OpenGov speaks to Ron McLay, Chief Information Officer (CIO) at the Australian Human Rights Commission (AHRC). Mr. McLay has been in the position for over 19 years. He has driven the organisation’s early adoption of the latest in ICT offerings over the years, demonstrating remarkable agility.
As a relatively small organisation, with budgetary constraints, AHRC has adapted by being nimble and leveraging cloud, mobility and collaboration solutions to enhance efficiencies and save costs.
Can you tell us about the AHRC and the role of ICT in the organisation?
The AHRC exists to protect the human rights of Australians. Our function is to promote human rights in Australia and also, conciliate human rights complaints with reference to a number of different acts. We administer the Race Discrimination Act, the Disability Rights Act, Sex Discrimination Act and others.
I have a team of 6 staff. We provide everything ICT-related to the AHRC. We also provide ICT resources to one other federal government agency and also to an NGO, the Asia Pacific Forum.
We are a service provider to three organisations. We endeavour to put in place a technology platform to enable those organisations to meet their business requirements and fulfil their charters or their visions.
We are quite small. We have about 200 users on our network. We are a single site now. We used to have multiple sites that have closed due to budgetary constraints.
We are quite unusual in one way. We have a highly mobile workforce. Over 100 of our 200 users have remote access and are connected to the network.
What ICT projects are you working on?
I have been the CIO for 19 years. We are usually very innovative. We have been early adopters of technology. Starting way back from SharePoint version 1 and Office XP. In fact, we did case studies in conjunction with Microsoft.
We were the second site in Australia to go live with SharePoint in 2001. More recently, we became the first federal government agency to go fully to the cloud. It’s a journey we are still on.
We are using Office 365 and we are starting to employ SharePoint Online, syncing it with OneDrive and we are looking at other technologies in the cloud. In the same timeframe, we replaced our aged VOIP telephony solution with Skype for Business. That’s a hybrid config, mainly still on premise. But we are cloud-ready.
We did it concurrently with the online migration of our email to Exchange Online. We went live in June. And that means all the mailboxes from AHRC and the NGO have moved into the Cloud.
It has been very successful. User acceptance and take-up rates have been very high. We have got some pockets of resistance. We learned a lot of lessons along the way.
I think we were quite brave when it determining what the mix of handsets and headsets should be. We got almost 85% of our staff using headsets. So, we transitioned away from traditional handsets. Everyone is using softphones now.
We haven’t moved our data into the cloud. But we are planning for that right now. So, we are working with a part of Microsoft called FastTrack, whose business it is to drive up subscription and use of the cloud. We are working with them to migrate all of our SharePoint instances into the cloud and also to move our data holdings into the cloud.
As a first step, we are going to migrate all of the users’ home directories into One Drive. That’s probably likely to happen this calendar year.
The data holdings will be transferred at some stage next year. Perhaps by second quarter next year, we might have begun to move some of the work group drives into the cloud. Maybe sooner, we will maybe use a small pilot group. Again, we are still planning, still talking through our strategy.
We haven’t even finalised if we will move the data physically or just create a data structure in the cloud and allow staff to copy the documents they are still working on into the cloud.
Already being on the cloud and having paid the on boarding costs, a lot of what we want to achieve in the cloud we can do without much additional expenditure.
In your migration to the cloud, did you have any concerns regarding cybersecurity?
In adoption of the cloud, we did nothing until Australian Signals Directorate (ASD) certified cloud providers. Up until recently, federal government agencies were not allowed to use multinational companies that had cloud offerings in Australia.
But then ASD certified three cloud providers last year. The ASD certification meant that those environments are now compliant with the government regulations contained in the ISM (Information Security Manual). That satisfied us from a security point of view although we are also conducting a security review of our own to ensure we are fully compliant.
But there are some other issues, where a combination of different things can result in a challenging situation.
Right now we are facing an issue with Fedlink. Fedlink is an intra-government secure network, which allows the exchange of classified information between different parts of the government.
Years ago, we used to be an In-confidence network. That was the lowest security classification but has now been removed.
The government restructured the classification and got rid of In-confidence. At the time, my agency had the choice to go up to the higher level Protected or move downwards to unclassified. We chose the latter. We did an assessment on our network and we determined that there was nothing that needed to be on a classified level.
The higher the protection, the more are the controls, the more administration is required and the more it costs to administer.
What we have now is called a G-system or government system. The level above it is called Protected, which is the first classified network system. Because we weren’t Protected, we decided to stop using Fedlink because it involved quite a bit of infrastructure and involved all our mail being routed via our own premise. Protected networks cost enormous amounts of money, compared to running an unclassified network. It involves a lot more IT admins as well.
We wanted to stop that because we wanted to go over to the cloud. We wanted to move away from on premise equipment. We were in a situation, where if we had a power shutdown, our emails would shut down.
Unfortunately for us, when we dropped out of Fedlink even though we do not exchange classified material with other agencies, we do exchange sensitive information. Some agencies have expressed reservations about exchanging email with us and stopped doing so because we are not with Fedlink. it is impeding our business. We are trying to solve that by talking to the Department of Finance, which administers Fedlink.
Fedlink is soon going to be relaunched as Govlink. They are going to bring in private industry in as well. That will allow for the safe transmission of commercially confidence material between government and private enterprise.
Are there any issues because of conflicts in the requirements of the three agencies? Are the IT systems common or segregated?
There used to be completely physically separate ICT infrastructures. But in preparation for moving into the cloud to reduce costs and remove complexity, we combined the networks. That was the first phase of our project. They are virtually separate now, rather than physically separate.
We had a 60 server back-end. Now we are down to 38 servers. We will soon be down to 30 servers. So, our server fleet has almost been cut by 50%, as a consequence of combining the networks and moving to the cloud.
What we haven’t done is move a lot of servers into the cloud which we want to do as well. It’s just that we are a small team and we need to prioritise.
As a CIO, I have to ensure that they have the platform to do their jobs. Their needs are a little different. But generally speaking it’s not a lot.
What are your long-term plans for AHRC?
We want to move all our systems and data into the cloud. We want to get rid of unnecessary customisation and rely on software-as-a service. We want to convert any remaining paper-based operation at the commission into electronic.
The ultimate objective is to keep enhancing the efficiency of the Commission, saving money, dramatically cutting turnaround time. It’s a continuous journey.
