Policy innovation: Govt replaces cloud computing panel with … new panel

16

cycle

blog Those of you who followed the Commission of Audit release several weeks ago would be aware that one of the key recommendations in terms of the Federal Government’s technology infrastructure was that it establish a ‘cloud-first’ procurement policy. Yesterday the Department of Finance took its first step towards implementing that policy, opening a survey which will canvass cloud vendors’ views on the issue. Finance Assistant Secretary Mundi Tomlinson writes on the Department’s blog:

“As part of the consultation process a Cloud Procurement Working Group has been established to consult agency representatives regarding their requirements for cloud services.

In order to achieve a balanced view of what the market can offer, I am seeking input from cloud service providers by inviting you to complete the survey at the link below by AEST 5.00 pm 28 May.

Finance intends to invite interested cloud computing providers for face to face discussions in the near future. The providers will be selected from a mixture of small, medium and large companies and the discussion will focus on issues relevant to the requirements of the Cloud Panel. Interested providers can indicate their willingness to participate in these discussions in the survey.”

What’s not precisely clear at this point is how this new panel will differ from the old one, or how the new ‘cloud-first’ policy will differ from the old one. Seasoned watchers of the Federal Government will recall that the Government had already established a cloud computing panel back in October 2012. In addition, various politicians, including then-Communications Minister Stephen Conroy, had already proclaimed a ‘cloud-first’ policy for the Government, back in May 2013.

Although the Federal Government is indeed pushing heavily into cloud computing solutions in some areas (such as in public-facing websites), and while there have indeed been small examples of cloud computing deployments at some agencies, in general Canberra remains a broadly cloud-free zone, with most IT projects being squarely along traditional lines. One wonder what, if anything, the shiny new policies will make, given that they would seem to be modelled precisely on the ineffective old ones.

16 COMMENTS

  1. Of course it’s a different panel, this one is shinier, costs more and is full of wonderful fresh ideas that pop out of the double rainbows of happiness located in the silver lining of ‘the cloud’

    Next you’ll be stating that the People’s Front of Judea is like the Judean’s Peoples Front..

    Blasphemy.. bloody Blasphemy!

  2. Hmmm … I remain pretty skeptical of the efficacy of these whole-of-government panel and cloud store arrangements. The problem is that they are trying to bring an efficiency approach to something that is still at a very early stage of evolution and very fast moving … and really needs to be nurtured as a cultural/behavioral agenda rather than optimized from procurement efficiency and risk management perspectives.

    Panels and cloud stores are stuck in a value-adding dilemma. Too little assurance adds no value. Too much creates a bottleneck. What is the value of the arrangement vs. agencies just availing themselves of services from the competitive market?

    The goal should be to try and accelerate cloud services consumption from innovation, organizational learning and industry development perspectives – which is really and agency-by-agency decentralized innovation agenda. The most important KPI is the number of procurements and projects … each one is point of innovation and learning for both agencies and for the vendors. These points accumulate and compound over time to change the art of the possible … hence the key thing is that more is better. The measure of success of the DCAAS Multi-Use List and its successor should be transparency around the number of procurements and successful projects that it stimulates. Does anyone have a view of this? There seem to be very few tangible examples to show for a lot of activity writing documents and obliging vendors to wait in an orderly queue to put their offerings in a shop with few buying customers …

    Attempting to centralize and aggregate this pattern of activity through panel procurement arrangements seems sensible from an old-fashioned government procurement logic, but in practice has the effect of smothering decentralized innovation and slowing things down. This is an unintended consequence I suppose because the intent is to act as an enabler, but centralized initiatives just can’t help themselves from being controlling and risk-averse … if only because the folks driving them are not on the front line of service delivery getting their hands dirty and making pragmatic outcome/costs/risk tradeoffs.

    I’m in the UK this week for Ovum’s annual IT Industry Congress, and it has been interesting getting an update on the progress of the UK government’s cloud store. It started out as a bit of a ‘looney tunes’ initiative really … a store populated by very immature service offerings (2 guys over a corner shop …) but they have just completed their 5th round of tendering for service offerings and it actually is picking up momentum. The UK has a different context because the departments are largely locked into monolithic outsourcing arrangements for business processes as well as IT services – inflexible and high cost arrangements which the government is trying to break up using cloud services as a catalyst for a new model. The interesting thing is that the cloud store in its 5th iteration is actually starting to drive the big outsourcers to offer more flexible as-a-service offerings … so it is having an effect even though take up by agencies is still slow. The cloud store is nonetheless creating an ‘alternate reality’ for IT procurement – which is what the government was seeking.

    Another positive impact of the Cloud Store has been to act as a ‘bull in the china shop’ with regard to contractual terms and conditions for cloud services. The weight of government’s demand, or potential demand, is obliging vendors to create more enterprise-grade terms and conditions of service and accelerating the iteration of the legal frameworks necessary for agencies to be comfortable with cloud services procurement.

    The problem, however, is that this is all still largely a theoretical discussion absent of tangible proof points … and the consequential pragmatic organizational learnings. My sense is still that the better approach is to create conditions which stimulate decentralized innovation in agencies – many cloud services projects … the more the better. Risks should be managed by encouraging experience sharing, collaboration and reuse based on empirical evidence, rather than by attempting to control or direct cloud services adoption centrally.

    It makes more sense to me to have a shared catalogue of services that have been proven by agencies to work and be trustworthy … rather than a somewhat out-of-date list of services that may or may not work from vendors that may or may not be trustworthy.

    All the ‘back office’ effort put into panel procurement arrangements would be better put into promoting, supporting and showcasing successful cloud services projects in agencies and sharing the lessons’ learned and reusable artifacts created at the frontiers of cloud services adoption … in agencies.

    • Hi Steve, hope you are well.

      It’s promising to see that Cloud providers are willing to consider different commercial terms. I think a decentralised view for many aspects of Cloud planning and implementation is a good thing. With lessons learned one of the many roles that a centre led strategy could play.

      However, I also believe that centre led strategies have an important role to play regarding common commercial controls. The Vic Govt eServices register contract addresses some of these things, however, more can be done at a Whole of Government level to help agencies set commercial terms, provide tools and/or provide Cloud services (Marketplace based or otherwise) that create a “Safe-habour” for agencies to transition to the Cloud.

      What cannot be forgotten are the risks already inherent in ICT projects which Cloud does not avoid or prevent. Cloud can either exacerbate those risks or can help to mitigate if used correctly in the planning process. A simple ” Buy Cloud-First” combined with ubiquity of access without control wont stop ICT disasters in Govt.

      Cheers Charles

      • Hey Charles! you are right – cloud services is just a refined shared-services-based technology delivery/sourcing model … it is as easy to make a pigs ear of it as any previous model … where there is a will there is a way!

        Some degree of centralized enablement is necessary and useful … but my observation is that the bias of action at the moment is better placed on empowering agencies to gain experience and then sharing and showcasing what they have done and what they have learned. In such a fast moving space it is difficult for central agencies to ‘lead’ because the path is uncertain and evolving … they are better to humbly facilitate, document, share, promote collaboration etc.

        Legals T&Cs is one are where there is value in a central lead, but even then the temptation of central agencies is to take a very conservative approach because the folks setting the rules see themselves as being accountable for preventing bad things that might happen but not responsible for making good things happen (i.e. for achievement of better, faster, less costly or less risky business outcomes in an individual agency). This dynamic leads to a process that requires a portfolio minister and the Attorney General to sign off an offshore public cloud service procurement … doesn’t it?

        This may be a very prudent approach for some categories of data and some use case scenarios etc. but the consequence is to heighten the perception of risk and reinforce the preservation of the status quo ‘just to play it safe’. Is this a bad thing? Maybe not (it all depends on your perception of the adequacy of the status quo).

        My sense, however, is the status quo (particularly at state government level) is not good. We are better off encouarging agencies to learn the new skills needed to safely take advantage of public cloud services – rather than creating unusual and impractical process hurdles for them to jump over just to test their fitness.

    • S Hodgkinson wrote:
      ‘Attempting to centralize and aggregate this pattern of activity through panel procurement arrangements seems sensible from an old-fashioned government procurement logic, but in practice has the effect of smothering decentralized innovation and slowing things down. ‘

      First, panels, in and of themselves, don’t typically ‘centralize and aggregate’.

      In fact, most panels do not even attempt to do either of those things. Panels, properly set up, simply provide a streamlined means for agencies to purchase things. Centralisation is a different sort of activity (read: ‘shared services’) and aggregation, although possible through some panel constructs, is again, essentially a different thing altogether.

      Second, where is the evidence that panel-led procurement slows things down?

      Having all the heavy-lift procurement tasks done once on behalf of a jurisdiction makes a great deal of sense (read: re-use). These non-specific and usually non-value adding tasks include legal work and, sometimes, setting of technical/security standards, The truth is, apart from a couple of notable debacles, panels have been shown many times to speed things up.

      Where have panels slowed things down?
      Data points please, not just assertions.

      • Hey Brian,

        MUL and Panels = centralization? Not necessarily … you are right. In practice though? I think they often do create an expectation that agencies procure through the panel … and sometimes there are additional process steps involved in buying off-panel. If it saves time, effort and money then great… and if not mandatory then agencies can always choose to buy off-panel. I get that … in practice, however, the dynamic is often that if a panel exists it is expected to be used by the procurement folks.

        Assertions? Hmmm … maybe … but anecdotally supported by observations and conversations with folks around the agencies.

  3. Steve,

    I have often wondered why government more broadly doesn’t adopt a similar model to what exists in the Defence sector in terms of rapid prototyping and proofs of concept for ICT projects given the large number of failures.

    EG something similar to what is encompassed by http://www.rpde.org.au/

    These mechanisms provide the safe habour to experiment /test and to evaluate/learn and the policy framework to migrate proofs of concept into large scale production. Or simply for them to be used to more fully inform tender processes by enabling more refined specifications.

    Any experience in such processes – other models that you have come across given it would seem relevant to cloud adoption.

    I once asked one of the people who reviewed the Australian innovation system as to why this doesn’t happen – the response was “QUITE”!

    Why do I raise this – some years ago I was responsible for establishing as best one couldsomething similar on the government side for ehealth – but it was never effectively used/was subverted but potentially could have saved Millions.

  4. Hi Renai

    Some explanation may help your readers. In October 2012, we launched a trial procurement mechanism for cloud and cloud-like services – the Data Centre as a Service Multi Use List (the DCaaS MUL – http://www.finance.gov.au/policy-guides-procurement/data-centres/data-centre-as-a-service-dcaas-multi-use-list-mul-fact-sheet/). I realise that the distinction isn’t obvious to all but a MUL isn’t a panel. A panel can be used for procurements above $80,000 through a quote process, as it is established by an open approach to market (an RFT). A MUL requires procurements above $80,000 to be conducted using a pre-qualified tender – allowing agencies to approach just those vendors on the list, not an open tender.

    The DCaaS MUL was limited deliberately to an $80,000 ceiling because we wanted to enable easier procurement while reducing the risk in this new area of procurement. This was successful. In 18 months, we have issued 30 contracts worth a total of $1.4m. More than 60 vendors have chosen to join and they offer more than 1300 services. We’ve done seven tranches of assessment and we’ve learnt a lot about the cloud market and this will inform the more broader panel arrangement.

    The post this week is about exploring the market to get additional feedback on how to better manage cloud procurement. If one accepts that it wouldn’t be prudent for government to build its own cloud or procure a single solution from a single provider, and we have numbers to show the former and I don’t think the market or agency needs are mature enough for the latter, then we have two choices – set up a panel or have every single procurement over $80,000 go to a full open tender approach. We’re exploring the panel now.

    In the current post, we’re seeking to establish the vendors we will speak to in detail about their offerings and ideas. I think it is a bit rich to jump to the conclusions that you and your readers appear to have done, at least to some extent. How would we develop new approaches if we didn’t do this?

    As to my old friend Steve, we’re not mandating anything here. We’re trying to ease the path for agencies and vendors. As Steve knows, I disagree with almost everything he has to say on this subject but I don’t mind the discussion. I would point out that some of we centralists are indeed responsible for delivering services so maybe he could go a little lighter on the generalisations. We may indeed end up with a service catalogue of sorts in this case – but at least give us the opportunity to work the issues through before condemning us. No matter how much showcasing we did, agencies would still have to do the procurement – and it’s that burden we’re seeking to relieve.

    @Charles – I agree.

    @Phillip – I’m familiar with the work of RPDE. I think it is clear that it provides a useful mechanism for matters within its scope. I understand it was funded to the tune of $12m in 11-12 and $8m in 12-13 (http://rpde.org.au/publications/2/file/p17bu2dmni1e84m1h1uqi160b1anm3). That’s not cheap in non-Defence terms. I don’t see how I could generate funding for that in our case.

    Thank you again for the platform Renai. I hope you’ll continue to follow our progress and, at the end, judge whether we’ve achieved value for money.

    Cheers

    John

    • hey John,

      thanks for your explanation — I really appreciate it, and I’m sure other readers do as well. I suspected the situation was something like this.

      Having said this, I have to say that the action the Government has taken in this area seems quite slow and minimalist. The contracts which you have mentioned being signed as part of the existing MUL appear extremely small, and I suspect would literally just be agencies testing the water with tiny trials.

      I would contrast this with the recent procurement effort Finance entered into with respect to the SaaS Drupal CMS effort. In that area, I see a huge potential for real change. Finance has appropriate set a central standard and is coordinating procurement in a way that will benefit things from a whole of government perspective.

      In contrast, the way you guys have approached much of the rest of the cloud computing market in general appears to be along the lines of ‘dipping our toes in the water’. This in itself wouldn’t be a problem — but the rest of Australia’s major organisations, including much of State Government, did that some time ago and is now actively deploying major cloud computing projects. We see this in the states as well as in the financial services sector, despite the fact that it, like the public sector, is quite conservative with IT deployments and tends to be quite focused on the issue of data sovereignty.

      Would you say that the Federal Government is doing enough to encourage cloud computing adoption, and if not, what do you think the best next steps to be? I’m conscious that federal govt departments and agencies are not seeing the same level of project and service delivery challenges as the states are (which is driving a lot of the cloud adoption there), but one does also suspect that this would actually place federal departments and agencies in a better position to get ahead of the curve.

      I know I have been constantly critical of government in this area, and I apologise for this. But I do hear from a lot of government technologists (further down the chain than you!) that they are frustrated with the slow pace of change here, and I also believe there are obvious benefits in terms of flexibility and cost for the federal government to push harder in this area.

      As always, appreciate your continued engagement,

      Kind regards,

      Renai

      • Hi Renai

        A couple of points:

        – One of the common misperceptions about IT is that new things should be adopted quickly or somehow one is seen as being too slow. Generally, as most of our current needs are being serviced in one way or another, we only adopt new things when the contract needs to be renewed. We don’t break contracts just to change technologies. Stable requirements are usually satisfied by longer term arrangements so it’s not surprising that movement in stable areas is slow.

        – Yes, the DCaaS MUL contracts are small – as I explained, we set them up this way as we were trialing a new method of procurement. Now we are moving to the next step. This is prudent, not risk averse IMHO.

        – My preference is to talk about what we are doing or have done, not about what we might do. Announcements, particularly by vendors, about the future, often create a public perception that the wish is the reality. Obviously, often it is not.

        – Much of government’s information processing needs concern matters with privacy considerations. This adds a level of complexity that other enterprises don’t necessarily have.

        – The government’s pre-election commitments discussed cloud usage (http://www.liberal.org.au/latest-news/2013/09/02/coalition%E2%80%99s-plan-digital-economy-e-government). Finance and our colleagues in Communications and other departments continue to work towards implementing these. Our work in this proposed cloud panel and the GovCMS project are but some of the activities under way. My colleague, Chris Dale, described more of this work in his speech at CeBIT recently (http://www.finance.gov.au/blog/2014/05/07/cebit-speech-egovernment-conference-2014-opening-speech/).

        – Are more junior staff frustrated with the pace of change? I hope so – not in a perjorative sense and not too much but because I’d much rather be applying the reins than the spurs. To get change, one needs dissatisfaction. We rely on those staff for new ideas and lateral thinking. I hope they keep pushing us forward. Mine certainly do.

        Cheers

        John

    • Um … anyway .. the only reason we are having this interesting discussion is because you are out there doing stuff John … and care enough to contribute to such forums … so keep up the good work.

      The consultation by the Cloud Procurement Working Group is, of course, a good thing to do. Maybe it is worthwhile also explicitly inviting executives from State government agencies that have had many years of hands-on experience of significant cloud services procurements to a workshop? David Kennedy at NSW Trade & Investment, Chris Gillmore and Grahame Coles at Vic DSDBI, Joe Young at DCSI Disability SA … maybe even folks from institutions like Monash University that have deep and sustained experience of public cloud services for a range of mission critical applications?

  5. Hi John, thanks for clarifying the activity stats from the MUL … is there any scope for case studies of successful cloud services stories from agencies do you think? Are there any interesting ‘new art of the possible’ stories in the 30 contracts that should be more widely told?

  6. John, Thank you for taking the time to interact and comment publicly. I don’t disregard what you said in response to my comment – however, in my experience the critical ingredient is actually Capital L leadership and this is not so much about the $$$$.

  7. I completely agree with Charles. There is no doubt that the cloud technology will empower the ICT in government agencies and public sector institutions but we must ensure some solutions to fix the security risks related to Cloud. Overall, all of these steps signal a brighter future.

    • “security risks related to cloud” ? What about the security risks related to under-invested, unsustainability funded, outdated applications and infrastructure operated by agencies that lack the process disciplines and skills to comply with information security requirements? (i.e. the observations made in many audit reports of government IT environments). And if it is bad now, how good will it be after the effect of the next rounds of budget cuts?

      Mature enterprise-grade cloud services can offer high standards of information security protection – higher than agencies could otherwise achieve – but only if the right mindsets and skills are developed … caveat emptor.

      What we need to do is to learn how to manage information security in the modern digital economy by gaining these skills as quickly as possible within our financial and operational constraints.

Comments are closed.