Page 25 - SDR_V15_No1 2022_V5
P. 25
ICT Cloud and the Public Service
Feedback from Legal Services that are not required. Based on lessons learnt through
Given the complex nature of contracting for cloud the WCG Cloud Journey, the points below can help
services, primarily through international companies, with making decisions about moving to the cloud or
the strategy was assessed by the WCG’s Legal Ser- not:
vices for clarity on:
§ Ensure the necessary legal prescripts re-
§ The Microsoft position in respect of the dis- garding compliance and privacy (e.g. PO-
closure of information to foreign agencies/ PIA and other legislation) are understood
government. regarding where data/information will be
hosted and the implication of privacy laws.
§ Third-party rights regarding proprietary in-
formation (i.e. trade secrets, confidential § Consider price protection on licences or
information etc.) that falls into the wrong renewals of subscription-based services –
hands while using a cloud service. assess the implications of an increase on
subscription-based services before entering
§ The safeguarding of sensitive information in contracts.
the public cloud and encryption options, in-
cluding the possibility of designing cloud ca- § Ensure that SLAs have meaningful penalty
pability to keep records, email, documents, provisions, termination and exit clauses that
and other information that is classified as include the necessary support for obtaining
“Top Secret” and “Secret” on the premise, your data.
and utilise the public cloud for other classi-
fication types. § Ensure all necessary security certifications
and mechanisms are in place together with
an external audit report.
Cloud Risks and Concerns
Several risks and areas of concern were identified § Ensure exiting a cloud service includes the
concerning the strategy and its implementation. Al- necessary support for obtaining departmen-
though most of these have already been touched on tal data (should be included as part of SLA)
above, they are worth detailing given their make-or- and price protection for entry (or re-entry) on
break impact on the desired outcomes: premises for hosting.
§ Determine whether the cost of hosting the
Connectivity data of an application is included in the
§ Internet connectivity is an essential costs of the service or that storage costs are
component for operating cloud ser- clearly defined and agreed upon.
vices. The availability of broadband
(high-speed network connectivity) is es- § Protect the Departments’ data by ensuring
sential to run applications in the cloud. that there is appropriate IP protection, data
integrity, and data extraction measures are
Data agreed upon.
§ Cloud providers may store data any-
where at the lowest cost if not specified § Where the service provider uses third-party
in the agreement. agencies or subcontractors, it is essential to
ensure that the responsibility for managing
§ Cloud services must comply with regu- performance and compliance remains with
latory prescripts (POPI Act, MISS, etc.). the contracted service provider.
§ Data resides on servers that the cus-
tomer cannot physically access. § The transition to the cloud must be done
case-by-case and driven by a business case
Cost that makes business sense and demon-
§ The cost of cloud services can spiral strates value.
out of control if not managed carefully.
§ Cloud services consumption must be § The availability of stable high-speed broad-
managed and optimised regularly. band connectivity is a prerequisite for suc-
§ New cloud services/workloads must be cessful cloud adoption.
subjected to a thorough Change Con- § IT Architecture governance processes must
trol process that includes approval of always be followed and sound change con-
funding for this recurring operational trol processes in place for starting new cloud
expenditure. services and for regular monitoring of cloud
services consumption.
Cloud computing check list based on lessons
learnt § The Organisational Change Management/
In conclusion, cloud computing provides the WCG Navigation programme is critical to smooth
with flexibility to only pay for services it requires and the user’s transition to a new way of work.
utilises. Client departments still need to position
themselves better to quantify usage based on re-
quirements and decide whether to turn off services
SERVICE DELIVERY REVIEW | Volume 15 • No. 1 of 2022 25
