Microsoft has done a clever marketing dance this week announcing that 365 meets the “Cloud Computing: Security and Privacy Considerations” document released by the GCIO some time ago. This could mean the end of the GCIO’s Common Capability services Office Productivity as a Service, which in essence offers a similar service, with a few additional elements.
Computerworld New Zealand republished a press release by Microsoft this week titled “Microsoft Office 365 ticks NZ Govt’s CIO cloud checklist.” Just as an aside Computerworld, it would be great if you marked what was actually a story and what is a regurgitated press release…
So stepping back for a second…
The GCIO published a list of 105 questions that allow an agency to assess, from a risk perspective, use of any Cloud service. It effectively paints a risk profile which the CIO and CE of an agency must agree too, before using any Cloud service. Tick the boxes, understand the risk, make an informed decision.
It’s good, because it recognises that informing agencies with good information rather than dictating what they can and can’t do is going to deliver a much better result.
So. Microsoft has assessed their services under that framework and published them here.
That means that there is a single-source of the truth for that service, according to Microsoft of course, but I’ve read through it and it seems comprehensive.
Why is this important?
Because it allows and agency to move quickly to Microsoft 365 bypassing the Common Capability Office Productivity as a Service (OPaaS), and I would think (someone can correct me) that the Microsoft 365 service would be cheaper.
OPaaS has been being built now for well over two years. The current version is delivered solely by Datacom and only allows for email and calendaring. It is not a mandated service, which means that agencies don’t have to take it up.
Office Productivity as a Service (OPaaS) provides cloud- based office productivity tools available on demand and accessible from a range of devices. The service allows agencies to become consumers of the most up-to-date software without needing to deliver and maintain the applications in-house. It will simplify the management of office productivity software and for a number of agencies will provide a more functionally rich and secure environment.
Phase One specifically provides email and calendaring services for all eligible government agencies. More functionality will be rolled out in separate releases. – Source
This is the bit where I annoy DIA no doubt…
Why would an agency take up OPaaS (a bespoke Cloud solution) when they have the capability to go to the full Microsoft 365 experience with all the bells and whistles and they already have access to the Common Capability Desktop as a Service?
Follow me here. A lot of agencies are adopting the strategy that if the IT services is common, buy it from Cloud and don’t alter it. If the IT service is unique to the agency, develop it (in the Cloud). So by that rule, Microsoft 365 is a simple choice. You buy it, implement it, and consume it.
I find it interesting that Microsoft have chosen to launch themselves over the top of OPaaS, because I assume, that under the hood it OPaaS is some kind of 365 variant. Could it be that the lack of progress with OPaaS and the lack of uptake has frustrated Microsoft to the point where they have decided to take the bull by the horns and sell their standard 365? Interestingly, the web page for the OPaaS service does not list any customers, which is unusual, because DIA are proud when they sign someone and list it on the product pages.
It could also be the fact that Google are rumoured to be becoming more active in the government space with their cloud offerings, which are a big competitor of 365.
So thinking logically.
If you are an agency that has a strategy to stay with Microsoft then Microsoft 365 is where you aim. You can take the risk assessment that they have filled in for you, and if you agree, then you can start consuming those Cloud services. Alternatively, you could look at Google, though you will have to do the risk assessment from scratch.
This is optimal strategy. Because, we are moving away from IaaS, away from PaaS, and ultimately away from DaaS, into a world of pure SaaS.
If you are attached to your desktop as it stands today, you could deploy a hybrid 365 type model, but you would be much better off just signing up for DaaS. It will give you everything you need.
I don’t see any compelling reason to consume OPaaS. It’s a bit of an ugly child really. Conceived two years ago the original intention was to look at productivity tools such as integrated calendaring (so you could see availability of any agency staff) and also was to investigate tools similar to DropBox and LinkedIn across government. However, what they ended up with was, most likely, a bespoke, onshore 365 installation. Onshore, because it was the only service that demanded data stay in New Zealand.
While we are on that topic, some commentators have noted that shouldn’t the GCIO be ruling on where data can reside? This is because the Microsoft 365 service resides offshore.
The GCIO has never issued mandate about data sovereignty issues. It has always been left up to the agency to determine the risk of that. It has been anecdotally argued that Australia is close enough to New Zealand. Some agencies have mandated data must stay in New Zealand, the Ministry of Health for example, but they are the odd ones out.
It is highly likely that if the TPPA is signed then this will not be able to be mandated. In fact, that’s a certainty, because it would be seen as a trade barrier.
So is this the end for OPaaS? Who knows? The writing has been on the wall over the service for some months now. It may be that it is just an ugly duckling, the Cinderella of the Common Capabilities, but when you can’t keep up in a rapidly changing SaaS based world, it looks like a goner.