Most of us use cloud services, whether we realise it or not. We use cloud to contact friends and to share stories, images and news through social media and we use cloud storage services to store our data and information from computers and smartphones. Cloud offers the convenience of accessing computing services as we need them, via the internet.
For many organisations, adopting cloud services requires different skills and a major change in culture. For government, adopting cloud services could reduce costs, lift productivity and deliver better services. For example, we may reduce costs by being able to use ready-to-go cloud-based applications and provide a better user experience through more cohesive government services. Cloud can also make it easier for us to share resources and capabilities.This could lead to less ‘reinventing the wheel’ and increase our ability to share improvements in business processes and systems.
Cloud provides government with the opportunity to develop and use shared platforms and capabilities that can benefit everyone.
What is ‘secure cloud’ for government?
Secure cloud is a term we use for services able to meet the privacy and security requirements for critical government systems. It means that government can use cloud with confidence. This is important because government agencies have often faced challenges adopting cloud for services handling sensitive information.
Investing in cloud services isn’t new for government. Current government policy requires agencies to consider cloud solutions as a priority when rolling out or replacing ICT infrastructure, applications or services. For government to get real value and efficiencies from using cloud we need to go further to ensure government has the skills, knowledge and confidence to manage secure cloud services.
The Australian Signals Directorate recently certified two cloud service providers to store classified information. This announcement provides agencies with more options to use cloud storage in a secure way and in line with government policies. Another nine providers are already certified to store sensitive information that is not categorised as classified. As more cloud providers enter these markets, the opportunities for government to adopt cloud solutions will increase, as will the market opportunities for providers of cloud services.
Where are we now?
A review of the 2016 eCensus identified a number of possible barriers as to why government has been slow to take up cloud services. These include fear of breaching privacy obligations, low comfort managing risk, and an immature understanding of cloud. Instead, agencies have tended to rely instead on having a physical presence in data centres, which is less flexible and potentially more costly than cloud. The review argued that cloud computing could be used in both the public and private sector to improve cyber security, particularly for small organisations.
The review has prompted government to look at ways to improve agency understanding and uptake of secure cloud and take advantage of the benefits this may bring.
The DTA has started discovery to develop the evidence base for a secure cloud strategy. At the moment we are undertaking user research and analysing business needs across government.
In developing the strategy we will also be consulting with agencies, industry and key policy stakeholders. This consultation is to identify the key outcomes, services and features government needs from cloud. We’ll find out what isn’t working and what are the perceived barriers to cloud, which will help shape strategy.
When complete, the strategy will provide opportunities for increased whole-of-government adoption of cloud technologies and reassure agencies that cloud services are robust, reliable and secure. The strategy will make it easier for agencies to decide when to adopt cloud and what combination of cloud and traditional ICT best meet their business requirements. Getting the right balance of cloud and non-cloud offerings is equally important. Many government systems use bespoke solutions which agencies have maintained and developed for many years. It won’t be a case of one -size fits all, and the strategy will allow for this.
We will also focus on capability development to ensure agencies are better supported to assess the benefits and risks of delivering cloud-based ICT solutions. This will help inform our own assessments on behalf of departments and agencies to ensure the consolidation of government platforms and uptake of cloud services provides the best outcomes for government.
The strategy will be released later this year, and we will provide updates on our progress in the meantime.