News in the past couple of days on the government attitude too and adoption of Cloud services. It seems apparent to me that Australia has leap frogged New Zealand, at least in will and determination, since their government change, where a year ago New Zealand was well in the lead.
The driver for all governments to adopt Cloud, rightly or wrongly, is the promise that it will save money through centralisation of services that are common to all agencies. This appears mostly in the Software as a Service (SaaS) area with the view that HR, Finance, CRM, document management, and other services can be served out of a Community Cloud with all agencies consuming it.
As an aside, there is a problem with that, because SaaS is the most difficult Cloud service to take up for a large agency or enterprise given the integration issues that come with trying to tie an externally delivered system into what is often bespoke applications of their own. The time for adoption of integrated SaaS services is long, where most impact can be made is in the deployment of new software services.
Firstly Australia, who were slammed by central government a few months back for their slow government adoption of Cloud and the “Digital Economy” in general, noting prior to the election that:
‘government could “contribute to the growth of a vibrant domestic industry of cloud infrastructure and service providers by moving more rapidly to adopt such services whenever economically justified in its own operations.’
So two things there, firstly the money aspect, it’s cheaper, secondly, the words “domestic industry” a clear indicator that unlike New Zealand government there is a clear preference to build Australia Inc. by utilising and growing the local industry.
“To this end the Coalition plans to move ‘light user’ government agencies with insufficient IT scale to shared or cloud solutions. ‘Heavy user’ agencies with complex needs will retain autonomy but improve accountability. The bar will be set based on efficiency levels.”
Again, this is interesting because unlike New Zealand painting a broad brush over all agencies being compelled to use the DIA IaaS model, the Australians have figured out that a) smaller agencies make better targets for Cloud and b) large agencies have long investment cycles and complex systems that require oversight, but not necessarily a move to government Cloud.
Finally, the new Australian government has slammed the old in this statement:
Further the Coalition has accused Labor of “passivity and timidity” that it says has “wasted some of the good work which has been done within some agencies.” It contrasts this with “the aggressive recent commitments by governments in the UK and US to innovation in online service delivery (including via mobile devices), use of public cloud services, open government and increased sharing of resources across agencies.”
In other words, get yourself together, look to the U.S. Fedramp and U.K. G-Cloud models and get on with it.
All in all, a welcome push from the top, with a balanced attack, to start unlocking the benefits of Cloud for Australian government.
Meanwhile, news via ZDNet this week on New Zealand’s progress toward government Cloud, looking a lot weaker than it should be. It appears that little progress has been made in the last twelve months with at least one key milestone being missed, Office Productivity, which was due for general release in June of this year but has not yet eventuated.
“A Department of Internal Affairs spokesperson says work is continuing to develop risk and assurance frameworks and guidance for the use of cloud computing services by government agencies.
“Updated frameworks and guidance will be rolled out to government agencies as part of the wider ICT assurance framework over the next few months,” the spokesperson says.”
So they are still back at the “how do we manage this Cloud risk” rather than “how do we unlock Cloud as answer to better e-government interaction while reducing cost and overhead.” This approach has been around since the Government Cloud Programme was taken over by the Department of Internal Affairs and, in my opinion, has bogged down progress on the initiatives, of which there are many occurring across government.
There remains a perception that Cloud is insecure and that as a result all agencies should use the government IaaS cartel to deliver those and no data should be allowed offshore.
Now, personally, I agree with data remaining onshore, but NOT for risk reasons. If the government is serious about New Zealand Inc. then pushing hard for local companies to deliver what will become the de-facto delivery method of computing in the next decade, is paramount. That should be the only reason to keep data locally and is a positive PR spin that is being missed in its entirety as, no doubt, the SIS and GCSB, about the most risk adverse agencies in New Zealand, are most likely pushing the security risk angle.
Let’s get something clear here, the greatest risk of Cloud isn’t security, it’s not adopting it. That’s because within the next four years all ICT services are likely to be delivered via Cloud. As an example, Microsoft Office will only be available deployed via Cloud from mid-next year.
A couple of more thoughts on this.
The timing for that “risk and assurance framework” is so behind that by the time it is delivered, it is likely to either be redundant or so expensive to comply with that it becomes a complete impediment to progressing toward the Cloud. Let’s look at two examples.
The data sovereignty issue is likely to be pushed onto agencies in the form of “store no data outside of New Zealand.” However, looking at the market, we see the emergence of technologies that make data sovereignty a complete non-issue now. This technology is in use by banks within New Zealand already. Already we see Health saying that no provider may store data outside of New Zealand. It’s a moot point, the issue is dead, the technology exists to overcome it and it’s not that expensive, it adds 10 – 15% overhead on a Cloud deployment.
Second example, if government forces agencies to comply with the risk and assurance framework, then how will they retrofit the Cloud services that are already being consumed? I’ve worked with a lot of agencies over the last few years and I can tell you one thing. To some extent or another, every last one is using Cloud services. Does that mean that all of those services will have to be retrofitted at a cost of hundreds of millions including pulling back data to New Zealand?
The technology is evolving so rapidly that anything other than simple guidelines are likely to fail.
Lastly, the new jewel in the crown after “IaaS” and “Office Productivity” (if they arrive) is Desktop as a Service. The article says:
“DaaS will deliver traditional and virtual desktops, including providing and operating virtual desktop infrastructure, building, deploying and patching desktop operating systems; the delivery of applications to the desktops; and onsite support. It will also cover application packaging, including patching and updating and desktop hardware, either by managing procurement or providing leased hardware.”
And the real kicker:
“Using DaaS is expected to become mandatory.”
Putting aside the fact that I don’t believe central government will ever make any ICT service mandatory, this needs to be delivered now. Again, the market has rallied and I know of some agencies that are already buying this.
I don’t know what the cost of DaaS is likely to be, but this is what I pay for it. $34.95 per month for Windows 7, 50GB of space, all of the Microsoft Office suite (including open source variants), an additional installation charge for other apps, and here is the wonder of it, 300Mbs internet connection from that desktop. Yup, three times UFB and twice Vodafones Copper supernet.
What should the New Zealand government do? Simple, two things:
Adopt a New Zealand Inc. approach to buying services. Prefer local companies over multi-nationals and remove roadblocks they are putting in place for those companies to respond to RFP’s. Hello IRD and the requirement that whoever responds must have delivered a tax application / transformation of more than $100m NZD.
Second, set guidance. I know for a fact that DIA has some of the smartest brains in the entire world, seriously, these guys are paid by overseas companies to advise and speak on Cloud and digital initiatives. They could set the best guidelines on the planet. Why they don’t? It’s not that they don’t want to, it’s that they are constrained by a Cloud of politics, policy analysts, and fear, uncertainty, and doubt merchants like the SIS and GCSB.
What DIA has built, whether you think it a cartel or not, is a magnificent testament to kiwi ingenuity. The problem is that the policy people have got hold of the concept and its being butchered. Colin MacDonald, the government CIO, should let the architects loose with a green fields, start from the beginning, unfettered mandate to create the best government Cloud on the planet rather than being bound by those who have spent far too long twisting words and managing ministers.
The time for revolution is now. We have the best local companies, the best brains, some of the most innovative solutions on the planet, and we need to let the beast loose. Government ICT employees are magnificent and strange creatures. The best in the world, the worst paid, the most loyal, idealistic, and innovative. For god’s sake let them get on with doing their job.