Close this search box.

We are creating some awesome events for you. Kindly bear with us.

DTA seeks to boost cloud adoption in Australian public sector through new strategy

DTA seeks to boost cloud adoption in Australian public sector through new strategy

Australia’s Digital Transformation Agency (DTA) has released
a Secure
Cloud Strategy
for the Australian Government. The strategy replaces
the Australian
Government Cloud Computing Policy
that was released in 2014. The new
strategy focuses on helping government agencies use cloud more easily.

The Secure Cloud Strategy has been developed to guide Australian
Government agencies beyond current business restrictions and to help them move
towards a more agile method of service improvement. It focuses on preparing
agencies for the shift to cloud and supporting them through the

Barriers to cloud

Despite the numerous well-known benefits of cloud, such as whole-of-government
efficiencies, agility, interoperability across agencies, increasing
availability and freeing up resources to focus on business delivery rather than
maintenance and reducing unnecessary duplication of ICT investment, several barriers
remain to agencies realising their cloud aspirations. Research by DTA revealed that
there is no common understanding of cloud for government and government’s
approach to cloud is siloed rather than collaborative. There is also a lack of
confidence regarding how to meet compliance obligations. Moreover, cloud
adoption may increase short term costs and the skills needed to harness the
cloud opportunity are not wide-spread.

Issues were discovered from the industry side also. Industry
feedback revealed that Australian Government certification practices require
significant investment, in terms of time and dollars, and companies find a
significant gap between the initial investment and realised return. They also
said that the Cloud Services Panel fails to keep up with the rapid release of
cloud offerings. Moreover, ICT contract head agreements are found to not align
well with the features, flexibility or nuance of cloud. Another obstacle is Capital
Expenditure (CapEX)-focused funding models that do not align with the service
model of the cloud.

Addressing the

The new Strategy seeks to address the concerns mentioned
above. It aims to lay the foundations for sustainable change, seizing
opportunities to reduce duplication, enhance collaboration, improve
responsiveness and increase innovation across the Australian Public Service. 

DTA recommends that in order to build capability, agencies
should begin their cloud journeys with low complexity services, and
progressively mature their approach. Low complexity services do not contain any
sensitive data enabling rapid and straightforward transition to the cloud. Medium complexity services are expected to require some additional planning and migration effort for agencies but are often common services offered by the market (not bespoke). Often legacy services are high complexity and can be the most difficult and expensive to move to cloud. These are often bespoke, and can hold significant volumes of sensitive data.

Image: Cloud Appetite Opportunities/ Credit: DTA (from Secure Cloud Strategy, Figure 1)

Under the Strategy, government agencies will develop their
own cloud strategies, as there is no one-size-fits-all approach to implementing
cloud. Agencies will use the Secure Cloud Strategy as a starting point to
produce their own value case, workforce plan, best-fit cloud model and service
readiness assessment.

Cloud implementation will be guided by seven Cloud

  • Make risk-based decisions when applying cloud security, rather
    than just checking off compliance
  • Design services for the cloud (design all new or modernised
    ICT services as cloud native, or cloud enabled and Where no suitable
    commercially provided cloud service is appropriate, agencies must design
    applications to be cloud-ready, maximising automation, portability and
  • Use public cloud services as the default
  • Use as much of the cloud as possible
  • Avoid customisation and use cloud services as they come
  • Take full advantage of cloud automation practices
  • Monitor the health and usage of cloud services in real time
    (visibility of cloud usage and cloud health can enable agencies to control

There are also plans to create a layered Cloud Certification
Model. The certification model will create greater opportunity for agency-led
certifications, rather than just ASD (Australian
Signals Directorate) certifications. It creates a layered certification
approach where agencies can certify using the practices, already in place for
certification of ICT systems.

The Strategy also clarifies that the Privacy Act does not
prevent an Australian Privacy Principle (APP) entity from engaging a cloud
service provider to store or process personal information overseas. The APP
entity must comply with the APPs in sending personal information to the
overseas cloud service provider, just as they need to for any other overseas
outsourcing arrangement.

Another initiative is aligning service procurement with the ICT
Procurement Review
Recommendations. As cloud services move more rapidly
than services available through panels traditionally do, the recommendations in
the ICT Procurement Review align well with creating a better pathway for cloud

A cloud qualities baseline and assessment framework will be
introduced to clarify cloud requirements. The cloud qualities baseline
capability and assessment framework will enable reuse of assessments.

A Cloud Responsibility Model will be developed to clarify
responsibilities and accountabilities, as traditional head agreements cannot
cover all cloud services and their frequent variations. A shared capability for
understanding responsibilities, supported by contracts, will address unique
cloud risks, follow best practice and maintain provider accountability.

A cloud knowledge collaboration platform will be built. The
platform will enable secure sharing of cloud service assessments, technical
blueprints and other agency cloud expertise, to iterate on work already done
rather than duplicating it.

Cloud skills uplift programs will be designed. Increase
government skills and competencies for cloud aligned with the Australian Public
Service Commission Digital Skills Capability Program and create the pathways to
leverage industry programs to enhance cloud-specific skills in the Australian
Public Service.

Common shared platforms and capabilities will be explored
including a federated identity for government to enable better collaboration in
the cloud and a platform for PROTECTED information management to reduce
enclaves in agencies. will continue to be reiterated as an exemplar
platform. In addition, Service Management Integrations services could be
developed to enable agencies to manage multi provider services.

These platforms will include the integration toolkits that
enable agencies to seamlessly transition between the cloud services.

All the initiatives mentioned above will be supported
through a DTA-led community of practice that will support agencies to plan and
transition their environments for cloud. It will include delivering training
and advice to agencies to build confidence in their ability to manage cloud

Access the DTA’s Secure Cloud Strategy here.


Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.


As a Titanium Black Partner of Dell Technologies, CTC Global Singapore boasts unparalleled access to resources.

Established in 1972, we bring 52 years of experience to the table, solidifying our position as a leading IT solutions provider in Singapore. With over 300 qualified IT professionals, we are dedicated to delivering integrated solutions that empower your organization in key areas such as Automation & AI, Cyber Security, App Modernization & Data Analytics, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Renowned for our consulting expertise and delivering expert IT solutions, CTC Global Singapore has become the preferred IT outsourcing partner for businesses across Singapore.


Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit


SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.


HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 


IBM is a leading global hybrid cloud and AI, and business services provider. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity and service.