Why agencies must use cloud services


Cabinet’s Cloud First policy requires agencies to adopt cloud services in preference to traditional IT systems because they are more cost effective, agile, are generally more secure, and provide greater choice.

Cabinet requires agencies to adopt cloud services

Cabinet requires agencies to:

  • adopt cloud services in preference to traditional IT systems 
  • make adoption decisions on a case-by-case basis following a risk assessment 
  • only store data classified as RESTRICTED or below in a cloud service, whether it is hosted onshore or offshore

Why Cloud First?

The Cloud First policy enables agencies to better take advantage of emerging technologies to drive innovation and deliver greater value, as described in the Government ICT Strategy.

The key benefits of cloud services for the Government are:

  • more cost-effective IT services
  • increased agility from quicker deployment times
  • greater choice
  • improved security.

Agencies have also highlighted other key drivers for adopting cloud services including resilience, and, in the October 2016 Agency Survey, mobility and collaboration.

Office productivity services

Recognising the increased maturity of agencies, and cloud service providers’ capabilities and understanding of government requirements, restrictions on the use of offshore-hosted office productivity services were removed in July 2016, provided agencies comply with the security requirements for using these services.

There is strong demand for adopting office productivity services, with over half of agency CIOs stating in our October 2016 survey their agencies intend to use these services within the next 12 months. Almost all of these agencies intend to use Microsoft’s Office 365, Skype, Azure Active Directory and Azure Services. To support adoption of the services agencies intend to use, we have produced:

In addition, those agencies intending to use Microsoft services can request the following guidance produced by DIA (email Sandeep.Dalvi@dia.govt.nz):

  • Microsoft’s Office 365 service: available now are a risk assessment, service security certificate, and independent audit report.
  • Microsoft’s Azure Active Directory service: available now is a risk assessment and service security certificate.
  • Microsoft’s Azure service: a risk assessment is available now. A service security certificate is anticipated to be ready soon.

The following Microsoft authored documents may also be of use for agencies intending to use Microsoft services:


Page last updated: 07/06/2017