Feds toughen up G-Cloud guidelines

The Australian Government Information Management Office (AGIMO) has adopted a more cautious tone in the final version of its Community Cloud Governance "better practice guide", following industry and agency feedback.

The guide is part of a suite of documents put together by AGIMO on various aspects of cloud computing. Other guides cover privacy, legal and financial challenges.

A forensic comparison between the draft and final versions of the governance guide discloses some 159 insertions and 234 deletions.

Overall there are few substantive policy tweaks of the draft guide, which was issued back in May.

However, the revised tone is — if anything — more cautious and prudent about governance arrangements, highlighting additional security and reporting concerns.

Under AGIMO's cloud vision, larger agencies will effectively become cloud providers in their own right, with smaller agencies able to shift workloads between these various Governent-run resource pools with "minimum difficulty".

Such arrangements are being called "community clouds". Effectively, they are internal arrangements for organising Government-based clouds or G-clouds.

Governance better practice dictates that the lead agency in the arrangement report on the cloud's operation.

Under the governance guidelines, the lead agency is explicitly required to provide reports and advice to the Community Cloud Management Committee on the status and position of the community cloud operations, its development and any issues.

The lead agency is also required to manage and evaluate the mechanics of setting up the community cloud — for example, tendering and selecting external service providers — on behalf of smaller user agencies.

Oversight of G-cloud arrangements also are elaborated in the final guide. In particular, the Government’s CIO Committee and the Secretary’s Information Governance Board (SIGB) may become involved in governance where cloud services "cross more than one portfolio".