Qld launches whole of government IaaS panel



news The Queensland State Government has gone to market to set up a whole of government cloud computing panel which would allow its many departments and agencies to purchase IT infrastructure services in this category from a set list of suppliers.

In its tendering documents, the state said that it was responding to two key recommendations included in the 2012 Commission of Audit report led by former Federal Treasurer Peter Costello.

The first recommendation stated that the Government should adopt an “ICT as a service” strategy and source ICT services, especially commoditised services, from private providers in a contestable market, where this was feasible and represented value for money. Secondly, the Costello report recommended the Government utilise (as appropriate) cloud based computing and other emerging technologies as enablers to complement its ICT as a service strategy.

The setup of the panel comes six months after the Queensland’s first comprehensive ICT Audit revealed that ninety percent of the State Government’s ICT systems are outdated and will require replacement within five years at a total cost of $7.4 billion, as Queensland continues to grapple with the catastrophic outcome of years of “chronic underfunding” into its dilapidated ICT infrastructure.

As one of many tactics aimed at rectifying the problems, the Queensland Government has committed to adopting a ‘cloud first’ strategy which will agencies required to evaluate cloud computing options prior to making any new investments in IT. This approach was pioneered in the US Federal Government and is also being instituted in NSW.

Through the procurement process kicked off this week by the Department of Science, Information Technology, Innovation and the Arts, the department said that it was seeking to enter into a standing offer arrangement with a panel of between 10 and 15 “qualified and experienced” organisations to provide Infrastructure as a Service solutions for the Queensland Government.

At a high level, the state is initially seeking to get access to Virtual Machine (VM) compute, storage and network capacity delivered in a public multi-tenant cloud environment with multiple grades of service, with support for commodity x86 workloads.

Through provisioning servers and storage in an IaaS model, Queenland is hoping to be able to achieve: An “evergreen hardware model” which will breaking its existing technology upgrade cycle; a a reduction in the impact of vendors’ product upgrades; an improvement in efficiency where standard solutions are adopted; greater flexibility to adopt ‘fit for purpose’ ICT systems; support for ease of service provisioning and ‘right sizing’ of services; and the enablement of regular alignment of changing business systems and processes with ICT.

It is also seeking to achieve lower costs by only paying only for services used; scalability on demand; a model which requires no capital investment and the realignment of in-house ICT capability from building and operating ICT solutions to improving business service delivery.

In addition, it is expected that services provided under this arrangement will be required to integrate into a broader cloud brokerage model in the future as the Queensland Government develops its long term cloud strategy. This may also include the establishment of a government community cloud for IaaS (subject to further demand justification and a business case).

What this procurement initiative really demonstrates is just how far behind the rest of the IT industry the Queensland Government is right now when it comes to cloud computing adoption. It looks as though the state is trying to shift as many basic x86 workloads into the cloud as fast as possible, in an attempt to rapidly boost its agility and cut costs.

If you look at the adoption of cloud computing as a total cycle, this is very much just the start of the journey. IaaS usually starts with virtualisation of internal server resources, then usually progresses to advanced datacentre and virtualisation management, then internal private cloud, then moving some workloads onto external clouds, then moving more workloads onto external clouds, even public, multi-tenantd clouds.

I would bet that much of the Queensland Government’s server resources are not even virtualised yet, and that the setup of this IaaS panel represents the first step in forcing departments and agencies to go down that path and start transferring workloads to more sustainable and reliable (as well as cheaper) external providers. We’ve pretty much seen the same thing in NSW, although NSW so far appears to be doing a better, more coherent job of the process than Queensland.

Image credit: US Government, Creative Commons


  1. Yep. Think back to the review of CITEC and WOG ICT Infrastructure 8 years ago. Much of this was described in roadmaps and government infrastructure consolidation projects back then!!!!!!

  2. It is interesting to ponder the impact of cloud services on WoG ICT strategy and procurement. Cloud services are a very decentralising form of ICT sourcing model. At least in theory they enable any agency to tap into the economies of scale of large and trustworthy cloud service providers without the need to aggregate demand at a WoG level in old-school panel contracts. Practical experience shows that cloud services adoption is best propagated on an agency-by-agency basis because the new model requires new mindsets regarding how requirements are defined and how procurement is managed. The new mindsets require LEADERSHIP – by agency executives focused on solving real business problems that require pragmatic benefit/cost/risk tradeoffs.

    In this context what value do theoretical WoG procurement panels add? No real demand is put on the table. No real business problem is there to be solved. There is no direct agencyvendor dialogue. The panel is by definition a ‘cold’ compromise that is almost immediately out-of-date compared to anything that a moderately competent agency could negotiate unilaterally in the ‘heat’ of a real procurement. I’ve started to form the view that panel contracts are actually poison for cloud services adoption because they are just too cumbersome and inflexible in such a dynamic services arena.

    The argument is often put forward that it is better to negotiate T&Cs ‘once and for all’ and to leverage these across agencies to save each agency having to develop the skills etc. The problem, however, is the WoG panel arrangement is necessarily implemented by folks seeking to solve a theoretical procurement problem rather than deliver a real business outcome in a real agency.

    A better approach is to create a framework for authorising and encouraging agencies to buy cloud services (just do it!) … but to do so in a collaborative manner – sharing experiences, lessons learned, project documents and contracts to accelerate the pace of organisational learning. The aim should be to create a self-reinforcing virtuous cycle of buy -> share -> collaborate -> reuse behaviours across agencies around a central repository of information – a Cloud Services Catalogue. This puts agencies in the driving seat … rather than perpetuating failed centralised procurement logic.

    Of course nobody wants to create a ‘1,000 flowers bloom’ amateur-hour fiasco, but the truth is that the best way to buy and manage cloud services in government is still unclear. Best practice, or even good practice, is evolving one project at a time. The reality is that this is a body of practical knowledge which will evolve quickly as agencies gain hands-on experience with real cloud services projects. The WoG leadership role should be to facilitate learning … not to pretend that it knows how to negotiate the best contracts for cloud services.

    The paradox is that creating an agency-led self-reinforcing virtuous cycle of buy -> share -> collaborate -> reuse behaviours across agencies may seem ‘weak’ from a WoG perspective … but it will likely create stronger and more resilient WoG efficiency outcomes. Less is more.

    • You say ‘…practical experience shows…’

      Meh, to what evidence, apart from an isolated case study or two, do you refer?

      Sure, there are a few spotty success stories, but when we go looking for evidence of systemic, lasting, and significant change, the available evidence tells a story that doesn’t really accord with your position.

      For someone who calls themselves a researcher, methinks your analysis would benefit from a bit more research and a little less unfounded optimism. Yes, the classic central government panel-type thinking brings with it the kind of overkill that is likely to smother cloud adoption. Conversely, the kind of naive, wishful, free-range thinking that you espouse won’t work either – and the evidence is pretty clear on that.

      All you need to do is ask Mr Google the right sort of question and you will see what I mean.

      In the USA*, where the cloud mantra has been chanted much louder and longer than anywhere else, the evidence is clear that there are some serious obstacles/barriers to cloud adoption that even agencies in the behemoth US Federal Government, who are mandated to adopt cloud solutions, are struggling to overcome. Chief among these is security. Commercial and operational issues aren’t far behind.
      [GAO report: ‘Progress Made but Future Cloud Computing Efforts Should be Better Planned’]

      The experience in the UK** is not dissimilar. Despite a similar sort of mandated cloud preference, agencies are struggling to get into the cloud in a big way. They need a leg-up from support agencies, they simply can’t make the change on their own, even if they want to: ‘…in particular, departments have yet to fully change their culture in terms of approach to ICT as old ways of doing things are so deeply engrained…’
      [April 2013 MPA report on the G-Cloud]

      Sure, every agency in every jurisdiction should work out which cloud services it wants/needs based on its own list of priorities, without those evil, nasty, incompetent whole-of-government types getting in the way. But that kind of choice isn’t inhibited by central/whole of government support in resolving commercial, security and other issues. Choice is facilitated and enabled if these barriers are knocked down with the kind of horse-power and focus that a dedicated team can deliver. Support, (not control!) from the ‘center’ is not only wanted by most/all agencies, it is an essential prerequisite for cloudy success.

      Further, the ICT industry simply cannot afford (nor does it want) to cut 67 million different kinds of deals in every jurisdiction. If you don’t believe me, or trust the evidence on this that is freely available, just interview a few dozen vendors and you will see what I mean. For so-called ‘cloud’ solutions to work effectively, the background noise of security and basic commercial T’s & C’s need to be dealt with first.

      …and don’t get me started on interoperability and data management/governance, governments can barely do these things in-house, what chance do we have in a feral, wispy and ever-changing cloud world?

      Finally, it has to be recognised that the prevailing constraints on government expenditure are real, necessary and apply to the ICT spend, whether we are talking cloud or legacy. Your kind of uber-Jeffersonian vision in which everyone everywhere [Read: every agency CIO] makes every decision without any kind of constraint or context, is only justifiable if one forgets that we are dealing with public monies. The simple and true fact is that it isn’t ‘their’ money. It is our money, yours and mine. Because it is our money, we expect that it will be spent effectively and transparently, and therefore it isn’t a free-for-all. There are, and there always will be, rules.

      Best to help agencies operate within those rules, best to make those rules as simple as possible, best also not to pretend that they don’t exist at all.


      • Hey Brian,

        Good stuff … love the debate. I’m familiar with the GAO analysis and UK Cabinet Office experiences etc. and you will note that I am not proposing an entirely decentralised unplanned chaotic approach. I agree that ‘1,000 flowers’ is not an acceptable outcome, I just don’t think that WoG Panels are a useful solution vs. more adaptive ways of leveraging, guiding and learning from the procurement activity of agencies.

        I guess the essence of my argument is that the traditional centralised-procurement-led approach is a bull in a china shop that too often dissapoints on all three of its CSFs (1) save money, (2) reduce diversity, (3) promote interoperability. The specific problem with cloud services panels, I think, is that they chew up time and resources to deliver … what? A theoretical procurement arrangement that is untested, unproven and inflexible? The NZ Gov spent the better part of a year putting in place an ECMS SaaS Panel only to discover that (largely as a consequence of the usual compromises in WoG requirements definition) none of the vendors really has a NZ-domiciled SaaS ECMS on offer to meet the panel requirements. A better approach would have been for the central policy agency to work with one agency to do a real SaaS ECMS procurement and then to leverage that real hands-on experience and share it across other agencies.

        Maybe this is really a ‘stage of maturity’ argument. As the cloud market matures it will of course make sense to impose a more ‘procurement efficiency’ approach … with WoG contracts and prescriptive standards etc. Trying to do this too early, however, just slows innovation and leads to unintended mistakes because the policy is not informed by hands-on experiences. We need a more adaptive, dynamic, approach which engages agencies in the process of working out how cloud services can add value in government.

        If one could wave a magic wand, of course one would create a ‘normal’ corporate approach to ICT in government … with a coherent enterprise-wide strategy, enterprise-wide strategic vendor relationships and procurement arrangements, enterprise architecture, corporate applications, interoperability standards, an integration BUS, data warehouse blah blah … it would be sweet.

        The reality, in the Queensland and Victorian state governments IMHO however is that there is no magic wand. The Governments seem to be incapable of grasping the enterprise logic nettle … and hence the safest way forward is to empower agencies to find ICT solutions that work (for them) and to leverage success from one agency to another. Find stuff that works and do more of that. Stop doing stuff that doesn’t work. Cloudy is as cloudy does. The central agency role needs to be more about thought leadership/influence/facilitation and less about prescription maybe?

        I do agree with you though that this approach presupposes that agencies have the capabilities needed to successfully and safely buy and use cloud services. We need to focus more on treating this as an organisational learning, skills development problem than a procurement efficiency/risk mitigation problem.

    • Steve, you are emphasising learning and leadership as the critical success factors going forward. That seems to be antithetical to the dominance of process in such environments. What then the role of heavily process oriented approaches such as Prince 2 and MSP and their possible likely contribution to recent failures? – IE we followed process (and process triumphed over outcome).

      • Yup! Find things that work and do more of that. Stop doing things that don’t work … QED.

        I realize that this is an over simplification to provoke discussion, but somehow we need to break the nexus of self-reinforcing cycles of failure … and the best way is to empower agencies to succeed rather than smothering them in ever deeper layers of governance and process nonsense and making them wait on the platform for WoG trains that never arrive.

  3. “large and trustworthy cloud service providers”
    Indeed. As someone who is obviously on the cutting edge Steve, what sort of ramifications has the NSA spying revelations had on the cloud market locally? I read a bit of info here and there about US cloud companies taking hits as a result, but has that translated into a more secure market, or is the underlying concern of government access to your data still apparent?
    Have any governments or corporate entities come out and guaranteed data security in the face of governmental interference?

    • Well – firstly there ARE Australian-based “large and trustworthy cloud service providers” … as well as overseas-based cloud services providers that host data here in Australia.

      The NSA PRISM revelations have undoubtedly raised the general anxiety levels around the outsourcing of IT services to US vendors, and cloud services is a subset of this scenario. The reality, however, when you talk to agencies that actually use US-based cloud services is that they remain as confident as they were before in the general integrity of the services.

      It all comes down to pragmatic benefit/cost/risk tradeoffs.

      We need to separate the fear/anxiety/hype from the reality. As Renai highlighted earlier in the week, the standard of information security in state government IT systems is known to be poor and not getting any better: http://delimiter.com.au/2013/12/02/vic-govt-abjectly-fails-security-tests/

      In this context, the NSA can probably access any information that it wants from state governments anyway … and perhaps already has!! ;-) People who live in glass houses shouldn’t throw stones …

      More seriously, this debate has a long way to run yet and we need to avoid ‘knee jerk’ reactions based on perceptions rather than facts. Each agency needs to look at the type of information that it manages and ensure that its information systems enable it to meet its legal and regulatory obligations with regard to privacy, security, the integrity of public records etc. This, however, involves pragmatic tradeoffs usually made under sub-optimal conditions of financial and skill constraints. There is no ‘perfect’ solution … and (as the audit reports reveal) it is not sensible just to pretend that in-house IT is more secure than outsourcing because most of risks arise due to internal human factors. The risk of the NSA snooping on agency data is, for most agencies, probably the least of their worries …

      Cloud services can be as, if not, more secure than under-invested, sub-scale, in-house IT environments. Of course, if all other things are equal, most agencies would prefer to buy from an on-shore/in-state vendor because it ‘feels’ safer and is more politically (buy local) palatable. Incidents like NSA PRISM reinforce the perception that US-based vendors are more exposed to US Government snooping … but they don’t necessarily change the facts of the information security landscape … nor the realities of the market dynamics that create affordable world-class cloud services.

      • Please appreciate Steve, my comment was not an attack on Cloud based systems, but rather an interest in what effect the NSA Prism scandal has had on the cloud community as a whole.

        The fact is the NSA Prism situation has raised awareness of this sort of issue to a higher level than previous, this has had an effect on US cloud systems, which was to be expected.
        What I am wondering is whether this has translated into real industry efforts to ensure the integrity of client data from governmental interference.
        I thought as you are obviously a representative of the industry, that you might be able to shed some light on the actions of the industry in the face of this awareness.

        I am not against Cloud based systems, although I am against the wholesale change to cloud without first considering your actual needs. Like all things there are situations where cloud is ideal, and situations where non cloud solutions are ideal. I dislike “hyped” changes where Manager XYZ reads an article on the next best thing and then implements it. This is coming from a background in both Government and Corporate environments.

        I apologise if my comments came across as anything but genuine interest in the possible industry reactions to an adverse situation.

        • Hey Woolfe … geez … I think we get too sensitive in these forum sometimes! ;-) No apologies necessary … it is all good discussion IMHO and I value the opportunity to bounce ideas around.

          There has been a bit of discussion in the past few weeks about the major vendors beefing up encryption in response to the NSA stuff, including this little gem:


          One can imagine how pissed off all of the major US ICT managed services and cloud services vendors are about this stuff and I think it is clear that they will be doing all they can to bolster customer confidence in the integrity of their services …

          All depends who you talk to whether or not encryption will make any difference …

          Have a good weekend!


          • :-)
            No worries Steve.

            I imagine most of this will blow over, as these situations tend to. But invariably they leave changes that often change the underlying infrastructure(usually in a good way).

            I’d like to hope that various Cloud groups are banding together to attempt to head off future “government” interference in their businesses. By using legal avenues to make it harder to get access, or by pushing for governmental change in order to ensure that this sort of thing can’t be accessed without due process.

            A lot of the encryption pushes are meaningless when the government can demand the encryption keys. Lavabit was a prime example of this, the truly scary part of that was it was a “secret court” and the gag orders made it somewhat insidious.

            Anyway. It’s interesting times at the moment.

            Hope you have a good one as well.

  4. Taking an ICT focus will probably fail. It is the ‘business model’ that will drive the underlying information services. For instance the Scottish Government now has a single ‘private cloud’ service that runs across the whole of its public sector. It has accrued and audited savings of a billion so Pounds. The starting point was not technology but the development of a business model – a clearly defined corporate view of procurement services delivery and operation across the whole of the public sector.

    Even with this and an aligned information services to support procurement it took a number of years to get to critical mass. The reason was more to do with attitude, ways of doing things, seeing the benefits of a whole of public sector approach, etc. I would suggest that you would need to take a similar approach to other business processes that may potentially be WoG, or whole of public sector. A similar approach to procurement services delivery across all Australian States and Territories would liberate significant savings. But this will not happen.

Comments are closed.