According to Aaron Liu, CIO for the New South Wales Department of Justice, the key to successfully implementing a businss service is the relationship with the vendor.
Speaking at Criterion's Implementing an As-a-Service Model conference in Sydney on Tuesday, Liu seperated a businesses relationship into two halves: A quick hookup, or a marriage.
"In some ways it's like getting in bed with your service provider, whether that's cloud or managed service, or even internally," he said. "Is it a hookup? Or is it a long term marriage -- a much deeper composition?"
Liu said that on the one-off implementation side, it is usually the hyperscale commodity items such as infrastructure-as-a-service, platform-as-a-service, email, non-production systems, and other things that he said a business would prioritise its agility over its risk.
"In some ways this also branches out into experimental systems and innovation, and although that might be ... high risk, it's balanced off by the need for agility," he said.
On the marriage side of the equation, Liu said that a business is looking at things that are traditionally being provided in-house or as managed services, those that are not subject to significant change -- they're more a long-term proposition or investment, such as ERP and CRM systems.
Liu said the answer to tackling the move to as-a-service is about managing risk and putting the right commercial, technical, and service level controls around it to warrant which side of the relationship spectrum a particular item sits under.
"The market maturity and competitive nature [of those on the hookup side], where you can switch providers is almost as easy as swiping left or right," he said. "The other side's a prenup, a divorce, and potentially a much more protracted barrier to exit."
According to Liu, having everything as a service does not mean outsourcing everything; rather it means taking a service-based approach to design a service.
He said a business also needs to intimately understand its business risk, which is to wholly understand what the business is going to use something for, as opposed to just the IT risk.
"It works both ways and helps if the vendor also understands your business risk," he said. "Sometimes security is used as an excuse not to move towards as-a-service. It's about understanding both sides of the risk equation."
Additionally, Liu said that before signing a service provider, a business should have an exit plan.
"One of the things around that marriage thing is that having it is sticky, and it's very hard to get out," he said. "So approach it like you could a marriage -- depending on how you approach marriage -- but you might want to have that prenup put in place. Service providers that are in there for the long haul will respect that."
He said if a service provider is doing that right, it is not going to be a monogamous marriage, rather a polygamous one, adding that the more strategic partners a service provider has, the better.
Liu said the NSW Department of Justice covers everything from the Sydney Opera House to the Long Bay Correctional Facility, saying the portfolio sees the department becoming a fairly vast and complex organisation.
Speaking of the department's transition into digital, Liu said that whilst digital is being utilised, the department is not fully there.
"About half a million simple forms are now filed through an online portal, as opposed to someone physically performing the tasks," he said. "We are making some inroads, but there's still a long way to go and we've still got parts of the business that are still fairly manual."
Liu said the department's strategy is essentially to push digital services. He said this involves moving to as-a-service, and to get better outcomes for citizens but also to get a better value out of the department's IT investments.
"Part of our journey in coming together as the Department of Justice is to consolidate and optimise some of the fragmented environments that we have, and in doing that you've got to get a plan," Liu said.
"Strategy and planning comes first, and one of the key principles in that plan is to adopt everything as-a-service.
"The cloud can sometimes turn into a storm; there are some characteristics of cloud-like operating models that have inherent risks such as vendor lock-in, one size fits all, forced upgrades -- a lot of negatives to deal with in that journey."