Government agencies are grappling with the clash between their own cloud-first policies and codes of governance – and Canberra-based IT solutions provider Infront Systems has spent $11 million trying to devise an answer.
Infront used the launch of its new HQ on Thursday to unveil a multi-year investment to re-engineer the 19-year-old company for the cloud era.
Managing director Allan King welcomed the honourable Angus Taylor, assistant minister for cities and digital transformation, to cut the ribbon at Infront's new office in the suburb of Kingston.
The IT company has launched a new service that it hopes will resolve the triple whammy of shadow IT, bill shock and cloud sprawl.
King explained the challenges that IT teams faced in an interview with CRN.
“We recognise that today only 1 percent of the government’s $9 billion IT budget is currently delivered via cloud, which can be attributed to concerns about how organisations can secure and operate their services in cloud,” King said.
When business units demand the kind of agile scale-up, scale-down services offered by public cloud, and IT teams fail to deliver, it leads to shadow IT, he said.
"We have seen IT organisations that have lost all traction with business," King said. "IT needs to stand up and respond. They need to respond and market their own outcomes."
Another problem is bill shock, King said. "We know businesses that have spent 13 months' funding in three months due to lack of governance and visibility.
"We believe in cloud and the value of cloud. If we allow the failures to continue to happen, we will stall those innovations and IT will continue to lose relevance."
He pointed to another problem – the sheer range of cloud services available means a lack of structure and control over data.
"Now everyone is going to cloud, for every account you are getting 42 regions. Each region has many availability zones and many IP addresses. Cloud sprawl due to lack of governance is an absolute killer."
Infront's answer is the "Innovation Exchange", which it launched in September. It's the result of Infront's five-year business transformation in line with the Digital Transformation Agency's cloud-first policy.
King said the investment in people and R&D had cost $11 million over that period.
The Innovation Exchange is sold as a service and combines hybrid cloud consultancy with support and management on top of the Buttonwood platform, King's startup first announced in 2015.
Infront wants to offer clients the ability to spin up a service – either in public cloud or on-premises – in a few hours, while also giving IT the ability to "inject policy to protect, secure, govern and manage those services when live".
The Innovation Exchange is about more than technology – it's about financial governance and discipline, he explained.
"One of the biggest challenges in the hybrid cloud state is that business requires financial transparency. What we have developed is our 'custom rate' process. We integrate into VMware, into Nutanix and even OpenStack on-premises. Customers can create an inventory of their current virtual machine environment. They can define a custom rate card – what does it cost for all of those compute resources?
"We create an aggregation [point] through our cloud analytics. Whether cloud or on-prem we can give financial visibility to reconcile that cloud spend by project or business unit, so the BU gets confidence they see the true cost."
Buttonwood version 2.2 has just been released. The platform integrates with Amazon Web Services, Microsoft Azure and local protected cloud provider Vault Systems.
Vault chief executive Rupert Taylor-Price said: "We believe the combination of our secure government cloud infrastructure and Infront’s cloud expertise can accelerate the digital transformation journey the government is undertaking."
The Innovation Exchange also supports VMware and Openstack, as well as on-premises reference architectures designed by Infront based on hyperconverged infrastructure from Dell EMC and Nutanix.
King summarised what he saw as the three differentiators of Infront's new offering. "One, it's a native cloud service not just virtual machines. Two, we have very strong financial governance, from the bill of materials to cloud analytics to budget management. Three is our decision engine – the ability for IT to map an endpoint for where an environment would land."
Buttonwood natively supports the Australian Signals Directorate's security classifications, which means government end users can be confident that public, Unclassified and Protected data gets hosted on the approved infrastructure or public cloud services.
"ASD dictates that the end user classifies a service at the point of consumption. They classify an email when they send an email and only the end user can classify that," King said.
Storing classified data on a less secure environment is clearly a risk but the reverse also brings problems – storing public data in a Protected environment is more expensive and automatically reclassifies the data, making it difficult to access.
This year has seen a spate of cloud providers announce they are seeking or have achieved Protected status.
Vault Systems and Sliced Tech were the first two Australian firms to get certified to host Protected workloads, followed later in the year by Macquarie Telecom. Microsoft is hoping to secure Protected status for its new Azure Australia Central regions hosted in Canberra Data Centres.
End users at government departments face a challenging task to correctly classify data, King said.
"How do I determine, at point of deployment, whether or not this workload should live in AWS or Azure as Unclassified or in Vault as Protected?
"We built the capability to classify every service provided by all of our service providers. If the user says [a workload is] Protected, it will automatically get built in Vault, but if they say Unclassified, we might give them the offer of AWS, Azure or Vault Unclass and we will give them the recommendation based on cost."
Allowing business units to swiftly commission cloud and on-premises services – via the IT team – should avoid the problem of "little rogue cloud initiatives" within customer organisations.
"They build [based on public cloud technology] then try to hand back to the operational teams. The operational teams say, 'Hang on, we have the duty of care, but we have none of the visibility, none of the discipline.' They are saying no and it is stalling a lot of cloud-first policies."
Buttonwood is an independent business, and King said he was in talks with channel partners about rolling the technology out to other states.
The platform was originally set to launch in 2015, but faced a major setback when Cisco decided to sunset its billion-dollar Intercloud project – the fabric on which Buttonwood was built. That decision cost Buttonwood "12 months delay to go to market" and "millions of dollars of R&D", King said.
The team rebuilt Buttonwood "from the ground up", King said. "There is no third party, we have written every line of code, we have built all our own native cloud integrations, including AWS, Azure, Oracle and Vault."
Buttonwood is two-tier architecture, written in the Java-based Apache Groovy framework and running across the public cloud and locally at the client's premises.
The public cloud footprint is "the aggregation point where we index all of the resources the service provider offers – that is where our cloud decision engine runs".
Buttonwood uploads cloud rate cards "15-20 times a day with deep integration with cloud providers" to ensure customers have the most up-to-date pricing.
"The second part is our cloud broker. That is an on-premises solution that integrates with existing technologies."