Thursday, September 15, 2016

Farewell to GovSpace.gov.au - a bold and successful government initiaitve

On the 25th August the Department of Finance in Canberra announced that its bold experiment in providing a central website infrastructure for agencies, Govspace, was coming to an end after almost seven years.

I still remember feeling excited at the original launch of Govspace.

At the time I was working in the Department of Health as Online Communications Director.

I was theoretically responsible for the department's entire web presence, although many of the 150+ websites operated by the department were directly controlled by the business area funding their development.

It was still a time when business areas wanted a new website for every new initiative and would pay through the nose for those sites.

Business areas would often spend tens or even hundreds of thousands of dollars to digital agencies, or our internal IT team, to have each new site built.

It was a frustrating time for me as there wasn't a simple way for the department to procure low cost sites. We didn't have the capability to easily build or buy websites based on open source web content management systems (WebCMSes), such as WordPress, that used free or cheap themes rather than hand-crafted custom-designed graphical interfaces.

Even Health's internal IT team had to charge six figure sums for simple websites due to the costs they had to incur and offset when using the department's mandated internal web content management platform (Lotus Notes) to deliver them. Each internally built site had to be custom coded and designed by experienced IT staff, making it a relatively slow, as well as expensive, process.

So when the Australian Government Information Management Office (AGIMO) in the Department of Finance unveiled Govspace in March 2010, the floodgates opened.

Suddenly every agency could access a low-cost open source webCMS on pre-approved secure government infrastructure. It could be used to deliver both small specialist websites as well as services such as blogs.

Finance were trusted, reliable, secure and a central government agency - one of 'us' (government) not one of 'them' (private sector companies).

Govspace launched with a single pilot site, the Department of Treasury’s Standard Business Reporting blog. The platform expanded quickly, reaching 25 sites using the platform in a year.

I was one of the first to leap on. I worked within Health to dissuade one of our Communications teams from paying a digital agency at least $40,000 for a new website for an information campaign and convinced them to trust me (and Finance) to make use of the Govspace infrastructure - which at the time came at the very attractive price of 'free'.

Finance was able to spin the site up in a matter of weeks, WordPress was easy to use, so the Comms team was able to directly put the content in place. We had the website live within six weeks - compared to a 3-6 month process with a digital agency.

In the end we did spend some public money, about $42 on a custom WordPress theme, but saved the department over $35,000.

At an internal planning day shortly after the site went live the Comms team proudly shared how easy it had been to get the website in place. This lead to a flood of interest from other area.

That one site raised the internal awareness that the Department had been paying too much for websites, leading to enormous savings over time.

Govspace wasn't designed to cater for every site - it was primarily a platform for simple Gov 2.0-style sites, with blogs and other interactive features. Even so my team helped put at least another half-dozen new websites onto the platform over the next few years.

Even when Finance had to bite the bullet and start charging agencies for the costs they incurred for the platform, Govspace remained one of the lowest cost website options for government.

You can read the posts from the first birthday of Govspace, from AGIMO's then Branch Manager, Peter Alexander (now COO for the Digital Transformation Office) and from AGIMO's Mike T (with my comment still below).

Govspace continued to grow in use over several years, with over 110 government sites using the platform at some stage. The chart below shows the traffic for periods I've been able to source data for.



Over the last few years the site has seen a natural decline as agencies shifted to GovCMS, Drupal or their own lower cost WebCMS frameworks.

Today Govspace hosts 26 live public sites - virtually the same number as the platform had after 12 months.

With Finance's decision to close the platform all those sites will have to move to their own infrastructure by the start of 2017. After that, Govspace will be no more.

While this makes me sad, I support the decision by Finance to close down the GovSpace platform. It had a good run. However Govspace is fast being replaced by more modern web platforms, particularly GovCMS.

I'd like to personally thank all the relevant staff at the Department of Finance for how diligently they ran and maintained the platform, even after AGIMO was disbanded and running a whole-of-government infrastructure stopped being an important role for the department.

While for many inside and outside government the closure of Govspace might be seen as just the termination of a 'surplus to needs' service, I believe this is the end of an era for government IT.


Govspace was instrumental in revolutionising many aspects of how Australian government viewed digital.

The platform helped transform how Australian government agencies looked at website development and costs.

The use of WordPress for a public whole-of-government platform also widened the door for open source software to be considered by agencies.

Govspace helped propel government web sites from a 20th century 'brochure-ware' approach to become more engaging and interactive.

The impact of Govspace has echoed across government, and will continue to echo for years to come as agencies continue on their digital transformation journeys.

Farewell Govspace and thank you to everyone involved with the platform. Your contribution to government's digital transformation has not been overlooked.

Read full post...

Monday, September 12, 2016

Confusing innovation with outcomes

I've been involved in an interesting Facebook chat around the definition of a startup, which has coalesced my thoughts on the approach of organisations towards innovation.

Innovation has become a buzzword in the last few years, with both corporations and governments focused on the notion that they need innovation to remain effective and relevant.

I've been fundamentally uneasy with a lot of the views expressed around this notion. From the Australian Government's '#ideasboom' to the notion that appointing an Innovation Director who in some way takes 'ownership' of innovation for an organisation, will solve an organisation's competitive and cost-efficiency challenges.

I also have my concerns about the ideation processes springing up across government and the private sector.

It's great to see the flood of ideas and the unclogging of the old-fashioned 'suggestions box'. However these processes need to be well-supported with training and capability to assess the ideas and then help people to realise them in practical trials, to really determine which really do solve problems or improve outcomes.

Don't get this wrong - I'm a big proponent of innovation.

The process of identifying a problem (that often others do not see), of finding a new solution (whether involving old or new technology) and of then testing and trialling that solution until it becomes clear whether it's an improvement or not is essential to every organisation who wishes to continue to exist.

However focusing on the ideas and innovation is a confusion of process and goal.

Ideas and innovation are tools to solve problems. They are not ends in themselves.

Ideas are a thousandth of a bitcoin a dozen and anyone who sets out to 'innovate' is starting with the wrong end of the stick - the process, not the desired outcome.

Instead organisations should focus on the other end, the problems, preferably invisible and painful ones. They can be considered 'big' or 'small', this doesn't matter - what matters is that there's significant pain caused by it, and significant benefit to solving it. Solving a problem that costs every employee only 5 minutes each day will save an organisation with 1,000 people 416 hours per week - the equivalent of ten staff, or 1% of their headcount.

Often the best problems are invisible to most people in the organisation, they simply work around the problem, using manual steps to bridge processes, walk the long way around an obstacle and eventually forget that it is there.

'Managing' the problem becomes part of the basic experience, the social norm, of working there, just like the example in the video below - and very few question it.


The real innovator is the person who both thinks - why is that obstacle there? AND then acts to remove it.

A simple test that can be performed in any organisation is to put a chair with a sign 'Please do not move' on it in the middle of a regular walkway.

Look at who walks around the chair, versus those who complains about the chair being there, versus those who actually take an action to remove the chair as an obstacle.

You want people who are prepared to address the obstacle on your problem-solving team. They are the people prepared to ask 'why is this so' (identifying the problem), then experiment with potential solutions to remove the problem from the equation.

For organisations that wish to set a higher bar, change the sign to read, ''Please do not move. By order of the CEO - this area is monitored by CCTV'.

Now you'll really find out who is willing to take a risk to achieve a better outcome.

Ideas and innovation remain critical tools for problem-solving, and fostering both within organisations is critical, but avoid the trap of confusing them with the improved outcomes that their use is designed to achieve.

Treat them as tools, not goals and avoid building complex systems and hierarchies around who is 'allowed' to use them within an organisation.

Everyone in your organisation has ideas. Everyone can innovate. Not everyone can identify the problem, visualise a better outcome and use ideas and innovation as tools to turn that visualisation into reality.

Use ideation processes and Innovation Directors to foster an environment where problem-identification and solving is the social norm for your organisation.

To foster an environment where the reaction to a new problem or inefficiency is to take action to address it, trying different approaches until the optimal solution is found, rather than to kick it upstairs, ignore it or simply 'walk around' it with more staff and expense.

The most successful organisations - public and private - will be those that foster active problem-solving, not nebulous 'ideas' or 'innovation'. Those that remain clear on what are the goals and what are the tools.

Read full post...

Wednesday, September 07, 2016

Don't ask for more information than you need (and make it clear why you're asking what you're asking)

I've just become aware of the ACT Government's consultation for a new license plate slogan.

Hosted at Your Say, the government is asking for ideas for a 30-character or less slogan, with the best ideas to be put to a public vote later this year.

I support this type of consultation approach - it provides for broad public input, with a screening step (via a panel of judges) to manage any inappropriate suggestions before a public vote.

The consultation also does a great job of explaining the process timeframe; when the decision will be made and when the license plate will be released.

One of the 'tricks of the trade' for consultations - and and engagements - is to ask the minimum number of questions required to meet the purpose of the process.

While there's often temptation to ask a few additional questions, where data might be interesting but is non-essential to the consultation's purpose, each additional question can reduce the response rate significantly.

These additional non-essential questions can also call into question what the consultation is actually designed to achieve. This can, at worst, lead to suspicion and loss of trust, but at minimum is likely to cut the honesty and number of responses, potentially damaging the ability of the consultation to achieve its purpose.

Sometimes, of course, there can be questions that appear non-essential but are necessary for the consultation to achieve its goals. In this case, the organisation engaging should make it as clear as possible why the questions are being asked, without damaging the engagement process itself.

Unfortunately it seems that the ACT government hasn't fully thought this through in its license plate slogan consultation.

Alongside asking for the slogan and where the respondent lives (important for getting ideas expressly from Canberra residents), the slogan also asks for the name and a contact number/email, as well as age and gender.

While the consultation does a good job of explaining why name and contact information might be useful, so that the finalists and winning respondent can be contacted, it's unclear why either age or gender are required in this process.

Age is a compulsory field while Gender is optional, but realistically neither is important information in the review process, nor is there an explanation as to why the ACT government would need this information.

Now this might seem a trivial thing to the agency involved in the process, after all age and gender aren't hugely personal information and, in the case of gender, is often determinable from name alone.

However by adding these fields - whether compulsory or not - the response form becomes that much more complex, and can discourage some people from responding.

That doesn't mean that this process won't get a good response rate, but it is likely to be less than it would otherwise be.

Of course it's hard to prove this in this case, as we don't have the luxury of an AB test to compare approaches - but from experience, overall responses go down when additional (and unnecessary) questions are asked.




Read full post...

Wednesday, August 31, 2016

Have you been pawned? What could Australian governments do to reduce the frequency of data breaches

Data breaches at major organisations have become a weekly event, but don't always make it into the public eye for months, or even years, after they happen.

This is both because it can take some time for an organisation to become aware it has been breached and because few organisations are forthcoming about security concerns.

This lack of willingness to communicate breaches can be because many fear a loss of respect or trust if they admit a breach has occurred, and in certain cases companies may even be liable for fines or damages in a class action.

Of course, not declaring breaches can also come with a sting in the tail. Individuals might find some of their other accounts become compromised, or experience monetary or identity theft - in extreme cases people can find themselves in debt, their property sold, or even be gaoled.

Governments in Australia have been slow to put measures in place to protect citizens in these circumstances - even forcing citizens to take them to court to rectify these situations, as a Canberra homeowner recently had to do.

Unfortunately in Australia it's not even mandatory for data breaches to be reported, so there's limited information about how widespread the threat or cost actually is, making the situation even harder to deal with.

I subscribe to a service (Have I Been Pawned?) that alerts me when a service I use is reported as hacked - but even this is largely limited to international online services and it remains very slow to discover when these hacks occurred.

The example below shows how Dropbox has only in the last few weeks acknowledged a hack in 2012 which exposed the details of over 60 million people - that's more than twice Australia's population. Their information (including mine) has been traded online by the hackers.
Dropbox breach

Now some people might consider this a normal part of living and doing business in the internet age - but should we?

There's a number of steps that both governments and commercial organisations can take to reduce the impact of these types of breaches and help ensure they occur far more rarely.

The first step is a mandatory requirement to publicly notify everyone who may be affected by a breach within a week of it being detected, with a mandatory public announcement of the breach within two weeks.

If the notification is made on a timely basis, organisations should not face a significant fine from the government, but if notification is late, they should face a fine equivalent to a significant portion of their gross income for the previous year.

Where organisations are breached, they should be legally required to, at their own cost, identify the cause and rectify it, putting in place appropriate security measures to prevent recurrence and fix any other identified security issues with their system.

Organisations should also be put on a three-year watch list, where if they suffer another breach and cannot demonstrate that they maintained their security infrastructure to a sufficient standard, are subject to that very significant fine detailed above.

This should apply across both private and public organisations - with government agencies held to the same high standard of conduct. In fact it could be argued that government should be held to an even higher standard due to being required to maintain public trust and how certain agencies may compel information from individuals and store it for their lifetime.

Governments should also set up positive security regimes, where people are rewarded for identifying and reporting security holes in government properties. Corporations could also be provided with incentives to do the same, such as subsidising rewarding and rectifying appropriate security issues in a similar way to R&D subsidies.

The government needs to work with governments around the world to ensure that laws punishing identity theft - fraud - are sufficiently strong to create a strong disincentive for anyone who might be caught either perpetrating a hack or benefiting from it. There's already a base in place for this, but there's ways to strengthen it and treat identity theft with the degree of severity it requires.

Finally governments need to ensure they are appropriately educating citizens through a variety of channels - providing educational content, ensuring that no government agency allows users to create weak passwords, training their own staff (essential for national security), training police forces to understand and engage appropriately with citizens who report identity theft and rewarding companies who educate their staff and customers for reducing the overall risk.

Now it is important to be realistic about the situation. Australians use a variety of foreign online services and it is impossible to secure them all, all of the time. Hackers will find ways in via mistakes in ICT configurations, slow maintenance, zero day exploits and social engineering.

However the incident and severity of the data breach risk can be greatly reduced if Australian governments stop turning a blind eye to the issue and begin seriously engaging with it.

At minimum governments need to broaden their cyber security policies to recognise that it's not just the government itself at risk. From here, there's many opportunities, such as those described above, for governments to be more proactive about protecting their citizens from the risk of data breaches, from enemies both domestic and foreign.

Read full post...

Tuesday, August 30, 2016

Digital Transformation Office launches beta for their Digital Marketplace

Earlier this week the Digital Transformation Office (DTO) launched the beta version of their Digital Marketplace, a directory of vendors offering specialist digital services across a range of role categories.

The explicit reason for the Digital Marketplace was to make it easier for small and medium enterprises to engage with government, particular within large ICT projects. It is supposed to do this by allowing agencies to break down large projects into small stages which smaller companies are able to fulfil.

At this stage the Digital Marketplace is primarily a list of vendors - over 220. Most are small businesses, with a smattering of recruitment agencies (Horizon, Hudson, Randstadt, Talent International, The Recruitment Hive) and larger companies (such as Deloitte).

Right now it's possible for agencies to make both open and select requests to the list for skills via a briefing process, with additional approaches to market, such as an ideation approach both for buyers (roughly 'I have this problem, how would you solve it') and sellers (roughly 'I have this idea to solve a government problem - will anyone fund the work'), still under development.

The beta allows for fourteen role categories, covering a wide range of skills in the digital area, with more to come as the marketplace beds down and grows. The current roles are close to the DTO's core business of promoting and incubating digital transformation, which seems a reasonable place for them to start.

While the marketplace provides the information in a different way to most government procurement panels, it is governed in the same way - under a standing contract arrangement. At this stage all the innovation is at the front end and it will be interesting to see whether other agencies with whole-of-government panels (particularly Human Services and Immigration) see value in this way of displaying vendors and in the additional features the DTO plans for the site.

I've had a good look through the initial Digital Marketplace - in fact I'm affiliated with one of the participating vendors (as would be most private sector digital people in Canberra) - and it was interesting to see how many companies claim to have access to talent that government needs in the digital space.

Most government panels have been far more restrictive in the number of vendors they allow on the list, which has led to significant 'horse trading' of panel access and the development of services like SME Gateway to facilitate companies without a panel presence, whereas the DTO has gone for a 'bucket list' of any company that can demonstrate they meet the required criteria.

I've done a little analysis of the vendors in the Digital Marketplace and found a few interesting insights as to the responses the DTO received.

Firstly, half the approved vendors offer four or fewer of the fourteen role categories in the marketplace, with only 8% (generally recruitment companies) offering the full 14.


This suggests a lot of specialist providers have joined the service - companies which may otherwise struggle to meet procurement requirements without extensively partnering or contracting their services through larger providers.

The most popular role offered by vendors was Business Analyst, provided by 123 (or 55%), whereas the least popular was Ethical Hacker, provided by only 51 vendors (23%), followed by Inclusive Designer (Accessibility Consultant) by 58 (26%) of vendors.

This isn't surprising. Business Analyst is a standard role that has been around for a long time in ICT, whereas Ethical Hacker is relatively new as a role type and Accessibility remains an underrated area by government (with many practitioners struggling to find sufficient paying work).

It was interesting how many vendors offered personnel in the Digital Transformation Advisor role, which was second behind Business Analyst (113 vendors or 51%) despite being a very new role type.

I'm still sifting through the data and expect to find more interesting insights - particularly from the pricing (for which the DTO has published the ranges by role). This was an interesting decision by the DTO as it may encourage organisations to migrate pricing from below the given range upwards, and once in the range toward its top.

A lot of the data exposed in the marketplace has commercial significance, so I may not be able to share all of it, but the site is already gold for organisations seeking to understand the landscape servicing government. Couple the information in the site with industry knowledge and published tender amounts and it becomes relatively easy to identify the high and low price vendors.

Read full post...

Bookmark and Share