Australian Government Architecture
Search

Type

Capability

Reference

.

Mandate

Endorsed

Cloud Computing

Definition

The Australian Government has adopted the US Government's National Institute of Standards and Technology's (NIST) definition of cloud.

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Purpose

A mature capability in cloud computing enables Commonwealth entities to efficiently deliver information technology services online in a secure and scalable manner.

Cloud computing is realised through:

  • the storage and handling of sensitive information, in the cloud, in a manner that maintains public trust
  • scalable and cost-effective solutions that can be increased or decreased in line with demand.

Objectives

The objectives of this content are to:

  • maximise uptake of cloud computing in government while embedding risk-based decision-making for cloud security
  • identify, consolidate, and standardise cloud computing services to generate faster delivery, continuous improvement cycles, and broad access to services
  • identify, or establish and implement, consistent Standards or Designs for cloud computing
  • maximise reuse of cloud computing services across government
  • highlight whole-of-government purchasing arrangements for cloud computing services
  • consider the capability as complementary to other related capabilities, including Cloud Financial Operations, Hosting, Information Asset Management, and Information Asset Security.

Whole-of-government applicability

The Secure Cloud Strategy has been developed to guide entities through their adoption of Cloud. It lays the foundations for sustainable change, seizing opportunities to reduce duplication, enhance collaboration, improve responsiveness and increase innovation across the Australian Public Service (APS).

The Data and Digital Government Strategy (DDGS) sets a vision for 2030 to deliver simple, secure and connected public services for all people and business, through world class data and digital capabilities.

The capability of Cloud Computing will be key to the DDGS mission of “Simple and seamless services”. Under this mission, the outcome to "deploy scalable and secure architecture" guides the APS to:

  • develop interoperable platforms and use standards to unlock opportunities for data sharing, integration, collaboration and reuse cross the APS
  • develop flexible and resilient systems and services, supported through suitable adoption of cloud infrastructure.

Policy Elements

Policy:
POL10
Cloud Computing policy Mandate:
Endorsed
Status:
Core

  • Comply with legislation

    An entity must comply with any legislation relevant to its circumstances.

  • Align to guidelines and standards

    All Commonwealth entities must comply with the Hosting Certification Framework to ensure cloud computing facilities are hosted in certified tenancies/data centres, as well as any other mandatory frameworks, policies, and standards.

  • Develop strategic documentation for the cloud

    An appropriate set of guiding documents must be developed within entities undertaking cloud-based investments, and should include a cloud strategy, cloud policy, and implementation plan(s).

  • Incrementally adopt cloud computing services

    A step-by-step approach to refining and enhancing cloud computing services, starting with low-complexity services and progressively maturing, will allow entities to optimise practices when requirements evolve.

  • Avoid customisation by using cloud services ‘as they come’

    Changing of business processes to align to cloud offerings, rather than developing or customising technology suit existing processes, is critical to realise the benefits of cloud services.

  • Automate where suitable

    Automation enables support teams to focus on the more complex requirements that are unique to their business by minimising the effort and need to provision, configure, backup, restore, patch, update, and deploy services.

  • Take a risk-based approach to cloud security

    Entities continue to be responsible for their own assurance and risk management of cloud services and must manage this risk as appropriate.

  • Monitor the health and usage of services in real time

    Entities must have visibility of their cloud usage, cloud health and enable them to control costs. Entities should refer to the Cloud Financial Operations Policy and Standard.

  • Recognise emerging cloud computing trends

    Understanding cloud trends will assist entities to adapt and innovate. Considerations include hybrid and multi-cloud approaches, edge computing, real-time infrastructure, cloud security, FinOps, sustainability initiatives, and GenAI infrastructure.

  • Procure via the Cloud Marketplace

    The Cloud Marketplace on BuyICT has been designed to meet the complex needs of government agencies who are looking to easily source value-for-money cloud solutions.

  • Adhere to reuse principles

    Entities must give priority to the adoption of reuseable digital and ICT solutions, patterns, or knowledge, and, where necessary, design new solutions with a focus on future reuse.

Domains

This capability is part of the following domain.
DOM2

Technology Reference

Policies

The following policies have requirements that impact this capability.
Cloud Computing policy
POL10
Mandate: Endorsed
Status: Core
This policy describes the requirements for entities planning digital investments involving cloud computing. Applicability Digital investment proposals are assessed against this policy by the DTA through the Digital and ICT Investment Oversight Framework (IOF). Commonwealth entities are encouraged…

Standards

The following standards support development of digital solutions in this capability.

Cloud Computing standard

STA64
Cloud computing provides a service for government, underpinned by a dynamically growing marketplace, which can increase the agility, flexibility, and speed of delivery for digital services. It removes the big upfront investments in technology to enable scaling up or down quickly. This provides much…

Designs

The following designs include examples of how digital solutions in this capability can be delivered.

Cloud Marketplace

DES15

Lead Agency: Digital Transformation Agency

The Cloud Marketplace is a digital sourcing arrangement for cloud computing offerings to government, as managed by the Digital Transformation Agency. The marketplace operates as a cooperative panel arrangement, with sellers being appointed through an initial open approach to market and…

Digital Sourcing Cloud Contract Templates

DES55

Lead Agency: Digital Transformation Agency

The Digital Transformation Agency (DTA) provides digital sourcing contract templates that make it easier for government agencies to set up contracts with suppliers.

Blueprint for Secure Cloud

DES23

Lead Agency: Australian Signals Directorate

Technology Type: Microsoft 365

The Blueprint for Secure Cloud (previously known as the Protected Utility Blueprint) is an online tool to support the design, configuration and deployment of collaborative and secure cloud and hybrid workspaces, with a current focus on Microsoft 365.

Cloud Assessment and Authorisation

DES107

Lead Agency: Australian Cyber Security Centre

The Cloud Assessment and Authorisation publication is intended for cloud service providers, Infosec Registered Assessors Program (IRAP) assessors and Non-Corporate Commonwealth Entities who are subject to the Public Governance, Performance and Accountability Act 2013 to the extent…
Was this information helpful?

Do not include any personal information. We are unable to respond to comments or feedback. If you would like a response, please email, or phone us. Our details are on the AGA contact page www.architecture.digital.gov.au/contact-us.