By Rob Forsyth*
The change of government at the Commonwealth level will have no impact on the general move by the public sector toward greater acceptance of Cloud platforms to deliver citizen services.
In fact, the new Coalition government will almost certainly accelerate this process. After several years of high-level policy development, the rubber is about to hit the road.
Of course, Australian governments at all levels have rightly exercised caution in their approach to Cloud services. Any new system or process of handling citizen data must be handled with extreme care.
Government agencies should understand that any information that is already in the public domain – such as on their websites – can therefore safely be shared in a public Cloud. Of course careful consideration and review needs to be given to what information needs to stay in a private Cloud, and importantly in Australia.
The Commonwealth unveiled its National Cloud Computing Strategy last May, a comprehensive document developed by the Department of Broadband, Communications and the Digital Economy under former Minister Stephen Conroy. The strategy development was broadly consultative, and it included input from the Australian Government Information Management Office (AGIMO) and from the private sector.
I was able to direct some input into that strategy as an inaugural member of the National Standing Committee on Cloud Computing, an advisory group to all levels of government. I was also the chairperson of its Code of Practice sub-committee. I mention my involvement in the committee only so that I can attest to its substantial deliberations, and its apolitical nature. Australia has been through such a fraught political environment over recent months: it is worth remembering the standards inside of bureaucracy do not rise and fall with the froth and bubble of acrimonious debate, but rather from considered and deliberate caution.
The National Cloud Computing Strategy announced by Senator Conroy a few months ago presented departments and agencies with a roadmap for Cloud implementation without being too prescriptive about what should or shouldn’t be moved to Cloud environments.
At its broadest interpretation, the strategy encouraged the public service to move to Cloud architectures simply by saying that it should be “considered” in any new project. And of course the strategy included detailed risk-management guidelines for moving forward.
The Coalition confirmed that it would retain the thrust of the Cloud strategy, and through the language of Communications Minister Malcolm Turnbull looks like stiffening the spine of the policy by making it a “Cloud first” proposition. This is significant, because it effectively directs public servants to look at the Cloud option as its first and most desirable option for new projects.
The implications of Cloud are huge for government. There are many opportunities for all levels of government for better, lower cost services, but there are challenges too.
Of course, regardless of the cost advantages, or service level improvements delivered by Cloud applications – and these are significant – there will always be some applications and some data that will never be suited to the public Cloud. These will rightly remain on-shore, and in a private Cloud facility.
There are some government services and data that cannot be put at risk. Some of these are related to national security, but others that seem mundane – like social security or taxation – are fundamentally critical to the running of society and cannot be allowed to fail. And these are now the decisions confronting our public servants.
But broadly speaking, the new Cloud-based architectures offer an incredible upside for better, more secure services at lower cost.
Best fit for Cloud
Public sector ICT managers from the smallest councils to the largest Commonwealth departments are now working to better understand where the Cloud can reasonably be applied. The federal government’s massive ICT budget means that any changes in the technology direction it undertakes can have a significant influence on other users across the Australian economy – and so it will be with Cloud.
And although the National Cloud Computing Strategy was developed at a federal level, among the biggest beneficiaries of the strategies will be councils – particularly those in non-metropolitan areas. These smaller councils are frontline service providers in their communities, but are very often under-resourced and do not have ready access to key technology skills that are abundant in the cities.
Cloud applications give these smaller council operations access to the same level of professional services as any city council – with applications tailored to their operation in the same way that many small business cloud applications have delivered enterprise-grade tools to smaller players.
If there is an issue for councils in implementing Cloud architectures into their operations, it is in taking the leap of faith required to allow computing infrastructure to exist elsewhere. For local government managers, there are fears about security, and about losing control of the management of constituents’ data.
The reality is that IT security can be dramatically improved by a move into the Cloud, and that enterprise grade Cloud security services are now common and mainstream. There are a variety of ways in which this is done, depending on the requirements of an organisation.
But a regional council, for example, that has remotely located employees logging into its services can very easily add an inexpensive virtual private network (VPN) with a Sophos RED box (remote Ethernet device). These devices provide the same security and functionality as if the remote user’s machine were physically connected by Ethernet cable in the office.
Sophos also provides a suite of Unified Threat Management (UTM) tools that can be a physical piece of hardware, a virtual server, or be hosted in the Cloud itself. There is no reason why UTM effectiveness is reduced simply because part or all of an IT environment has been moved to the Cloud.
This includes encryption services, which are an important mainstream security service. The encryption and decryption of data as it moves into and out of the Cloud is a low-cost, effective security tool that should always be considered when moving services to the Cloud.
These kinds of solutions are well suited to council operations that do not have the resources to adequately address in-house IT.
As an example, where a council may use an online storage solution such as DropBox, Cubby or Skydrive type of service, it is possible for Sophos encryption software to encrypt the data before it goes into the public cloud. This would mean that if the Cloud service provider were to ever lose the stored data for whatever reason – it would remain unreadable to any third party. Naturally the need for procedures and protocols regarding ongoing, secure local backup applies whether you choose a Cloud solution or tradition IT installations.
Time to make the transition
The movement in the business and corporate sector towards a vast range of Cloud-based services has been very swift in the past few years. The information technology landscape has been transformed. Governments are quite rightly conservative users of technology. But the cost differential and scope for service improvement are so dramatic that it is important that governments not only look at Cloud landscapes, but start the movement to it.
Of course there are certain applications and services and types of data that are not suited to this environment. But broadly, our policy makers at the federal level have spoken, and agencies are being encouraged to actively engage with Cloud providers.
This will accelerate the uptake of Cloud services by the other tiers of government, and in particular I would hope that it encourages local and regional councils to investigate Cloud options.
*Rob Forsyth is Director Asia Pacific, for Sophos, an active spokesperson within the IT sector. He lends his expertise to several industry associations, including the Internet Industry Association, The Internet Society and the Australian Computer Society. Since 2009 Rob has led the Over the Horizon forum of Cyber Security Week run by the Australian government Department of Broadband, Communications and the Digital Economy. He is an inaugural member of the Australian Federal Governments National Standing Committee on Cloud Computing and currently chairs the Code of Practice sub-committee. He also serves as a member of the New Zealand Government’s Cyber Security Awareness Advisory Group and was recently re-appointed as Chairman for Crime Stoppers NSW.
Comment below to have your say on this story.
If you have a news story or tip-off, get in touch at firstname.lastname@example.org.
Sign up to the Government News newsletter