Skip to main content

Proposals for refreshing the Cloud First policy and strengthening cloud adoption across the public service

Cabinet paper

This Cabinet paper was proactively released by the Minister for the Digital Economy and Communications. Originally IN-CONFIDENCE, it’s now UNCLASSIFIED.

The information could only be released, including under the Official Information Act 1982, by persons with the appropriate authority.

  • Office of the Minister Responsible for the Government Communications Security Bureau
  • Office of the Minister for the Digital Economy and Communications
  • Cabinet External Relations and Security Committee

Proposal

Relation to government priorities

Executive Summary

Background

What is cloud computing?

Objectives and benefits of the Cloud First Policy

A refresh of the Policy is required

Further work is required to address inconsistent uptake across the public service

Phase One: Proposals for refreshing the Cloud First Policy

Proposal one: reflect societal shifts and commitment to Government priorities

Māori expectations and interests in the Public Service’s use of cloud services as it relates to the storage and use, particularly of Māori data

Sustainable use of cloud

Proposal Two: reflect evolving cloud technology by revoking the IaaS directive

Proposal Three: addressing cloud security concerns to support cloud uptake

Managing jurisdictional risk

We need to streamline and improve the cloud risk assessment guidance

Centralising data centre certification to support providers to meet requirements

Proposal Four: strengthen the GCDO mandate for cloud digital investment

The refreshed Cloud First Policy

Phase Two: additional interventions to realise the outcomes of the Cloud First Policy

Implementation

Phase One: The proposals for refreshing the Cloud First Policy

Phase Two: additional interventions to realise the outcomes of the Cloud First Policy

Financial Implications

Phase One: The proposals for refreshing the Cloud First Policy

Phase Two: additional interventions to realise the outcomes of the Cloud First Policy

Legislative Implications

Impact Analysis

Regulatory Impact Statement

Climate Implications of Policy Assessment

Population Implications

Human Rights

Consultation

Communications

Proactive Release

Recommendations

Background and potential benefits of cloud computing for the New Zealand public service
Phase One: Proposals for a refreshed Cloud First Policy
Cloud First Policy
Implementation
Reflect societal shifts and commitment to government priorities
Addressing cloud security and jurisdictional risk concerns to support cloud uptake
Strengthen GCDO mandate for cloud digital investment
Phase Two: additional interventions to realise the outcomes of the Cloud First Policy
Communication of refreshed policy

[Redacted content]

Authorised for lodgement

Hon Minister Little

Minister Responsible for the Government Communications Security Bureau

Hon Ginny Andersen

Minister for the Digital Economy and Communications

Appendix A: Defining Cloud Computing

Cloud computing

Service models[Footnote 16]

Infrastructure as a Service

Platform as a Service

Software as a Service

Deployment models

Public

Private

Community

Hybrid

Other

Multi-cloud

Appendix B: Benefits of cloud computing and New Zealand case studies

The potential benefits of cloud computing (cloud) for the public sector are significant

Security

Cloud enables agencies to more easily improve their security posture, security architecture, and detect and contain threats than traditional (on-premise/in-house) approaches to information technology (IT). Cloud also supports responding to volume-based cyber-attacks at scale.

Scalability

Cloud services, particularly hyperscale cloud, can be quickly and easily scaled and reduced to meet changing demands.

Service delivery transformation

Cloud enables digital transformation of delivery models, allowing agencies to focus resources on improved, innovative, and more timely delivery of services to citizens and businesses.

Efficiency and productivity

Users benefit from significant efficiency through economies of scale, freeing up resources to deploy to other priorities.

Managing greenhouse gas (GHG) emissions

Cloud and hyperscale data centres typically have high operational efficiency for energy demand. Global demand for data services has grown exponentially and accounts for 1% of electricity demand. Energy efficiencies, research and development, and demonstration and renewables procurement are essential to curb both energy demand and emissions growth.[Footnote 17]

Agility and distributed working

Users can securely access systems from wherever there is an internet connection, via an internet-capable device. Users can more easily work across teams and organisations, through multiple means (voice, chat, video-chat, document).

Continuity and resilience

Business continuity is more assured through the ability to back up and quickly recover data systems.

Flexibility

Users can more easily switch between providers and services, depending on their needs.

Insight and intelligence

Through advanced analytics, providers can offer better insight and intelligence at the aggregate user levels, about data use, risk and opportunity.

Innovation

Advanced, effective, and sustainable technology innovations are increasingly being built from the cloud.

Control

Onshore cloud provides stronger control as the data is located within New Zealand’s jurisdiction.

Financial

Potential for reduced capital outlay as cloud hardware is maintained by the cloud service provider. This benefit is particularly associated with public cloud deployment models which offer significant economies of scale.

Why is cloud considered more secure?

Cloud can be more secure

Cloud providers use consistent, repeated technology in building their services

Consistent patching and security management practices

Incremental security improvements are easier

Talented cyber security professionals are attracted to work in cloud

Regulatory compliance

Increased cyber resilience

And cloud’s security should be compared to current state

New Zealand case studies from public sector

Inland Revenue

By using cloud, Inland Revenue (IR) benefits from:

  • service delivery
  • scalability
  • continuity and resilience
  • innovation.
Case study

IR’s previous investment in becoming a digitally enabled workplace positioned them well to keep business running, manage customer demand and support the government’s response during COVID-19.

At the time of the Kaikōura earthquake in , IR wasn’t set up to respond to disruption — few people had mobile devices and even fewer could connect to systems at any one time. The operating model had been people in a room with a whiteboard. By contrast, during the COVID-19 lockdown, IR held virtual design meetings every day with people in at least 3 agencies, as new services and products were designed and implemented to support the government’s response.

Oranga Tamariki

By using cloud, Oranga Tamariki (OT) benefits from:

  • service delivery
  • scalability
  • continuity and resilience
  • innovation.
Case study

OT was able to take advantage of being a new agency by starting afresh without legacy technology issues and take advantage of cloud technology as a ‘cloud native’. OT was able to benefit from the efficiency and productivity of cloud which allowed them to focus on delivering business value rather than maintaining legacy technology.

Cloud enabled a seamless transition without the need for expensive configuration or specialised connectivity to data centres. From day one of the lockdowns, all 6000 OT staff were able to work from home. This meant that staff productivity was not compromised, and OT continued to provide critical services to tamariki and whānau in the communities.

OT was able to utilise the on-demand elasticity potential of cloud to scale up the capacity of the Contact Centre cloud platform overnight from 250 to 800/1000 users, providing the Ministry of Business, Innovation and Employment (MBIE) with a channel for the COVID-19 response. Once MBIE had established their own contact centre, the platform was scaled back down to 250 users.

Ministry of Housing and Urban Development

By using cloud, the Ministry of Housing and Urban Development (HUD) benefits from:

  • service delivery
  • scalability
  • continuity and resilience
  • innovation.
Case study

HUD similarly leveraged its cloud capabilities during COVID-19 and adapted its use of digital tools to continue core business and connect remotely in new ways.

As a new organisation, HUD experienced the benefits of being relatively ‘cloud native’ and were able to adapt quickly during lockdowns due to a modern workplace environment.

COVID-19 presented HUD with the opportunity to start using a wider range of functions of the digital tools available to them but not previously used. The experience boosted connection and challenged people’s thinking about how they could use their tools differently, rather than just sitting in the office with a device and a headset.

Ministry of Health

By using cloud, the Ministry of Health (MoH) benefits from:

  • service delivery
  • continuity and resilience
  • innovation.
Case study

The MoH is fairly mature in their cloud adoption and is interested in looking at whether a hybrid cloud deployment approach would meet their service needs in the future.

The COVID-19 lockdown in particular demonstrated the service delivery benefits of cloud, and allowed MoH to quickly develop solutions, such as the national vaccine booking system, that were oriented around customer service while supporting the government’s overall response.

Appendix C: Summary of proposed changes to the Cloud First Policy

Proposed Cloud First Policy

Supporting arrangements

He Aratohu Kapua Cloud Toolkit

High level sustainability principles

Transition from IaaS

Cloud Security Guidance: Cloud Risk Discovery Tool

Data Centre Certification

Establishment of monitoring and reporting

Refreshed definitions of what constitutes cloud services

Cloud Capabilities Network (CCN)

Was this page helpful?
Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

Last updated