The government yesterday released a long-awaited update to its cloud computing strategy, saying departments and agencies are required to consider cloud first where it is fit for purpose, provides adequate protection of government data and delivers value for money.
The announcement follows a recommendation by the Commission of Audit for the government to adopt a cloud-first approach for ICT procurement.
Agency heads would be able to approve proposals to place “certain information” either onshore or offshore, a joint statement by the ministers of finance and communications, and the Attorney-General said.
The government spends $6 billion per annum on ICT but only a fraction on cloud services — $6.2 million since July 2010, including $1.5m on data centre-as-a-service contracts.
OzHub chair Matt Healy said the policy showed intent, but lacked targets and strong central leadership.
OzHub comprises industry players such as Macquarie Telecom, Infoplex, Alcatel-Lucent and F5 Networks.
Mr Healy said the British government had a goal of shifting 50 per cent of its new government IT spending to cloud-based services by 2015 but Australia had no such target and spent too little on cloud services.
“Industry is ready but the government must set real targets,’’ he said in a statement. “We’ve been in the starter’s hands in the race for take-up of cloud computing for too long.”
Mr Healy said the Attorney-General’s updated information security management guidelines could hamper cloud adoption since agencies were authorised to conduct their own risk assessments and approve the outsourcing of government-held private information offshore.
“There is an increased risk associated with data held offshore, and surveys showing that consumers and small-to-medium-sized businesses are more concerned about the security of their personal information when held offshore,’’ he said.
“Devolving decision-making to individual agencies on the basis of ‘streamlining decision making’ may not constitute an appropriate privacy and security regime to protect the private information of Australians.
“We believe there should be a sensible balance of prudent accountability by the Attorney-General and central agencies in providing assurance to Australians that their information is safe and that redress in Australia is available should there be a breach,” Mr Healy said.