Queenslanders debate cloud computing

Could cloud computing be used to deliver a national driver's license registration scheme that was sold to states as a service? Probably not, say four Queensland Government IT chiefs, including state CIO Alan Chapman.

The hypothetical question was recently asked to several public sector IT chiefs, including amongst others Chapman, Dr Renato Iannella, principal scientist at National ICT Australia and Paul Summergreene, former CIO of Queensland Transport and Queensland Health.

The panel discussed the issue at a recent conference held in Brisbane, hosted by technology analyst firm Longhaus and local investment outfit Invest Brisbane.

According to Summergreene, the idea of creating a standarised registration service (not necessarily cloud-based) had already been contemplated by government.

"[Creating] a single entity of transport registration and licensing system ... has been talked about for years. We have some mockups of it already in place, which aren't terribly smart actually as far as information [is concerned]," he said. The major obstacle, according to Summergreene, would come from policy, legislation and business rules.

While Summergreene said that it would be possible to host Queensland's Transport Registration and Integrated Licensing System (TRAILS) system anywhere within Australia, Alan Chapman disagreed, citing the lack of local large-scale datacentres, which would leave government with one choice: to host it overseas with a company like Microsoft — a move that wouldn't sit well with the public.

Queensland government acting CIO Alan Chapman
Credit: Queensland government.

"There's a whole heap of barriers in front of us there," said Chapman. "I'm not going to like that too much in the government, because we've got a whole heap of data about the citizens of Queensland sitting there, and that data is sitting there just waiting for the Patriot Act to be invoked, and for the American government to start snooping in Australian citizens' information," he said.

Id Cuda, Brisbane City Council's ICT partnerships manager, added that availability would pose a major problem if such a government service was hosted in the "public cloud".

"If it's a public cloud, how do you guarantee service levels? How am I going to get a guarantee that it's going to be up 99.9 per cent of the time? You can't rely on ISPs to ensure this type of service level," he said.

Although Queensland's Springfield Polaris datacentre, currently used by Suncorp, was raised as an example that had the capacity to provide cloud computing, Microsoft Australia's CTO Greg Stone pointed out that cloud datacentres have entirely different architectures to standard ones.

"The type of approach that's used in these datacentres is very different from what we are seeing in the world's standard hosting datacentres," said Stone.

"The difference with these highly available, highly scaled grid systems such as we, Google, Amazon and others have, is that they treat the data differently, and they actually break it up and put it in multiple places at once, for resiliency. You can't operate that kind of model with a sandbox datacentre down the end of the world, where the long-haul communication costs kill it when it tries to then sync up with the other data centres elsewhere," he said.

NICTA's Dr Renato Iannella wants a Cloud.au
Credit: NICTA

To address privacy concerns around the use of cloud computing for government services, NICTA's principal scientist Dr Renato Iannella proposed a new domain specifically designed to host Australian cloud applications, called cloud.au.

"We need to say we need a cloud.au. It's a cloud, but it's only in Australia, therefore we can protect it and it's not going to be in the hands of the Americans," he said.

However, Iannella said that cloud.au would ultimately undermine competition. "If you want to be able to offer the service at a cheapest possible price, you've then got to let it go out to potentially the rest of the world," he said.

But even if such a domain did exist within Australia, Summergreene said that a cloud-based national registration system where information was potentially hosted in multiple states would be shot down due to each state's incongruous privacy laws.

"If you look at the standards now for smart cards and driver's licenses ... we are seeing some uniformity already occurring. The issue is privacy," he said.

"Every state has a different rule around privacy. We don't even have a privacy commissioner in this state, and every other state does. So that'll be the key issue. If we looked at the smartcard which was going through — Access Card — it was shot down on privacy; and it wasn't even shot down for good reasons of privacy. So that'll still kill it in Australia — the belief of accessing information inappropriately. You can put safeguards around that, it's just how we sell it."

The panel was asked by Longhaus analyst Sam Higgins how long it would take for the public sector to start using cloud computing. The overall response was that budgetary constraints coupled with increased demand for services would ultimately force government down that path, but identity checks would be a constraint.

"I see a year, two years out, and then there's things starting to ramp up over a seven‐year period overall. That's kind of my thinking for it," said Microsoft's Stone.

Both Iannella and Summergreene were less optimistic, predicting a decade wait, by which time cloud computing would be called something else. "I don't know everyone is quite agreeing on what [cloud computing] is. So to get government to commit to that, to get them to understand it and invest in it as a strategy, I think is going to take a bit of work. But I think ten years, and yes it'll be called something else," said Summegreene.

Chapman said that transactional systems, such as a licence and registration system would be a good starting point, but that identity verification would pose a problem and that government wouldn't start using cloud computing until at least 15 year's time.

"We'll have some dubious flirtations with it along the way. We'll start with our own clouds, we'll start [to] deploy a few things to our own clouds, we'll maybe play with some of these dodgy vendors and test out whether we really can get out when it's time to get out, we'll take a lot of very cautious steps," he said.