ROUND TABLE: The cloud today and tomorrow
GOVERNMENT TECHNOLOGY REVIEW
TASMANIAN STYLE REINVENTING GOVERNMENT
SEPTEMBER 2012 • ISSUE 14
it’s coming for YOU!
MANAGING DIGITAL RECORDS
MASSACHUSETTS STATE CIO JOHN LETCHFORD
Better PDF for Business Create, Convert and Collaborate with Ease
Announcing PDF Converter Enterprise 8 A Complete Enterprise PDF Solution
Enjoy Advanced Editing with PDF Files
Say it Faster with Dragon Notes
Word processor-like features without opening your file in a word processing application
Use your voice to capture ideas and comments directly within your PDF files, saving you time
Convert PDFs into your Favourite Formats
Connect More Easily to Cloud Services
Microsoft Word, Excel, PowerPoint, XPS or Corel WordPerfect documents â€“ complete with layout, columns, tables and graphics
Direct connectivity to popular cloud services such as Dropbox, Evernote & PaperPort Anywhere
Create PDFs from any PC Application
Protect Yourself with Enhanced Security
Make a PDF copy of your documents with a single click, convert multiple files into a single PDF and create PDF packages with drag-and-drop simplicity
Add passwords with encryption and permission controls, authenticate document owners using Microsoft Crypto or third-party digital signatures
Multi-user licensing programs available Minimum of five licenses. Includes 12-month Maintenance & Support, providing unlimited technical support plus all software updates and version upgrades.
Contact your preferred software reseller for pricing and availability or call Nuance on 1300 550 716
data3.com.au 1300 232 823
estore.com.au 1300 658 600
ht.com.au 1300 13 9999
insight.com 02 8978 2000
COVER STORY: CLOUD COMPUTING: IT’S COMING FOR YOU!
Whether it enchants you or terrifies you, cloud computing is rapidly becoming the can’t-avoid technology for government bodies at every level. Yet while some continue to watch and wait regarding the cloud, others are forging ahead with great promise and great early results. This month, we find out who’s been setting the pace for cloudbusting – and what’s holding others back.
34 Opinions: Kevin Noonan, Ovum; Graham
2 Editor’s letter 3 News
Schultz. Brocade; Dany Bashour, Vita Group; Alicia Kouparitsas, Esri; Tait Communications; Anne-Marie Walters, Bentley Systems; Timothy Lee, Candle; Lee Fisher, Efficiency Leaders; Technology One; Random Computing
FEATURES 16 Bringing the cloud to local government
We talk with the founder of GovCloud, a local startup aiming to give local councils a boost into cloud computing.
18 Reinventing government service, the social way
for many government organisations, but in today’s social age it’s a guiding force for citizen satisfaction. 24 Paper rules, digital world
Records management may not be sexy, but it remains incredibly important – especially as government bodies rush to
Customer service is a foreign concept
keep up with a flood of digital information.
CASE STUDIES 28 Whanganui District Council
A New Zealand local government has built a robust system for managing critical records – even digital ones – throughout their lifecycle.
46 Shared-services benefits flow in Tasmania
Tasmanian water-authority sharedservices provider Onstream was operational just four months after its creation was ordered. Here’s how.
48 How Mitchell Shire went mobile
BOSTON ACCENT: MASSACHUSETTS STATE CIO JOHN LETCHFORD John Letchford has long been a champion of progress in a climate of change. But how do you turn around a state’s IT infrastructure despite fierce politics and severe budget cuts?
ROUNDTABLE: CLOUD COMPUTING It’s difficult to cover all aspects of the cloud all in one conversation. But that hasn’t stopped GTR from trying. This month’s roundtable brings together a cloud provider, a telecoms provider and a security provider as we search for meaning in the cloud.
A dual-pronged approach to GIS at Mitchell Shire Council has boosted accessibility for both ratepayers and mobile-wielding staff.
GTR SEPTEMBER 2012 | 1
Cloud. Cloud, cloud, cloud, cloud, cloud. There – Page two and you’ve already been inundated with talk about the cloud. If you’re involved in IT in any capacity it’s probably not the first time you’ve heard the word today and it won’t be the last. There’s a reason for that, of course: the potential delivery of both commodity and mission-critical information services through a consistent, online interface represents the fulfilment of years of vision around systems portability and information access. Cloud vendors are ready to bust silos and take names. But are you? If you’re working in government, odds are that you’re still at the toe-dipping phase. Persistent issues around information governance, security, data sovereignty, and more have maintained a high level of drag on cloud efforts. Thankfully, resistance is steadily decreasing. A growing domestic industry is addressing concerns about data sovereignty and infrastructure resilience, while the work of AGIMO is normalising cloud models and providing frameworks by which Commonwealth government agencies can reliably assess and engage cloud providers. State governments are embracing commodity cloud services such as email for certain applications, while tipping ever-growing masses of government data into cloud-based systems that remove the need to invest in systems scalable enough to service a user base of millions. Balancing the desire to capitalise on the cloud with the reality of government information practice has proved crucial for the likes of John Letchford, the well-regarded CIO of one of America’s most progressive states, whom I had the pleasure of meeting during a recent trip to Boston. Even local governments are getting in on the fun thanks to the likes of GovCloud, a cloud services facilitator with whom we speak this issue. And if that’s not enough cloud for you, we’ve brought together several stakeholders to discuss cloud matters for our regular roundtable. This issue also addresses the challenges of the new customer service – particularly in the context of an increasing social-media awareness across government bodies – and looks at the challenges facing government agencies as they work to embrace the new paper-and-digital recordkeeping world. My own desk is a microcosm of this challenge, featuring both neverending piles of paper and a computer with more digital information than I can ever seem to keep up with. Paperless office, my foot: juggling paper bits and terabytes is just a fact of life in the 21st century.
EDITOR David Braue E: email@example.com NATIONAL SALES MANAGER Yuri Mamistvalov E: firstname.lastname@example.org Tel: 03 8534 5008 ART DIRECTOR Annette Epifanidis E: email@example.com Tel: 03 8534 5030 DESIGN & PRODUCTION Nicholas Thorne CONTRIBUTORS Natalie Apostolou, Dany Bashour, Lee Fisher, Beverley Head, Alicia Kouparitsas, Timothy Lee, Kevin Noonan, Graham Schultz, Anne-Marie Walters MELBOURNE OFFICE Level 8, 574 St Kilda Rd. Melbourne Vic 3004 PO Box 6137, St Kilda Rd Central 8008 Phone: 03 8534 5000 Fax: 03 9530 8911
Government Technology Review is published by CommStrat ABN 31 008 434 802
www.commstrat.com.au All material in Government Technology Review is copyright. Reproduction in whole or in part is not allowed without written permission from the Publisher.
To subscribe to GTR magazine
David Braue, Editor E: firstname.lastname@example.org
2 | GTR SEPTEMBER 2012
phone: 03 8534 5009, email:email@example.com or go to www.govtechreview.com.au/subscribe
ACT launches open data site and transparency of government,” wrote Mike Chisnall, executive director of the ACT Government’s Government Information Office (GIO), on the GIO’s blog (gio.act.gov.au). Chisnall said the platform would encourage the “innovative application of data by individuals, businesses and government” and promote collaboration with the ACT Government to develop innovative servicedelivery solutions. When GTR checked, the 57 available data sets included bus routes and timetables, Late August saw the debut of the Australian Capital Territory government’s open-data site, dataACT, as a repository for all kinds of data from a broad range of sources. The project has been developed by the ACT Government Information Office and Shared Services ICT, and incorporates extensive backend integration to ensure that individual agencies data sets are continually kept current in the dataACT repository through automatic updates. Around one-third of the data comes from static files that have been collected as part of the effort; another third are ACT Government RSS feeds; and the remaining third are regularly updated from a variety of data sources. “We hope dataACT will present significant value to the ACT community and government through improved accessibility
bus stops, ACT school locations, electoral boundaries, ACT Supreme Court judgments, ACT job details, ACT NAPLAN scores, and even the location of European wasp nests. More data sets are on the way, Chisnall said. “We have a dataACT Roadmap to integrate more datasets,” he added. “We have gone with the philosophy of release early, release often.” dataACT users can access data in a range of formats including RSS, XML, CSV, XLS and others. It includes built-in visualisation tools that make the data accessible to the general public as well as to data scientists; these visualisations can be embedded into other sites using readily available code. The site also includes discussions that are designed to foster the spirit of community around the open-data initiative. See data.act.gov.au for more information.
New Vic DSE site is for the (angry) birds It may not seem to have the gravitas of a major e-government project, but Victoria’s Department of Sustainability and the Environment (DSE) has nonetheless taken the wraps off of a crowdsourced site that aims to collate details on the locations of territorial magpies and other birds across the state. DSE, which gets hundreds of reports of swooping bird attacks every year, has launched the portal to help citizens plan their walks to avoid the nesting birds. Bird locations are overlayed on a Google Maps page on which reported attacks have been categorised by the garden in which they occur.
The effort includes a social-media aspect with Twitter account (@DSE_Vic) and hashtag (#swoopvic) supporting the Web site, which can be found at bit.ly/nAA8Sd.
Rackspace vows sovereignty in Australian cloud debut
Massive hosting and cloud-computing operator Rackspace will open its first Australian data centre, in Sydney, before the end of the year as the company gears up to bolster its presence in the growing local cloud-computing market. The new facility – located in Erskine Park, west of the city – will give Rackspace a local footprint to support dedicated hosting and managed virtualisation solutions. It will support VMware virtual-server environments extensively, as well as offering a platform for customers interested in Rackspace’s OpenStack-based Open Cloud platform (www.rackspace.com/cloud). Rackspace bowed in the region in 2009 but the multi million-dollar facility – planned along with partner Digital Realty and intended to offer a raft of security certifications including SSAE16, PCI and ASIO Intruder Resistant – represents a major increase in its profile, which includes similar facilities in Dallas, Chicago, Virginia, London, and Hong Kong. It’s also an opportunity for privatesector and government customers looking for a new option when choosing a base for their private-cloud initiatives. Rackspace is playing the data-sovereignty card hard, offering a written guarantee to customers that their data will not be transferred “to a law enforcement agency of another country (including the United States) without a customer’s consent unless it is compelled to do so by Australian law.”
GTR SEPTEMBER 2012 | 3
Australia second in world on global cloud-computing scorecard Australia has come in second in the world, behind only Japan, in a Business Software Alliance (BSA) survey of world economies’ preparedness to support the growth of cloud computing. The BSA’s 2012 Global Cloud Computing Scorecard (available at portal.bsa.org/cloudscorecard2012) rated 24 countries, which account for 80 percent of the global ICT market, on seven key criteria including data privacy; security; cybercrime; intellectual property; standards and international harmonisation of rules; promotion of free trade; and ICT readiness and broadband deployment.
Australia scored an aggregate 79.2, pipping Germany (79.0), the US (78.6) and France (78.4) but falling several points behind Japan (83.3). Australia outscored every country except Korea when it came to intellectual property protection, and joined only Malaysia and India with a perfect 10.0 in standards support. Australia’s security score of 6.0 matched that of Argentina but fell behind Russia, Spain and Germany (6.4) as well as the US, France and Italy (7.6), UK (8.0), and Japan (8.4). And its 7.9 in data privacy was second only to Japan, with an 8.8 score.
New Zealand was not included, while China, Thailand, Vietnam and Brazil filled out the bottom of the list. Interestingly, BSA warned against the imposition of policies that might hold back the development of a global cloud economy – and named the growing trend for governments to impose “overly restrictive legal interpretations to keep some data within national borders”. This sounds at odds with the growing push amongst government bodies for ‘data sovereignty’ controls that would keep government information within Australia’s borders as a strategic goal.
New Zealand embraces cloud productivity tools New Zealand’s government has taken a big step towards cloud computing after it was revealed the country’s Internal Affairs Department is about to issue a tender for “onshorehosted cloud-based office productivity services” that will significantly boost the government’s cloud involvement. The tender – which covers standard productivity tools like email, word processing, spreadsheets and presentation software – reflects a growing trend towards ‘cloud first’ directives for NZ government agencies. “This is expected to drive the standardisation of technology solutions and services,” Internal Affairs minister Chris Tremain said in a statement, “but does not necessitate the selection of only one solution for all
4 | GTR SEPTEMBER 2012
agencies…. Cloud technologies can significantly change the way the public sector operates, enabling the provision of better public services for all New Zealanders.” NZ’s ‘cloud-first’ approach was warmly welcomed by Ovum analyst Steve Hodgkinson, who argued in a research note that the country’s progressive approach to cloud computing contradicted the Australian government’s more conservative policy position – which, he said, “while also aiming to promote cloud adoption, is actually more focused on the supposedly new risks and issues of cloud services….significant barriers to cloud adoption are deeply embedded in the twentieth-century ICT procurement policies and practices of agencies.”
Australia’s most progressive local and state governments and federal agencies have been powering their decisions with ArcGIS solutions for over 34 years. An Esri Australia ArcGIS solution... • Predicted the likely impact of the 2011 floods for Brisbane City Council – before the event fully unfolded. • Streamlined the City of Bayswater’s key internal processes, reducing land reporting requests from 12 days to 5 minutes. • Ensured Queensland Fire and Rescue deployed personnel and resources with unprecedented precision – increasing lives and property saved. • Enabled SA Department for Families and Communities to streamline asset auditing of remote aboriginal communities using the latest mobile technology.
Find out how an ArcGIS solution can fortify your decisions – call Esri Australia today on 1800 447 111.
1800 447 111
Esri Australia ABN 16 008 852 775
Local governments still finding way on social media: report A survey of 225 local government bodies has found local councils are still coming to grips with social media and its risks and opportunities to change citizen service delivery. The report, entitled Using Social Media in Local Government, was prepared by University of Canberra research associate Anne Howard and local government associations of SA, WA, Tasmania, Victoria as well as NZ’s Northland Regional Council. A survey response rate of 50 percent suggested “a sector already grappling with the implications of social media and, in many cases, looking for support and direction to fully understand the opportunities offered by social
media,” the authors concluded. Only one in five respondents said they understood social media very well, with 37 percent reporting that they understand it “quite well” and 43 percent did not have a good understanding of the medium. Just six percent said they were “leading the sector” in social-media use, while one in six councils was planning to use social media but had not yet started to do so. Only 14 percent said they were not planning to use it at all. Formal policies for social media were popular, with 50 percent of councils developing and 26 percent already using such policies. Fully half of councils reported staff were prevented from using social media at work, while only 27
percent had introduced policies preventing staff from making social-media representations that might reflect on the organisation or industry. Despite the prevalence of low socialmedia experience, only 21 percent of councils had provided social-media training for staff and only 9 percent had trained their elected representatives to use the channel. The full report is available at bit.ly/LLRrmG.
Victoria policies boost access to state data Brisbane searches for digital ‘champions’ for digital planning Victoria has joined the growing list of Australian jurisdictions making large volumes of government data available to the public, after assistant treasurer and minister for technology Gordon Rich-Phillips recently launched new DataVic Access and Intellectual Property policies. Calling the open-data project a “long overdue stimulus”, Rich-Phillips expected the availability of large volumes of government data through the state’s open-data site – www.data.vic.gov.au – would produce a windfall in innovative applications. The policy explicitly sets out the types of data to be made available, which ranges from audio and video to images, graphics, maps, geospatial and other data. It includes five guiding principles: 1. Government data will be made available unless access is restricted for reasons of privacy, public safety, security and law enforcement, public health, and compliance with the law. 2. Government data will be made available under flexible licenses. 3. With limited exceptions, government data will be made available at no or minimal cost. 4. Government data will be easy to find (discoverable) and accessible in formats that promote its reuse.
6 | GTR SEPTEMBER 2012
5. Government will follow standards and guidelines relating to release of data and agency accountability for that release. Agencies may, under limited circumstances, commercialise or charge for data on a cost-recovery basis. The DataVic Access Policy will be progressively implemented through September 2013, as all state government agencies ramp up to supply data sets for access through the portal. Agencies are expected to have their data ready for publication by December. Key milestones include the development of mandatory standards and guidelines to support the principles (November 2012); dataset availability through the portal (TBD); and interim progress reports to be delivered to Rich-Phillips in March and December 2013. A full review of the policy’s effectiveness will be conducted for delivery in June 2014.
Brisbane City Council (BCC) is scouring through the area’s 50,000 businesses for champions to be involved with a collaborative effort to flesh out and promote the city’s digital strategy, due for release by year’s end. That strategy will cost over $1m to develop and is set to begin implementation next year after the city’s Economic Development Plan 2012-2031 highlighted the importance of digital technologies to long-term growth in the region. Newly appointed chief digital officer Kieran O’Hea is driving the city’s efforts to boost technology uptake in the region and fill out Brisbane’s technological nous. Efforts to identify and engage business ‘champions’ will see 25 early technology adopters identified during a large-scale survey of some 500 businesses’ use of digital technology. BCC will offer consultancy services to help those organisations fill out their own digital strategies as it ramps up its own efforts to stimulate growth by encouraging the adoption of digital technologies of all sorts.
Govt disclosure survey shows agencies’ broad IPS compliance A survey of government Information Publication Scheme (IPS) compliance has delivered “pleasing” results to the Australian Information Commissioner (AIC), Prof John McMillan, after it was found that the majority of surveyed agencies had published a formal IPS Plan. Some 191 of 245 agencies responded to the survey, which was designed to measure compliance with a policy introduced on 1 May 2011 that mandated agencies to publish a range of disclosure-related information and documents on their Web sites. Agencies must address a number of planning steps including publication plans, internal governance arrangements, community consultation, and a review of the IPS’ operation within five years of its commencement. The new survey reflects the first of two planned audits into the scheme’s effectiveness. The survey found that nearly all agencies have published their IPS plan; over 85 percent publish the required categories of information on their Web sites; 94 percent publish operational information explaining how they make decisions that affect members of the public; and 93 percent have appointed a senior officer to manage IPS compliance. The full report is available at bit.ly/MBJf9G.
Government security body holds first exams The first candidates for the Commonwealth government-backed CREST Australia security certification sat their exams at the end of September, heralding a new standard in application and infrastructure security. The introduction of the CREST (Council of Registered Security Testers) certification was announced in March, borrowing from the fouryear-old British Council of Registered Security Testers certification. The British standard has been adopted by UK government peak information-security
body the Communications-Electronics Security Group, while CREST was brought to Australia with the blessing (and funding) of federal Attorney-General Nicola Roxon. The examinations are intense and consist of two primary areas. Infrastructure Certification Examination assesses candidates’ ability to conduct operatingsystem security assessments, while the Web Application Certification Examination evaluates their ability to find vulnerabilities in online applications.
CREST certification will finally give private and government companies an enforceable, meaningful attestation of the capabilities of contractors they engage for security-related matters. See www.crestaustralia.org.au for more information.
Australia may adopt NZ cloud code of practice There are indications that the National Standing Committee on Cloud Computing (NSCCC) will endorse a derivation of a New Zealand industry code of practice that facilitates the process by which cloud providers describe and market their capabilities. First released in May, the New Zealand Code of Practice for Cloud Computing – known as ‘CloudCode’ (www.nzcloudcode. org.nz)– is an initiative by the Institute of IT Professionals and has the support of financial contributors including Xero, Gen-I, Equinox, Google, Salesforce.com, InternetNZ and other bodies. Its goal is to boost trust in cloudcomputing offerings, with seven key guiding principles including not reinventing the wheel; consistency with global practice and
8 | GTR SEPTEMBER 2012
standards; a research-based, non-arbitrary approach; facilitation of development with wide consultation; preference for a consensus-based result; clear separation between governance of process and development of code; and compliance and assessment. Compliance is voluntary but those who comply will do so with the attestation that they have met a minimum definition of what ‘cloud’ services are; offer public disclosure statements and promotion of the code; not market services as ‘cloud’ unless they meet minimum definitions; be registered on a public register of compliant cloud providers; use standardised nomenclature to describe services like backup, SLAs, geographic diversity, and other terms.
Media reports have suggested NSSCC is set to endorse a largely derivative version of CloudCode in Australia – raising concerns by some that the move could parochialise cloud definitions within Australasia even as similar global bodies work on far more comprehensive service-definition frameworks. For example, earlier this year the University of Melbourne, National Australia Bank, defence supplier Lockheed Martin and other local organisations highlighted the progress of the 300-strong Open Data Center Alliance (ODCA, at www.opendatacenteralliance.org) in defining business-oriented ‘usage models’ that specify specific constructs and behaviours for cloud providers. Download the code from nzco.mp/cloudcode.
US cloud-data powers overstated: Microsoft Concerns that the US government can arbitrarily access Australian organisations’ data – a widely-cited fear of many would-be cloud adopters – are incorrect, Microsoft technical evangelist Rocky Heckman told attendees of the company’s recent Tech.Ed technical conference. “People think, and governments have been accused of mis-assuming this, that there is a law that says you cannot host data outside of Australian territorial boundaries,” he is reported as saying by industry journal ZDNet Australia. “There isn’t one – that law does not exist.” It’s not the first time Microsoft, which has spruiked its Azure platform-as-a-service (PaaS) offering to governments and commercial organisations worldwide, has come out swinging against perceptions about data sovereignty.
Microsoft, which delivers Azure-based applications to Australian customers from a facility in Singapore, has been staring down the barrel of Australian data sovereignty debate for some time but has so far not set up an Australian data centre to extend Azure here. Despite Microsoft’s assurances that data sovereignty is no issue, many Australian government organisations retain their concerns. “The cloud as a black box is probably not going to happen for a very, very long time in health,” NICTA health business systems team leader Dr Leif Hanlen told a recent big-data conference in Melbourne, responding to a question about whether government-backed e-health systems would ever embrace cloud models.
“The simple problem in health data is that it’s not allowed to leave the country. And you couldn’t realistically force a cloud supplier to build a data centre in Canberra or some other state.” Heckman, for his part, argued that Australian cloud providers don’t even have to notify customers if they hand over customer information to the police or other legal organisations – and said they can “volunteer that information if they suspect you may be naughty.” “The US doesn’t even let you do that,” he added, noting that US authorities require a court order that can only be facilitated, not suborned, by the Patriot Act. “This whole thing about data sovereignty is largely perception: we need to get over the perception we have a data-sovereignty problem.”
GTR SEPTEMBER 2012 | 9
it’s coming for YOU! Story by Beverley Head
10 | GTR SEPTEMBER 2012
“If you talk to the average executive in the public sector, their general reaction is the cloud is evil, immoral and dangerous.” It may be taking the private sector by storm, but cloud computing’s adoption by government bodies has been victim to the stricter governance and risk-management frameworks they live by. However, that doesn’t mean government is shunning the cloud completely; as Beverley Head finds, in some parts the clouds are already settling in.
When NSW Trade & Investment announced in July that it had signed a three year $14.5 million deal with SAP for a cloud based services, expected to deliver $12.5 million worth of savings each year, it heralded a new era in government cloud computing. Here was an agency prepared to hitch its computing cart to a third party cloud located in Germany – and to set a savings goal. NSW’s cloud perestroika was hinted at in May with the release of the State Government ICT strategy in which NSW CIO Michael Coutts-Trotter noted governments’ relative lateness to the cloud compared to the private sector. That, however, was ending, he said as NSW embraced cloud to “drive cost efficiencies and free up resources to be targeted at new and better services for citizens and business.” It’s hard to think of any level of government in Australia that can afford to overlook such promise. Federal government has taken some tentative cloud computing steps: the Australian Electoral Office used a Fujitsu cloud for its tally room in the 2010 election; the Department of Finance hosts data.gov.au in Amazon’s cloud; and the Australian Maritime Safety Authority uses a Salesforce.com cloud to manage shipping information. The Feds’ main cloud contribution, however, has been thought leadership. In 2011, the Defence Signals Directorate released Cloud Computing Security Considerations, essentially a cloud checklist for public sector organisations. In August, the Australian Government Information Management Office (AGIMO) released an update of its guide A Strategic Approach to Cloud Implementation, intended to help agencies develop and implement cloud solutions. It also released the final version of its community cloud governance report and, in October, is expected to release its list of approved Data Centre as a Service (DCaaS) providers for contracts up to $80,000. To roughly précis their contents: agencies can use clouds where they provide value for
money and adequate security, but overseas clouds should be avoided for anything other than publicly available information. Dr Steve Hodgkinson, Ovum’s research director for IT in Asia Pacific, still maintains that “if you talk to the average executive in the public sector, their general reaction is the cloud is evil, immoral and dangerous. Evil because it’s unproven, immoral because it’s often offshore and dangerous because of the privacy and security.”
Toes in the water Rather than worrying about what might happen, he thinks public sector organisations should just dip their toe in the cloud and get started. It’s what the states are doing, he says: “The Department of Business and Innovation in Victoria used Salesforce.com (for grants administration) and delivered on schedule and ahead of budget. They weren’t comfortable that the data was offshore but they decided to work the conundrum.” A former deputy CIO of Victoria, Hodgkinson says that contrasts sharply with his experience of trying to build a grants administration system for the state. “That cost $10 million, took three or four years to deliver and there was one application which is barely used. Now in less than six months they absorbed all the grants administration into Salesforce.” “It shouldn’t come as a surprise to anyone – Salesforce is a shared service shared by 100,000 organisations around the world – there are no security issues and they have access to a platform which is functionally developing in an iterative fashion.” Hodgkinson says the Victorian implementation is at one level an example of world’s best procurement practice. Fujitsu’s general manager of cloud, John Kaleski, says that there’s a typical hierarchy of cloud adoption for new users. “Typically our customers look at putting their low risk workloads to the cloud – test and development – pure infrastructure as a service,” he explains.
GTR SEPTEMBER 2012 | 11
“In states, the interest is pretty universal, while in federal it’s around the smaller agencies where the budget constraints they are under are quite significant.”
“Once they feel comfortable then the look to leverage more software, or productivity as a service then it’s management as a service, then mobile device management.” Dave Hanrahan, general manager of cloud services for Dimension Data, agrees with Ovum that the states are leading the charge to the cloud. “In states, the interest is pretty universal while in federal it’s around the smaller agencies where the budget constraints they are under are quite significant.”
12 | GTR SEPTEMBER 2012
Parochialism or concern? Local government, on the other hand, appears to be lagging: “Although they are at one level most in need, they don’t want to be first,” Hanrahan says. Hodgkinson agrees: “Local government are the tier of government that can most benefit but paradoxically are having the least to do with cloud – why is still something of a mystery.” One barrier in the past may have been the lack of specialist local government focussed software offered as a service, although some is now emerging. In August, for example, GovCloud – which was set up by the Local Government Association of Queensland (see page 16) – announced that it had rolled out a cloud based solution for five local Governments in response to the Natural Disaster Resilience Program funded by the Commonwealth and Queensland Governments as a response to the 2011 floods and cyclones which cut off communications at a local level. There are other examples of local councils embracing the cloud: Logan City Council is exploring how to put its infrastructure data into an accessible cloud; Open Windows is running cloud based contract lifecycle management with a handful of local councils; and the Torres Strait Island Regional Council has opted for an Infrastructure as a Service cloud solution from Telstra. However, in the main the states are still the prime movers on cloud. Hanrahan says there are a number of requests for state cloud proposals currently in the market.
He acknowledges, however, that the states can also prove fiercely parochial about the cloud. “In Queensland there is very much a desire to keep all ICT in the state where that is possible,” he says. It’s the same in Western Australia, adds Fujitsu’s Kaleski. “Typically state governments are quite parochial. I would say WA is possibly the most parochial about having their data on this (Perth) side of the Nullarbor.” In August Fujitsu, which has had an Australian instance of its cloud service available since 2010 from two Sydney data centres, announced plans to host an instance of the cloud in Western Australia. The company has had a lot of interest from the WA government, according to CEO Mike Foster. “We were at the stage where there was demand but no volume,” he explains. “Now we have demand and volume. The reason the local cloud was successful is that they want to use the cloud’s elasticity – but they want to know where their data is. We’ve sold that hard.” Rackspace, which in August announced it would offer a locally based version of its cloud services, also stresses the data sovereignty issue, saying that government and financial services want locally based services. The company’s general counsel, Alan Schoenbaum, also made an extraordinary commitment given the strength of the US Patriot Act, explicitly saying that “Rackspace will not transfer customer owned data from our Australia data centre to a law enforcement agency of another country (including the United
States) without a customer’s consent unless it is compelled to do so by Australian law.”
Jurisdictional control Data sovereignty and privacy are core issues for the public sector as under national and state recordkeeping legislation public sector agencies must keep tight rein on their data. The National Archives has issued a paper covering records management in the cloud, as have some of the states. Amanda Barber is manager of government recordkeeping at State Records NSW and says that all jurisdictions considering a move to the cloud need to understand the need for common platforms, common services, common applications and a standard approach to information management in a well regulated environment. Without this even more inaccessible information silos could be generated in clouds. Technically it’s illegal to store a NSW State record outside of NSW (a record is defined very broadly as evidence of a transaction). But aware of the cachet of the cloud, State Records developed a framework which allows agencies to sign up for cloud as long as proper information governance and strategies are in place, and contract terms and conditions are appropriate and well managed. Kate Cumming, project officer for NSW government recordkeeping, believes that the approach will eventually improve information governance. “People keep assuming that we can push information to the cloud and run Google over it but we can’t. We need to be strategic about the data we are keeping.” She adds that agencies need to understand the need for information sustainability and
discoverability, and how information might be recovered if a cloud contract lapses. “People think it’s simple but it’s not,” she says. Jo Stewart-Rattray, Melbourne based international vice president of IT governance organisation ISACA, says public sector organisations need to know what jurisdictional control their information will be subject to, where it will be held, who their cloud co-tenants might be, what protections will be in place, and how data will be backed up. “All of that is heightened in government.” In August, ISACA released a report on cloud computing return on investment and last year released IT Control Objectives for Cloud Computing, intended to help mitigate risk associated with the move to the cloud. Barber and Cumming say that they don’t want to inhibit cloud computing; both can see the benefits, especially during government reshuffles. At present reworking agency data when the agency is reformed can be “horrifically complex” according to Cumming. If data was held in one cloud based location, it could be simpler to implement change says Barber. Cloud based information could also radically change the sorts of services that could be provided to citizens or residents. Dimension Data’s Hanrahan expects that many citizenfacing services – which have been challenging to deliver because they have always had to be scaled to handle massive potential demand from day one – could be developed in the cloud and scaled in lockstep with demand. It’s scale and sovereignty issues that make Federal government slower to embrace cloud, according to Steve Hodgkinson. The states are often more desperate and less well-resourced, he argues, which has driven them to the cloud earlier.
“The feds have a greater capacity to do it themselves. Look at Centrelink, which is a successful and robust ICT shared service that performs miracles when required. I don’t really have faith that the cloud will get any sort of traction in those mission critical heavyweight environments. But that’s not the sweet spot for cloud services anyway – the sweet-spot is in more commoditised markets.” Scott Wallace, acting first assistant secretary in the policy and planning division of AGIMO, says cloud is essentially a new service model, and a procurement decision for agencies. “Cloud provides opportunities in terms of greater flexibility and service provision, and can be faster to develop and can lead to cost savings,” he says, but notes that for any agency “ultimately it’s a decision based on a business need.” Ricardo Centellas, OFM sales consulting director for cloud platforms at Oracle, says that it is the communities, or cloud clusters, that are generating most interest in the federal public sector. Wallace says community clouds will exist where there are common business needs, but also notes that there will continue to be “robust debate” about what is truly a community cloud, and what is merely “cloud-like.” Semantics aside, it is the pragmatic requirements that will dictate how and when public sector organisations migrate to the cloud. The Department of Education, Employment and Workplace Relations, for example, is working on a whole of government parliamentary workflow solution that will be provided to 40 agencies, which has some cloud characteristics. While purists may baulk at describing the solution as true cloud, it’s an approach that should deliver benefits – and for cloud that’s the bottom line.
compliments of GTR magazine
Fill out the GTR Readership Survey and you could win a 16GB WiFi iPad 2. Go to www.govtechreview.com.au and click on the ‘Win an iPad2’ banner. Terms & Conditions apply
GTR SEPTEMBER 2012 | 13
CLOUD ANATOMY back up
A N A T O M Y
C L O U D
D E A L
NSW Deputy Premier and Minister for Trade & Investment, Andrew Stoner, has described his department’s cloud computing deal with SAP as a “potential model for other agencies.” Certainly it’s going to be one of the highest profile cloud deployments in the public sector. Government Technology Review asked David Kennedy, the Department’s chief information and chief technology officer about the initiative. Q: Why cloud? A: This innovative approach will take less time to implement, reduce the need for investment in new hardware and better position NSW Trade & Investment for disaster recovery and future departmental realignment. Q: What about the challenges associated with data sovereignty and security? A: Data and information control and security were of paramount importance and consideration with regards the chosen solution. SAP follows operating best practices for data centres and data control which includes compliance with internationally recognised regulatory compliance certifications, including: SAS-70 Type II Audit, SSAE 16 Type II Audit, ISAE 3402, ISO 27001. The concerns in relation to offshore holding and processing of our data were assessed and managed as part of our overall risk based evaluation. Data contained within the ERP system is not classified or protected and the most sensitive information was identified as staff payroll and HR related data. Sensitive HR / Payroll data is held exclusively in Australia, with only a subset passed to the foreign data centre sufficient to allow full function. Foreign hosted data with SAP in Germany is subject to EU Data protection directives and is not hosted in the US or by a US parented entity. All tender responses with foreign hosting components were required to address repatriation of data both on a routine ongoing basis and at end of contract. Q: What about the benefits? A: This new single integrated enterprise resource planning system will be the backbone for finance (including budgeting, accounting, assets and reporting), purchasing and procurement, human resources (including leave management) and payroll for the organisation. The scope of the project is to consolidate four existing SAP ERP installations and multiple Aurion instances across multiple agencies and transaction processing centres into a new single integrated enterprise resource planning system. While we have committed to a very demanding timetable in terms of delivery, the solution will be operational by December of this year. Q: How will you roll this out? A: The transition and consolidation project is underway, the project will be completed in two parts, with initial consolidation of the core agencies (Former Industry and Investment NSW, Office of Water, Marine Parks Authority, Crown Lands, Arts NSW, Destination NSW, Food Authority, Office of Liquor, Gaming and Racing, Independent Liquor Gaming and Racing Authority, Soil conservation services) within the department on to the platform by the end of this year. The other NSW Trade & Investment cluster agencies (the cultural institutions – NSW Art Gallery, NSW State Library, Australian Museum and Powerhouse Museum) will be on board by June 2013. Q: How might cloud impact the sorts of services you are able to provide (both internally and to your external clients)? A: Although this SaaS solution is an internally focused system, we will be able to provide improved self service capability for all our staff located in over 220 offices throughout NSW. The integrated functionality with mobile devices will enable staff who often work out on the field to be fully connected and functioning. It will facilitate our staff being able to deliver better services to clients. The identified savings from this initiative will enable government to reallocate those resources to front line service delivery.
14 | GTR SEPTEMBER 2012