Final Release: A Guide to Implementing Cloud Services
- 19
- Sep
In August, I released the draft A Strategic Approach to Cloud Implementation: An Australian Government Perspective for public comment. We have incorporated your feedback into the guide and now release the final version A Guide to Implementing Cloud Services at the link below.
The guide is designed as an aid for experienced business strategists, architects, project managers, business analysts and IT staff to realise the benefits of cloud computing technology. It provides an overarching risk-based approach for government agencies to identify opportunities to use cloud computing and to implement cloud solutions. This guide complements the suite of better practice guides for cloud computing and provides agencies with an understanding of the issues around considering and transitioning to cloud services.
I would like to thank everyone who submitted comments and feedback on the draft.
If you have any further comment or feedback on this release, please make your comments via this blog or alternatively by email to aga@finance.gov.au.
Scott Wallace
A Guide to Implementing Cloud Services
loading...
Reframing low risk low value cloud projects as a “first step” instead of the restrictive “sensible approach” was well judged.
It could have gone the next step and proposed some examples (say) all new public websites/blogs and public resources should consider a cloud first approach unless it is less cost-effective.
loading...
The title now more accurately reflects the purpose of the document, which was a necessary and welcome change. This doc now aligns nicely with the others in the suite to apply the full weight of procurement process and practice to cloud services.
I suppose my concern remains whether this is, in fact, the right strategic approach. From a mechanistic, managerial, perspective it is of course quite sensible and rational … and incremental … but it is also all about process rather than outcomes.
This approach is unlikely to deliver the transformation in ICT productivity and culture change towards more agile project management approaches required to enable agencies to better achieve their outcomes as budgets tighten. There is still a need, in my view, for a document aimed at the original objective “A Strategic Approach to Cloud Services Implementation”.
A key purpose of such a document is to put agency decisions on cloud services ...
... in the context of (a) the emerging strategic challenges of ICT-enabled policy/service reform and ICT management; (b) the evolution of ICT industry capabilities globally and in Australia; and, (c) the pragmatic benefit/risk trade-offs involved in any ICT sourcing decision by an agency (in-house vs. shared services vs. outsourcing vs. cloud services).
Without this strategic perspective it is too easy to smother cloud services to death with old-school procurement process thinking … and hence perpetuate a status quo which is becoming increasingly unaffordable. Of course this conservative stance is easy to defend because it aligns with the historical body of legal, policy and process precedent that has lead us to this point … and some would argue that there is no choice but to work within the established rules. This is good management.
It is not, however, necessarily good leadership. So …. there has been some great work done articulating how to apply conventional procurement process and practice to cloud services. Tick.
The task now is to actually stimulate some adoption of cloud services by agencies in order to accelerate the transition to better, faster, less costly and less risky ways to source ICT to support policy and service delivery reform. This is not simply a procurement process issue – it is about a strategic shift in the approach to ICT.
The sooner agencies gain hands-on experience of cloud services (in appropriate and prudent applications) the sooner they gain practical insights into the benefit/risk trade-offs. Conversely, the longer this experience is delayed by an overt preference for the supposed “safety” of the status quo the slower the rate of organisational learning about the new model.
It is time to shift the focus of effort from a mechanistic view of HOW to procure cloud services towards a strategic of view of WHY. This requires thought leadership, case studies and peer interactions between early adopters to share real-world experiences. When the “why” question is better understood we will discover a greater motivation to confront many of obstacles created by procurement processes and practices designed to solve the problems created by an earlier era of technology and services.
loading...
Another area that might be covered in release 2 is more attention to certification standards.
One of the reasons the cloud solutions market gets framed as immature is that neither vendors nor clients seem to pay attention to relevant certification standards and whether they are complied with.
http://ssae16.com/SSAE16_overview.html – which is replicated in Australia by one known as ASEA 3402 – “Assurance Reports on Controls at a Service Organisation” — a special audit standard developed in the last four years which allows you to take any controls framework such as the PSPF or the ISM and you say to an external auditor – test me against this standard.
http://www.auasb.gov.au/admin/file/content102/c3/Standard_on_Assurance_Engagements_ASAE_3402_29-06-2010.pdf
The auditor could go in and test that service provider. That service provider can take that report and say to their client “we’ve done this work, it’s been audited, the controls are designed and operating effectively.”
This could reduce some ...
... of the uncertainty about how one can approach issues of risk management and security when short-listing a solutions provider or indeed any outsourcing arrangement that involves protecting sensitive data.
loading...
[...] the Australian Government Department of Finance and Deregulation, released a paper entitled “A Guide to Implementing Cloud Services“, in PDF and DOC [...]