Highlight on our Government Keynote by Scott Jones, Executive Vice President, Shared Services Canada
An Enterprise Approach to Shared Services
The most obvious public sector example of shared services is an agency called Shared Services Canada (SSC). It was designed to bring departments together, but that doesn’t mean that it is always the most cohesive or collaborative environment. In fact, Scott Jones , the Executive Vice President of SSC, says that when the agency was first created in 2011, “it was an absolute enormous mess.” This is largely because the SSC was “was created to save money” with the goal of “transforming how the government manages and secures its IT infrastructure.” This was a lofty and important goal, but not all the factors came together seamlessly at the outset. Nonetheless, “the launch of SSC was the largest and most diverse whole-of-government IT infrastructure shared service transformation in the world.” The reason for this is because the initial objectives were so ambitious.
In simple terms, the SSC exists so that “no other department needs to think about anything; we just take care of everything.” They are not quite there yet, but essentially “we are a common services provider, and we want to be taken for granted.” In other words, “we aim to enable most of the government’s 45 large departments and agencies to shift to the use of common IT systems.” In total, that means “half a million users across all government departments and agencies.” They best way to the achieve this for the SSC is through the use on an enterprise approach, particularly for the adoption of “cloud services across the government of Canada.” Sometimes the term ‘enterprise approach’ has negative connotations in government, but for the SSC it means “helping the government to reduce duplicate costs and achieve faster turnarounds.” More importantly, it is about “cross departmental collaboration when addressing problems to provide more secure and reliable services and reduces risks. Ultimately, it helps to serve Canadians better.” The beauty of such an approach for SSC is that it is collaborative but customizable, which is important because like most things, “there is no single one-size-fits-all approach for Government of Canada digital services.” Employing an enterprise approach is not about consensus or uniformity. It is instead about having the tools to seamlessly connect services and ensuring that everyone stays connected.
Why Such An Approach is Necessary, Especially for Cloud Adoption
When the SSC was created, “we inherited 720 aging data centres, many of which were not built for today’s digital reality.” Since 2011, “394 have been shut down and we consolidated the rest into four, modern, state-of-the-art centres, which are more secure, reliable and more energy efficient.” Unexpectedly and incidentally, having these new centres “also contributes to Canada’s goal towards net zero resilient and green government operations.” But the essence of the operation is the provision of networks “coast-to-coast and around the world, including to Canadian missions abroad. We are enabling cloud adoption by providing access to network connectivity, along with guidance and expertise.” This became particularly important when in 2018, the Government of Canada mandated a “cloud first adoption strategy.” The SSC played a key role in enacting that and has continued to “work with government departments to modernize and move their IT applications to the cloud.” Legacy systems will continue to stay and play a part, but “there is work to do to be ready for the cloud,” and the real role of the SSC, and the reason why having an enterprise approach is so important, is “to make sure that departments have access to the best public possible public cloud solutions for secure service delivery.”
Initially, SSC partnered with several departments and “they became our pathfinders.” This allowed both the departments and the SSC to gain some useful insights, and now it is very clear that for the SSC and all the departments under its purview, there benefits of the cloud include “increased performance security, innovation, agility and elasticity.” There are a few minor downsides too, but in general it is all positive.
“Our enterprise approach to being cloud smart will improve the delivery of IT services and help us adapt to the changing workforce needs of the future.” - Scott Jones, Executive Vice President, Shared Services Canada
The Security Threat Landscape
However, with increased workforce needs come increased security concerns. Together with the cloud first strategy, in 2018 the government also “announced a national cybersecurity strategy.” The government is taking this so seriously, that in the budget of 2022, they have provided “$875.2 million over the next five years, and then $238.2 million thereafter. This includes $178.7 million over five years allocated to SSC for measures to address the rapidly evolving cyber threat landscape.” Part of that is specifically allotted “to address the threats that are faced by small departments and agencies that do not have the resources to protect themselves, and to help them move under the enterprise umbrella.”
Cybersecurity has been a core function and foundation of the SSC since its founding, and it is not an exaggeration to say that “the creation of SSC is the single most important factor that allowed for the cyber defence of the Government of Canada.” However, in truth cybersecurity is such a big threat that even the SSC on its own can’t handle it. From a government perspective, it is actually “a shared responsibility between SSC, the Communications Security Establishment, which houses the Canadian Centre for Cybersecurity, and the Treasury Board Secretariat. This IT security tripartite is responsible for the protection and privacy of government data, which is data about the citizens of Canada. It is largely stored and processed in the cloud, so protecting it is paramount for us.”
Security is particularly important because a large part of the SSC’s role is about “connectivity between our networks and the cloud, the linkage of our data centres and migrating applications from legacy data centres into the cloud.” As such, “we take an enterprise approach to our cloud security too.” This means having a bird's eye view of the systems and “continuously working with our security partners to mitigate threats.” It also means that to assist in this work, the SSC created a Secure Cloud Enablement and Defence program (SCED) to “prevent, detect, respond to, and recover from cyber threats. SCED delivers an enterprise technical model to secure cloud access to the digital government of Canada, which also in turn improves digital services to Canadians.” Most importantly from a user perspective, “we never see outages and the connections remain seamless.”
The SSC is in a good position within the landscape of the Canadian government. “Our enterprise approach continues to build upon the cloud smart adoption,” and this is important because “cloud services will be critical for the federal government to fully modernize and effectively deliver IT services.” At the same time, there is always room for growth and expansion. “We are exploring the potential of greater sharing of data to better deliver services while protecting privacy.” This is because “we know that a high performing and resilient enterprise network is a key underpinning enabler of a digital government, and it all needs to be done collectively across government as an enterprise.”
- Scott Jones, Executive Vice President, Shared Services Canada