Day 4: Use of Modern Tools
For this year’s e-Governance Conference, we selected three main topics as macro-subject areas for each day. After the first, introductory day with an overview on e-government and digital society, we then addressed the main talking points regarding digital transformation. We watched our keynote speakers guide us through the transition from vision to action, and then explore the opportunities that international cooperation can unlock to generate sustainable development through digitalization.
In this last day of Conference, we focus on the use of modern tools to expand and enhance the digital capacity of governments. Particularly, the topic of public cloud solutions has gained momentum in the past years as a tool to increase the public sector’s ability to reap the benefits of scalable, flexible models of data management and service provision.
As a grand finale, aside from country opinions from Lithuania, Cambodia, and Kyrgyzstan, we featured a keynote by former state CIO of Canada Alex Benay on lessons learned in public cloud adoption. Expert sessions from Ilja Livenson, Peeter Mõtsküla, and Raul Rikk give us further insights on fundamentals and risks related to government in the cloud. Lastly, a panel discussion with representatives of Intel, Google, and Microsoft wrapped up the 6th e-Governance Conference.
Cornerstones and Lessons Learned from Cloud Adoption for Governments
The increasing attention around cloud solutions in the public sector takes place within a changed expenditure framework. As governments increasingly manage their costs of running services in a different way, shifting from CapEx to OpEx models, large investments come under scrutiny. Moving towards pay-for-use, which is a more flexible way of spending public resources, public cloud adoption represents a perfect way for governments to drive down costs, and engage private sector companies in key stages of the service provision process.
Ilja Livenson, Cloud Architect at OpenNode, says that cloud computing – despite the hype – should not be regarded as a promised land. Based on eight years of experience working with public sector entities on the topic, he outlines three main cornerstones that are fundamental to the efficient implementation of a public cloud strategy. It will not come as a surprise that these are more organizational than technical, as it often occurs in digital transformation for the public sector.
First, state agencies need to identify a leader organization to drive change. The tasks it will have to take on regard defining steps for progress, share the vision clearly, and start testing the new solution on services as use cases, to demonstrate achievable outcomes. Then, knowledge sharing and skills development for the personnel involved needs to be addressed. Lastly, decision-makers need to pick the correct cloud strategy between on-premise, cloud, or hybrid models available.
On-field experience from Canada
Alex Benay, as the former CIO of the Canadian federal government, already knows the drill. Now, as a partner at KPMG specialized in digital government, he has lessons to share on the process of public cloud adoption – as it took place in North America. Ticking the myth-busting box, he says that “just moving analogue to cloud will not take you to digital.”
Benay knows that we could never repeat this enough times. A bad or outdated process, tailored to serve the needs of public administrations from a past era, should not be translated to the digital sphere just for the sake of. This applies to cloud adoption too. Cloud is also about changing the business model, and a matter of how state agencies at all levels design their services.
Training of in-house personnel is key. Moreover, a deep analysis of the current processes of service delivery will allow you to understand which ones work, are up-to-date, and can be moved to the cloud – all the while you go back to the drawing board for those not ready yet for such shift.
Security and Risks when Migrating to Cloud Solutions
However, when considering the adoption of public cloud solutions, governments need to ask platform and infrastructure providers the right questions. Attorney and lecturer Peeter Mõtsküla warns about two major issues in this context, particularly “after CapEx over OpEx has become a sort of mantra“, he says.
As a sub-declension of this mantra, Mõtsküla states that “ownership is good but possession, in some cases, is better.” Cloud solutions allow governments to pay for what they need, when in times of need. But still, state agencies should also be able to demand and mandate the use of architectural openness by executing their own legislative sovereignty. Governments need to understand what is important – data, apps, services. Then, whose hardware storage or platforms these run on, is a different story. Furthermore, when relying on a corporate provider, the public sector must be aware of the risks of lock-in, steer clear from them, and pursue technical answers to avoid that.
Six risks to watch out for
Raul Rikk, National Cyber Security Policy Director at the Estonian Ministry of Communication and Economic Affairs, expands further the scope of these risks connected to public cloud adoption. Tapping into the issues outlined by Mõtsküla, Rikk lists six main risks governments need to aware of. These are:
- Dependence on the terms of service;
- Shared responsibility;
- Jurisdiction of data location;
- Shared use of resources;
- Use of public networks;
- Cross-border dependencies.
While state agencies can overlook these risks when it comes to the management of data that is public or unclassified, things change when it comes to sensitive and important information. In the latter case, three key aspects need to be taken into account: the service provider’s reliability, encryption and sovereignty over the data, and the creation of backups in other systems.
Live Discussion: Government in the Cloud, As-a-Platform, Available Everywhere
In conclusion, the live discussion moderated by Luukas Ilves, Head of Strategy at Guardtime, addressed the questions raised by previous speakers on public cloud adoption and public-private cooperation. Almost as closing the circle opened by Benay and Livenson with public sector opinions, representatives of Google, Microsoft, and Intel responded to some of the most pressing talking points on the topic.
Ratko Mutavdzic and Chiara Tomasi, respectively Public Sector Director of Cloud Services at Microsoft (CEE) and Public Policy Senior Analyst at Google, identify trust as a key component to making public cloud adoption work – and work well. Corporate service providers find extremely important that governments ask questions about security, privacy, sovereignty, control. In this respect, state agencies must take their own time to present all the questions and doubts related to the operations of cloud service providers. Beyond being a matter of accountability and public scrutiny, which decision-makers are always subject to, it is also necessary to build trusted and reliable business relations with the service providers in the first place.
Richard Curran, Chief Security at Intel for Global Cloud, adds that trust has indeed become a major element in security talks on cloud adoption. Particularly, this is the case with the creation of the Confidential Computing Consortium – which the three companies represented in this live discussion are part of. Moreover, ultimately, governments need to always keep in mind what is the goal to be achieved by adopting this technology. To industries associated with governmental activity, such as in education, healthcare, and finance, cloud solutions come as a further way for citizens to take advantage of improved, public capabilities in information technology.
The e-Governance Conference is an annual event aimed at international digital development cooperation. It has been organised by the e-Governance Academy (eGA) in cooperation with the Estonian Ministry of Foreign Affairs since 2015. This year, it takes place online. The event provides participants with a unique opportunity to discuss governments’ current challenges in helping citizens to manage their lives and businesses online.
The conference is supported by the Ministry of Foreign Affairs, the Swedish Government, the U-LEAD with Europe program, the Ministry of Economic Affairs and Communications, the City of Tallinn, Intel, Google and Microsoft.