Microsoft Access has for years been the bane of many IT departments, allowing users to create applications outside of IT's control and distribute silos of data across the organisation.
What is less well recognised is the use of Access, often heavily customised, in core enterprise applications. It emerges in some surprising places.
The Debt Management Office (DMO) of New Zealand's Treasury has, for instance, been using an undocumented and insecure system, perhaps aptly called Matriarch, to apply a risk-management framework to the management of government debt.
Matriarch is used by most staff members at the office, and delivers daily valuations, risk analysis, and monitoring covering forex trading, bonds, swaps, futures, loans options, and notes.
Brendon Doyle, Treasury deputy secretary and head of the DMO, said that while Matriarch is a legacy application, it has performed without incident for 15 to 20 years.
"The Matriarch system has provided a stable platform for the NZ DMO to perform accounting, settlement, risk analytics, and other core functions," he said.
Matriarch is now being replaced, and Treasury is leaping from the guard van into the vanguard of technology, shifting to the cloud and integrating with other web services.
The replacement will also feature a move to Microsoft SQL Server 2014 within the next six months, Treasury's head of business information, Clive Trott, told ZDNet on the sidelines of last week's Microsoft TechEd conference in Auckland.
Trott said the department is now a cloud leader in government.
But first, let's wind the clock back.
A 2012 report prepared for Treasury by Microsoft Services and obtained by ZDNet under the Official Information Act says that Matriarch, built from Visual Basic, SQL Server 2008, and MS Access 2007, was "critical and instrumental" in the management of the office.
However, the report and subsequent analysis found multiple problems, including legacy silos, a lack of documentation, "key man" risk, multiple security issues, and that Matriarch was built using inappropriate technologies.
"Microsoft Access is a file-based system, which is not predominantly built for large LOB [line of business] or enterprise scale," the report says.
Major security issues included no Active Directory integration and a common back-end password for users. Data was not encrypted.
The report recommended a shift to a client-server environment using .Net; however, the DMO has opted instead to implement a hybrid cloud system using Microsoft's Azure.
Trott said the DMO is one year into a three-year change program to deliver the new system, which he describes as a "business information hub".
Two parts of the replacement system have been delivered using the Agile development methodology and rapid prototyping. The team worked in 10-weekly increments, with two weekly "sprints" per project to deliver Potentially Shippable Increments (PSGs) of the overall project.
Close engagement with the business during that development means that what is shipped is aligned to business strategy and processes.
Already shipped is "Curves and Rates", a module that collects market interest rates and processes them to allow portfolio risk analysis. The other shipped increment is a link to Treasury for data exchange in the cloud.
The cloud approach allows the DMO to integrate with third-party service providers and effectively outsource activities that used to be performed in-house. Trott said he is in the process of inking such an engagement with Australian SaaS provider Vector Risk to provide risk metric calculations as a service.
In order to adopt cloud as a central piece of the new system, the DMO had to go through the government CIO's cloud assessment process, and had to engage with security agency GCSB.
Security has been considered from the outset, Trott said.
As a result, Trott said, Treasury is now a cloud leader, able to demonstrate how to deliver better public services for the public sector.
However, he said that cloud was not a driving force behind the change — that was mostly about treating information as an asset. It was about finding the best way to deliver for the best cost, he said.
The new system will run in parallel with Matriarch until fully accepted.