Accelerating Public Cloud Services

Transcription

1 Accelerating Public Cloud Services 2016 Survey of Public Sector Chief Information Officers April

2 Contents Executive summary 3 Approach 4 Overall appetite 5 Current state 10 Strategies 12 Current and planned use 14 Agency expectations 16 Survey respondents 20 2

3 Executive summary The Government Chief Information Officer s (GCIO) October 2016 cloud survey found that agencies clearly recognise the opportunity presented by public cloud services. Agencies indicated that they would like the GCIO to continue to assist them to navigate the risks that arise from adoption so that they become confident in using these services to transform their operating models. Adoption patterns Agencies have a high appetite to use public cloud service and consider them fundamental to transforming their operating models. However, most agencies currently have a tactical approach to using these services, with just over onethird of respondents having a cloud plan. The key drivers for using public cloud services are: mobility, collaboration, and agility. Within agencies, adoption has typically occurred in back-office functions like IT, recruitment, communications, and human resources. Customer-facing services and other back-office functions are at earlier stages of adoption. Perceived barriers Agencies indicated that the need for different approaches to IT security for public cloud services is the most significant barrier to adoption. Other significant barriers indicated by agencies are: insufficient skills and expertise, uncertainty around the extent and nature of risks arising from adoption, and how to fund the transition from legacy IT systems. Agencies also indicated they have a high appetite to use public cloud services for information classified as UNCLASSIFIED or IN-CONFIDENCE, with a lower appetite at SENSITIVE or above. On average, almost half (47%) of agency information is UNCLASSIFIED, while a further third (31%) is IN-CONFIDENCE. Current and planned use In the short term (within 12 months) agencies indicated a high interest in using a core set of services: productivity, collaboration, identity and access management, and compute and storage. Almost all agencies intend to use Microsoft s Office 365, Skype, Azure Active Directory, and Azure services at some time, with more than half using or intending to use them within the next 12 months. Agency demand for these Microsoft services was enabled by the July 2016 change in Cabinet policy that now allows agencies to use offshore-hosted office productivity services. In the short-medium term (within 24 months) there is high interest in using security-related services and moderate interest in project management and business intelligence services. There is also interest in application development, enterprise resource planning (ERP), and customer relationship management (CRM) services over this timeframe. What agencies need Agencies want the GCIO to continue to streamline security certification of public cloud services and to assist them as they transform their operating models (e.g. by facilitating early adopters to share lessons learned and good practices). Agencies also want the GCIO to provide good practice guidance for adopting public cloud services and to co-design the guidance with the GCIO on developing cloud plans. They would like the GCIO to help them to educate their staff and senior management on how to understand and manage the risks and opportunities of adopting these services. 3

4 Approach Background In July 2016 Cabinet confirmed new measures to accelerate the adoption of public cloud services across government. The GCIO is leading the implementation of these measures through a twelve-month programme of work. The programme of work is focused on public cloud services cloud computing services used by multiple organisations from different industries, including private and government sectors because cloud services have economies of scale that reduce costs and generally improve resilience and security compared with other technology delivery models. Report structure Based on the survey data, this report provides insights into agency perceptions of their: overall appetite to use cloud services (questions 1-7) current state of cloud services adoption (questions 11-12) strategies for using cloud services (questions 27-29) current and planned use of cloud services (questions 13-24) expectations of the GCIO (questions 8-10, 25-26, 30-32). Purpose of survey Public sector CIOs were surveyed by the GCIO in October 2016 to help shape the delivery priorities of the programme and to inform decision-making for cloud services. The survey responses have informed the subsequent delivery of the Programme. Survey design The survey was co-designed and tested with agencies to ensure relevance and usability. The survey was sent to 105 public sector CIOs from Public Service Departments, Non-Public Service departments, and a selection of Crown Entities, Local Authorities, and Tertiary Education Institutes. A total of 66 responses were received by the close of the survey, giving a response rate of 63%. The agencies which responded to the survey are listed at the end of this report. 4

5 Overall appetite Key findings Agencies recognise the importance of cloud services for changing their operating models and generally have a high appetite to use them. Mobility, collaboration, and agility are the key drivers for adoption of cloud services. A need for different approaches to IT security is the most significant barrier to adoption. Other significant barriers are: insufficient skills and expertise, uncertainty around the extent and nature of risks arising from adoption, and how to fund the transition from legacy IT systems. Almost all agency information is classified as RESTRICTED and below, which Cabinet has agreed may be stored in public cloud services. Although their appetite to use public cloud services is significantly reduced for information classified above IN CONFIDENCE, agencies indicated that, on average, 79% of information is either UNCLASSIFIED or IN-CONFIDENCE. 5

6 Perceived value Appetite for using public cloud services Appetite for using public cloud services to transform operating models 3% 23% Creating new delivery models 20% 53% 23% 33% Streamlining operations 17% 52% 26% 41% Very High High Moderate Very Low Enhancing customer experience 15% 47% 29% 0% 20% 40% 60% 80% 100% Percentage of respondents Critical Very important Neutral Not important Irrelevant Around two-thirds of respondents (64%) have a high or very high appetite to adopt public cloud services. Nearly three-quarters of respondents (73%) indicated that public cloud services are either critical or very important for creating new delivery models. Around two-thirds of respondents indicated that that public cloud services are either critical or very important for streamlining operations (69%) and enhancing customer experience (62%). 6

7 Drivers and barriers Ranking of drivers for adopting public cloud services Ranking of barriers for adopting public cloud services Increased mobility 4.1 Different approach to security 2.9 Improved collaboration Decreased deployment time Managing cloud and legacy systems 3.2 Improved security 4.8 Perception of risk 3.4 Improved performance Pay-as-you-go pricing Lack of transition funding or opex 3.4 Seamless updates 5.2 Lack of capability to adopt 3.8 Regular new features Opex funding Different approach to procurement Average ranking (low rank is more important) Average ranking (low rank is more important) Increased mobility is the most influential characteristic driving adoption of cloud services. Collaboration and decreased deployment (agility) are also very influential. The need for different approaches for IT security is the most significant barrier to adopting cloud services. Other important barriers were: lack of information on how to adopt cloud services while replacing legacy systems (transformation), perception that cloud is too risky, and lack of transition funding. 7

8 Unpacking information classification Breakdown of how respondents classify information 13% 8% 1% 47% Breakdown, by classification, of number of respondents with high or very high appetite to use public cloud services % UNCLASSIFIED IN-CONFIDENCE SENSITIVE RESTRICTED Above RESTRICTED UNCLASSIFIED IN-CONFIDENCE SENSITIVE RESTRICTED Above RESTRICTED 12 2 On average, respondents indicated that almost half (47%) of their information is classified as UNCLASSIFIED and a further third (31%) is classified as IN-CONFIDENCE. On average, respondents indicate that they have very little (less than 1%) information classified above RESTRICTED. Respondents with information above RESTRICTED are primarily from the national security and justice sectors. Over two-thirds of respondents have a high or very high appetite to use public cloud services for information classified as UNCLASSIFIED or IN-CONFIDENCE. Respondents appetite to use public cloud services is significantly reduced for information classified above IN-CONFIDENCE. 8

9 Other barriers Agencies want the GCIO to help leverage good practices Public cloud services are not always a complete solution. every agency [has] to repeat [the same] process to adopt the same cloud service (e.g. Office 365) including security risk assessments etc. [there are] legacy core enterprise systems that are unable to be provided via the public cloud. The risks associated with cloud services remains unclear for many agencies. Perceptions of cost remains an issue for some agencies Public perception and relative political pressures driven by the risk averse culture. Often, public cloud services are more expensive than on-premise solutions, particularly where the solution is longer term. 9

10 Current state Key findings The agency functions that have the greatest degree of adoption of public cloud services are: IT, recruitment, communications, and human resources. Customer-facing services and other back-office functions are less mature in their adoption of cloud services. 10

11 Adoption profile IT and recruitment are early adopters IT 19% 20% 49% Adoption of public cloud services within respondents is uneven, with some backoffice functions having significantly greater adoption than others. Recruitment Communications 12% 31% 31% 15% 31% 32% The agency functions that have the greatest degree of adoption of public cloud services are: IT, recruitment, communications, and human resources. Public cloud services remain important for some customer-facing services. HR Customer facing Procurement 22% 11% 15% 12% 11% 21% 28% 29% 24% Finance 8% 16% 24% Strategy 5% 13% 15% Policy 5% 8% 20% 0% 20% 40% 60% 80% 100% Percentage of respondents Full or High adoption Moderate adoption Limited adoption 11

12 Strategies Key findings As at October 2016, just over one-third of respondents had a specific plan for adopting cloud services but nearly all indicated that they would like access to exemplars of cloud plans. Agencies would like the GCIO to provide good practice guidance for adopting cloud services as well as help to co-design their cloud plans. Although trusted mechanisms are not yet available, agencies would like the GCIO to facilitate early adopters to share their lessons learned and good practices. 12

13 Cloud plans Breakdown of whether agencies have a cloud plan Agency priorities for cloud planning Exemplars 92% 38% Guidance on ict.govt.nz Co-designed guidance 76% 73% 62% Interactive workshop Interactive sector workshop 41% 49% Other 5% Yes No 0% 20% 40% 60% 80% 100% The survey indicates that almost all respondents have begun adoption of public cloud services. Just over one-third of respondents (38%) consider these services to be strategic and have developed specific plans for their adoption to transform their operating models. Almost all respondents (92%) indicated that exemplars of good cloud plans would be useful. Around three-quarters of respondents would like the GCIO to assist them with design and guidance on how to adopt and use public cloud services to transform their operating model 13

14 Current and planned use Key findings In the short term (within 12 months) agencies indicated a high interest in using a core set of services: productivity, collaboration, identity and access management, and compute and storage. Almost all agencies intend to use Microsoft s Office 365, Skype, Azure Active Directory, and Azure services at some time, with over half using or intending to use them within the next twelve months. The demand for these Microsoft services was enabled by the July 2016 change in Cabinet policy that allowed agencies to use offshore-hosted office productivity services. 14

15 Top ten services by agency demand Most demand is for a core set of services Microsoft O In the short term (within 12 months) respondents indicated a high interest in using a core set of services: productivity, collaboration, identity and access management, and compute and storage. Microsoft Skype Microsoft Azure In the short-medium term (within 24 months) there is high interest in using security-related services and moderate interest in project management and business intelligence services. There is also interest in application development, enterprise resource planning (ERP), and customer relationship management (CRM) services over this timeframe. Microsoft Azure AD Amazon Web Services DocuSign Dropbox Over the longer term (over 24 months) there is interest in financial management (FMIS) and human resources (HRIS) services. WebEx Google Analytics JIRA Number of respondents Less than 12 months months More than 24 months 15

16 Agency expectations Key findings The top priority for agencies is for the GCIO to continue to streamline security certification of public cloud services. Agencies would also like the GCIO to assist them with using cloud services to transform their operating models. For example, by facilitating early adopters to share lessons learned and good practices. They also would like the GCIO to help to educate their staff and senior management on how to understand and manage the risks and opportunities of adopting these services. Agencies would like the GCIO to provide good practice guidance for adopting cloud services and to co-design the guidance from the GCIO on developing cloud plans. 16

17 Accelerating Public Cloud Programme Priorities Security is a clear area of focus The top priority for respondents is for the GCIO to continue to streamline security certification of public cloud services. Streamlining security certification Transforming ICT operating models In addition to the security certifications planned to be produced by GCIO, Other Microsoft and Amazon Web Services are most sought-after security certifications. Changing perceptions of risk 3.2 Agencies indicate that they would like the GCIO to drive strategic adoption by helping them educate their staff and senior management on the opportunities and risks associated with using public cloud services to transform their operating models. Driving strategic adoption Modernising commercial frameworks Lifting practitioner capability Average ranking (low rank is more important) 17

18 What agencies want from the GCIO Agencies want guidance, re-use, and co-design Survey available electronically 93% Almost all respondents indicated that they want the GCIO to provide written guidance, exemplars, and case studies to guide agency adoption of public cloud services. Exemplars Case studies and other guidance Guidance on ict.govt.nz 76% 92% 89% Three-quarters of respondents saw value in offering an online workspace for sharing policies. Online workspace for sharing Co-designed guidance 75% 73% Nearly three-quarters of respondents would like to co-design the guidance from GCIO on developing cloud plans. Seminars Infographic Interactive public sector workshop Online discussion forum Interactive sector workshop 58% 53% 49% 46% 41% Workshop with other agencies 33% One-on-one session 22% 0% 20% 40% 60% 80% 100% Percentage of respondents 18

19 Other agency expectations Educating CEs on how to understand and manage the risks of adopting these services. Negotiating commercial agreements on behalf of agencies Work with CEs to build their confidence and commitment to adopt cloud services All-of-government negotiation on cloud services would be beneficial Facilitating early adopters to share good practices Certification of commonly-used public cloud services Sharing policies is where we'd get the most benefit Panel of certified providers of public cloud for commodity type services. 19

20 Survey respondents Accident Compensation Corporation Inland Revenue Department New Zealand Customs Service Arts Council of New Zealand Institute of Environmental Science and Research New Zealand Defence Force Auckland Council Institute of Geological and Nuclear Sciences New Zealand Fire Service Commission Bay of Plenty District Health Board Lakes District Health Board New Zealand Qualifications Authority Callaghan Innovation Research Limited Land Information New Zealand Maritime New Zealand Christchurch City Council Law Commission New Zealand Tourism Board Civil Aviation Authority Meteorological Service of New Zealand Limited New Zealand Transport Agency Counties Manukau District Health Board MidCentral District Health Board Office of the Controller and Auditor-General Crown Law Office Ministry for Culture and Heritage Parliamentary Counsel Office Department of Conservation Ministry for Primary Industries Parliamentary Service Department of Corrections Ministry for the Environment Privacy Commissioner Department of Internal Affairs Ministry for Women Radio New Zealand Limited Department of Prime Minister and Cabinet Ministry of Education Serious Fraud Office Earthquake Commission Ministry of Foreign Affairs and Trade Southern District Health Board Education Review Office Ministry of Health Statistics New Zealand Electoral Commission Ministry of Justice Taranaki District Health Board Electricity Authority Ministry of Māori Development - Te Puni Kōkiri Tertiary Education Commission Environmental Protection Authority Ministry of Social Development Transport Accident Investigation Commission Financial Markets Authority Ministry of Transport University of Waikato Health and Disability Commissioner Ministry of Business, Innovation and Employment Waikato District Health Board Healthshare NIWA Waitemata District Health Board Housing New Zealand Corporation Nelson Marlborough District Health Board Wellington City Council 20