Kundra reforms hit Queensland:
State Govt pledges ‘cloud first’, IT dashboard

13

brisbane

news The Queensland Government has committed to adopting two of the most radical measures implemented by then-US Government chief information officer Vivek Kundra in the Obama administration’s first term, as it grapples with a government-wide ICT Audit released last week that starkly demonstrates the potential for further disasters akin to the Queensland Health payroll catastrophe.

Kundra came on board in the US Government in March 2009, several months after Obama took office in the US. Kundra’s time in the US Government saw him preside over a number of major changes which have caused wider global ripples within the public sectors of countries such as Canada, the UK and Australia. Kundra, for example, was responsible for creating a whole of government IT dashboard through which government staff could easily gain a birds’ eye view of all major projects and IT expenditure across all departments. Part of the project was that each project had a picture of the accountable executive attached to it — usually a departmental chief information officer. The technology behind the dashboard is publicly available so that other jurisdictions can adopt it.

Kundra was also responsible for pioneering a ‘cloud first’ strategy in the US Government which saw agencies required to evaluate cloud computing options prior to making any new investments in IT.

However, Kundra’s tenure within the US administration did not last long, with the executive leaving the government just two years after he joined it, in August 2011. He then joined Harvard University as a visiting fellow, before being announced as executive vice president of emerging markets for cloud computing vendors Salesforce.com in January this year.

Last week the Queensland Government finally released the long-awaited audit into its ICT systems and processes across its operations. The report is an extremely troubling one for the state and for the future of state government ICT in Australia in general. It found that ninety percent of the state government’s ICT systems were outdated and would require replacement within five years at a total cost of $7.4 billion.

In addition, the Audit lists several dozen major IT applications within the Queensland Government which are at severe risk — if they fail, the state will not be able to keep on providing critical services to the community. Queensland is also far behind when it comes to its fundamental ICT infrastructure, and its ICT procurement processes do not appear to be efficient or effective.

As the state’s first response to the report, its IT Minister Ian Walker told the Queensland Parliament last week that several of the Kundra-style reforms would be implemented immediately in the state government.

“We are changing the way ICT is delivered in Queensland. We are determined to provide better and more cost-effective services to Queenslanders,” Walker told the Parliament. “To do that we are making ICT open and accountable like never before. In that regard I am pleased to announce a new IT dashboard. Within six months all significant government projects, their costs and current status will be released publicly. This is the next phase of the Newman government’s open data initiative and will allow greater scrutiny and transparency of ICT projects. This is just one way we will transform the sector following the release of the ICT audit.” In addition, Walker added, the state would also follow the US in taking a “cloud-first” approach to procuring ICT services.

Queensland is not alone in pursuing such reforms. The New South Wales Government, for example, has also increasingly moved towards a “cloud-first” policy in its operations, for similar reasons as Queensland, and Victoria appears to be moving down the same path as well. The Federal Government has not formally taken a “cloud-first” position, but it has set standards for cloud procurement and mandated that departments and agencies examine cloud computing options during ICT procurement activities.

The first cab off the rank for Queensland’s new cloud computing policy will be its whole of government email platform. The state had begun an in-house whole of government email program in 2007 with a budget of $252 million, with the aim of consolidating some 80,000 state government email accounts into one overarching platform to be based on Microsoft Exchange 2007. However, the project failed and was dumped by the state in July 2012, with then-Queensland IT Minister Ros Bates saying at the time that the potential existed for a cloud-based solution to replace the in-house option.

“We will adopt a cloud-first approach to the procurement of information and communication technology services, delivering annual savings of up to $17 million for the email component of that alone,” said Walker last week.

Other actions which the state plans to take immediately, as outlined by Walker in Parliament, include the establishment of what the Minister described as “the Queensland One Government Network” (believed to be centralised telecommunications infrastructure), as well as conducting basic technical upgrades for high-risk payroll systems (rather than committing to replacing them wholesale, as happened during the Queensland Health payroll systems debacle).

“Contestability will be key as we move forward, meaning we will seek best value for money while moving away from owning and maintaining ICT assets,” Walker said. “The ICT audit and the Queensland Commission of Audit recommendations have presented a strong vision for ICT reform. The Newman government is working closely with industry to create a decisive road map for the future. We have already released a discussion paper around that and look forward to listening to what it is that Queenslanders want. By working together, industry and the Queensland government can and will achieve great things.”

Further details of the state’s IT strategy can be found in its formal response (PDF) to the ICT Audit’s recommendations. The State Government has chosen to accept most of the recommendations of the report.

The Audit’s recommendations come in about a dozen key areas, ranging from how to immediately target savings and waste in the state’s ICT procurement to how to address critical business systems at risk of failure, how to put in place business continuity controls, how to implement new governance controls around ICT projects to ensure past disasters aren’t replicated, and how to handle commodity applications.

Many of the recommendations focus on the ICT Audit’s broad conclusions that the Queensland Government is not acceptably managing its ICT infrastructure and processes, with the recommendation that many aspects of its ICT operations be outsourced.

For example, the ICT Audit recommends that basic technical upgrades be carried out on high-risk payroll systems. However, it also recommends “as an immediate priority” that the state examine the external provision of payroll systems, with a view to replacing government-run systems, with pilot programs being run and business processes associated with payroll (such as the management of awards) simplified. The Audit makes similar recommendations with regard to financial management systems used by agencies, as well as recommending outsourcing in other areas such as desktop support, ‘cloud infrastructure’ and so on.

If you take the ICT Audit and the State Government’s generally positive response to its recommendations together, it appears that the state at least has a path forward out of its morass.

However, saying you’re going to do something doesn’t always mean you’ll do it. Vivek Kundra’s time attemping to implement very similar reforms in the US wasn’t without its controversies, and some doubt the long-term impact of the executive’s vision. A survey of IT professionals in government by online IT community MeriTalk published in September 2011 heavily criticised the executive. “Vivek’s tenure … was like a bottle of champagne — seems like a great idea, exciting start, but the plan’s unclear, and the next morning you wake up with the same problems and a sore head,” said Steve O’Keeffe, founder, MeriTalk, at the time.

Only time will tell whether the same will be said IT Minister Walker in the Queensland Government — and whatever IT executives are appointed to help implement the LNP administration’s new vision for its IT future.

Image credit: US Government, Creative Commons

13 COMMENTS

  1. Wouldn’t security risks associated with cloud computing be a high concern for government files?

    • I agree jasmcd…I don’t get this fascination with the cloud.

      To my mind it’s a financially driven option purely to remove the costs of IT infrastructure for a short term gain.
      After all, how can you say you have ownership of the data if you can’t see or touch the hardware it resides on?
      And who’s to know who else may have access? You’d better hope your cloud infrastructure isn’t based in the US…the Government can access anything they like over there using the Patriot Act as a pretext…and that’s before the NSA crap started.

      • Hi Brad and Jasmcd,

        There is nothing inherently insecure about cloud services as a way of sourcing ICT capabiluities. It all comes down to how you go about it, for what categories of data and how trustworthy the counter-party is. The leading enterprise-grade cloud services providers, both global and Australian-based, can deliver higher levels of security in practice than most under-funded, under-skilled, agency IT departments with ageing assets and un-patched software. This is simply stating the facts based on audit reports and case studies of successful adoption of cloud services by agencies in Australia.

        Cloud services is also not usually about reducing cost (only). The key benefits experienced usually revolve around the increased ability to drive innovation and productivity … and the ability to focus on business outcomes rather than technology.

        The NSA snooping concerns are serious, but don’t really undermine the general case for cloud services. If anything, they strengthen the case for the use of Australian-based cloud services providers vs. US players. The thing to understand is that the traditional approach to ICT in the Queensland government has been a disaster … and the money has run out. A radical rethink is the only option.

        Queensland ICT folks should be asking “How can we safely and effectively use cloud services to both dig ourselves out of this hole that we have dug ourselves into and strengthen our ICT industry?” rather than being suspicious and fearful about cloud services based on largely theoretical concerns.

  2. Especially in light of recent revelations. Might send an email to my state member :-)

  3. Sounds like a good move, although not very confident the Qld gov can put together this portal in under 2 years and for under a few million :P

  4. The thing is there’s nothing stopping a state Govt from deploying and owning it’s own ‘cloud computing’ infrastructure for all departments to subscribe to. Yes, it would still be Govt owned and operated so not outsourced, but would give depts and tax payers confidence in the security of their information and core infrastructure services. It would still provide an environment and framework to radically harmonise all the very disparate and disjointed systems deployed today, would still provide greatly leveraged efficiencies and economies of scale, would still give top administrators complete overview ‘control panel’ management and oversight not just for all projects but for all systems on an ongoing basis – they could see transactional load per application and per department, they could monitor upgrades, cost centres and rebalance load to minimise downtime (something which currently plagues pretty much all major transactional databases in use across Govt today – they fall over with alarming regularity when they’re not running at a snail’s crawl). Heck if they all got together they could pitch in for a centralised federal high-density computing centre that could serve everyone – each state could have its own separate slice of the computing centre too, so they could still remain autonomous; just by sharing budgets, resources and floor space you get much greater value for money buying and operating one massive server farm rather than a dozen smaller ones all over the country.

    • Hi TrevorX, you are right in theory … but in practice this would be unlikely to be either effective or sustainable based on the history of shared services failures in the Australian public sector. It could happen … but it won’t due to the complex and unsolvable organizational dynamics of the public sector and the continual changes in leadership and direction. The next five years of budget austerity make it even less likely to succeed because if it is attempted the motivation will be to cut costs not to build a world-class service.

      I have much more faith in the emergence of enterprise-grade cloud services as a model because they are arms-length from government interference and driven to innovate and to become trustworthy by competitive market forces and transparency of their performance, pricing and operational integrity. They are capitalist economy shared services where customers exercise choice – choosing a service because it is better, faster, less expensive and an acceptable risk (when all things are considered).

      I agree that the NSA cyber-snooping revelations are worrying, but this simply highlights the need to accelerate the growth of enterprise-grade cloud services here in Australia. Governments need to put their demand on the table to make this happen.

      Look at it this way. If a government decided to build a so-called Private Cloud it would probably need to mandate that agencies use it in order to make it pay its way, and to justify the considerable up-front investment. The result is a distorted socialist economy model – likely as not with insufficient investment to work optimally … and hence sullen and unwilling ‘comrades’ would be compelled to use the service no matter how bad it was.

      The better scenario is for agencies to exercise choice and buy services from competitive market cloud services providers. If the service is inadequate just terminate it and buy another to replace it. Most agencies should focus their energy on developing innovative ways to use ICT to improve services delivered to citizens … not mucking around building and running basic infrastructure and commodity-like applications.

      • I would like to add to my sigh; that your statement sounds great.

        Until you realise the effort involved in moving whole of government from one cloud provider to another (if they weren’t getting the value/reliability) would be just as hard as building their own cloud services.

        Make no mistake; if the QLD government goes cloud; then in all likelihood whoever they choose to host them will be well fed for the forseeable future. (Not that I propose any alternative; I just don’t see a government being able to “hop” providers as easily as you claim.)

        Don’t misunderstand me, smaller entities and other well operated players could probably do it relatively easily, but the same problems that would plague a government run cloud infrastructure project; would similarly plague the ability of the government to actually extract value from the market.

        • Hi Peter,

          Hmmm … yes … but my view is that the only hope of salvation is to move away from regarding this as having to be solved at a ‘whole of government’ level. In truth the notion of ‘whole-of-government’ has proven to be a poisoned chalice for government ICT because government executives do not act ‘as a whole’. So, yes you are right that it will be very difficult to move the whole of the Qld government to cloud services … and then to ‘hop’ from one cloud provider to another … and indeed foolish to try.

          This doesn’t mean, however, that cloud services cannot provide a better, faster, less expensive and less risky way forward on an agency-by-agency basis for appropriate applications, data and workloads where mature enterprise cloud services are available.

          I think we need to break the dysfunctional cycle of the pendulum swinging between centralised and decentralised approaches … with the baby going out with the bathwater at each apogee. My view is that cloud services can enable agencies to act unilaterally or in clusters to source world-class ICT capabilities without the need for them all to move as an unwieldy herd. What we need is just the minimum coordination and experience sharing to prevent the predictable mistakes and problems of fragmentation etc. … but beyond that the cloud services path at least offers a feasible way forward for agency-driven innovation and productivity improvements. Start with small successes and build on them.

          At least it offers HOPE! It appears that we have pretty much exhausted all other alternatives haven’t we? Sure … you could wave a magic wand and suddenly the alternative models of In-house IT, shared services and dedicated outsourcing might suddenly start to work … sigh!

          The problem is that heaps of smart and motivated people have been attempting to sort all this out for decades … and here we are. We need fresh ideas and fresh approaches … and we need to ‘wave the surrender flag’ on approaches that have just flat-out failed due to a wide range of factors that are largely beyond the wit of governments to change.

          The pragmatic view is that cloud services can meet SOME needs well … and if this is so then it will free up resources and capacity for the applications and workloads that must remain in-house, on-shore or otherwise in dedicated/customized arrangements.

  5. one man’s “protectection of the privacy and security of data”
    is another man’s “government interference”

    • Slightly ironic that we are talking about government-data and being worried about government interference. (obviously I know it is international government’s in this case)

Comments are closed.