Now that’s a mouth-full!

Mike alerted me to this interim document put out by the State Services Commission of New Zealand. The document seeks to give some guidance to government agencies looking at using offshore ICT providers and seek to help agencies take a professional approach to considering offshore as an option to improve service delivery. It is intended as a risk assessment resource and aims to retain control over government information systems and assets.

So what does it say?

  • Detailed risk reports should be completed when looking to offshore ICT services. This assessment should determine location of where information will be stored and the specific classification level of any data being transferred
  • Processes should be in place to manage the ongoing relationship to react to "political, legislative, business, systems, environmental, and cultural" changes

The risks of offshoring are split across;

  1. Big picture risks: risks that may put a proposal out of consideration regardless of its other virtues
  2. Trust and public confidence risks: how a proposal may adversely affect the Trusted State Services Development Goal for the New Zealand State Services.
  3. Control risks: the need to maintain control over data as required by, for example, the Public Records Act 2005.
  4. Governance, management, and project risks: difficulties that may arise when management of a business function or project is geographically dispersed.
  5. Economic risks: following procurement policy while considering possible effects on the larger New Zealand economy of an offshore proposal.
  6. Business continuity risks: government responsibilities in maintaining capability in the country in the event of an emergency or a service provider failure.
  7. Security and integrity risks: includes industrial espionage, social disruptions, terrorist threats, and data corruption.
  8. Privacy risks: threats to government held personal information if sent offshore.
  9. Legal and commercial risks: practical and legislation-related risks of doing business outside New Zealand.
  10. Fiscal risks: currency fluctuations, offshore taxes, and other financial risks.

From an initial read it seems that the concerns can be split into two main camps;

  1. Project management, cultural, IT resistance and security risks
  2. Jurisdictional risks caused by offshoring

My take on it is that the first issue has some easy fixes. Clearly there is a need for good management of SLAs, excellent due-diligence of potential providers and a true TCO/ROI analysis of the different options. This coupled with some excellent project management should take what is a complex, multi-dimensional problem and deliver a robust outcome.

That part was easy. The second issue less so.

The fact is under the current cloud computing models, we don’t know where our data is and have no idea of the jurisdictional ramifications of a solution that sees bits stored in multiple locations.

Answer? A domestic datacentre with scale. We already know that there are issues with the limited outbound pipes we have as a nation, and with the imbalance in terms of outbound and inbound data. Seems that that, coupled with concerns by Government agencies about the offshoring of ICT outsourcing, builds a reasonably compelling case for a locally sited data centre – both in terms of traffic management and security assurance.

I’d be keen to hear the sage thoughts of the ICT intelligentsia out there on this one…

Ben Kepes

Ben Kepes is a technology evangelist, an investor, a commentator and a business adviser. Ben covers the convergence of technology, mobile, ubiquity and agility, all enabled by the Cloud. His areas of interest extend to enterprise software, software integration, financial/accounting software, platforms and infrastructure as well as articulating technology simply for everyday users.

  • I used to work for Nielsen Online and we ran into this problem with Govt sites. The problem is it is expensive for a company to build data centres in NZ for the size of the market. Some departments just went ahead and used our service anyway and others use Google Analytics. I’m not sure of the current status but it seems like a long slow road to acceptace.

  • Ben
    You’re right it’s a mouthful. But I’m really pleased you’ve read it and feel it was worth commenting on. I agree completely with your assessment, good robust project and procurement management can deal with a lot of the concerns but cloud computing is a real challenge.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.