The Department of Prime Minister and Cabinet's CTO Brad Bastow has left the public service to front AUCloud, a local version of service provider UKCloud.
AUCloud has securing financial backing "in the tens of millions of dollar range" from Australian investors, co-founder Scott Wilkie told iTnews.
Investors in AUCloud include Cathie Reid and Stuart Giles, who founded pan-Asian cancer service provider Icon Group, "along with a syndicate of their regular professional co-investors", Wilkie said.
Wilkie's business partner in AUCloud is managing director Phil Dawson, and its investors include Jeffrey Thomas, chairman of UKCloud and founder of Ark Data Centres, a major co-location provider to the British public sector and winner of a UK whole-of-government hosting contract worth up to £700 million.
UKCloud was founded in 2011 and in 2016 was named the fastest-growing private technology company by the Sunday Times.
AUCloud, which is set for a July or August launch, will go up against established suppliers such as Macquarie Telecom, Dimension Data and Microsoft, all of which have been approved to host classified government data to the Protected level.
Other certified Australian providers include Sliced Tech and Vault Systems.
Wilkie said most local Australian suppliers are "by and large, managed services providers that do not meeting this definition of cloud".
"You put in an order – by paper in the case of one of them – they go and procure a bunch of equipment and deliver you a service down the track. That is not really fit for purpose for how you hope government will use technology in the future.
"We will be smaller than the majors, but we have built an automation and orchestration tool that will be quite different to local providers in the sophistication and management capability.
"We will be Australian-owned, taxed and governed, and the data will remain in Australia."
The federal government, through the Digital Transformation Agency (DTA), has outlined a number of policies to drive more procurement of cloud services, to make it easier for Australia's small to medium business to win government contracts, and to introduce greater transparency to the IT procurement process.
Going cloud-first policy is a key tenet of Australia's Secure Cloud Strategy [pdf], however, the DTA has conceded there are "a number of barriers to agencies realising their cloud aspirations, such as a lack of knowledge and skills, or decades old operating models that are difficult to change".
While AUCloud has been "building the team and the platform over the past five months", Wilkie said "there has been no execution of the policy, so we have been in no rush to launch the company".
He added that Australia lags well behind the levels of cloud adoption and pricing transparency seen in the UK under the G-Cloud initiative. A recent report from The Register found that many UK agencies are already using cloud services at scale following G-Cloud's launched in 2012.
G-Cloud includes a set of framework agreements to simplify procurement and avoid full-blown tenders, as well as a digital marketplace to buy and sell cloud services.
In Australia, the DTA's marketplace launched in 2016 initially focused on digital specialists; at time of writing the portal was still centred around body-shopping, with 23 opportunities listed on the marketplace, all of which were recruitment advertisements.
"The DTA have set up a digital marketplace but it's really just a glorified HR capability… there are, someone mentioned, 36 different ICT procurement panels, no centralised process, not volume discounts for that activity. Procurement is an expensive and long process.
"Even though pricing is transparent to people inside agencies it is not transparent to the market. The G-Cloud framework is updated every six months; your pricing gets updated every six months. Believe me, people are coming in low," Wilkie said.
The DTA has also, separately, launched a whole-of-government hardware marketplace, which is initially focused on storage.
Wilkie was critical of this approach to hardware procurement, given that the federal government is meant to be going cloud-first.
"It is retrograde step to have a storage panel for government, because there is meant to be a cloud-first policy. It means people are still engineering in a very old-fashioned way, pricing in a very old-fashioned way, using people to design and build and things they don't need to do.
"It is great if you are a contractor from any one of hundreds of contracting firms at $3000 per day plugging in wires," Wilkie said.
The past year has since a major focus on cloud providers being approved to the Australian Signals Directorate's (ASD's) Certified Cloud Services List, with a number of providers certified to manage data up to the protected level.
The decision to approve Microsoft Azure for hosting protected-level federal data has been under scrutiny after the ASD published guidance that additional security controls were needed before agencies could push protected workloads into Azure.
Wilkie said agencies could not simply outsource risk and expect to meet the requirements of the ASD's Information Security Manual (ISM).
"One thing we did was create a policy that we want each agency's chief information security officer to sign off on our rule set in advance of using our platform. We are removing their ability to have plausible deniability that they are compliant with Australian law.
"An 'unclassified' platform might let you use the internet to connect to it; 'protected' will let you use ICON [the Intra-government Communications Network]; 'secret' in the future will need a different process.
"We are requiring the CISO to certify they will behave in a certain way otherwise we will not let them use the platform. There are a bunch of agencies failing their security audits and taking this risk into a multi-tenant environment," Wilkie said.
"The ASD is very clear: an agency cannot rely on whether they certify a cloud or not, it is up to the agencies to ensure it is fit for purpose. I am enforcing what the ASD want agencies to do.
"I also give a very detailed risk assessment. We want to make sure we point out very clearly to clients what are our risks, what are their risks, and what are the shared risks," Wilkie added.
AUCloud's platform is hosted in Canberra Data Centres, which is also home to Microsoft's Azure Australia Central regions.
AUCloud is initially VMware-based – "because 80 percent of the Australian government is virtualised using VMware" – with plans for OpenStack and Microsoft Azure Stack in future.
It runs Cisco networking and compute with Dell EMC at the storage level, Wilkie said.