As a career public servant, Jane Halton rose to become one of Australia’s most powerful Mandarins, spending more than a decade as Health secretary, before leaving government in 2016 as secretary to the Department of Finance.
Along the way she became an Officer in the Order of Australia (AO) and earned a Public Service Medal. This is a storied career. But it’s what happened next that’s kind of interesting.
On leaving the public service Ms Halton joined the board of ANZ Bank. More recently she has been appointed as independent chair of the Council on the Ageing.
And now she up to her elbows in technology, joining the board of high security cloud provider Vault Systems last November as its chair. Whatever challenges result from the low-profile Vault’s modest size are more than made up for by its massive ambition.
The company provides wholesale cloud services, ASD classified to Protected level. It specialises in highly secure services to government and its partners.
It is a measure of how aggressively Vault is pushing into the politically-squirrelly but big spending world of public sector tech that it appointed not only Jane Halton to the board, but also former Defence Secretary Dennis Richardson.
These are two former giants of the public sector who most recently were at the helm of critically important tech portfolios: Finance holds the purse strings, while Defence is literally the gatekeeper on security accreditation.
The appointments come at an interesting time for cloud service providers, to put it mildly.
For a start, cloud adoption by government is taking off in a serious way, finally, after a glacially slow start.
In fact, Vault Systems announced three weeks ago the largest single cloud services arrangement sold into the Federal government, a five-year $84 million deal with Air Services Australia sold through ASG Group.
But that sale went virtually unnoticed, it coincided with the hugely controversial announcement that Microsoft’s Azure and Office 365 services had been given ‘Protected’ status by the Australian Signals Directorate.
Until Microsoft gained its ‘Protected’ status three weeks ago, there were just four providers with this top-level cloud credential – Dimension Data, Macquarie Government, Sliced Tech, and Vault Systems.
That decision has caused enormous upheaval. The Microsoft ‘Protected’ credentials came with caveats in the form of published ‘Consumer Guides’ for the first time.
None of the other “Protected’ cloud providers have a ‘Consumer Guide’ attached to its credential.
And while the Head of the Australian Cyber Security Centre Alastair MacGibbon – who is also deputy director-general of the ASD – says he is “very, very satisfied” that risks have been mitigated in relation to the Microsoft service, he will not say why the caveats have been put on the Azure and Office 365 while there are no caveats on the other providers.
The ASD flatly rejects the notion that security standards had been lowered to accommodate Microsoft, the first of the tech giants to be given ‘Protected’ status.
But a talking point among security professionals relates to Microsoft dev-ops employees in the US having access to Australian Government protected data held in its Australian data centres.
That would mean that non-citizens who do not have relevant Australian Government security credentials and who are located outside of Australia – and are unknown to the Australian Government – will have access to Protected data.
This is a stunning development for the sector. Certainly it is a dramatic change in ASD policy and one that is not yet well understood by government users.
Jane Halton will not speak directly about Microsoft or its new ‘Protected’ classification, noting only that the government is entitled to make whatever decisions its makes, and that those decisions don’t need Vault commentary.
But she does make the point that Vault Systems has a differentiated product – that’s the nature of the market – and is ready to highlight to its security features to government customers, among others.
“The whole nature of the ‘Protected’ cloud is pitched at people who hold really sensitive information, where trust is important, and where you want to be confident that you can say to the general public that ‘we’ve got you covered’,” Ms Halton said.
“We will offer to the market a product which is delivered by an Australian company, which is onshore, where we are covered by Australian law and where we guarantee that data will be stored onshore and we guarantee that the people [accessing that data} … are of the highest security standards.
Ultimately it is up to the government customers to think about differentiated security features when they sign on to a service.
“We are open source, we’re onshore and people can touch/see what we have to offer. For some people that will be important. Maybe it won’t be for others, and that’s fine, it’s a market.”
The sharply growing momentum in the government cloud market has led to a fight for hearts and minds in Canberra.
Hard on the heels of a Microsoft launching an initiative aimed at delivering cloud computing skills training to 5,000 employees by 2020, Vault Systems three weeks ago unveiled its own Vault Academy, which will put 3,000 people through a two-day cloud skills course in the next two years.
Ms Halton says her recruitment to the Vault board, and that of Dennis Richardson, underscored a company commitment to the public services and to the Canberra market because both have deep personal connections into both Canberra and the APS.
“Doing the training [investment] is a part of that commitment. We have a product that we believe in and that is well suited to the needs of government,” she said.
“But also, to help with the transition one of the things that we can do is to help train people. It’s important to place that particular activity within that context.”
Ms Halton, who oversaw the promulgation of the government’s “Cloud First” strategy when she was Finance secretary, said there was a natural inertia in big systems.
Adoption of new technology and platforms takes time, depending on incumbency issues and contractual arrangements and where an agency is in its budget processes.
The other thing relates to the delivery of capability and knowledge at scale – and that takes time and is where the Vault Academy is directed.
“If we can skill people up and give them an indication of what the pathway is to enable this kind of migration, then that’s to the positive,” Ms Halton said. “At the end of the day we are committed to the town and we’re committed to helping government in this space.”
While the cloud services market had begun to make genuine momentum in Australia, she cautioned against impatience. The reality is that government customers are different from the private sector, and face different challenges. They are simply different.
“Everything is hard to do. The scale of everything is different. The complexity of everything is different. The level of transparency attached to everything in the public sector is higher – and that’s a good thing,” she said.
“Government is not a startup. Government is not a greenfield. It has whopping issues around legacy. The complexity of its business is enormous and so moving all of your enterprises in the ICT and tech space takes time. It’s hard.”