The Government of Canada in an effort to recognize and build a strong IT workforce released its Cloud Adoption Strategy for public consultation on July 22, 2016.
The IT Strategic Plan was released on June 29, 2016 and provided three cloud-related documents:
- Government of Canada Cloud Adoption Strategy
- Security Control Profile for Cloud
- Right Cloud Selection
According to the press release:
“This strategy prioritizes the security and privacy of Canadians while providing departments with new modern and flexible alternatives to make more efficient use of information technology. This is the result of consultations with industry and provincial governments over the past two years, and a review of global trends in cloud computing. Feedback on the strategy will be collected until September 30, 2016, and will be used to finalize the Government’s approach.”
Highlights of the cloud strategy
- An adoption strategy called “Right Cloud” recognizes that no single cloud pattern fits all requirements;
- Emphasis on security including data categorization and sovereignty; and
- A vision for a public sector community cloud based on a broker model (again recognizing that no single model meets all needs).
Key objectives
- Ensure that the supply of IT resources is able to meet government demand levels;
- Risk is managed consistently at or better than currently while also allowing flexibility; and
- Skills with cloud systems are developed in the workforce.
Benefits of Right Cloud approach
- Service performance – self-service provisioning, metrics-based service levels, enforcement;
- Security – security certifications, advanced features;
- Innovation – rapid feature development, shared development costs, subscription-based;
- Agility – rapid access to resources; and
- Elasticity – commoditized services, expansion/contraction at any time.
The essence of the strategy is to allow departments and agencies to choose from a menu of cloud services according to their business needs. Shared Services Canada will assume the role of GC Cloud Broker and will procure cloud services, manage relationships with providers, manage billing and monitor consumption. The Broker acquires the services and provides a menu of services that departments can choose from.
Security is enhanced through data categorization and adoption of cloud security control profiles. Pretty much the only data that can be stored on servers outside Canada is data that is categorized as unclassified, low integrity and low availability. All other data must be stored in Canada.
Another interesting part of the strategy is the creation of a Canadian Public Sector Community cloud (CPSCC). The CPSCC will include public cloud services, with security that the government (presumably Shared Services Canada) has accredited, and which are offered through a marketplace. This should provide more efficient procurement, allow economies of scale, encourage collaboration and control cloud sprawl. The federal, provincial and territorial governments, municipalities, universities, schools and hospitals will all be able to take advantage of this initiative.
According to the press release, this strategy was a result of a two-year consultation process, and that feedback on the strategy will be collected until September 30, 2016.
My reaction
- The overall approach seems good and in-line with other governments, given the size and diversification of the government and especially of the public sector;
- It may have been somewhat slow to get off the ground, since cloud services are now supplemented by IoT, social networks, software-defined everything, mobility, analytics and Blockchain; and
- It will likely take Shared Services Canada time to ramp up its role as broker, which may delay some developments in the various public sector organizations in the community cloud.
Do you think the new strategy will prepare the IT workforce for cloud?
