how to participate as safely as possible in an interconnected digital economy … within fiscal constraints.

    6. Your quote: “But to try to replace all of IT infrastructure with cloud technology as is stands will be an expensive and embarrassing mistake but one the NSW Government is hell bent on making.”

    I just don’t agree with this statement at all. Perhaps I am a naiive bunny, but my understanding is that the strategy is to investigate prudent and secure use of enterprise-grade cloud services for appropriate applications, workloads and categories of data using a mix of public and private cloud services arrangements as required to meet agency requirements. I really believe in “cloudy is as cloudy does”. For the first time in ICT history, it is possible for an agency to see a fully operational ICT system working and to test it before they commit to procurement. Agencies should only commit to cloud services once they are sure that they (a) work and (b) can meet their requirements (given the preceding discussion on being flexible about defining ‘requirements’).

    We also need to remember that government itself has influence over how this game plays out in Australia. One of the reasons that I have been quite critical of AGIMO and the Federal Government’s “cloud last” strategy to date is because it’s hyper-cautious approach has failed to put government demand on the table to stimulate the development of on-shore cloud services that are fit for government work. It is a cop out for government ICT strategists to say “the cloud is not ready for government work in Australia” when one of the reasons that this is so is because government itself has not shown leadership and stimulated the development of on-shore cloud services as part of a broader digital economy policy agenda. (Though there is hope for the pending National Cloud Computing Strategy being developed by DBCDE). We need a bigger picture strategic view here which brings together ICT industry development policy with government ICT procurement policy in order to stimulate the development of Australia’s cloud services industry – for the benefit of both government agencies and overall GDP.

    I actually sympthise with many of your reservations, which will no doubt turn out to be quite valid in some agencies and projects in the years to come etc. (many a slip twixt cup and lip). My view, however, is that there are overriding strategic imperatives which mean that we need to treat these as challenges to be solved in the context of a focus on business outcomes – not as reasons for inaction just because they don’t align with the dominant wisdom of ICT thinking and practice.

    The net of all of this is that I think the NSW ICT Strategy is heading in the right direction ;-)

Comments are closed.