There’s no doubt that digital transformation is a crucial topic, not just within the public sector but across all industries, particularly highly regulated ones. Many organizations in these industries have begun their digital transformation journey by moving elements of their IT infrastructure and applications to public cloud providers such as Amazon Web Services (AWS), Microsoft Azure or Google Cloud.
To meet the growing demand for digital services from citizens, governments around the world are devoting considerably more resources to digital transformation. There are many lessons from private industry’s digital transformation journey that can be applied to the various levels of government here in Canada as they increasingly adopt public cloud to deliver IT services.
Recently J. Richard Jones, Publisher of Canadian Government Executive, spoke with Jonathan Spinks, CEO of Sourced Group. Sourced Group is a rapidly-growing global consultancy with offices in Canada, Australia and Singapore. The company provides consulting services to help migrate enterprise customers to public cloud providers across a wide range of industries, including financial services, healthcare, aviation, media, telecommunications and public sector agencies.
The interview has been edited and condensed from the original.
Since 2010, your company has been helping large organizations migrate to the cloud. Drawing from your experience, what are some of the challenges, as well as opportunities, in adopting cloud at scale for the public sector?
Cloud computing provides numerous benefits to organizations able to adopt it properly. Those benefits include the ability to scale IT infrastructure on demand, eliminating the cost and time required to deploy hardware in a data centre. Cloud also allows organizations to adopt modern DevOps methodologies, enabling faster application development. As a result, organizations can increase their agility and be much more responsive to customer requirements. Furthermore, cloud allows organizations to deploy advanced technologies such as machine learning and artificial intelligence as relative commodities compared to on-premise solutions.
In terms of challenges, obviously cloud is a new paradigm shift in how IT services are delivered, no matter what kind of organization you work for. Both private and public sector organizations can miscalculate the impact of cloud computing by not viewing it holistically. Cloud services can be procured with the swipe of a credit card, but this can result in significant challenges as the central IT function loses control of critical infrastructure to the point where the organization’s security and compliance posture is compromised. Taking advantage of all that cloud has to offer, securely and efficiently, ultimately requires deploying cloud at scale with the support of central IT, not in small, independent or one-off initiatives.
When cloud efforts are not implemented strategically, the initiatives become isolated from the larger enterprise’s goals, regulatory requirements and operational objectives. Then, when the enterprise does make a more strategic move to the cloud, these technology ‘islands’ may need to be redesigned to adhere to the standards and services being adopted. Technical debt, from acting early without a strategic plan or not in step with central IT, increases costs as applications, security configurations and services need to be reworked and redeployed later.
I can see how within public sector, the challenges, the process and the implementation can be a big agenda. From the private sector side, any advice for implementation within the public sector on how digital can be transitioned a little more smoothly?
Cloud computing has changed the underlying principles of how to build and run IT applications, but it’s not something that can be achieved overnight. It’s a multi-year journey to implement a cloud adoption program. To succeed in the adoption of cloud across an organization, it’s critical to ensure the fundamentals are in place as early as possible to avoid sprawling technical debt.
We’ve been fortunate to work with clients across industries and countries. There are several best practices that we help our clients to implement at the beginning of their cloud journey as part of our Cloud Foundations at Scale program.
The first is to adopt a cloud-native approach. This means that all aspects of the cloud platform should be deployed using automated, pre-defined templates and consumables that contain the enterprise’s security, compliance and governance policies – not by using the cloud provider’s console. This eliminates human error and enables the ability to deploy infrastructure quickly and securely.
Second, select the right workload. Selecting the first ‘masthead’ application or workload for the organization’s cloud journey is vital to igniting change and ensuring buy-in from all stakeholders. This application will be different based on the DNA of each organization, but it should have several key characteristics, including: being meaningful to the success of the organization; it is experiencing scale, cost or agility constraints that cloud computing can overcome; and it has a relatively low level of technical complexity. There are other characteristics of ‘masthead’ applications that should be considered as well, but basically, the idea is to learn to walk before trying to run.
Third, build a Cloud Centre of Excellence. This centre of high-performers and forward-thinkers from within the enterprise, along with the cloud consulting partner, can steer cloud efforts throughout the organization, maintain momentum, and advocate for adoption. It can evaluate the workloads that make sense to move to the cloud and centralize the cloud strategy, ensuring an agile, iterative and horizontal capability.
It’s certainly an opportunity to improve services for citizens. We’ve been hearing a lot about AI and its impact, and also some of the areas that it can improve services. But there’s also an ethics issue there as well. Would you care to comment on that?
It’s definitely a new world. I think that’s where the most exciting changes are happening right now. If we look at the amount of changes in the last 10 years – even in the last three – there has been a significant amount of change. AI and machine learning are where we’re seeing some of the most impactful change for our customers. For example, we recently helped an airline reduce annual costs by using machine learning to predict weather patterns and map the best routes. That’s a huge win for them. For most organizations though, exploiting the full capabilities of AI and machine learning are still a way off. It’s important to build a solid and secure foundation first to ensure your organization can leverage these new tools effectively.
You are heavily involved in working in highly regulated commercial industries like finance, aviation, healthcare and others. Can you share some of the lessons from those industries that can be applied in the public sector?
We’ve been working with enterprises in highly regulated industries for almost a decade now. These organizations are highly security-conscious and risk averse, not unlike most government agencies. Despite that, many have successfully adopted cloud or have started their cloud adoption journey because they have no choice. In order to survive and compete with smaller, more nimble start-ups that are “born in the cloud,” larger enterprises must adopt the same tools and technologies.
Governments may not have the same concerns regarding competition, but they do have to contend with the expectations of their citizens. Many of them, particularly younger ones, are consuming services online and increasingly through mobile apps. Deploying those services securely and cost effectively in the cloud requires an entirely new mindset.
For regulated industries, we ensure compliance, security, governance and operational readiness requirements by building a secure and compliant cloud foundation that has an opinionated pipeline for application development. By adopting an everything-as-code approach, configuration and maintenance can be automated to eliminate human involvement and human error. This virtual data centre becomes the foundation on which the organization’s entire cloud journey is built, from a single workload, to 10, 100 and beyond.
The same foundation and pipeline approach can be applied to the public sector where security and compliance policies are paramount. Again though, cloud must be viewed as more than just a technology solution, but one that encompasses people, tools and processes across the entire organization.
Your company is also doing some public sector work in Australia. Can you share some of the learning outcomes that Canada can adopt?
Australia has been on the cloud journey a little bit longer than Canada. They’ve centralized their IT services and put many applications into the cloud.
I think there are efficiencies and scale that can be realized here if there is a cohesive strategy around how IT services are delivered to and by Canadian government entities.
Globally, more and more organizations are looking at in-sourcing because they want to control their IT destiny. This, combined with the fact that cloud providers are offering more complex services as a commodity that they can operate on your behalf, means that internal teams need to recruit for different skill sets. In a highly competitive market for cloud talent, the public sector needs to consider how to attract that talent and how would it would actually staff a Cloud Centre of Excellence, for example.
There is also a significant shift in how internal IT teams are being organized around cloud and modern DevOps practices. For example, we see organizations moving towards smaller teams delivering end-to-end rather than focusing on large teams and throwing people at a problem. It’s about taking a step back and thinking about what the cloud adoption strategy is: why are we embarking on a cloud initiative, and how can we provide IT services to our stakeholders differently. These are all key areas to identify before putting a foot in the cloud. It’s all well and good to see the pilot or proof of concept beforehand, but you need to know why you’re getting into cloud. Think about the strategic outcomes you’re trying to achieve and how it’s going to make the citizen’s experience with government online better.
Security is one of the obstacles to adopt technology. How secure is the cloud?
Very secure. When deployed properly, cloud is far more secure than any single organization’s data centres. Just in terms of resources alone, AWS, Microsoft or Google each have a security bench that is deeper and more experienced than the largest private or public entity, and they are constantly working on improving security. Even the U.S. military announced recently that it is accelerating public cloud adoption to maintain its technological edge.
Security in the cloud uses a shared responsibility model with responsibilities above the line and below the line, in terms of what you’re expected to look after and what the providers will look after. Below the line, providers offer a hyperscale cloud. Hyperscale cloud is at a size and scale that was unachievable before, even for the largest of private sector companies. To get to hyperscale, you have to fundamentally rethink how IT services, including security, are delivered. Today, cloud security far outpaces what’s available in traditional data centres. And, as we get further into the cloud journey, security is getting easier. It’s almost becoming a commodity.
When we talked about cloud, clearly the technology is there, and it can be made secure, but it’s also people, tools and processes. What’s your take on that?
In 2019, it’s not a technology problem anymore, it’s more about people, tools and processes. It’s about understanding the platform and the paradigm shift in this new world of cloud.
Cloud at scale can be deeply disruptive and is very different from the way traditional IT services have been delivered. To maximize its value, a cultural shift must take place in IT and throughout the organization that embraces the new approaches to IT infrastructure and application development. That’s the only way to truly benefit from all that cloud technology has to offer.
Communication is key, and so is having a communication plan in place. When cloud initiatives fail, it’s almost never a technology failure, but one of communication. There’s not a single IT problem that cloud technology cannot solve. For the greatest advantages of cloud to be fully realized however, it must be seen through the lens of how it transforms and impacts the entire organization.