Cloud computing transformation- National security agencies can be surprisingly risk-averse organisations and have been historically slow to adopt new technologies outside times of crisis.
Within these agencies, chief information and technology officers may be less effective champions of change, partly because they can be stuck making incremental adjustments within budgetary constraints and focused on the day-to-day demands of keeping existing systems running.
When it comes to cloud computing, this creates a problem. The cloud offers new technological capabilities, although its adoption by the national security community has so far been protracted and fragmented. Ministers and agency heads need to drive the transition to the cloud as a matter of sheer capability advantage for Australia.
Our new ASPI special report, National security agencies and the cloud: An urgent capability issue for Australia, released today, argues for rapid, large-scale investment in secure cloud infrastructure for Australia’s national security community, with the intelligence agencies an early focus. The report seeks to shift perceptions of new technology as capabilities, rather than as business enablers, and calls on agency executives to drive the required change.
In 2014, Australia announced the ‘cloud first’ policy, which evolved into the secure cloud strategy. These were positive first steps, but the policies haven’t sufficiently managed the take-up of and spending on cloud services and infrastructure in the public sector.
Under existing policy, agencies are expected to develop their own cloud strategies and risk assessments. This siloed approach is unlikely to maximise the government’s purchasing power or encourage agency cooperation in an area in which a critical mass of investment is likely to be necessary.
The policy also suggests public clouds as the preferred deployment model, but many global cloud providers are based offshore and public clouds involve organisations’ data and cloud applications being managed for them on providers’ systems alongside those of myriad other customers with which they have no working relationships.