Community cloud governance – an Australian Government perspective
A Community Cloud is one of four cloud models outlined in the Australian Government Cloud Computing Strategic Direction Paper (the Strategy), released in April 2011. The other models are public cloud, private cloud and hybrid cloud. The Strategy defines a Community Cloud as “cloud computing services shared by several organisations that have shared requirements, e.g. mission, security requirements, policy, and compliance considerations”. A Community Cloud may support those agencies with a common delivery agenda to take advantage of the benefits that may be realised by cloud computing services (also known as cloud services).
Cloud services are those services delivered via “an ICT sourcing and delivery model for enabling convenient, on-demand network access to a shared pool of configurable computing resources, (e.g. networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction”. The Strategy states that agencies may choose to use cloud services if it provides value for money and adequate security.
The Australian Government is looking to the benefits of cloud services as a way of reducing redundancy and duplication across agencies, and seeking to realise economic savings and improved business outcomes. Appropriate governance arrangements must be in place before agencies may transition any type of ICT arrangement. Community Clouds are no exception. Appropriate governancearrangements should provide agencies with the structure to establish; deliver; and consume cloud services as well as oversee their performance and alignment with strategic goals and policies.
This guide has been developed in accordance with the principles outlined by the Australian National Audit Office (ANAO) in their Public Sector Governance Better Practice Guide (2003) and the Cross Agency Governance Principles outlined in the Australian Government’s ICT Customisation and Bespoke Development Policy (EM 2009/57). It also takes into account ICT governance industry standards, namely AS 8015-2005 Corporate Governance of Information and Communication Technology and ISO/IEC 38500:2008 Corporate Governance of Information Technology.
This guide aims to provide agencies with guidance on implementing Community Cloud Governance from an Australian Government perspective based on related frameworks using formal agreements that are managed by well defined governance structures with clear roles and responsibilities.