Securing Software Supply Chains in Cloud-First Government Delivery

Governments across Australia and New Zealand are moving decisively toward cloud-based platforms to improve the resilience, scalability and performance of digital services. In Australia, the new Whole-of-Government Cloud Policy sets a clear direction for agencies to prioritise cloud computing solutions, strengthen security and governance, and move away from ageing ICT environments, with the policy taking effect from 1 July 2026.

This shift places new pressure on how software is built, secured and released. As agencies increase the pace of change and rely more heavily on third-party components and automated delivery pipelines, traditional controls designed for slower, on-premises environments are proving inadequate. Fragmented DevOps practices, limited visibility of software components and inconsistent security integration increase exposure to supply chain vulnerabilities.

For senior decision-makers, this is now an accountability issue. Cloud policies, cyber security expectations and audit scrutiny require executives to demonstrate that software deployed into cloud environments is secure, governed and traceable. Without stronger assurance mechanisms aligned to cloud-first delivery, agencies risk service disruption, compliance failures, escalating remediation costs and loss of public trust at a time when digital services underpin essential government functions.

Key discussion points:

• Align software delivery with cloud policy requirements: How leaders can ensure DevSecOps practices support whole-of-government cloud direction and accountability expectations.
• Strengthen assurance over software components and dependencies: Why visibility of code, artefacts and third-party components is critical in cloud-based environments.
• Embed security and compliance into automated delivery: How governance and policy controls can be enforced consistently as release frequency increases.
• Manage supply chain risk in shared and multi-cloud environments: What effective oversight looks like when software spans agencies, vendors and platforms.
• Support executive confidence in cloud-enabled delivery: How coordinated governance enables speed without sacrificing control or assurance.

This session is intended for senior public sector leaders responsible for cloud strategy, digital delivery, cyber security and software assurance across government and public sector entities.