Machinery of government changes are an intrinsic part of our Westminster system of government.
These changes can occur, as happened with the recent 2022 federal election, when there is a change of government. They can also happen when a minister resigns or changes portfolio, or to amalgamate departments and to meet policy objectives.
It’s estimated by the Australian National Audit Office there are around ten machinery of government changes at the federal level each year. They also frequently occur at the state and territory levels.
However, says Jonathan Hatchuel, director for Public Sector and Enterprise at Commvault, the implications for data management, storage and security are often overlooked when a machinery of government change occurs. There are significant ramifications associated with not managing data during a machinery of government change, including dealing with the security of personally identifiable information ((PII), as well as the chance of malware sneaking in and compromising the systems involved.
“People can make mistakes when agencies come together,” says Mr Hatchuel. “There are emails flying around and users could click on things they shouldn’t. During a machinery of government change, the main challenges are around people, data, and systems.”
Leadership is critical
According to Mr Hatchuel, departments and agencies are often not on the same page regarding data management and security during a machinery of government change. Some departments view the data they have as an asset, while others simply see it as an operational or IT issue.
“The differing value assigned to data creates challenges,” he says.
For these reasons, data security and management need to be seen as a leadership issue focusing on accountability and governance. Leaders need to think about the data they own and have accountability for that data
“Agencies often treat a machinery of government change as a project with an end date, but the reality is it is something ongoing,” he says. “That’s why it’s important to have leadership focused on accountability and governance.”
Data management and protection can’t simply be seen as an IT issue, but instead as something the agency or department leadership needs to grapple with. Agencies taking an approach where leadership get involved and actively manage the process tend to get it right, says Mr Hatchuel, while those who push the problem down to IT end up with narrow decision making and tend to experience problems which could have been foreseen if leadership was involved.
When integrating data sets and systems, it’s critical to automate as much of the process as possible. Having vendor-agnostic toolsets to manage these issues leads to superior data protection and security, he says.
Carefully manage Cloud to get best value from the migration
When there’s a machinery of government change, with agencies or departments either splitting, being reorganised or coming together, managing the data can be a huge issue. Sometimes there are incompatible systems and so departments choose to keep two sets of infrastructure operating side by side.
Cloud is also an issue, because few, if any, departments, or agencies have a single cloud service provider (CSP). Mr Hatchuel says organisations go into the cloud thinking they will have a single CSP, but the reality is different. He says if a department uses Microsoft365, then the data and workloads will be hosted by Microsoft. But if the same department also uses Salesforce, then another CSP is brought into the equation – multi-cloud is the contemporary reality.
“Not all cloud service providers are created equal,” he says. “Having a view of who is protecting your data and how it’s being protected is a senior executive conversation.
It’s also of utmost importance for leadership to understand even if a CSP is hosting the data and workloads, it’s the customer who bears the responsibility for protecting the data.
“Data is always the customer’s responsibility,” he says. “During a machinery of government change where agencies or departments are moving to the cloud what tends to happen is they assume they are covered until disaster strikes. At that point it becomes a senior executive issue.”
When moving workloads to the cloud, artificial intelligence and machine learning have a role to play, but they’re not a panacea. Mr Hatchuel says AI and ML tools must be a close ally of accountability and governance. “Ai and ML are useful because they can detect anomalies faster and improve the speed with which data breaches are found.
Most importantly, when moving to the cloud or amalgamating workloads, it’s important to have vendor-agnostic tools to manage the process. Each CSP will have their own native tools, but in the new reality of a multi-cloud environment, the native tools used to manage an AWS instance won’t be any good when it comes to looking after Azure data and workloads, obviously.
“With cloud, costs can be unpredictable,” he says. “Double handling and data rationalisation across cloud in a machinery of government change can be problematic without a common toolset.”
The reality is data management and protection during a machinery of government change is an executive governance issue and leaders must pay attention to it.
“A lot of leaders see a machinery of government change as operational rather than strategic,” Mr Hatchuel concludes. “Leaders need to view data governance, integration and protection as being just as important as the people integration.”
To understand more about the importance of data management, integration and security, download Commvault’s white papers on Data Security, Management and Governance today.
