The NSW Government has instructed that agencies should evaluate the cloud-based services for new IT purchases under the newly-released and long-awaited cloud policy. The policy aligns NSW with the Federal Government, which passed down its own cloud strategy earlier this year. The National Cloud Computing Strategy similarly needs federal agencies to include cloud options in their list. However, it stops short of the type of ‘cloud-first’ policy adopted in Queensland and endorsed by the Federal opposition, which demands that cloud-based bids for IT work be selected by default.
Cloud computing has been at the major issue of the state’s IT agenda ever since May 2012. This latest addition to its suite of directives will leverage other IT reforms already carried out in NSW, like the opening of two new purpose-built data centres which will house a government private cloud and IT service catalogue.
The New Finance and Services Minister, Andrew Constance, is aiming for the document to be “used by decision makers to drive innovation, efficiencies and deliver better outcomes when entering into arrangements with suppliers of IT services”. However, it does not eschew from the challenges inherent to such a service delivery transformation and pleads with agencies to properly prepare.
“Adoption of a cloud service should be viewed as part of larger business re-engineering project, rather than as a purely IT-related project. Early engagement across the agency on the change implications of transitioning to an as-a-service model will allow agencies to more easily take advantage of associated opportunities to improve business efficiency”.
Agencies with predominantly legacy application environments, for example, should understand that the introduction of cloud services has the potential to increase the complexity of this landscape rather than reduce it, the policy stated. And a significant reorganisation of agency balance sheets also needs to be taken into account.
“Cloud solutions are provided as a service and funded by recurrent operating expenditure, and do not typically require capital investment. The cloud model packages into the service cost many of the indirect costs associated with IT investment, and may increase the apparent cash flow requirements for day to day operations.”
The policy also clarified the Government’s stance around the legality of third party hosting within the framework of the public sector’s unique information protection obligations. Privacy legislation strictly outlaws the disclosure of citizen information to a cloud service provider, but from the government’s perspective if the provider “simply holds the data and acts according to the instructions of the agency, then disclosure will not be considered to have occurred”. However, if the cloud service provider is asked to do “some action on the personal information which they had previously only been storing”, this could raise issues, as the policy said, “warning that contractual arrangements need to be secured” when it comes to a level of access it authorises.
The policy will be reviewed in 12 months.