Australian government waits on IT spending audit and cloud trials

The Department of Finance has yet to commence an audit of government IT spending as had been promised by the Coalition prior to last year's election.

The Coalition government's plans for trials of putting secure government data into the cloud and auditing total government IT spending have yet to get underway, with the Department of Finance indicating that a number of issues need to be worked through.

Prior to the September 2013 election, then-Shadow Communications Minister Malcolm Turnbull promised an audit of IT spending by government agencies over the past three years, and an increase of the transparency around IT spending in government, with more reporting on costs against the benchmarks set. He also said that there would be a default expectation that the private or public cloud would be used whenever "efficient scale is not achieved at agency level", and said a trial of moving "critical data" to a secure government cloud would commence in 2014.

In responses to questions about these plans from Labor Senator Penny Wong at the last Senate Estimates hearing in November, the Department of Finance said this month that the audit of IT spending "has not yet commenced", and was still in the planning stages.

"A number of issues need to be resolved, including authority, scope, resourcing, and methodology, before the audit can commence," the department said.

The Coalition's cloud policy was said to be "under consideration by Finance in consultation with agencies".

The department said that it needed to determine what the definitions of "critical data" and "secure government cloud" were before it could figure out the work that needed to be undertaken, and what tools would be required for the trial.

Views on the use of the cloud within government are mixed at best. The Department of Foreign Affairs and Trade CIO Tuan Dao told ZDNet last year that while he believes in the capabilities that cloud services can offer, he doesn't buy the hype.

"I think industry and parts of government have been overzealous in thinking it is the answer to everything, when, in reality, the issues [around data security and privacy] we have been trying to deal with over the last seven years have not been dealt with," he said in August.

The Australian Bureau of Statistics CIO Patrick Hadley told ZDNet this month that his agency's ability to move into the cloud might be limited, given the legislation the agency operates under.

"A cautionary note for us is that under the specific legislation we operate under, the Census and Statistics Act, there's a number of obligations on us to ensure we maintain the privacy, and confidentiality of any data that we collect under that Act," he said.

"That does, in some instances, prevent us from taking advantage of some opportunities that might be presented in cloud, particularly in areas such as the security and custody of data."

He said the Act required that the data be stored onsite within the ABS and accessible to ABS staff.

"We could not store data in a cloud, government or private."

Defence CIO Dr Peter Lawrence told ZDNet in December that he would like to see the department use more cloud services for testing.

"I think for some of our test development-type activity where we might not have any production data, we might be able to manage any security risks, absolutely I think some cloud-based service models could help us, so we don't have to do all that ourselves; we can be elastic, pay for what we need when we need it," he said.

"I can see a place for a service-type model in some of our production systems."