.jpg)
By Tereza Valle, Public Sector Leader at Microsoft Latam
The migration to the cloud has already started and will not be stopped. It is driven by clear advantages such as agility and increased response to citizenship, cost savings and innovation in terms of infrastructure. Over the period marked by questions about how to meet privacy and data security requirements, there are currently options for a reliable cloud.
In the cloud, public sector IT areas find the availability, the calculating power and the data recovery capacity they need, with greater security and achieving an effective reduction in their costs.
Governments like the United States, Australia, Mexico, Colombia and the United Kingdom take advantage of what the cloud offers them from a well-executed strategy. The way in which these governments - pioneers in leveraging the cloud - approach the situation is an example for anyone interested in implementing this initiative, adapting it, of course, to their specific interests and needs.
The question is not what to do, but how to do it.
The question should not be whether to start migrating or not, but how to choose the convenient place to store the information, according to particular characteristics, as well as the controls to consider in each case. The answer lies in the application of governance and robust data classification. Governance and classification are the key.
The rating should be based on the potential risks of institutional interest, as well as the availability of relevant cloud solutions and security controls to mitigate those risks. At the same time, broader objectives should be considered, such as improving the provision of services to people, modernizing the technological infrastructure and reducing costs, without compromising experience.
A good example is the NHS Choices portal, maintained by the British Ministry of Health, which provides information on health and well-being, as well as guidelines for citizens to compare available health-related services. Its wide reach and constant use (it is the third most used website in the country, with 52 million visits registered in January 2015) make the availability and integrity of the information critical. The English Ministry of Health migrated all this information to the cloud, which ensures its availability in line with the growth in visitor access to the portal, thus fulfilling its main objective and reducing hosting costs by approximately 40%.
Likewise, Colombia's educational system has used the cloud to improve its service for delivering results on standardized tests for students. Without this technology, the Colombian Institute for the Promotion of Higher Education (ICFES, acronym in Spanish) would have requested thousands of its own servers to make the results available to students twice a year. Using calculation in the cloud, ICFES took advantage of the scale and nature on demand of the cloud, saving on the servers it needs to be able to meet the demand. This benefited both the government and students, parents and teachers.
Now, what to do with data that is considered confidential, which can compromise the integrity and security of a country and its inhabitants? In order to detect what this data really is and what to do with it, data classification is a critical first step. Thanks to this exercise, the United Kingdom, for example, was able to effectively designate around 90% of government data as "ready for the public cloud". In other words, only 10% of UK government data would be of national security sensitive content, which would not migrate to the cloud.
In the United States government's benchmark, the data are classified according to the level of potential impact that there would be in the event of non-compliance with security, being low, moderate or high impact. This classification applied in practice results that 80% or more of the data from the United States government is of low or moderate impact.
There is also the case of the United States Department of Agriculture, which migrates 120,000 users to the cloud spread across 5,000 locations. With this decision, it is estimated to reduce costs by US$ 27 million in five years. Australia is another great example: as part of a “Cloud First” policy, Queensland predicts that it will save US$ 17 million a year just by migrating its email service to the cloud.
The Mexican Government's Tax Administration Service (SAT) needed to put in place a more appropriate way to manage electronic collections in response to a presidential order. For this task, the agency relied on Microsoft to plan, develop, implement and execute in just four months a solution based on the Microsoft Azure cloud service. The result: an increase of 8,24% in annual income statements and an increase in its collection processing capacity from 24 to 34 months to less than two weeks in 2014, thanks to the flexibility and reliability of the cloud. It should be noted that the solution cost 30 times less than a similar implementation in a local scheme with other technologies.
According to the different cases, needs and obligations of government bodies, it is defined whether the data will be stored in the local infrastructure, in private government clouds subject to strict security controls, in public clouds with appropriate restrictions and permissions or in a totally also open in the cloud.
The classification proposed by the most experienced countries segments the data into five levels:
Level 1. Extremely sensitive information, such as data critical to national and economic security. It would be stored in a private government cloud, in its own facilities.
Level 2. Restricted information and shared with only a few employees, such as court investigations or health-related data. The government cloud or the public cloud with strict security controls would be the appropriate format for these types of data.
Level 3. Information used internally, such as that related to procedures and services or economic information. Because they are data for everyday use and without personal information, they would be stored in the public cloud, considering security controls.
Level 4. Anonymous information that can only be viewed, including tax reports, census statistics and health-related information that may include personal data, but are for public analysis only. This information can be hosted in the public cloud, also with security controls.
Level 5. Public data available to citizens, such as public transport timetables and weather information. This data is suitable for storage in the public cloud.
In this regard, the UK government implemented in 2014 a new three-level information classification system, replacing an earlier seven-level system. The proposed objective was to simplify the data classification process and to ensure that public sector entities were not missing the opportunity to migrate to the cloud due to problems with the classification of information. The new classification includes a segment called “Official”, routine information that comprises the largest amount of data coming from the government, “Secret”, which includes sensitive information and “Super Secret”, which groups together the most sensitive information from the government.
Several results have already begun to emerge that are faithful evidence that a cloud computing scheme is not only possible to implement, but it is widely recommended to support government operation and services.
There are many other examples of public institutions that worldwide have opted for the cloud with excellent results and without putting their information at risk. They are evidence that governments can confidently migrate to the cloud.
EN 
PT 
