Archive for June, 2011

The Importance of GovCamp for Open Government Data

By
John.Weigelt
Published: June 27, 2011Posted in: Canada Gov Camp, General, Open Government

<reposted from BePublic.ca >

A few years ago, the City of Nanaimo started a grand experiment by publishing some of their city’s data on the web, thereby becoming the first Canadian city to embark upon Sir Berners-Lee vision of the next evolution of the web.  This Open Government pioneer has since joined by the City of Vancouver, the City of Edmonton, City of Toronto, City of Calgary, City of London, City of Ottawa, City of Windsor, City of Hamilton, City of Medicine Hat and the township of Langley.  These activities have grown beyond the municipal community to the broader Canadian government community with the Canadian Access to Information and Privacy Commissioners passing an Open Government resolution at their Sept 2010 annual meeting and the President of Treasury Board, Minister Stockwell Day announcing the Federal Government’s Open Data Portal shortly thereafter.  These government led activities rely on the strong and active support  of a passionate community that is able to take the government’s publications and recast them into even more meaningful services.  It would be impossible to list out all of the great open government applications developed by the community.  A few representative community driven projects include openparliament.ca, datadotgc.ca and how’d they vote.  Each of these services seeks to build out additional insight and value from the information traditionally published by governments.  But to do so often required some energetic data contortions and magic to extract the information into a usable format.  It seems that there often wasn’t a great deal of conversation between the different communities on how they could jointly pursue the goals of Open Government.  Enter the ChangeCamp, GovCamp, DataCamp, DemoCamp, Hackfest and other community get togethers.

These camps are often held in an unconference format where participants are given the opportunity to propose and lead individual sessions.  Other participants select the sessions they wish to contribute to and are free to move between sessions if they don’t meet their expectations.  Variations on the theme can have a more structured approach, but continue to rely on community driven topics and themes.  A reoccurring theme that is raised at these events is that of “reaching the right audience” to make a difference.  The GovCamp model seeks to bring together the right people so that the goals of collaboration and community driven development can be realized.  This year’s GovCamp 2011, held during NetChange Week at MaRS DD in Toronto  brought together over 200 people from both private and public sector, across all three levels of government in addition to other passionate individuals.  Through discussions on a wide range of subjects and focused workshops, communities came together to exercise their innovation muscle and imagine a new relationship between government and constituents.  There was also a great demonstration of the vision becoming a reality in the DemoCamp which showcased the digital wizardry of the application developers building upon the foundation provided by Canadian open data efforts.

Ultimately, open government is about engaging individuals, empowering businesses and driving efficient connections between governments.  GovCamp provides a venue for the various communities to come together, often putting a human touch to the raw data or faceless organizations, to reach a common understanding of the respective challenges each faces and to find a common ground for action.

 

 

Share

Considering Compliance When Adopting Public Cloud Services

By
John.Weigelt
Published: June 16, 2011Posted in: CIO Toolbox, Cloud, General, Policy, Privacy, Security

Cloud computing processes and technologies offer organizations the opportunity to transform their approach to IT services delivery and ultimately transforming their overall services delivery. While several characteristics fundamental to cloud computing are relatively novel to these solutions (e.g. elasticity, transparent scalability, usage based billing) there are some aspects of cloud services, especially in procurement, that organizations will be familiar with. Many organizations are using public cloud services for their service delivery. While the path each has taken to implement cloud services has been different, there are some activities that they have commonly performed:

1.  Select a candidate service (capability) that will provided – While many CIOs have included “moving towards cloud services” in their strategies, actual implementation of these services requires that CIOs and their service delivery leaders go well beyond the concept and take a detailed look at what services and information holdings they plan to host in the cloud. For existing services, organizations should take the time to examine how their user community is actually using the services over and above to the official purpose of the system in question. This will help identify any unexpected categories of information that need to be supported. Organizations should also take the time to think about and almost predict how their community may find alternate uses of new services that they are looking to deploy in the cloud. This will help avoid any unintended consequences.

2. Assess the compliance obligations for the service (PCI, FOIPPA, PHIPPA, SOX etc.) – The output from the first step should be a clear understanding of the services and information that will be transitioned to the cloud. Since all services are governed by legislation, policy or standards, it is essential that a fulsome analysis of the compliance obligations be carried out by a compliance team composed of a partnership between the service owner, legal and IT organizations. It is often the case that several compliance regimes will apply to an individual service.

3. Take a realistic look at how the organization conducts business today (Mobile devices, Internet presence, partner connections, POTs, social network use etc.) – While any change in how an organization delivers its services provides an opportunity for improvement and to address gaps that have arisen over time, a balance must be struck not to over-engineer the solution. Instead of taking a blank slate approach to delivering services via the cloud, successful deployments have taken a look at the current service delivery environment and examined the differences that the cloud services introduces. This approach effectively addresses arguments for security, privacy, availability etc. that deal with absolutes.

4. Conduct a preliminary Privacy Impact Assessment (PIA) and Threat Risk Assessment (TRA) – Now that a clearer understanding of the services has been developed; there is an opportunity to conduct preliminary TRA and PIA. These assessments identify the information assets, the threats to those assets, the safeguards required and provide an insight into the remaining risks that need to be addressed before the services are deployed. These preliminary reports go beyond technology based recommendations and will help identify policy, process, people and publication safeguards/controls for the services. Should the organization determine that the remaining risk of their planned deployment is too high, there is an opportunity to go back and revisit the approach and add additional safeguards. Organizations can also look to hybrid models where the sensitive information remains on premise and a less sensitive portion of the service is migrated to the cloud.

5. Pilot the service – The very nature of cloud services provide a great way to deliver new. Because you only pay for what you use, organizations can quickly and cost effectively get access to cloud services so that they can investigate how they could work with their plans. These pilots/prototypes can be done at the same time that the policy/compliance work is being done.

6. Assess the potential risk delta in moving to new cloud model. – The preliminary PIA and TRA provide the foundation for the business assessment for the adoption of cloud services. It should consider the current operational environment and the planned cloud end state. It is essential that the risk be considered in the context of the current ways that the services are performed since starting from a blank sheet or ideal world scenarios can introduce scope creep explosion which will extend far beyond the project in question.

7. Conduct a detailed review of the Service Level Agreement, including a mapping to current service levels. – The Service Level Agreement is the cornerstone safeguard for effective outsourced service provision since it describes the expectations and obligations of both the service provider and consumer. Several organizations have made the case for cloud services to their senior management based upon the service enhancements over their existing service delivery capabilities (e.g. availability, capacity, discoverability). Organizations should take the time to fully describe their service expectations and avoid sending poorly understood services to cloud providers. A sure recipe for failure is where a poorly understood service is tossed into the cloud since both parties won’t know what’s expected leading to discontent.

8. Build out the business case. – Successful deployment of any full service ultimately relies on a solid business case. While cloud services do have the potential for organic, bottom up growth because of usage based billing, fully sustainable solutions are supported by solid business cases. The biggest challenge experienced with business cases is accurately capturing the current total cost of ownership. Organizations generally underestimate the current costs because it is often difficult to get full access to the various direct and indirect costs associated with a service.

9. Decide and manage the risk – Ultimately the decision to maintain status quo, adjust a service or deliver a new service comes down to a risk management decision. All of the activities described above help develop the evidence for the line of business leader to make an informed risk decision.

Canadian organizations are beginning to take advantage of cloud services for their service delivery initiatives. Those that have been successful in deploying have generally performed these high level steps to tease out and address the risks and opportunities associated with their move to the cloud.

Share