Countering cyber threats to your critical infrastructure
How a combination of training, checklists, and technology can help critical infrastructure managers meet new obligations around managing and...
In late 2020, during a year when much of the world had experienced working and living remotely, Victor Dominello MP, the NSW Minister for Customer Service, launched the NSW cloud strategy. This states that NSW public sector agencies are strongly encouraged to put ‘public cloud first’ and to use public cloud as the default, unless it doesn’t fit with their requirements.
To make the transition to cloud easier, there are four lenses that should be considered. All four lenses are underpinned by various government strategies or policies, and each of the lenses has been designed to inform the decision-making process:
1. Strategy lens – Comprising three parts, the first is the Beyond Digital Strategy which suggests that agencies should shift their focus, from simply running ICT to transforming the customer services experience. Secondly, the Cloud Strategy continues the same theme, stating that agencies should embrace the cloud in an aligned and secure manner to further enable acceleration, innovation, and modernisation to drive better outcomes. Lastly, agencies are strongly encouraged to develop their own cloud strategies and to submit these to the NSW Government ICT and Digital Leadership Group by July 2021.
2. Policy Lens – The Cloud Circular and Policy is the document that says that public cloud should be the default, but if that is not appropriate for agency requirements, private cloud services, provided through the Government Data Centres (GovDC), can be used by exception. Some of the exceptions include a cost-benefit analysis, a market scan of public cloud services, or a security assessment. A briefing paper needs to be prepared to support the exemption, and if successful, agencies must operate all private cloud services through GovDC.
3. Procurement Lens – Again in 3 parts, the Procurement Policy firstly states that agencies ‘must evaluate cloud-based services when procuring ICT goods and services.’ This means that evaluations should be based on a cost-benefit analysis so that the procurement achieves value for money over the life of the investment. This also means that agencies need to make use of whole-of-government agreements, where they exist, or should use relevant procurement policy frameworks such as the Cloud Contract Framework to source ICT services where no mandated agreements exist.
4. Cyber Security Lens – Lastly, the Cyber Security Policy says that agencies need to meet the cyber security requirements outlined in the policy, and need to be aware of other legislative requirements, including those related to compliance. Agencies need to consider and implement their own data security mechanisms and classifications.
If you need help with any of the lenses when formulating your strategy, contact us here, or to review the government’s cloud strategy document click here.
How a combination of training, checklists, and technology can help critical infrastructure managers meet new obligations around managing and...
Discover and leverage optimal cloud performance through AI Ops with Cisco Intersight
4 learnings from a top Infosec specialist By Secure Agility