The NSW Government has mandated that agencies evaluate cloud-based services for new IT procurements under its newly-released and long-awaited cloud policy.
The policy stance aligns NSW with the Federal Government, which handed down its own cloud strategy earlier this year. The National Cloud Computing Strategy similiarly requires federal agencies to include cloud options in their shortlist for new IT procurements.
But it stops short of the type of ‘cloud-first’ policy adopted in Queensland and endorsed by the Federal opposition, which demands that cloud-based bids for IT work be selected by default.
Cloud computing has been at the forefront of the state’s IT agenda ever since it handed down its technology strategy in May 2012.
This latest addition to its suite of directives will leverage other IT reforms already carried out in NSW, like the opening of two new purpose-built data centres which will house a government private cloud and IT service catalogue.
New Finance and Services Minister Andrew Constance is aiming for the document to be "used by decision makers to drive innovation, efficiencies and deliver better outcomes when entering into arrangements with suppliers of IT services”.
However it does not shy away from the challenges inherent to such a service delivery transformation – and pleads with agencies to properly prepare.
“Adoption of a cloud service should be viewed as part of larger business re-engineering project, rather than as a purely IT-related project.
“Early engagement across the agency on the change implications of transitioning to an as-a-service model will allow agencies to more easily take advantage of associated opportunities to improve business efficiency,” it advised.
Agencies with predominantly legacy application environments, for example, should understand that the introduction of cloud services has the potential to increase the complexity of this landscape rather than reduce it, the policy stated.
And a significant reorganisation of agency balance sheets also needs to be taken into account.
“Cloud solutions are provided as a service and funded by recurrent operating expenditure, and do not typically require capital investment,” it said.
“The cloud model packages into the service cost many of the indirect costs associated with IT investment, and may increase the apparent cash flow requirements for day to day operations.”
The policy also clarified the Government’s stance around the legality of third party hosting within the framework of the public sector’s unique information protection obligations.
Privacy legislation strictly outlaws the disclosure of citizen information to a cloud service provider, but from the government’s perspective if the provider “simply holds the data and acts according to the instructions of the agency, then disclosure will not be considered to have occurred”.
However, “if the cloud service provider is asked to perform some action on the personal information which they had previously only been storing” this could raise issues, the policy said, warning that contractual arrangements need to be watertight when it comes to level of access it authorises.
The policy will be up for review in 12 months time.
