The Australian Government has released its new cloud strategy replacing a policy developed in 2014.
The Secure Cloud Strategy, which focuses on helping government agencies use cloud more easily, is the result of collaborative work in 2017 by government and industry.
The Government will use the new strategy to prepare agencies for the shift away from on-premise infrastructure and to cloud.
The Government's initiative will support agencies through their transition to cloud, while guiding them past a “number of factors can get in the way of agencies realising their cloud aspirations,” like stubborn operating models and lack of knowledge and experience.
The key initiatives of the strategy are:
No one-size fit all
Agencies develop their own cloud strategies to suit their own needs.
Agencies will use strategy as a starting point to produce their own value case, workforce plan, and best-fit cloud model and service readiness assessment.
Cloud implementation will be guided by 7 cloud principles:
- Make risk-based decisions when applying cloud security
- Design services for the cloud
- Use public cloud services as the default
- Use as much of the cloud as possible
- Avoid customisation and use cloud services as they come
- Take full advantage of cloud automation practices,
- Monitor the health and usage of cloud services in real time.
Move towards an appropriate, layered certification model
The Government's strategy will see a layered Cloud Certification Model created which will see greater opportunity for agency-led certifications, rather than just ASD certifications.
This will create a layered certification approach where agencies can certify using the practices already in place for certification of ICT systems.
Service procurement will be aligned with ICT Procurement Review
As cloud services move more rapidly than services available through panels traditionally do, the recommendations in the ICT Procurement Review align well with creating a better pathway for cloud procurement.
Clarify cloud system requirements with a common assessment framework.
An assessment framework and cloud qualities baseline will be introduced to clarify requirements.
A Cloud Responsibility Model
The strategy will develop contracts that clarify responsibilities and accountabilities of cloud providers to address unique cloud risks, follow best practices and maintain provider accountability.
Cloud knowledge collaboration platform
As a part of the strategy, the Government will develop a platform to share knowledge and expertise of cloud products and services.
The platform will enable secure sharing of cloud service assessments, technical blueprints and other agency cloud expertise, to iterate on work already done rather than duplicating it.
Cloud skills uplift programs
The Government will focus on building cloud skills and expertise within the Australian Public Service (APS) through existing and new programs.
Common shared platforms
The Government will explore and develop shared platforms that can be used by multiple services and reduce duplication, including:
- Federated identity for government to enable better collaboration in the cloud.
- A platform for PROTECTED information management to reduce enclaves in agencies, and continue to iterate cloud.gov.au as an exemplar platform.
- Service Management Integrations services to enable agencies to manage multi provider services.
View the entire strategy here.