news The new Coalition Government’s Commission of Audit (CoA) has strongly recommended the Federal Government adopt a “cloud-first” IT infrastructure procurement policy, in a move which would clear up Canberra’s often-confused approach to the issue and see it follow other jurisdictions such as Queensland, New South Wales and Victoria.
Section 10.7 of the CoA’s report (available in full online) highlights the fact that there is currently a global trend for organisations to move away from owning and operating ICT assets to more flexible and cost-effective cloud computing models.
“Public cloud computing offers the greatest savings by amortising costs over millions of users globally,” the report states. “It can produce significant savings in the total cost of ownership, estimated at estimated 20 to 30 per cent of infrastructure costs. Private cloud facilities are more expensive but offer benefits such as increased security.”
“The emergence of cloud-based technology offers the potential for better efficiency and service standards across government. Savings are available across all three typical cloud service offerings: software, platform and infrastructure.”
However, the report noted, the Federal Government had been “slow” to adopt cloud computing, preferring to rely instead on bespoke, legacy systems. Concerns about the security and privacy of placing public data in the cloud as well as “general risk aversion” had impeded progress in this aea in the Federal Government, the report stated.
To rectify this situation, and in accordance with the approach being adopted outside of government, for example in the banking sector, the Commission recommended that a ‘cloud first’ policy, particularly for low risk, generic ICT services should be clearly articulated and enforced by the Government. “Over three to five years, this could progressively reduce ICT costs as cloud computing becomes the default option,” the report stated.
In order to make it easier for departments to source cloud services with confidence, the CoA proposes the Department of Finance establish a whole of government cloud computing provider panel to confirm the viability, capability and costs of large-scale cloud computing providers. Agencies could then obtain quotes for such services as the need arises.
Competition should be maintained in the market for cloud providers by adding new vendors and services as they become viable. This would also allow government to establish standards for such services. The range of offerings in such a panel would allow agencies to procure public or private cloud computing services, with appropriate levels of security.
On the face of it, the audit’s recommendations would appear to bring the Federal Government’s IT procurement policy in line with similar policies recently enacted in other jurisdictions such as Queensland, NSW and Victoria, which are using cloud computing solutions to deal with systemic and ongoing IT service and project delivery crises.
In addition, a new cloud computing policy has the potential to remove some roadblocks to cloud adoption in the Federal Government.
In July last year, the Federal Government released a new cloud computing security and privacy directive (PDF) which requires departments and agencies to explicitly acquire the approval of the Attorney-General and their relevant portfolio minister before government data containing private information can be stored in offshore facilities. Data which doesn’t include personal information — and thus isn’t subject to privacy regulations — won’t suffer the same conditions.
Unlike existing cloud computing policies used in the Federal Government, the policy did not emanate from either the office of the whole of government chief information or technology officers, key parts of the Australian Government Information Management Office which helps set central government IT strategy and policy. Such policies have tended to favour removing impediments to cloud computing adoption, rather than adding barriers.
Instead, the new policy appeared to be a document created by the Attorney-General’s Department, as part of the Protective Security Framework which it administers to help ensure the physical and information security of the Federal Government as a whole.
The policy was immediately criticised on Twitter by Steven Stolk, the chief information officer of minor agency the Australian Sports Commission. And key IT supplier Microsoft has also written to the Federal Government that the Attorney-General’s cloud guidelines had “added an additional hurdle for agencies’ consideration of cloud computing services.”
However, it is not immediately clear what steps the CoA would recommend any cloud computing policy implement to go past existing structures inside the Federal Government for dealing with cloud computing.
The Department of Finance and its AGIMO unit have already published centralised cloud computing procurement guidelines, and a cloud computing supplier panel of the type recommended by the CoA already exists. In addition, success Federal Governments have already declared ‘cloud-first’ policies, which have appeared to have little impact on Federal Government procurement outcomes.
Cloud computing lobby group OzHub, which counts Macquarie Telecom, VMware, Infoplex, Alcatel-Lucent and F5 Networks on its member list, immediately welcomed the CoA’s recommendation.
“A cloud-first policy is the right way to go and the Australian Government should take immediate steps to implement these recommendations,” said Matt Healy, Chair of OzHub. “Australia is already ranked as one of the world’s most cloud-ready economies and the government is poised to realise the efficiency benefits of a cloud-first policy.”
“The Australian industry is ready, and has invested deeply in data centres that provide the cloud computing infrastructure. Further, the rollout of the NBN and 4G networks as well as increased use by federal and state governments will only further develop cloud computing to the point where it’s business as usual.”
Of course, I strongly agree that the Federal Government should be pushing heavily into using cloud computing platforms, and I think most progressive thinkers (and even many conservative voices) in the IT sector would agree. Over the long term, cloud computing platforms will increasingly become bog normal, due to their inherent advantages over the traditional way of doing things.
However, I don’t think the CoA has really provided any detail here about how such a strategy should be pursued. The Federal Government already has policies and panels in this area. And yet, because of the lack of high-level ministerial interest to drive it, adoption of cloud computing has been tepid compared with other jurisdictions. A stronger approach is needed if change is to be witnessed here. That’s not an opinion — that’s just what the evidence to date clearly shows.