NSW’s government agencies are entering a transformative era as the state ramps up its shift to public cloud.
Agencies were obliged to develop their cloud strategies and transition plans by June, and with planning for the new financial year now well under way, many are currently approaching crucial strategy, budgeting and procurement decisions that will shape their ICT journeys for years into the future.
This process will also entail considering how best to take advantage of the new panel arrangements now available to them, including for protected data centre services and more sophisticated, secure infrastructure services as they come online.
Overall, NSW’s ‘public cloud first’ policy has progressed well since its introduction last year, with Government technology platforms executive director Simon Geraghty reporting recently that around 17% of IT services across government are already publicly hosted, against a target of 25% by 2023.
Yet the bulk of services migrated to date have tended to be more those in the presentation/web layer rather than those relating to core data. While this can to some degree be attributed to a leveraging of horizontal scalability for maximum cost benefit, it appears there is also a trust barrier when it comes to transferring certain categories of sensitive data into the public cloud.
While such wariness is understandable, agencies will soon have to embrace the challenge of this next, more complex phase of the government’s long-term strategy to shift from a capital expenditure to an operating expenditure ICT model.
This will also have the added benefit of resolving issues of storage on GovDC legacy assets now approaching end of life, and the need to move citizen data and ISM Protected data from the state’s Unanderra and Silverwater data centres to properly protected facilities in light of the Security of Critical Infrastructure Act legislation, and alignment of state data and federal data classifications.
Agencies responsible for the migration of such sensitive data should be reassured by the fact that one of the four hyperscale cloud providers contracted to work with NSW specialises in delivering hyper-secure cloud services specifically designed for Australian state and federal Government security controls, as well as critical infrastructure.
Canberra-based Vault Cloud is also Australia’s only independent sovereign cloud provider, which means they are not tied to any systems integrator or data centre operator, so their secure container services slot seamlessly into any multi-cloud solution where an ISM-compliant security posture is required for any level of data classification.
This gives NSW’s agencies the versatility they need to select the right provider and service for the most security-critical tasks and components of their end-to-end public cloud solutions.
In a marketplace that is becoming increasingly regulated, Vault’s promise to assume accountability for the bulk of compliance reporting frees up agencies to concentrate on other aspects of their migration to public cloud, says Linton Burling, Chief Revenue Officer at Vault Cloud.
“In the last financial year alone there were over 4,000 new regulatory controls put out across Australia’s various industries,’’ says Burling.
“So our promise to ensure ISM compliance as well as a number of ISO compliances is highly valued by our clients and also by our partners, who get to inherit Vault’s security and compliance posture as part of what they’re offering to government.’’
Vault’s zero-trust service perimeter security model is locked down by default, meaning no unknown actors are able to connect to services or data unless by design. And by working with clients from the design phase onwards, Vault ensures it is not possible for them to overlook a flaw in planning that could potentially develop into a threat.
This precludes the possibility of incidents such as the 2020 data breach involving NSW drivers’ licences.
“As a vendor we proactively engage with you on design, and we will also proactively take action to protect your data should threat actors attempt to gain access to your environment,’’ says Burling.
“Our secure perimeter can encapsulate other providers’ cloud tenancies where required, and we have integrated platform services such as identity, backup and container services available to service multi-cloud needs.’’
Of all public cloud providers to have achieved an ISM Protected certification, whether through IRAP or the DTA’s recent Hosting Certification Framework, Vault is understood to have the least non-compliances needing to be either mitigated or addressed.
“When it comes to critical data and infrastructure, we believe it is essential to ensure your cloud is not subject to any jurisdiction other than Australia’s and this risk should be considered through the entirety of a service providers supply chain.’’
