Oracle’s public sector SaaS, secure and sovereign


Stuart Corner
Contributor

A confluence of forces impacting the Australian government has created a rare opportunity for agencies to rethink their approach to delivering IT services, according to Oracle’s Canberra-based Applications Leader for federal government Dan Gray.

Those forces are data sovereignty and security – the much tighter controls being imposed on where and in what facilities government departments and agencies can store sensitive data, and the need to significantly tighten security in the face of persistent and escalating cyber threats.

The recent ransomware attack on the Colonial Pipeline in the United States, which resulted in serious and widespread fuel shortages, demonstrated that security breaches can deliver impacts well beyond the organisation that is compromised.

“Government has a great chance to take a step forward here and to work with organisations that are bringing capability to market that is appropriate for the security posture government wants to adopt, but also to enable them to keep doing business,” Mr Gray said.

Business fibre
Oracle: Sovereign and secure software as a service

Oracle offered secure platforms designed for government needs and delivered in a way that allowed departments and agencies to comply with security and sovereignty requirements, while still progressing digital transformation agendas.

Specifically, Oracle has worked with Australian Data Centres (ADC) to deploy its Oracle Dedicated Region Cloud @Customer (DRCC) capability into the Canberra region to meet federal government data sovereignty and security requirements for critical data and systems.

Oracle DRCC provides cloud services that are functionality identical to those available from Oracle’s commercial cloud regions but deployed in a data centre that meets government sovereign hosting, management, security and regulatory requirements.

Mr Gray said: “Oracle DRCC gives governments the best of both worlds: something that’s developed for a global market at scale that you would normally consume from a public cloud, but made available in this very special, localised way.”

He added: “This is a genuinely unique offering to government. I don’t think anyone else has successfully brought this sort of capability to market and allowed government to not only consume basic IT Infrastructure-as-a-Service in secure ways, but provided something which spans the entire IaaS, PaaS & SaaS spectrum, and allow government to genuinely get the best of both worlds and solve larger, more complicated challenges without needing to stitch together multiple cloud systems.”

He said the combination of Oracle DRCC with ADC’s data centres gave Australian government departments and agencies previously unavailable options to meet their business and IT requirements securely.

“When an agency develops its own application from scratch, or uses an off-the-shelf piece of software, and deploys it on internal hardware, or on a cloud infrastructure platform, the reality is there are likely to be gaps that, potentially, make the system and data available to people with nefarious intent.”

In contrast, an Oracle application developed under a SaaS model, is an integrated system from end-to-end with tight control over every layer of the service.

“It’s secured, integrated and managed. So from an IT security perspective, there are less places to compromise. You very rarely hear about an enterprise grade software-as-a-service application being breached, because they are very tightly controlled.”

The Australian Government has recognised the inherent security of Oracle Cloud applications: a number have been assessed by an independent third-party assessor at the PROTECTED level under its Information Security Registered Assessor Program (IRAP).

These include Oracle Fusion Cloud Enterprise Resource Planning, Oracle Fusion Cloud Human Capital Management and Oracle Fusion Cloud Supply Chain Management. Numerous other Oracle SaaS applications have been assessed at SENSITIVE level.

IRAP is a security compliance framework developed by the Australia Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC) to support commonwealth government entities in maintaining their security assurance and risk management. It assesses cloud service providers and their cloud services’ security controls against Australian Government security policies and guidelines.

Mr Gray sees government departments now being ready to adopt SaaS to meet their application needs.

“The aspiration of government seems to be to move to software as a service, because there’s now recognition it’s the best way to remain current, secure, and have the scale and flexibility needed to deal with change.”

However, he cautioned against organisations taking an overly simplistic approach to cloud migration.

“Governments should not limit their thinking to just making the bottom end IT easier by moving that to the cloud,” he said.

“They need to think about how they can transform the whole citizen or business journey, and actually deliver a better outcome that’s more predictable and scalable, and probably lower cost as well. That will really help government deliver things iteratively and with a higher level of quality.”

This article was produced as a partnership between InnovationAus, Oracle and Intel. If you would like to know more about Oracle Dedicated Region Cloud@Customer click here.

Do you know more? Contact James Riley via Email.

Leave a Comment