>

Australia’s public sector experiences a wealth of challenges when it comes to digital innovation. Resource and talent shortages, coupled with a complex and fluid regulatory landscape, has meant the adoption of cloud (as aligned with the Digital Transformation Agency’s Cloud Strategy) has historically moved more slowly than the private sector.

That’s changing as agencies look to adopt more digital-first agendas. The NSW government is encouraging its agencies to adopt ‘public cloud-first’ strategies by 2023, while an audit of seven government agencies in South Australia reported that most planned to increase their use of cloud services within the next two years.

This acceleration is partially due to a pivot from strict government ‘control-based’ regulatory regimes towards an assessment of actual data risk, with controls applied based on those findings. This new approach is reflected in policies such as the Australian Cyber Security Centre’s (ACSC) Cloud Security Guidance, Information Security Manual and Essential Eight.

Implementing a risk-based approach to cloud security assessments gives agencies more flexibility in managing their workloads and data, with less carte-blanche security strategies that have traditionally protected everything in the same way by default.

This trend has accelerated during the COVID-19 pandemic, as agencies faced huge challenges in managing the rapid expansion of remote workforces. The pandemic required agencies to adopt cloud solutions such as Office 365 effectively overnight, with other digital demands like e-commerce and digital booking services becoming imperative.

It gave agencies an immediate business case that couldn’t be ignored because existing on-premise and remote access systems weren’t designed for the rapid increase of remote workers, and maintenance was hampered by global supply shortages.

With many of these initial transformations complete, agencies have now realised the value, scale and efficiencies that cloud services bring, and are now looking at other ways to digitally transform services and speed up their cloud adoption.

A few significant challenges remain. While the compliance landscape has shifted towards risk management, the sheer number of regulatory considerations is still staggering. To combat this, agencies and regulated industries often err on the side of caution, with tendencies to over assess or classify the data they wish to store, manage or handle within a cloud solution. This leads to a risk-averse approach that leans away from cloud innovation.

That attitude isn’t going to cut it in this new world, where citizens are demanding innovative digital services from government that are on par with what they’re getting from the private sector. It’s important to change this thinking to spark further innovation within our public services and regulated industries. Here are two common mistakes that we see agencies making every day.

Read more of Lindsay Morgan’s article in The Mandarin here.