Microsoft is launching two Azure data centres in Canberra in a major investment to lure more Australian government agencies into its cloud while helping partners bid for public sector work.
The company will go live with the new regions, which are based in Canberra Data Centres' Hume and Fyshwick facilities, in the first half of 2018.
These regions will join Microsoft's existing Australian public cloud data centres in Sydney and Melbourne, taking the total number of global Azure regions to 42 and stealing a march on its biggest competitor, Amazon Web Services, which does not have any data centres in Canberra, though recently announced Direct Connect through NextDC.
The two Azure regions – dubbed Australian Central 1 and 2 – will be plumbed into the ICON network that connects all Australian government agencies.
“Less than three years ago, we launched our first cloud services from an Australian data centre. Since then, we’ve worked to lead the way in delivering trusted innovation to our customers and partners, which has at times meant the hard work of undertaking very onerous compliance processes," said James Kavanagh, Microsoft Azure engineering lead for Australia.
"We’ve taken on that effort to reduce the work our partners and customers must do themselves thus accelerating their ability to adopt innovation. This has led the Australian Signals Directorate to certify a total of 52 services across Microsoft Azure, Microsoft Office 365 and Microsoft Dynamics 365 – far more than all other cloud services combined."
Under rules managed by the ASD, which is part of the Department of Defence, government data is classified into four levels: Unclassified, Protected, Secret and Top Secret.
Only two cloud providers are currently certified to handle Protected data, Vault Systems and Sliced Tech, which was No.1 in the 2015 CRN Fast50.
Microsoft has been awarded Unclassified certification for certain Azure and Office 365 services, and is now actively seeking Protected status – which, despite the company's bullish language and significant investment in Canberra, is not guaranteed and could still be some way off.
Some 40 Microsoft cloud services have been audited by IRAP assessor Shearwater Solutions, with the assessor recommending 25 of these for Protected certification and the other 15 requiring further work.
"We’re still working to finalise this certification process with Australian Signals Directorate and for clarity it is important to be aware that Microsoft Azure is not certified at Protected level by ASD. We still have work to do, but the pathway is understood," said Kavanagh.
He pointed out the Microsoft cloud services that would be of greatest interest to government agencies at Protected level: Cloud Services, Virtual Machines, Service Fabric, Security Centre, KeyVault, Multi Factor Authentication, SQL Database and ExpressRoute.
Mark Leigh, One Commercial Partner lead at Microsoft Australia, said he hoped partners would be able to support government customers in areas such as machine learning, big data, cybersecurity, internet of things and business applications, pointing to Canberra-based partners such as Veritec.
Keiran Mott, the incoming chief executive of 120-staff Veritec, said: "There’s a tremendous desire all across government to get on with delivering real innovation and taking advantage of all the cloud has to offer."
Classified information
Microsoft hopes to eventually be able to offer government agencies an option for all four levels of classified data: Unclassified and Protected on the Azure public cloud, and Secret and Top Secret on Azure Stack.
Azure Stack, which became generally available in July, offers a public cloud-like experience using on-premises hardware from the likes of Dell EMC, Hewlett Packard Enterprise and Lenovo.
James Turner, an analyst from IBRS who was briefed on Microsoft's plans, said it would be welcome news for public sector IT teams as they tried to align their IT positions with the ASD's Information Security Manual.
"Government agencies have the ISM as their external risk compass, but many agencies struggle with two key aspects of ISM compliance. The first is to actually achieve ISM compliance in the challenging areas where things get complicated, and then the second is to maintain compliance in these areas – because they're complicated," Turner said.
"It's going to be compelling for many CIOs that a vendor like Microsoft, that really gets the enterprise, steps up and says that it's done the heavy [lifting] to provide a platform that is likely more secure than many agencies could build or maintain for themselves."
IBRS has seen government agencies rule out large cloud vendors from consideration in the past because of a lack of ASD certification, Turner said. "Being able to lean on a vendor that's prepared to make the upfront investment and be held to account through certification from the ASD is a big deal."
Co-location partner
Like most public cloud providers, Microsoft has typically been cagey about naming the co-location facilities that house its public cloud services – it has never publicly revealed where Azure Australia is hosted, but in this instance the vendor wants to leverage Canberra Data Centres' privileged position among government agencies.
CDC chief executive Greg Boorer said: "In 10 years we have grown to be the largest provider of data centre capacity to government and one of the largest providers Australia, but a lot of people have not heard of us."
This is not a coincidence: CDC's facilities are ASD approved up to Secret level, and have been constructed with Top Secret data in mind.
"Over 10 years – through merit not mandate – we have won lot of government tenders on an agency-by-agency basis," Boorer said.
"We have now brought together more than 40 federal government departments and agencies, which deliver services for more than 80 agencies as well as the ACT government. We now have a government ecosystem where there is huge potential for government agencies to share data and improve government service by removing friction between agencies," he added.
Boorer said CDC's Australian ownership was another selling point to government customers with sovereignty concerns. The company, which was established in 2007 by ASI Solutions' founders Ken and Maree Lowe, is 48 percent owned by the Commonwealth Superannuation Corporation and 4 percent by the management.
"A change of control that would impact government in an adverse way is not possible," said Boorer.
Angus Taylor, federal assistant minister for Cities and Digital Transformation, welcomed the news. “The Australian government has embarked on a sweeping program of change, bringing digital innovation to the transformation of the Australian public sector."
The potential upside for government agencies is significant, given how much public sector IT budget is spent on just keeping the lights on.
Australian government agencies spent $6.2 billion on ICT in 2015-16, of which just $58 milion was on cloud services – less than 1 percent.
"It is not like government doesn't understand cloud. There are a lot of very capable people," Kavanagh said.
But he pointed out that 78 percent of the government's 2015-16 IT budget was spent on running existing technology, much of this legacy systems.
"Almost half of all government applications are more than 10 years old. The big, hairy systems – for defence operations, for welfare payments, for taxation, the big complicated heavy systems – they are not easy to peel apart and lift and shift onto the cloud."