Australian Government's cloud strategy – 10 best practices


The Australian public sector is one of the biggest adopters of cloud, and one of the largest spenders in all of Asia Pacific. In 2017-18, the non-commonwealth entities collectively spent over AU$1.2Bn on IT and digital initiatives. Additionally, this spending is a part of the detailed strategy that they have adopted, called Vision 2025. It aims to make Australia one of the top 3 digital governments in the world within the next five years.

A core part of this strategy is increasing cloud adoption across departments and agencies. To this end, the Australian Government has taken deliberate steps to leverage the full use of technology. Here are the ten most impactful decisions that they have made:

1) Centralized Digital Transformation

In 2015, the Australian Government created a new agency to oversee digital transformation across departments, agencies, and services. This new agency is called the Digital Transformation Agency (DTA). Its roles include:

  • Providing Strategic Leadership on whole-of-government, and shared ICT and digital services
  • Delivering policies, standards, and platforms for the above
  • Providing oversight and advisory functions on ICT and digital investments

Since its inception, it has given much importance to cloud adoption and has negotiated whole-of-government cloud deals. For example, it has awarded whole-of-government contracts to SAP, AWS, Microsoft, and IBM, among others.

The most significant benefit of this centralization is the increase in the efficiency of all the Government agencies. Now, not only does the consolidation save on cost and time, but it also removes redundancies and increases transparency. Therefore, it enables a more efficient data gathering mechanism that makes it easier to devise and execute new strategies quickly.

2) Secure Cloud Strategy

This strategy given by the DTA outlines the problems and the limitations that agencies could face while implementing the cloud. In addition, it offers the best practices revolving around seven principles for agencies to follow. These cloud principles are:

  • Making risk-based decisions while applying cloud security
  • Designing services for cloud
  • Using the public cloud as a default
  • Using as much of cloud as possible
  • Avoiding customization and using services as they come
  • Leveraging full use of cloud automation practices
  • Monitoring the health and usage of cloud services in real-time

The Secure Cloud Strategy functions as a guiding principle to standardize cloud practices across the whole of the Government. At the same time, it ensures up to date best practices. Moreover, it keeps the department at the leading edge of technology without making excessive demands on resources.

3) Central Cloud Sourcing Panel

While DTA has the mandate to negotiate whole-of-government contracts for ICT services, it does not seek to micromanage individual cloud strategies. To do this, it has created the Cloud Services Panel (CSP). The panel has over 500 cloud services, with over 240 suppliers vetted by the DTA. The panel can be used by any Australian Government Agency to negotiate and purchase cloud services.

The impact of the CSP has been immense. By 2018, it had awarded over AU$130 Mn in contract value and had accounted for over 40% of the Government’s total cloud spending. Accordingly, the growth rate stood at a staggering 55%, highlighting the success of the panel.

The DTA, considering the changing market environment, has sought to make this model more efficient by transitioning to the Cloud Marketplace Model (CMP). However, this transition is going to be delayed. The Government has approved to extend CSP by one more year to 2021, per the current information.

4) Collaboration

Due to the rapidly evolving cloud technology and market, there has been an increasing need for collaboration. For this, the DTA continuously tries to understand the needs and problems of the agencies and vendors it works with. This effort is necessary to update the cloud strategy and leverage its full use for public services.

An example of this effort can be seen in the scrapping of the Cloud Services Certification Program (CSCP). The program would require the vendor to get certified before agencies could even negotiate a cloud service purchase with it. For the approval (Or to obtain the approval), vendors would have to invest large capital without any guarantee of a contract post-approval. Therefore, this resulted in big vendors crowding out smaller ones. Consequently, the contracts awarded favored one side even though the other was just as competitive. Thus, the CSCP was done away with after an extensive collaborative process.

5) Rapid Evolution

Most government agencies are usually risk-averse, and they have good reasons to be. Thus, they are often not at the leading edge. The next best thing for them is to respond to changes as quickly and as efficiently as possible. These changes can either be in technology and operations or best practices. Thus, it is imperative to incorporate the latest developments to bring the best services for the public good. Some of these developments are:

  • Newer services such as Anything as a Service (XaaS) that are challenging the traditional National Institute of Standards and Technology (NIST) based view of cloud services
  • More Australian SMEs are entering to offer derived and value-added cloud services by utilizing other major providers
  • The shift in Digital Sourcing Agreements towards a Marketplace model from the panel model
  • Updates in licensing models, and resellers for leading vendors
  • Treatment of security, accreditation, location of data, and transparency through technology
  • Changes in buyer demands towards more evolved cloud services
  • Increased readiness to adopt Cloud Managed Services (CMS) when outsourcing ICT requirements

The culmination of all these factors can be seen in the DTA’s response to adopting a Cloud Marketplace Model (CMP) against the current CSP. This model offers greater flexibility to sellers and buyers while negotiating a contract.

6) Platforming of Application Development

One of the major concerns of agencies regarding IT is hardware management. To address this, the DTA has developed, which functions as a central platform for agencies to run their web apps on. It smoothens the process of app updates as it provides a faster, safer, and standardized way of making changes. Moreover, it can be done without impacting the user.

It also allows for aggregate data gathering and provides useful insights into usage, performance, and behavior. Altogether, the platform makes it easier and faster for agencies to release, monitor, and grow public user-faced digital services.

7) Promoting SMEs

Over 70% of sellers on the CSP are SMEs, and the Government is targeting to increase their share of the annual ICT spending by 10%. Additionally, this injection of capital is intended to support local businesses in line with the broader policy. As a result, it will compel more competition in the cloud services market, leading to better deals for the Government.

Further justification for this approach can be gained from ICT Procurement Framework recommendations. The first of them outline policies such as encouraging competition, structuring in a way to enable SMEs to compete fairly, and using open standards and ‘cloud-first’ approaches. Moreover, the recommendation requires all agencies to report on their compliance with these three rules (along with four other) as a part of their annual report. The Government has subsequently accepted this recommendation.

It is highly likely that SMEs will continue to get promoted. This will encourage leading global vendors to invest in the country by building partnerships locally.

8) Risk Management

While the DTA CEO is the primary Accountable Authority, every employee encounters risk. They are encouraged to address it, commensurate to their roles, and escalate if necessary.

The current Enterprise Risk Management system (ERM) identifies risks and classifies them. After that, a CXO is assigned as the risk owner for a particular class of risk. He/she has to describe, control, rate, and provide further treatments (we need a noun here for all the verbs you’ve listed earlier in the sentence) if there is a failure. The classifications are as follows:

  • Failure to deliver on priority outcomes
  • Failures in DTA or line agencies (caused by DTA)
  • Services/products delivered but the desired outcome not attained
  • Inability to effectively coordinate partners and stakeholders
  • Failure of investment advice and oversight to deliver demonstrable improvements

However, ERMs need to adjust their approach depending upon the risk environment, and DTA has been doing just that. While the old ERM was effective in managing project risks, ERM for specific risk assessments such as fraud, security, and privacy will be updated. The information thus gathered will be used for the development of an internal audit program. This development will help understand and effectively treat failures.

9) Addressing Myths and Misconceptions Directly

One of the biggest problems that agencies encounter is whether or not to use a cloud service provider. This is mainly because of security concerns and compliance. This, as implied, severely hampers the cloud adoption timeline of the agency. They address this by going through individual concerns, rationally evaluating each of them. For instance, the DTA answers in an online document some of the most compelling questions that agencies have regarding cloud services.

Another myth addressed by the DTA is that cloud adoption could lead to short-term financial benefits. While that is possible, DTA has always outlined the long-term benefit that cloud adoption brings in terms of shifting to OPEX instead of CAPEX.

10) Clarity In Direction

Strategic success is impossible to measure without a clear set of priorities. These priorities help us understand not just the agency but also what the future of the Australian public sector could look like.

They help monitor the progress towards Vision 2025 and manage risks and failures along the way. Thus, it is imperative to know DTA’s priorities to contextualize the Australian public sector’s digital transformation. They are:

  • Deliver whole-of-government strategies, policies, and advice to support the Government’s digital and ICT agenda
  • Drive collaboration and partnerships and thereby accelerate the digital transformation of services
  • Deliver a program of digital and ICT capability improvement
  • Design, deliver, and support common, Government-wide platforms and services

As suggested by the goals and actions, the DTA’s cloud adoption measures are in full alignment with their strategic priorities. This level of congruence is necessary for Australia to achieve the lofty goal outlined in Vision 2025.


COVID-19 will accelerate the adoption of cloud in the rest of Asia Pacific countries. For this, Australia will function as a benchmark for other nations against which to measure their progress. Through its own best practices and technology in cloud for the public sector, the Australian Government has the potential to transform the lives of over 4 billion people beyond its borders.

Your browser doesn’t support HTML5 audio


Digital Transformation

Demystifying DX - Stories, lessons, and applications.