Australian government on the hunt for cloud providers

Standing up a new cloud marketplace to replace the cloud services panel.

The Digital Transformation Agency (DTA) is on the hunt for cloud providers as it looks to stand up a new cloud marketplace for Australian government entities to procure cloud-related services from.

The cloud marketplace will replace the cloud services panel (CSP), which is set to expire early next year.

The CSP was launched in February 2015 and currently boasts 244 vendors, including Accenture, Adobe, Amazon Web Services (AWS), archTIS, Cisco, Data#3, DXC Technology, EY, IBM, Infosys, Macquarie Telecom, Microsoft, NEC, NTT, Optus, PwC, Rackspace, ServiceNow, SlicedTech, Tata Consultancy, Telstra, and Vault Systems.

The DTA said approved sellers on the current CSP must respond to the new request for tender (RFT) to be considered for the new arrangement. The marketplace will be guided by the International Standard ISO/IEC17788 on Cloud Computing.

The cloud marketplace will be established as a whole-of-government cooperative procurement arrangement for cloud offerings to Australian government agencies and affiliates across two areas: Cloud services and cloud consulting.

Under cloud services, the DTA said sellers could offer any IT functionality as a cloud service; and under cloud consulting, sellers could offer to provide cloud computing-based professional services, described through a rate-card of subject matter experts.

Vendors will be limited to providing up to 25 cloud services unless agreed otherwise between the DTA and the seller.

In order to be accepted onto the marketplace, vendors will be required to prove their cloud services are hosted locally or in a third-party facility in Australia.

The seller must also undertake gateway certification by the Australian Signals Directorate (ASD); an IT security audit by a certified information security registered assessors program (IRAP) assessor; demonstrate "continuing compliance" with ASD's strategies to mitigate targeted cyber intrusions; as well as meet the requirements stemming from other relevant Australian government strategies and policies that "may impact data security at present and in the future", such as the Australian government's secure cloud strategy, whole-of-government hosting strategy, and cybersecurity strategy.

The ASD will be shuttering the current form of its cloud certification program on June 30, after an independent review recommended for the system be reworked.

The cloud services certification program will be replaced with new cloud security guidelines that will be formed following consultation with industry. The IRAP, meanwhile, will "grow" and be "enhanced".

The ASD will also establish government and industry "consultative forums for cybersecurity".

ASD will no longer be the certification authority and said it would not progress certification activities, which includes re-certification activities.

All services listed on the certified cloud services list will remain ASD-certified until 30 June 2020, after which time all ASD certifications and re-certification letters will be void.

RELATED COVERAGE

MacGov says Australian government is becoming stifled by cloud vendor lock-in

Macquarie Government's MD details how sending everything to the one vendor has left Commonwealth entities in a similar situation to the one they were in before.

Australia-wide AWS deal could signal the end for legacy IT procurement

The whole-of-government deal with Amazon Web Services highlights a new approach to IT procurement and a better level of understanding where cloud is concerned.

Australian government is currently juggling 62 high-cost IT projects

Information revealed to ZDNet under freedom of information has shown all of them are valued at over AU$10 million, and one was contracted to Telstra back in 2013.