NSW’s Cloud Policy
NSW’s Cloud was released in 2020. The policy covers general information about cloud services including different cloud service models, the benefits of cloud, cloud service procurement and cloud service security. The policy also works with the broader NSW Cloud , which is focused on government-wide adoption of cloud services in NSW Government.
Different cloud service models
The Policy outlines three different cloud service models:
Public cloud — The public cloud is third-party operators managing and delivering resources to multiple organisations, such as Infrastructure as a Service (IaaS), Platform as as Service (PaaS) and Software as a Service (SaaS).
Private cloud — NSW Government services through GovDC (Government Data Centres), such as Innovation Space, Community Cloud and Zone 3 PSPF (Protective Security Policy ) Panel services.
Dedicated network and cloud connectivity — The private cloud interconnected with public cloud services.
The benefits of cloud
The Policy also covers the many benefits of cloud services, including:
Collaboration — Private cloud facilitates collaboration and sharing more easily than distributed systems
High availability — Cloud services are designed to be highly resilient and easily scaled, which reduces outages and downtime
Flexibility — Cloud services give access to a greater range of architecture, operating systems and databases
Cost avoidance — Centralised environments give a clearer view of usage and costs
Focus on service differentiation — Moving the focus away from infrastructure management allows greater focus on service delivery
Cloud service procurement
In NSW, cloud service procurement is governed by the NSW Procurement Policy Framework. This covers three main areas:
Procurement requirements and considerations
Sourcing and contracting
Cloud purchasing arrangements (CPA)
Procurement requirements and considerations
Agencies must use the ICT Services Scheme panel of pre-qualified providers and develop a business case. Agencies should use the supplier hub for initial market analysis and apply for funding from the Digital Restart Fund.
Sourcing and contracting
If a whole-of-government contract exists, it must be used. If there is no suitable contract, agencies may use other IT frameworks such as the Digital.NSW Cloud Framework .
Cloud purchasing arrangements (CPA)
CPA is a collection of whole-of-government contracts suited to cloud services, developed primarily for IaaS and PaaS services. The contracts are head agreements that provide benefits including preferential pricing, training offers, discounted technical support and discounted professional services.
Cloud service security
Agencies must follow the NSW Cyber Security . Specifically, agencies need to consider:
Security in the cloud
Security requirements and considerations
Information classification, labelling and handling
Security in the cloud
The security of data in the cloud is a responsibility shared between agencies and service providers. In general terms, the service provider is responsible for the security ‘of the cloud’ and the agency is responsible for security ‘in the cloud’. The specific definition is particular to SaaS, PaaS and IaaS services, so agencies should refer to the table in the policy document.
Security requirements and considerations
General cybersecurity requirements are laid out in the NSW Cyber Security , but considerations specific to cloud services are detailed in the Australian Cyber Security Centre’s Cloud Computing Security .
Information classification, labelling and handling
The NSW Government Information Classification, Labelling and Handling will be updated to match the protective markings in the PSPF, which are PROTECTED, SECRET and TOP SECRET. For more information see the PSPF Policy 8: Sensitive and classified policy.
Salsa Digital’s take
The cloud plays an important role in government services and is also a key part of Salsa’s services. In fact, it was integral in our journey to GovCMS. The cloud delivers big benefits and it’s great to see government paving the way for greater adoption across the NSW public sector.