Commonwealth pushes public cloud by default

Spruiking a public cloud-first approach, the Australian government has lifted the lid off its new Secure Cloud Strategy.

The Australian government has unveiled its new Secure Cloud Strategy, lighting a fire under the agencies yet to embark on a transformation to the cloud by offering a guide detailing the foundations for "sustainable change".

must read

What is cloud computing? Everything you need to know from public and private cloud to software as a service

An introduction to cloud computing from IaaS and PaaS to hybrid, public and private cloud.

Read More

The Digital Transformation Agency (DTA) developed the new strategy [PDF], but said many agencies will need to change the way they operate to make the most of it.

"In the Australian government, a number of factors can get in the way of agencies realising their cloud aspirations, from a shortage of knowledge and experience, decades old, stubborn operating models, and a struggle to sell the case for cloud across the business," the strategy explains.

"This is not a simplistic 'lift and shift' view of the transition. Instead, the strategy aims to lay the foundations for sustainable change, seizing opportunities to reduce duplication, enhance collaboration, improve responsiveness, and increase innovation across the Australian Public Service."

Expected to be a guide for government entities to develop their own cloud strategies from, the strategy explains cloud implementation will be guided by seven principles, including using public cloud services as default.

"The public cloud market offers a broad range of services and providers that enable agencies to keep their technologies and business processes up to date," the strategy explains. "Public cloud can provide fast and competitive options for agencies.

"Agility comes from models that leverage standardised cloud technologies."

It adds that agencies must source as much of the service through cloud as is "practical and feasible" for any new or emerging business capability or modernisation of existing services; and where the cloud cannot be sourced to meet the capability, agencies must approach their own developments to be cloud-enabled.

The strategy also asks agencies to make risk-based decisions when applying cloud security, design services only for the cloud and avoid customisation, use as much of the cloud as possible, take full advantage of cloud automation practices, and monitor the "health" and usage of cloud services in real time.

"Agencies must design all new or modernised ICT services as cloud native, or cloud-enabled," the strategy continues.

The first step, according to the guide, is to begin a cloud journey with low complexity services, and progressively "maturing" the approach to add medium complexity services, reiterating again to opt for an off-the-shelf service, rather than a bespoke one.

However, high-complexity services, described as often being legacy ones, may require bespoke products, as they are difficult to shift and often hold significant volumes of sensitive data.

"Agencies will also need to plan the modernisation, migration, network, skilling, and service management capabilities needed to integrate cloud services into their environments," the strategy says, highlighting also the importance of preparing budgets.

See also: ATO called out for not tracking costs in digital transformation program

The strategy also comprises a handful of initiatives, with the first requiring agencies to develop their own cloud strategy.

The second initiative requires agencies to implement a "layered certification model", asking government to not forget the cloud certification elements of using vendor solutions.

The Cloud Services Panel, a whole-of-government panel established in 2015 to support agencies in procuring cloud services, allows agencies to request quotes for cloud services without going to tender.

See also: Commonwealth to rid provider panels to make room for startups

The recent ICT Procurement Review found some suppliers and agencies believe there are too many panels that are not refreshed often enough, limiting access to newer and more innovative suppliers, including SMEs and startups.

Itemised under initiative three, the new strategy says cloud service procurement will be aligned with the review recommendations.

As part of an agency's cloud strategy, it must create a dashboard to show service status for adoption, compliance status, and services panel status and pricing; while another initiative asks government entities to create and publish a cloud service "qualities baseline and assessment capability".

The DTA also wants the establishment of a whole-of-government cloud knowledge exchange to allow agencies to work with one another and reuse common capabilities for their cloud adoption and use.

Related Coverage

How the ABS prepared for the same-sex marriage survey using the public cloud

Given a go-live date from Prime Minister Malcolm Turnbull of around four weeks, the Australian Bureau of Statistics turned to AWS to run the online and call centre components of the same-sex marriage survey in the public cloud.

An Amaysim journey: A lesson in how to use cloud to take on the big boys

With the seven year-old company completing its shift to AWS, it is able to continue tackling the Australian telecommunications and energy sectors.

Data#3 gets AU$600k to replace Govdex file-sharing service

The Australian Department of Finance's new 'collaborative' platform will be hosted in the public cloud.

2020: The magic year public cloud becomes more popular than on-premises (TechRepublic)

According to a report from LogicMonitor, 2020 will be the year that 41% of workloads are run in the public cloud.

Hybrid, private, or public cloud? Make sure you know the differences (TechRepublic)

Trying to understand and articulate the differences between public, private, and hybrid cloud? Here's a quick breakdown.