New Govt cloud computing strategy:
Foggy, or healthy cumulus?

14

cloudcomputing

blog One could be forgiven for thinking that the word “cloud computing” is in vogue in Australian Governments at the moment. The NSW Government is pushing hard into the cloud, the Victorian Government has shown signs of doing the same, and even Queensland is thinking about getting into the act. The Federal Government, of course, already had a cloud computing policy courtesy of the Australian Government Information Management Office (AGIMO), but now it also has a National Cloud Computing Strategy (see the full document here), as released by Communications Minister Stephen Conroy at CeBIT in Sydney this week, and put together by (yet another) expert panel. Conroy tells us:

“The strategy will: Open up the Australian Government’s annual $5 billion a year spend on ICT to cloud computing by requiring federal government agencies to consider cloud services for new information technology purchases; Promote the benefits of cloud computing to small businesses, not-for-profit organisations and local governmen; [and] support a vibrant cloud services sector through competition, a highly capable technology workforce, and regulatory settings that promote growth and foster innovation.”

Coincident with the release of the strategy, AGIMO itself has released a new version of its existing Cloud Computing Policy; which we assume will recognise Conroy’s stipulation that government departments and agencies will now be required to consider cloud computing options during procurement. Australian Government chief information officer Glenn Archer notes:

“The update recognises that the cloud market in Australia has matured significantly in the last two years, and that there are now clearly opportunities for Government to make use of Cloud to achieve savings, greater agility and better business outcomes for its own IT needs and those that service the needs of citizens and businesses that interact with Government.”

Not everyone has been as enthusiastic as the Government could perhaps have hoped about the strategy; iTNews described Conroy’s release as a “National Fog Strategy”, describing it as a “weightless, immaterial piece of fluffy nonsense”. However, Steve Hodgkinson, the director of Ovum’s Government practice in Australia and New Zealand, has taken a somewhat more positive view of events, in a blog post published overnight:

“The Australian government has finally embraced cloud services as a critical element of the digital economy by releasing a National Cloud Computing Strategy. While not quite “cloud first”, the strategy creates an explicit requirement for agencies to consider cloud services for new ICT procurements, test and development activity, and to migrate existing websites to cloud services at natural refresh points. When combined with a range of other measures, this represents a significant step forward in the modernisation of the government’s thinking and approach to ICT industry development and to its own procurement and use of ICT.:

I haven’t yet been through all of the material released by Conroy and AGIMO over the past week. However, it is good to see the Government focusing on this area explicitly, as Hodgkinson notes. I have no doubt that there are fluffy aspects of both the policy and strategy, as iTNews wrote, but I also know that it can take a while for these kinds of concepts to sink a bit deeper into the public service. It will be interesting to see what comes of these releases over the next 12 months.

14 COMMENTS

  1. I agree that it makes sense to consider cloud services. I also agree that it should be subject to the best value for money option. I don’t think “cloud first” is appropriate.

    Regarding the “explicit requirement for agencies to consider cloud services”, I would be a little surprised if Agencies were not already considering cloud services when they make decisions. However, it will require Agencies to spend more time documenting their consideration of cloud services.

    It will be added to a long list of issues that Govt staff need to consider when making procurement decisions. Eg you can have a look here to get a sense of the number of policies that Government staff need to take account of when buying services.

    http://www.finance.gov.au/procurement/procurement-policy-and-guidance/buying/policy-framework/procurement-policies/principles.html

    • Hi Michael … you make a good point about the complexity of procurement policy … which just seems to get ever more complex with layer upon layer of new guidance. There is a paradox in the fact that mature cloud services deliver highly centralized, standardized, solutions primarily thorough devolved (i.e. agency-by-agency) decision making. Agencies don’t need to “hold hands and act in concert”, all they need to do is act unilaterally to buy services that deliver better business outcomes for them individually. Cumulatively over time such unilateral activity will likely deliver better whole-of-government outcomes than previous generations of failed whole-of-government ICT strategy initiatives (such as common systems and shared services) because the cloud services are already large scale, standardized, configurable shared services platforms. “Cloudy is as cloudy does”. In this context the merit of centralized procurement arrangements and top-down policy for cloud services is still a matter of debate. Indeed, ill conceived rulebooks and centralized arrangements (DCaaSMUL?) designed by folks with little practical hands-on experience of cloud services procurement and use can be more of an inhibitor than an enabler vs. just seeking to accelerate both the rate of adoption at agency level and the rate at which experience is shared across early adopters.

      Agencies are, indeed, already adopting cloud services … but substantially in a ‘skunkworks’, under-the-radar manner which is not necessarily conducive to an acceleration of the overall rate of innovation … and certainly not conducive to open sharing of experiences and organizational learning. For example, I learned at CeBit on Tuesday that Salesforce has around 50 public sector clients in Australia … a very well kept secret!! We need to get this innovation activity out in the open and being discussed and admired to share experiences and to boost enthusiasm for Internet-age ICT-enabled policy and service delivery transformation. This would be a good counter-argument to the ‘doom and gloom’ that is so often associated with ‘old school’ public sector ICT projects. All of the public sector cloud services projects that I have studied and written up as case studies reveal better, faster, less costly and less risky outcomes. They are good stories.

      One of the main benefits of the National Cloud Computing Strategy is that it will establish a stronger and more positive authorization basis for this activity … so that agency executives can come out of the shadows and start discussing and sharing their cloud services innovation stories … with pride … not in fear of being accused of being a risky adventurer by folks with a process compliance mentality and no accountability for innovation or the business outcomes of agencies.

  2. Given many decades experience in federal government circles my confident prediction would be imminent headlines regarding massive data losses and compromises due to poor tender choices in cloud contracts re security provisions… even the banks are leery about this, but that won’t stop the inevitable fed meltdowns…

    • Hmmm … security is always front and centre of any cloud services procurement, and the conclusion is usually (as long as we are talking about well considered use of a mature and enterprise-grade cloud service provider) that overall security is enhanced by cloud services. This seems counter-intuitive, but it is usually true in my experience. The cloud services provider’s survival is entirely dependent on the maintenance of trust and reputation every second of every day … and they know it. The leading cloud service providers have very high standards of security.

      The things to focus on are actually just the same things that should be focused on in any 3rd party ICT services arrangement … and revolve around gaining adequate confidence and assurance that:

      1) The service provider is a trustworthy counterparty – and is externally audited and assessed as such.
      2) The contractual protections are adequate in all the usual ways (recognizing that there will be some practical cost/benefit/risk trade-offs to be made).
      3) The SLA meets the business requirements (recognizing that there will be some practical cost/benefit/risk trade-offs to be made).
      4) You know, and can control, where the data is located and how to get it back.
      5) You have a ‘Plan B’ in the event that the service fails or you wish to terminate it.
      6) You know and manage explicitly the categories of information that are allowed to be stored in the cloud service provider’s platforms.
      7) You manage all of your own obligations regarding identity and access management protocols, the configuration of security settings in firewalls and applications etc. and operational processes involved in the use of the service.

      Its no different to any other way of sourcing external ICT capabilities.

      People usually get carried away with idea that cloud services adoption means that folks with no professional experience and training will make ill-considered use of inadequate and immature consumer-grade services. Sure, if this happens, the outcomes will be bad … or at least unpredictable … as they would be if the same approach was applied to in-house IT, shared services or outsourcing.

      It is all just about using common sense … and using mature enterprise-grade cloud services … which is itself just common sense.

      • Steve, these guys don’t even know what TOR means, can’t block a site without murdering a 2000 party domain and trust the US ‘free traders’ to TPP us into state of the union lackeyhood. Trust ’em with the cloud? Yeah, sure, no probs at all…

        • Hey Duke … which “guys” are you referring to? There are a range of mature enterprise-grade cloud service providers, some of which are Australian-based and some of which are hosted off-shore. There are, of course, also a range of not-so-mature cloud service providers. Who are you talking about? You need to be more specific …

          My argument is simply that, in my observation, some cloud service providers can be better, faster, less costly and less risky than some alternative in-house, shared service or outsourced provision arrangements. It all comes down to specifics … which are mainly drive by two considerations: (a) the adequacy and quality of the existing arrangements, and (b) the adequacy and quality of the cloud service.

          The big picture perspective is that as budget constraints bite harder on in-house arrangements, particularly in government, their quality starts to fall … infrastructure assets age, applications are not maintained, process and training discipline is neglected, staff turnover rises. Conversely cloud services providers are becoming progressively more mature, functional, secure … and competitively priced. It naturally follows that there comes a point where it is worthwhile to consider cloud services as a practical alternative.

          Simply asserting that some”guys” (as you say) aren’t any good doesn’t really help the discussion much does it?

  3. Steve
    I know cloud things are lurking in Govt Agencies.

    One of the reasons that I suspect that usage of cloud is not prominent is because the Agencies may not have ticked all the boxes against the things that the cloud policy tell Agencies that they need to consider and sort out.

    I should add that this only conjecture. I don’t have any real evidence.

    However, I do have a good appreciation of the amount of work and effort required to address all of the policy requirements (and there are many) in an ICT procurement.

    • Don’t forget Steve is just doing his job, marketing ‘cloud’ services where-ever possible, whether the optimal solution or not.
      He’s not exactly going tot be the voice of balance considering his employment.

      He does remind me of the sales types spruiking thin client all those years ago though.
      What will happen is the inevitable cycle between in-house, out-sourcers of various stripes claiming mystical efficiency gains even though the very laws of physics and information theory are against them (e.g. somehow adding in layers of management – that are an automatic requirement when you outsource – will make things more efficient. Even though this has never happened anywhere, ever in human history).

      Then the inevitable rebuilding of systems within the organisation as the out-sourced systems prove inefficient, expensive and unreliable.

      For government cloud is probably useful for CRS but that is about it. For core IT services, not so much.

      • Hey Stephen … yup … just doin’ my job trying to advocate for ways to boost innovation and productivity in government.

        The “whether the optimal solution or not” aspect is, of course, up to the executives making the ICT sourcing decision … based on all of the factors that need to be considered. It is true I rant and rave a bit (my bad!) but I’m not advocating that cloud services are appropriate in all contexts … only that they are appropriate in some. Caveat emptor.

        Did you mean “CRM” instead of “CRS”? I’ve written a few case studies of cloud services adoption by government agencies that show that (a) there are benefits beyond CRM … in IaaS and in other areas of application functionality, and (b) it is interesting how an initial narrow focus on CRM is starting to widen as agencies discover that the cloud services platforms actually offer flexibility to implement a range of solutions. An example is the Victorian Department of State Development & Business Innovation which started out with a CRM application as the reason to choose SaaS but is now using the platform for grants administration … in more of a PaaS model. The key attraction is the flexibility and scalability of the platform as well as its support for web access and mobile devices.

        • Hi Steve,
          You make an interesting point there about cloud and in particular PaaS enabling process agility and flexibility.

          While it is true that organisations have to pick horses for courses based on their unique needs , I think a key part of all this which is missing in the debate is that current assessment models do not generally allow for recognition of the benefits of future agility/ innovation, and even if they do there is precious little points in any RFP allocated towards this factor compared to others.

          The only constant in Government (or any other sector for that matter) is change – legislation, political parties, priorities, technical change and citizen demand. What we have seen, over the last few years of giant failed ICT projects, is that the majority of cost is not in creating something, but in changing it later on. Current TCO/ ROI models however, don’t really allow for easy comparison of potential future change when it is unknown, and none of us have a crystal ball.

          The standard solution is to model the top 5 or so scenarios, and play them out as they are understood today. This is then compared against current known costs. This presents assessors with a difficult problem from a risk & ROI perspective, especially when presented with something like a discount on licensing from an existing vendor (ie we cut your costs by 20% if you stay with us).

          Essentially an organisation is comparing uncertain or unknown future benefits, against certain cost savings now. Most CFO’s who are looking for a 9-12 month payback will choose the less risky & definite – but less innovative/ agile/ cost more in the future – immediate cost saving.

          A move to ask organisations not just to consider cloud, but which allocates a set % of RFP’s to Future Agility and lower future cost of change would be a better step IMO.

          Have you seen any models globally which allow for easy comparison of future business agility? I would be really interested in them if so, we can add them to the Australia 3.0 Govt stream.

          Finally – long time reader of your comments on here and also wanted to show my support for your impartiality.

          • Thanks Tom … you make an excellent point that I have been pondering for quite a while and am trying to write a research paper on. I discussed this earlier in the year in a comment about leveling the playing field:

            http://ovum.com/2013/03/13/government-policy-makers-should-level-the-playing-field-for-cloud-services/

            The Type II risks in cloud procurement (i.e. the risk of making a bad decision not to select a cloud service when it would have been better) are largely ignored by policy makers due to an over emphasis on traditional Type I risks (i.e. the risk of making a bad decision to select a cloud service). The current procurement frameworks undervalue the strategic benefits of cloud service because they take a very narrow view of both requirements and costs.

            What we need is a framework which allows for reasonably objective qualitative assessment of the pros, cons and costs of (1) Custombuilt, (2) COTS and (3) SaaS solutions implemented (a) In-house/on-premise (b) in a Shared Service Center (c) in an outsourced arrangement, and (d) as a cloud service. The analysis needs to consider not just the existing requirements but also some anticipation of the likely evolution/flexibility in functionality required to satisfy evolving business needs … or at least some allowance for the reasonable costs of keeping the solution current … over a 3-5 year outlook.

            In agencies that I’m aware of who have attempted this type of analysis a mature enterprise-grade SaaS solution is a compelling way forward – in terms of both the speed and low cost of immediate implementation and the reduced costs of ongoing enhancement of the solution. The ongoing benefit is mainly attributable to the fact that the solution is genuinely a shared service (so ongoing enhancement and maintenance costs are pooled across all users … not carried as customization costs by one agency only).

      • hey Stephen,

        Steve has ably defended himself, but let me remind you that it’s not OK to accuse other posters of bias on Delimiter. Steve Hodgkinson works for an independent analysis firm (Ovum), and I have never seen him spruik something for the sake of spruiking it — he has 100 percent of the time argued for the IT solution that is the best fit for need — not for one arbitrary technology over another. I have complete confidence in him, and he is one of the most respected analysis in Australia.

        If you post another offensive comment along these lines (‘playing the man and not the ball’), I will ban you from commenting on Delimiter for a few months. I suggest you refresh yourself on our comments policy here:

        http://delimiter.com.au/comments-policy/

        The only reason I haven’t deleted your comment already is that Steve has already responded.

        Kind regards,

        Renai

  4. I fully endorse Steve’s comments which, as usual, are right on the money.

    I think the media coverage of this strategy release has focused far too much on the core goal related to Govt use of cloud services and not nearly enough on the two other major core goals in the strategy. These are 1. Promoting cloud computing to small businesses, not-for-profits and consumers; and 2. Supporting a vibrant cloud services sector.

    These issues go to the heart of two BIG national dilemas – improving our national productivity by appropriate and effective use of transformational ICT and positioning ourselves as a provider and innovator in cloud services, not just a consumer. We need more debate and advocacy about how to achieve these outcomes.

Comments are closed.