JavaScript disabled. Please enable JavaScript to use My News, My Clippings, My Comments and user settings.

If you have trouble accessing our login form below, you can go to our login page.

If you have trouble accessing our login form below, you can go to our login page.

Trans-Tasman cloud philosophies oceans apart

Date

Mahesh Sharma

Different cloud procurement strategies.

Different cloud procurement strategies. Photo: Karl Hilzinger

The Australian and New Zealand governments are poles apart when it comes to cloud computing policy, with one prescribing centralisation, the other leaving it open for agencies to buy hotchpotch services from anyone.

The ideological differences go to the heart of the argument between economies of scale and centralised control, and potentially impact on data sovereignty.

The Australian Government Information Management Office (AGIMO) recently announced a data-centre-as-a-service procurement strategy (DCaaS), as part of a broader strategy which adopts a whole-of-government approach to save $1 billion over five years.

After a consultation process that started in November 2011 and involved 34 companies, the government concluded that a panel arrangement, where a lead agency is responsible for all government purchasing, would not provide agencies with the flexibility and agility needed to take advantage of new services as they become available.

Instead of a whole-of-government approach, the DCaaS strategy simplifies the process for suppliers to participate in the procurement process by using a standardised agreement and "template quotations", as well as a standard, post-delivery approval process. Importantly agencies can acquire services under $80,000 and/or 12 months without going to tender. This aims to remove "risk exposure" and the need for complex contracting and legal arrangements.

The aim is to empower agencies and suppliers to have better control of their technology purchases by removing the barriers that prevent the take-up of new technologies. The move met with support from the majority of suppliers and industry stakeholders, according to comments on the AGIMO website.

However, the new strategy will create a mess as agencies select a range of cloud providers, according to Datacom director Mark McWilliams.

"What happens then when the government wants to take advantage of things like collaboration, so they want to federate their [Microsoft] Lync link servers to make everything talk to each other, or to start using collaboration websites, like SharePoint or other tools," McWilliams said.

"If you've allowed all these small enterprises to just cast their stuff into the cloud wherever they like, then that job becomes virtually impossible."

"Not to mention the fact that if you've got these little tiny islands of compute all over the place, I think overall you're bound to be paying more than if you consolidated into a few suppliers."

He said the Australian government also risks losing control over data if an agency used a "cloud service broker", someone who hires cloud computing capacity from a distributor or wholesaler, he said.

"Some people are talking about cloud service brokers and how they're a really cool idea, I think it's a shit idea."

"That [broker] actually might then have their cloud hosted in a data centre which isn't theirs. Now you have a government agency interacting with an organisation who buys off a distributor, who buys off wholesaler, who buys critical services off a data centre provider.

"Now what's say the data centre provider doesn't get paid by someone along the chain, what does the government do, what recourse does the government have to walk in and get their data back? That's what people aren't thinking about."

Datacom, IBM and Revera were selected for a whole-of-government agreement to provide cloud computing services to New Zealand public services agencies late last year, and McWilliams said the centralised model means the government is always aware of where the data is hosted.

However, there are problems with the centralised model, according to Diversity Analysis principal Ben Kepes, who believes that it forces governments to choose between data sovereignty, or the benefits of economies of scale.

He said locally based services for one major customer can't match the cost efficiencies that can only be achieved by managing a large number of customers from around the world as does Amazon Web Services for example.

"[The New Zealand Government] is doing it because it wants to secure benefits, economies of scale in terms of whole-of-government contracts which is a great aim but one of the requirements is data be domiciled locally," Kepes said.

"I'd suggest that's a throwback to a traditional regulatory approach and unnecessary and unhelpful in a cloud age where it's all about gaining economies of scale and vendors in NZ in particular, but even in Australia, arguably don't have the scale to drive those economies."

"It's a tension between where is my data and how much efficiency can this new technology bring."

The Australian Defence Signals Directorate (DSD) recommends against outsourcing IT services and functions offshore, unless agencies are dealing with data that is publicly available.

It "strongly encourages" agencies to choose either a locally-owned vendor or a foreign-owned vendor that is located in Australia and stores, processes and manages sensitive data only within Australia, according to its Cyber Security Operations Centre Initial Guidance, April 2011.

It notes that "foreign-owned vendors operating in Australia may be subject to foreign laws such as a foreign government's lawful access to data held by the vendor".

twitter   Follow IT Pro on Twitter

14 comments so far

  • Its appalling that the Australian government is looking to outsource OUR data to the lowest bidder..

    I once worked for an IT company in Canada that lost a contract because they dared to host network monitoring and administration in another province (located in Canada BTW) ...

    There is a lesson there to be learned.

    Anyone with any idea of technology knows that there is no security in the cloud and this joke of a government thinks that they can outsource responsibility to a third party COMMERCIAL enterprise.

    Gawd help us we're all screwed!

    I know, maybe they can outsource all of Canberra to Bangalore... maybe we will get a budget surplus then.... maybe...

    Commenter
    Bill Gates
    Location
    Melbourne
    Date and time
    May 03, 2012, 3:56PM
    • "Anyone with any idea of technology knows that there is no security in the cloud"

      I disagree Bill, and I am someone who works in the business of securing your data in the cloud.

      In fact , this new approach gives us a great opportunity to bake security into the underlying platforms and operational processes. Most organisations that hold your data - Banks, Telcos, Medical Practices - are focused on their core business. Security is something important to them, but it's not their primary concern.

      Cloud platform providers, on the other hand, are entirely focussed on key operational practices such as capacity planning, change management, release management and security. That's all they do, and their business lives or dies by how good they are at it.

      I would rather have my data kept in this type of environment than a pot luck approach of trusting some random Canberra public-servants-for-life to remember to apply security patches to the server every month.

      Commenter
      iWestie
      Location
      Sydney
      Date and time
      May 04, 2012, 8:45AM
  • As a software builder, to me some of the developing cloud services are fantastic. Instead of waiting months for a cluster of load balanced servers to be configured (often to find them incorrectly configured) at huge expense, I can now tick a box in the cloud and within 60 seconds get an auto-scaling, load balanced Tomcat cluster with redundant database, for next to nothing and with better and more fine grained security controls than most installations. Governments should be using this to save a bucketload of money.

    Commenter
    Cloudman
    Location
    CBD
    Date and time
    May 03, 2012, 4:03PM
    • Cloud computing zealots are really starting to annoy me. Sure Cloudman, there might be some cost savings and convenience benefits of using the cloud - but you've completely ignored any of the data sovereignty issues that are yet to be resolved. Have you forgotten about the US data centre that was closed by the FBI because one of the DC customers was a spammer? It took weeks for some of the other customers to get back up and running. How about you sit down, take a deep breath, and realise that the cloud is fantastic for many applications and customers - but it is not perfect in every situations.

      Commenter
      The Badger
      Location
      Newcastle
      Date and time
      May 03, 2012, 5:12PM
    • if so, Cloudman, why do I read that the majority of companies are still hesitant about trusting their valuable and sensitive data to an unknown cloud 'security' ?

      Plus the network load factor of trying to run high volume transactions or such, or backup large volumes to (and more critically - Recover from) the Cloud ...

      Commenter
      Frank
      Location
      Sydney
      Date and time
      May 03, 2012, 9:09PM
    • Agreed. The idea that "there's no security in the cloud" is based on the assumption that your in-house security muppets are somehow more capable than those of your cloud provider. I'd argue that in a majority of cases that's untrue.

      Commenter
      uhuh
      Location
      Here
      Date and time
      May 04, 2012, 9:09AM
  • Can you apply blue-sky thinking to cloud computing???

    Commenter
    camtully
    Location
    Canberra
    Date and time
    May 03, 2012, 4:24PM
    • Ben Kepes doesn't know what he's talking about. Not surprising given that he appears (google) to be Just another blogger with an opinion. Dunno how they get column inches. The only way to use cloud services from a govt. perspective is to ensure the provider is an Australian owned cmpany with the aa hosted locally using a .com.au address pattern. Anything else leaves you open to either a Megaupload or Bodog style outage over which you will have no control. You can't even use IBM. US companies are subject to the patriot act worldwide and are required to hand over any data under their control on request and without judicial oversight or notifying the data owner of the request. Only a certifiable CIO would accept that risk just to save a few pennies.

      Commenter
      Nicho
      Location
      Sydney
      Date and time
      May 04, 2012, 6:54AM
      • @Bill Gates: No security in the cloud? I bet Google (Google docs/Google drive) and Microsoft (Office 365/skydrive) are a hell of a lot more secure and safe than most organisation's internal servers...

        Commenter
        Stratus
        Location
        Geelong
        Date and time
        May 04, 2012, 9:02AM
        • We are just about to sign on with a cloud host and our requirement was for all data to be stored in Oz, so our clients are protected under Australian Privacy Laws that are some of the best in the world.

          Commenter
          yatalaboy
          Location
          Gold Coast
          Date and time
          May 04, 2012, 9:30AM

          More comments

          Make a comment

          You are logged in as [Logout]

          All information entered below may be published.

          Error: Please enter your screen name.

          Error: Your Screen Name must be less than 255 characters.

          Error: Your Location must be less than 255 characters.

          Error: Please enter your comment.

          Error: Your Message must be less than 300 words.

          Post to

          You need to have read and accepted the Conditions of Use.

          Thank you

          Your comment has been submitted for approval.

          Comments are moderated and are generally published if they are on-topic and not abusive.

          Featured advertisers