DTA on discovery to cloud strategy

The DTA (Digital Transformation Agency) is developing a cloud computing strategy to ensure that governments adopt cloud by default.

Image: George Thomas/flickr

Currently, government agencies can choose how and where they use cloud technology, but to date, cloud adoption has been low.

Cloud has a lot to offer government. Greater flexibility in computing and storage capacity, cost savings and convenience are just a few potential benefits.

To ensure government is making the most of these benefits, the DTA is developing a whole-of-government secure cloud strategy to help agencies adopt cloud by default.


Most of us use cloud services, whether we realise it or not. We use cloud to contact friends and to share stories, images and news through social media and we use cloud storage services to store our data and information from computers and smartphones.

Cloud offers the convenience of accessing computing services as we need them, via the internet.

For many organisations, adopting cloud services requires different skills and a major change in culture. For government, adopting cloud services could reduce costs, lift productivity and deliver better services. For example, we may reduce costs by being able to use ready-to-go cloud-based applications and provide a better user experience through more cohesive government services.

Cloud can also make it easier for us to share resources and capabilities.This could lead to less ‘reinventing the wheel’ and increase our ability to share improvements in business processes and systems.

Cloud provides government with the opportunity to develop and use shared platforms and capabilities that can benefit everyone.

What is ‘secure cloud’ for government?

Secure cloud is a term we use for services able to meet the privacy and security requirements for critical government systems. It means that government can use cloud with confidence. This is important because government agencies have often faced challenges adopting cloud for services handling sensitive information.

Investing in cloud services isn’t new for government. Current government policy requires agencies to consider cloud solutions as a priority when rolling out or replacing ICT infrastructure, applications or services. For government to get real value and efficiencies from using cloud we need to go further to ensure government has the skills, knowledge and confidence to manage secure cloud services.

The Australian Signals Directorate recently certified two cloud service providers to store classified information. This announcement provides agencies with more options to use cloud storage in a secure way and in line with government policies. Another nine providers are already certified to store sensitive information that is not categorised as classified. As more cloud providers enter these markets, the opportunities for government to adopt cloud solutions will increase, as will the market opportunities for providers of cloud services.

Where are we at now?

A review of the 2016 eCensus identified a number of possible barriers as to why government has been slow to take up cloud services. These include fear of breaching privacy obligations, low comfort managing risk, and an immature understanding of cloud. Instead, agencies have tended to rely instead on having a physical presence in data centres, which is less flexible and potentially more costly than cloud.

The review argued that cloud computing could be used in both the public and private sector to improve cyber security, particularly for small organisations. The review has prompted government to look at ways to improve agency understanding and uptake of secure cloud and take advantage of the benefits this may bring.

What next?

The DTA has started Discovery to develop the evidence base for a secure cloud strategy. At the moment it is undertaking user research and analysing business needs across government.

In developing the strategy, the DTA will also be consulting with agencies, industry and key policy stakeholders. This consultation is to identify the key outcomes, services and features government needs from cloud. It will find out what isn’t working and what are the perceived barriers to cloud, which will help shape the strategy.

When complete, the strategy will provide opportunities for increased whole-of-government adoption of cloud technologies and reassure agencies that cloud services are robust, reliable and secure.

The strategy will make it easier for agencies to decide when to adopt cloud and what combination of cloud and traditional ICT best meets their business requirements.

Getting the right balance of cloud and non-cloud offerings is equally important. Many government systems use bespoke solutions, which agencies have maintained and developed for many years. It won’t be a case of one-size fits all, and the strategy will allow for this.

The DTA will also focus on capability development to ensure agencies are better supported to assess the benefits and risks of delivering cloud-based ICT solutions. This will help inform the DTA’s own assessments on behalf of departments and agencies to ensure the consolidation of government platforms and uptake of cloud services provides the best outcomes for government.

The DTA expects to release the strategy later this year.

Andrew McGalliard is the Director of ICT strategy and policy at the Digital Transformation Agency.

This article was originally published by the Digital Transformation Agency.

From Moscow With Love, Kaspersky finalises move to Zürich

| ICT | No Comments
The great migration, capping off 2020 with a crossborder bang for cybersecurity.

Jump Forward to new podcast series from GovNews!

| ICT, Jump Forward | No Comments
Listen for FREE for our latest talks on the latest issues relating to government.

Meet the game-changing women fighting the war on waste

| Local, Sustainability | No Comments
Local government's frontline of committed waste warriors.
Cybersecurity firm Kaspersky will open a new Transparency Center in Malaysia inviting governments and companies to inspect source code for greater trust.

Source code inspection means trust in cybersecurity

| ICT | No Comments
Inviting governments to review the nitty gritty.