The federal government has released a strategy on how best to host data within the Commonwealth, launching a new certification program for data centre providers.
The Hosting Certification Framework will be the responsibility of a new Digital Infrastructure Service set up within the Digital Transformation Agency (DTA). It will be responsible for: Assessing and measuring supply chain risks presented by hosting providers, and for determining standards, measures, and timelines to achieve the government's desired hosting standards.
According to the DTA, the framework will be developed alongside government agencies to "ensure thorough consideration of Australia's sovereign interests, including: Data sovereignty and facility ownership, hosting ecosystem architectures, cloud adoption, and pricing".
"The immediate issues to be addressed by the strategy include the risks to data sovereignty, data centre ownership, and the supply chain. This strategy provides clear policy guidance for agencies and industry and aims to create whole-of-government efficiencies," the DTA said.
"In the medium term, the strategy better positions government agencies and industry to adopt new technologies and services, fosters innovation, and reduces the barriers and cost created by legacy systems."
Government agencies will be responsible for choosing either a certified sovereign or certified assured facility when going to market for hosting services.
A Certified Sovereign Data Centre, the DTA said, represents the highest level of assurance and is only available to providers that allow the government to specify ownership and control conditions.
Meanwhile, Certified Assured Data Centre arrangements aim to safeguard against a change of ownership or control of storage through financial penalties or incentives, aimed at minimising transition costs borne by the Commonwealth should a data centre provider alter their profile.
The certification forms part of the government's Hosting Strategy, described by the DTA as a direction for the underlying digital infrastructure that supports digital transformation initiatives.
Under the Hosting Strategy, the new Digital Infrastructure Service will investigate the telecommunications networks connecting certified data centres, including security models in place.
In addition, the strategy has the aim of changing vendor relationships within government.
"Develop a genuine strategic relationship between government and the ICT industry that recognises government as a single customer," the DTA lists as an action item.
Under this, the Digital Infrastructure Service will create IT procurement guidelines to "help agencies procure products and services appropriately". The DTA said procuring IT services from the cloud will require a rethink of the existing capital-based funding and governance models.
"Decision-makers must understand the challenges agencies face in moving from capital expenditure for landed infrastructure to operational expenditure for cloud infrastructure," it wrote.
The Digital Infrastructure Service will create risk and benefits frameworks for hosting and cloud services; it will also create a Maturity Assessment Framework for hosting services and practical reference architectures to guide government agencies in the implementation of hosting models, the DTA said.
The new arm will also be responsible for guiding agencies to assess their own risk appetite.
"As we are delivering on our vision to be a world-leading digital government, Australians need to be sure government data is subject to safeguards that meet the most stringent sovereignty and security requirements," Minister for Human Services and Digital Transformation Michael Keenan said.
"Data plays a key role in our digital transformation efforts and we need to ensure that we host this critical resource in a sovereign, secure, and consistent manner across government.
"This Strategy will ensure that we have a trusted, secure hosting ecosystem, including data centre and network infrastructure, and our services can rely on data being safe and secure throughout the supply chain."
The Hosting Strategy forms part of the government's Digital Transformation Strategy that at launch, Keenan had called a "bold" vision for the future of Australia.
Strategies under this strategy, alongside the Hosting Strategy, include the Sourcing Strategy, Platforms Strategy, and Digital Capability Strategy, which the DTA said are underpinned by the digital continuity, information, and data strategies that set a whole-of-government approach to use and reuse of data.
The above also sit alongside the Secure Cloud Strategy, the 2016-released Cyber Security Strategy, the Australian Signals Directorate's Information Security Manual, the DTA's ICT Procurement Reform, the Australian Public Service Commission's Building Digital Capability Program, and the Data sharing and release legislation.
MORE FROM CANBERRA
The Coalition has labelled its own digital transformation strategy as a 'bold' plan that will make government accountable.
Straight-faced, a Department of Human Services representative told a Senate committee its data-matching 'robodebt' project went well, because it produced savings.
Human rights advocates have called on the Australian government to protect the rights of all in an era of change, saying tech should serve humanity, not exclude the most vulnerable members of society.