In this series of Consciously Hybrid, we're exploring South Africa's
relationship with cloud technologies. My name is Daniel. I travel the world discovering how cloud technologies are destined
to shape the way we live and work. I'm here to learn
how the government will adopt cloud and develop new services for citizens as they unite in
the fourth industrial revolution. We as the DPSA started
to look at cloud and I think we mulled about with the policy
for probably about two years. That policy rea
lly governs
everything cloud. This is the fourth industrial revolution. Where and how the cloud first policy
originated is a very interesting one. When we were drafting
or thinking through and contributing
to our country's cloud first policy, The whole idea of digital transformation
was happening, the whole idea around
the fourth industrial revolution happening and this idea
that data will be the new gold. So when you think
about those three aspects happening, we had to create a framework
to hel
p shape and think how that would work
and what would be the framework for us to operate in. And so the cloud first policy, in my view,
was part of the mission to frame how that will work
and how we will think about the asset, the data asset,
where the data asset will live, etc., etc., So really it was
a necessary requirement for us to shape and be very progressive
about how we adopt these technologies to achieve the outcomes we're looking for. What were those outcomes? Those outcomes were delive
ring
better services for our citizens, If I think
from a public sector perspective, and deliver the service in a way
that our citizens want to experience that service, which was very different
to having to go to a building, filling in a piece of form, etc., etc. So again, it was in that context that,
in my view, why the policy was drafted
and how we went in a specific direction. My name is Zaid Aboobaker. I am the acting Deputy Director General in the Department of Public Service
and Administrat
ion. We are the department responsible
for the establishment of norms and standards
for ICT in the public service. I think the journey in clouds started probably around 2017-18, where as cloud became prevalent,
the international discussions, the industry discussions around cloud,
we as the DPSA started to look at cloud. And initially, we thought
about a broad policy, a policy framework
around the adoption of cloud. So we did quite a bit of research
and toing and froing, looking at the material,
looking at international best practice, trying to figure out
what should our position be on cloud, How do we want
to utilize cloud technologies, what are the risks
and those kinds of things. And I think we mulled about with a policy
for probably about two years. Being a little bit nervous
to adopt the technology, then came COVID. And to a certain extent, our hand
was forced in terms of the cloud adoption. And I think up to then,
many departments were pressuring us to release something,
to give t
hem permission to start to utilize cloud,
and rightly so. But we were a little bit nervous
to pull that trigger. Along comes COVID
and suddenly most departments just started to utilize the cloud. Primarily for collaboration, for meetings, for document sharing
and those kinds of things. But we found ourselves in the middle of
a cloud implementation post-COVID. I think from our perspective,
we had to rethink our approach to the cloud policy issue
and try to make it a lot more practical. And so wha
t we did was
to then look at a specific directive where we could guide departments
and agencies around cloud adoption, looking at the risks,
looking at the security issues, looking at the opportunities as well. And we released in 2022, we released the directive
on the determination and directive on cloud
computing in the public service. I think firstly, it's great that
South Africa has got an equally defined policy that really gives guidance
around the adoption of cloud. What we have seen initia
lly,
there was confusion around what the policy fundamentally provides for, where there was a perception
that this policy really speaks to a public cloud strategy only. However, most recently
we are now starting to see that there's an appreciation
or an understanding that that policy really governs
everything cloud, be it public cloud or private cloud, to an extent where we're seeing quite
a number of government institutions that have invested in best of both in delivering whatever aspirations t
hat
they may have for their businesses. My name is Bongani Mabaso. I'm the CEO of SITA, which is the State Information
Technology Agency in South Africa. So the cloud adoption
in South Africa has been, I think it's still fairly new. I remember the first time that cloud was really a thing
in South Africa was back in 2014 when Microsoft brought their
first cloud region to South Africa. And I think
it's been steady going since then. I think the private sector has jumped on
the opportunity to move f
ast. I recently worked for Standard Bank where
we had massive cloud acceleration program. I think in the public sector,
things have been a bit slower, Especially because we didn't have
a guiding policy to help us to understand cloud
and how to position it appropriately. But since the policy has come through, we're now seeing a lot more appetite from clients
to consume cloud and cloud services. And our role at SITA is to ensure
that we can enable them technically to do that in a safe way. And so
what we're busy doing right now is
signing various framework agreements, designing reference architectures
with the big cloud service providers to ensure that our clients can consume
it in a way that is safe and secure. The understanding the cloud models
and the individual service providers and how they define their cloud, how they license their cloud,
and how it all kind of fits together, I think you probably need a degree
in their technology to understand it. I remember an example where we wor
ked
with a particular province trying to unpack the agreements
with one major vendor. And we actually had to bring
in external consultants to unpack an agreement
that we signed with a major vendor around some of these cloud technologies
just to understand the licensing model in order to empower ourselves to go in
and negotiate and break down what it is that we procured. I think there's a risk
as these technologies mature as international vendors start
to bundle a lot of technology together and d
efine it in their own way
and license it in their own way, there's a risk
that we face in that sometimes we don't necessarily understand
what it is that we're procuring. The finer detail is not included
on the flashy presentation. We've tried to deal with that
in the directive by asking departments and agencies to make sure
that they unpack their contracts, their license agreements and understand
what it is they are procuring. We've further then given them direction
to say that they should procu
re what they are prepared
and ready to use right now. I think this is another phenomenon, that because of the way
these software packages and platforms are bundled together,
it's quite attractive to want to procure everything at this point. That is really a tough conversation I'm having
with my Chief Information Officers is when they have this novel idea
and a strategy to move to public cloud and they go ahead and they buy
these cloud services ahead of time, many of them don't realize that if yo
u don't use the service, you lose the service. So if you buy, you take any contract
and you don't consume that service, at the term of that contract
you lose that. And so that now introduces
a new concept around fruitless and wasteful expenditure. Department is staying{inaudible}, they need
to be prudent in terms of how they procure and start to spin up
some of these cloud services. The directive has certainly accelerated
appetite for cloud. However, many described
it can often be slow to implem
ent, especially for organizations
with legacy systems and this is a complexity faced
the world over. I wanted to understand more
about the speed of adoption. Is this a challenge or
does it represent an opportunity to take a more considered approach and perhaps avoid the issues
encountered by other governments? I think there's been some progression and there continues
to be a good progression. However the pace at
which we are progressing, I think it can be improved. I'm noting quite a number of i
nstitutions,
particularly at a national government level where we're seeing
some of those national departments that really take the lead
in really adopting cloud, therefore leading by example and that's really encouraging
as you know that the benefits that come with that
have been rather obvious for the institutions
that have embraced cloud that have invested in cloud, particularly in enabling themselves
in delivering a better service to their constituencies and
to their South African citizens a
t large. I think people perceive the term cloud
and cloud first in different ways. I think the prevailing way they perceive
it is definitely around public cloud. I think when you say cloud
in South Africa to the general citizen, you're thinking Microsoft, AWS, Oracle,
Huawei, perhaps Google and the like. But I think in the corporate sector
the understanding is a lot higher. There's an understanding
of the differences between public cloud, private cloud and also hybrid cloud. For instance within
SITA,
we actually consume a combination of both. So we've got private cloud, so we've got infrastructure that we call
CFI, cloud foundation infrastructure which is effectively private cloud
for our clients but we also consume public cloud as well where it makes sense
to run applications there as well. So I think from a corporate perspective
the understanding is a lot higher. I think from a general citizen perspective
perhaps the perception is still that it's mostly referring to public cloud. If
I think about how successful public cloud has been
in the context of a cloud first policy, I see a couple of things in the market. The Chief Technology Officers
or the Chief Information Officers that were very deliberate
and clear about their strategy and how they were going
to digitally transform their organizations have done extremely well. In fact, I know of one
Chief Information Officer who's probably 95% moved
all of his organization into the public cloud. This move was not just a lift and
shift but it was a transformation in consuming both platform as a service offerings
as well as software as a service offering. But again
it was very deliberate and clear. But by far the majority of
Chief Information Officers I continue to speak to are really struggling in the implementation
of that cloud first policy because that's where
the rubber hits the road then many of them have legacy workloads that aren't really positioned well
to transform either in lift and shift
or in a transformation
and so a lot of them are thinking through
some of those nuances. The mix of existing infrastructure makes
it nearly impossible to migrate everything
to a public cloud. It feels that there is an inevitability
that a hybrid approach to cloud is needed. We're always going to be hybrid
in our approach. I can't see a scenario where we are
totally reliant on cloud technologies. It's just not the nature of what we do. There are certain amount,
there are certain services that we deliver certain data th
at we are responsible for that would simply just not be exposed
in terms of the cloud. And we're looking at different approaches. In the directive and determination
we speak about government private cloud as something that the state IT agency
must develop for us as a collective where we can trust that this is a service where we can store our sensitive data. I think the general response to the determination
and directive has been positive. In fact, from a compliance perspective we are struggling
to keep up
with the amount of submissions that we are getting
from departments and agencies that have started to use cloud. And I must say that
we have not created a situation where we are gatekeepers
for the decisions. While we have published the determination
and directive on cloud usage, the decision ultimately lies with
Accounting Offices and Directors General in departments and agencies who are responsible for the services
that they deliver at the end of the day. Ours is to ensure that when
it's done,
it's done in a responsible manner. The departments have taken into
consideration the risks, the issues of the data sovereignty,
the issues of data location, the issues of privacy, and of course all of the other risks
that arise out of the cloud adoption. There is plenty of hype
and marketing around cloud. But are CIOs in a difficult position? With so many suppliers
keen to sell cloud solutions, how do you choose? Perhaps even more importantly,
how do you evaluate suppliers? How do yo
u make sure
that they share your values and are as equally as invested
in South Africa's digital future? My message to cloud service providers
is that we need to be responsible. We need to take responsibility
and be responsible in the way that we sell some of our technologies
into organization. It's fine to market your technology, but I don't think it's acceptable
to sell technology into an organization fully understanding that this organization is not prepared or is not able to consume all of t
hose
licenses and that technology at this point It's a question of ethics
and ethics requires that well, yes, from a procurement perspective,
from a user perspective, we understand that we are utilizing
public funds. But it's also a responsibility
from the private sector to make sure
that when you sell into government, when you sell into any organization,
that you do so responsibly. I think many times
service providers understand when an organization is not able
to consume what they're procuring
. We've seen this example with ERP licenses
across the board in this country. I think it's public knowledge now. Looking at some of the examples of ERPs
that have been procured, I'm sure the private sector
has similar examples where we've spent millions of rands
buying software and that software has not been utilized. One doesn't simply need to look
in the public sector. One can look in the private sector
and find these examples in IT in general. I think this practice is,
of course, taken into t
he cloud. It's just a bit easier now where you're able to switch things
ON and OFF. You're able to use a particular package and then receive a bill later on
and understand the impact. What we've tried to do is to just give practical advice
in the directive to departments and indicate to them that
they should put in controls around how we switch on
and switch off services in the cloud because there isn't a financial impact. I think it is going to require
a behavioral change on the side of governm
ent,
but also on the side of service providers as they contract. We are not afraid as a government to expose some of these practices. In the recent past, we've had commissions
around some of the corruption. There are examples of IT organizations
that have been involved. From our perspective as the DPSA, we are looking at these issues of ethics
in the public service, making sure we have
an ethical public servant. I also think it requires good ethics on the other side
of the transaction as well. I
must say that I've been approached
with my other peer group members. They've confirmed
a number of cloud-based providers. The approach at the moment is more about how we can save your capital costs because they are aware that
many of the OEMs that we're dealing with, when it comes to maintenance, support. The messaging is always saying
that I have a better offering because it's more about
the economy of scale. In my environment, it's less when it comes
to issues of energy provisioning and issue
s of support. I can guarantee you
24x7 type support, 365 days. Now when you listen to that message, then it becomes important to say that if I were to review my business model, at the moment,
what is actually my biggest cost in this whole value chain? Is it operational cost when it comes
to my staff, my technical team? Because before I can even decide
to go somewhere else, I need to do my situational analysis
internally to say, I've got three engineers
that are managing my data center. Now, do I
have to redeploy
those individuals if I were to take
my storage to somewhere else? I find that when you start
talking that language, they shy away
when it comes to when you say, look, does this mean a job reduction strategy
for my team? Because I've got people that have been
taking care of my data center. I don't get the feeling that,
that's a priority. When you're selling,
it's all about your commission. It's about your brand positioning. But the minute you talk about, can I integrate my resou
rces
with your strategy? It's a language that is not being engaged. I personally, as Mothibi, have given a challenge to many of those
that come to me to say, as much as I believe and I support cloud, how are you going to integrate
my resources into our plan? CIOs were no longer just IT people,
but we are strategists. So I find that
when you start talking strategy, they shy away
because you're talking to a salesperson who just think that we just want to buy. I think for me,
the approach has funda
mentally changed. I think there's been
a far better appreciation of what service providers need to bring
to bear to customers. Gone are the days
where we put the box first. I think nowadays is really around
understanding the business, understanding the outcome
that public sector is working towards and really taking a responsibility
of being accountable to working with the public sector
in enabling them in achieving their desired outcome
or in accelerating their aspirations. I often say to people
, as an ICT service provider
that has interactions with the government, that is an honor and that is a privilege because we have a very first hand
experience on the challenges that we as citizens experience. But also we are in a position
where we bring to bear ICT services that could help the government
deliver far better services that will improve the citizen experience. However, we can never achieve that if the approach is always led
by the technology. At this stage of our journey,
one thing i
s clear. South Africa is embracing cloud and hybrid cloud strategies
are set to accelerate adoption. I've witnessed the passion
and the knowledge that is driving
the fourth industrial revolution. Make the choices
and make those choices deliberately. There was a certain amount of nervousness that the risk committee
would not understand. We're saying
that our data is locally resident. However, it's been proven
that it's not always the case.
Comments