Cloud computing: It's coming for you!
When NSW Trade & Investment announced last July that it had signed a three year $14.5 million deal with SAP for a cloud based services, expected to deliver $12.5 million worth of savings each year, it heralded a new era in government cloud computing.
Here was an agency prepared to hitch its computing cart to a third party cloud located in Germany – and to set a savings goal. NSW’s cloud perestroika was hinted at in May 2012 with the release of the State Government ICT strategy, in which NSW CIO Michael Coutts-Trotter noted governments’ relative lateness to the cloud compared to the private sector. That, however, was ending, he said as NSW embraced cloud to “drive cost efficiencies and free up resources to be targeted at new and better services for citizens and business.”
It’s hard to think of any level of government in Australia that can afford to overlook such promise.
Federal government has taken some tentative cloud computing steps: the Australian Electoral Office used a Fujitsu cloud for its tally room in the 2010 election; the Department of Finance hosts data.gov.au in Amazon’s cloud; and the Australian Maritime Safety Authority uses a Salesforce.com cloud to manage shipping information.
The Feds’ main cloud contribution, however, has been thought leadership. In 2011, the Defence Signals Directorate released Cloud Computing Security Considerations, essentially a cloud checklist for public sector organisations. In August, the Australian Government Information Management Office (AGIMO) released an update of its guide A Strategic Approach to Cloud Implementation, intended to help agencies develop and implement cloud solutions. It also released the final version of its community cloud governance report and subsequently released its list of approved Data Centre as a Service (DCaaS) providers for contracts up to $80,000.
To roughly précis their contents: agencies can use clouds where they provide value for money and adequate security, but overseas clouds should be avoided for anything other than publicly available information.
Dr Steve Hodgkinson, Ovum’s research director for IT in Asia Pacific, still maintains that “if you talk to the average executive in the public sector, their general reaction is the cloud is evil, immoral and dangerous. Evil because it’s unproven, immoral because it’s often offshore and dangerous because of the privacy and security.”
Toes in the water
Rather than worrying about what might happen, he thinks public sector organisations should just dip their toe in the cloud and get started.
It’s what the states are doing, he says: “The Department of Business and Innovation in Victoria used Salesforce.com (for grants administration) and delivered on schedule and ahead of budget. They weren’t comfortable that the data was offshore but they decided to work the conundrum.”
A former deputy CIO of Victoria, Hodgkinson says that contrasts sharply with his experience of trying to build a grants administration system for the state. “That cost $10 million, took three or four years to deliver and there was one application which is barely used. Now in less than six months they absorbed all the grants administration into Salesforce.”
“It shouldn’t come as a surprise to anyone – Salesforce is a shared service shared by 100,000 organisations around the world – there are no security issues and they have access to a platform which is functionally developing in an iterative fashion.”
Hodgkinson says the Victorian implementation is at one level an example of world’s best procurement practice.
Fujitsu’s general manager of cloud, John Kaleski, says that there’s a typical hierarchy of cloud adoption for new users. “Typically our customers look at putting their low risk workloads to the cloud – test and development – pure infrastructure as a service,” he explains.
“Once they feel comfortable then the look to leverage more software, or productivity as a service then it’s management as a service, then mobile device management.”
Dave Hanrahan, general manager of cloud services for Dimension Data, agrees with Ovum that the states are leading the charge to the cloud. “In states, the interest is pretty universal while in federal it’s around the smaller agencies where the budget constraints they are under are quite significant.”
Parochialism or concern?
Local government, on the other hand, appears to be lagging: “Although they are at one level most in need, they don’t want to be first,” Hanrahan says.
Hodgkinson agrees: “Local government are the tier of government that can most benefit but paradoxically are having the least to do with cloud – why is still something of a mystery.”
One barrier in the past may have been the lack of specialist local government focused software offered as a service, although some is now emerging.
In August, for example, GovCloud – which was set up by the Local Government Association of Queensland – announced that it had rolled out a cloud based solution for five local governments in response to the Natural Disaster Resilience Program funded by the Commonwealth and Queensland Governments as a response to the 2011 floods and cyclones which cut off communications at a local level.
There are other examples of local councils embracing the cloud: Logan City Council is exploring how to put its infrastructure data into an accessible cloud; Open Windows is running cloud based contract lifecycle management with a handful of local councils; and the Torres Strait Island Regional Council has opted for an Infrastructure as a Service cloud solution from Telstra.
However, in the main the states are still the prime movers on cloud.
Hanrahan says there are a number of requests for state cloud proposals currently in the market. He acknowledges, however, that the states can also prove fiercely parochial about the cloud. “In Queensland there is very much a desire to keep all ICT in the state where that is possible,” he says.
It’s the same in Western Australia, adds Fujitsu’s Kaleski: “Typically state governments are quite parochial. I would say WA is possibly the most parochial about having their data on this (Perth) side of the Nullarbor.”
In August Fujitsu, which has had an Australian instance of its cloud service available since 2010 from two Sydney data centres, announced plans to host an instance of the cloud in Western Australia. The company has had a lot of interest from the WA government, according to CEO Mike Foster.
"We were at the stage where there was demand but no volume," he explains. "Now we have demand and volume. The reason the local cloud was successful is that they want to use the cloud’s elasticity – but they want to know where their data is. We’ve sold that hard.”
Rackspace, which in August announced it would offer a locally based version of its cloud services, also stresses the data sovereignty issue, saying that government and financial services want locally based services.
The company’s general counsel, Alan Schoenbaum, also made an extraordinary commitment given the strength of the US Patriot Act, explicitly saying that “Rackspace will not transfer customer owned data from our Australia data centre to a law enforcement agency of another country (including the United States) without a customer’s consent unless it is compelled to do so by Australian law.”
Data sovereignty and privacy are core issues for the public sector as under national and state recordkeeping legislation public sector agencies must keep tight rein on their data. The National Archives has issued a paper covering records management in the cloud, as have some of the states.
Amanda Barber is manager of government recordkeeping at State Records NSW and says that all jurisdictions considering a move to the cloud need to understand the need for common platforms, common services, common applications and a standard approach to information management in a well regulated environment. Without this even more inaccessible information silos could be generated in clouds.
Technically it's illegal to store a NSW State record outside of NSW (a record is defined very broadly as evidence of a transaction). But aware of the cachet of the cloud, State Records developed a framework which allows agencies to sign up for cloud as long as proper information governance and strategies are in place, and contract terms and conditions are appropriate and well managed.
Kate Cumming, project officer for NSW government recordkeeping, believes that the approach will eventually improve information governance. "People keep assuming that we can push information to the cloud and run Google over it, but we can't," she says. "We need to be strategic about the data we are keeping."
She adds that agencies ned to understand the need for information sustainability and discoverability, and how information might be recovered if a cloud contract lapses. “People think it’s simple but it’s not,” she says.
Jo Stewart-Rattray, Melbourne based international vice president of IT governance organisation ISACA, says public sector organisations need to know what jurisdictional control their information will be subject to, where it will be held, who their cloud co-tenants might be, what protections will be in place, and how data will be backed up. “All of that is heightened in government.”
In August, ISACA released a report on cloud computing return on investment and last year released IT Control Objectives for Cloud Computing, intended to help mitigate risk associated with the move to the cloud.
Barber and Cumming say that they don’t want to inhibit cloud computing; both can see the benefits, especially during government reshuffles. At present reworking agency data when the agency is reformed can be "horrifically complex" according to Cumming. If data was held in one cloud based location, it could be simpler to implement change, says Barber.
Cloud based information could also radically change the sorts of services that could be provided to citizens or residents. Dimension Data's Hanrahan expects that many citizen-facing services – which have been challenging to deliver because they have always had to be scaled to handle massive potential demand from day one – could be developed in the cloud and scaled in lockstep with demand.
It's scale and sovereignty issues that make Federal government slower to embrace cloud, according to Hodgkinson. The states are often more desperate and less well-resourced, he argues, which has driven them to cloud earlier.
“The feds have a greater capacity to do it themselves," he explains. "Look at Centrelink, which is a successful and robust ICT shared service that performs miracles when required. I don’t really have faith that the cloud will get any sort of traction in those mission critical heavyweight environments. But that’s not the sweet spot for cloud services anyway – the sweet-spot is in more commoditised markets.”
Scott Wallace, acting first assistant secretary in the policy and planning division of AGIMO, says cloud is essentially a new service model, and a procurement decision for agencies. “Cloud provides opportunities in terms of greater flexibility and service provision, and can be faster to develop and can lead to cost savings,” he says, but notes that for any agency “ultimately it’s a decision based on a business need.”
Ricardo Centellas, OFM sales consulting director for cloud platforms at Oracle, says that it is the communities, or cloud clusters, that are generating most interest in the federal public sector. Wallace says community clouds will exist where there are common business needs, but also notes that there will continue to be "robust debate" about what is truly a community cloud, and what is merely "cloud-like".
Semantics aside, it is the pragmatic requirements that will dictate how and when public sector organisations migrate to the cloud. The Department of Education, Employment and Workplace Relations, for example, is working on a whole of government parliamentary workflow solution that will be provided to 40 agencies, which has some cloud characteristics.
While purists may baulk at describing the solution as true cloud, it’s an approach that should deliver benefits – and for cloud that’s the bottom line. – Beverley Head
This feature originally ran in the September 2012 issue of Government Technology Review.
The Victorian Government's shared services agency Cenitex and VMware are working to develop...
Google Cloud Platform has secured certification from the Australian Cyber Security Centre (ACSC)...
In our annual Leaders in Technology series, we ask the experts what the year ahead holds. Today...