Fujitsu Vault MSFT

Citizen Data: The Quandary For Delivering Modern Government Services

Since Federation, federal, state, and local governments in Australia have been delivering vital services for citizens. And for most of that time, the government has provided those services through specific departments and agencies. When someone required access to a service or advice, they worked out which agency or department they needed, called them or sent them a letter, and hoped that they had found the right person or team at the right place to answer their query.

But now, as we accelerate into the 21st century, the world has moved on. The arrival of the internet as a public service at the end of the 1990s and the rise of always-on communications and connected mobile devices means people expect access to information and support wherever they are whenever they want. And governments, with a century of building their systems and processes on the assumption that people would meet them on their terms, have learned that their systems were not ready, and that data is trapped in departmental silos.

Balancing innovation with data compliance

While citizens were enjoying the consumer technology revolution and perpetual access to the internet, cloud services emerged providing organisations with the infrastructure they needed to deliver applications and services. And system development methods adapted to take advantage of these new opportunities.

Every level of government saw the opportunities these changes afforded and looked for ways to deliver vital services to the people they serve. Local, state and federal governments have all adapted to this new world and shifted many services to cloud based platforms and infrastructure providers. But this migration has been tempered by a need to ensure that data security is maintained.

In Australia, the federal government uses a six-level system to classify data. The three lowest levels, Unofficial, Official and Official: Sensitive cover data that is considered to have either no impact or limited impact if it should become public. But sensitive data is classified as either Protected, Secret or Top Secret and is subject to significantly heightened controls. New Zealand uses a four-level system to ensure the most sensitive data is kept safe.

Data that is classified at the highest levels has been kept in traditional, on-premise systems in order to ensure it is protected.

But companies such as a Vault Cloud, a sovereign SME provider, and Hyperscale Cloud provider Microsoft now deliver cloud-based systems that support the highest levels of security needed by all levels of government.

Federal and state policy makers have shifted procurement policies with an increased focus and reinforcement of Australian SME organisations being leveraged within government spending. Governments are putting measures in place to support local innovation, skills development and assuring sovereign supply chains for critical infrastructure through SME organisations such as Vault.

Click here to learn more

Moving from monoliths

Governments have been seeing the benefits of being able to share data across systems for some time. Whether that’s for national security, enhancing services by linking data between social housing and welfare payments, or providing government with a single view of each person rather than a fractured view based on departmental silos, there are significant advantages to breaking the barriers between monolithic government systems.
That is leading to departments and agencies adopting a more composable view of systems and services. A microservice architecture, that separates services into smaller units that can be assembled to deliver existing services more efficiently and develop new services that were previously hindered by the siloed approach to application development and data management. These boundaries, which were created with good reason, are now hindering the delivery of services.

Cloud providers like Microsoft and Vault do not just provide bare metal storage, compute, and memory. They provide an underlying architecture that enables a new generation of secure applications that can allow data to be safely shared across departmental boundaries. To date, most of the efforts made by government departments have focussed on data and services that have handled the least sensitive data. However, with that low hanging fruit now picked, the time has come to look at how to make more sensitive data available in a secure way that protects the interests of citizens and governments.

Making the move from legacy and siloed systems requires careful planning and expert execution.

In many cases, as the effort for one system to interrogate and access data from another system, data was duplicated between departments. And system architectures between legacy systems meant the skills and tools needed to manage the systems were not interchangeable. This has led to increased complexity and costs.

Cloud security perception and reality

During the early days of cloud services, there was a perception that retaining data and applications on premises was more secure than external service providers. But, over the last decade, cloud providers like Vault and Microsoft have built secure, robust and reliable services that allow governments to take advantage of systems that enable data security needs to be fulfilled on cloud-based platforms and infrastructure. That has further enabled the availability of apps that enable citizens to safely access services on any device at any time from almost anywhere.

Vault Cloud has led the availability of cloud technology developed to the highest security standards with Top Secret controls for government, defences and intelligence workloads. The company was in consultation with ASD to define the criteria of secure cloud engineering in 2015 and was the first ASD certified cloud, paving the way leveraged by multi-nationals today. Vault continues to lead the industry secure cloud design as Vault as demonstrated through its industry leading number of caveats to the PSPF and ISM requirements. In 2017, Microsoft partnered with Canberra Data Centres to establish capability to operate Australian owned Microsoft Azure services with assurance that the data centres are certified for TOP SECRET. That has enabled the ASD to certify many Azure services as secure.

Security is more than IT – it’s strategy

Governments have seen the capability afforded to private enterprise through tools such as ServiceNow. Vault, through its secure cloud services can deliver services such as PROTECTED ServiceNow as a Service to government agencies. A number of government departments dealing with highly sensitive data have used this service which has continuously exceeded expected service levels since it was first deployed in 2017.

Vault offers a wide variety of services through its secure platform with support for multi-cloud and hybrid architectures. And Microsoft’s Azure Government can deliver a wide range of secure services including Office 365 and Intune cloud services. Integrating those services with multi-cloud and hybrid solutions can be complex which is why partenrs such as Fujitsu are so valuable.

It is important to note that security is about more than storage, compute, memory, and networks. Governments need to work with service providers whose personnel are security cleared with NV-1 or above.

This is why Fujitsu Secure Government Cloud Services with both Microsoft Azure and Vault give governments the assurance they need that their data and workloads are protected to the highest levels.

Making the shift

With governments at every level looking at how to move their secure workloads and data to the cloud, it is important to follow a well-tested process.

Fujitsu Secure Government Cloud Services has broad and deep experience in assisting governments around the world in making transitions of massively complex services across multiple geographies and industries.

But like Sir Edmund Hillary climbing Mount Everest for the first time with Tenzing Norgay, challenging journeys are about vision, preparation expert assistance.

Like Hillary and Norgay, the first step is to see the destination. When you understand the end goal you can start to plot the path to your desired target. The next stage is to commence the preparation. When making the move from existing on premises and legacy systems, the process starts with a thorough review of what systems and data you already have. This is critical as many departments and agencies may be relying on processes and applications that are opaque to the IT department. Experienced practitioners, like the team at Fujitsu, have developed tools and methods to find those ‘hidden’ systems.

Click here to learn more

Focus on the R’s

Then, for each workload and repository of data, a plan is needed so that a more detailed plan can be put together. This plan can include:

Application transformation strategy

  • Rehosting

    Moving the existing application and data to a new cloud-hosted platform without modification. In some cases, this is called a ‘lift and shift’ approach.

  • Replatform

    Move the application to a new technology platform without a significant architecture change.

  • Rearchitect

    Undertake a substantial change in architecture of the application to take advantage of cloud-native services.

  • Refactor

    Redesign and optimise the application.

  • Retire

    Discontinue use of the application as it is no longer required or will be replaced.

  • Retain

    Make no changes to the application or platform.

  • Rebuild

    Create a new cloud-native version of the application taking advantage the latest tools and frameworks.

  • Repurchase

    Replace the existing application with an off-the-shelf or SaaS solution.

Making the move from today’s application stack to one that will meet the needs of the future requires significant experience and expertise. Anyone that has been involved in major technology projects knows that their success is highly dependent on having the right team in place.

Fujitsu’s team boast the experience, technical know-how and security clearances to be that trusted partner.

When government departments and agencies want to move their sensitive workloads and data to a trusted cloud provider like Microsoft or Vault, they can be assured that they will be moving to ASD and IRAP accredited platforms that deliver on the promise of keeping sovereign data protected.

Learn more about secure government cloud services

Resource Centre

  • Governments in ANZ rise to the data protection challenge in the age of the cloud

  • Developing your secure cloud strategy

  • Your Protected Foundations for Innovation

  • Secure Government Cloud Services - Azure

  • Secure Government Cloud Services - Vault

  • Secure Backup as a Service