Member log in

Govt ICT: Autocracy, all-of-government contracts, common capability and questions

The New Zealand government is pushing hard to get common ICT services in place and with over seventy five central agencies and another 125 or more outlying agencies, and a multi-billion dollar annual bill, it makes sense. However, the services are not well understood within Government and questions need to be asked about the wider context in which they are being built, and if that is what we want as a nation.

The last blog was a bit of a primer, this blog looks at what the actual services are, and what the government is trying to do to push those services into central agencies.

When you talk to ICT professionals within government agencies there is a lot of confusion over what services are available, what categories they fall into, their actual usefulness, and the what must be taken up and when. There is a general, misconception, that a) the central government services will meet everyone’s needs and that b) they are mandatory, that being there is no option but to take the service. These two assertions need some definition.

Firstly, the services themselves. They actually come in three different flavours. The first is Common Capability, the second is All of Government (AoG), and the last is Government Supply Board (now known as N3).

N3 is the oldest practitioner, having been around for many years as the Government Supply Board, and has a raft of deals for government. However, in general, it doesn’t provide the high-end ICT services that we are talking about, so we’ll leave them out of the discussion.

AoG again does not supply high-end ICT services but it does provide some consumable services. You can find all the details here, at a summary level AoG services are; Advertising, Electricity, Energy Management, External Legal Services, External Recruitment Services, IT Hardware (being end user devices like PC’s, laptops, and tablets), Mobile and Voice, Office Consumables, Print Devices, Reticulate Gas, Travel, and Vehicles. Again, like N3, we aren’t much interested in these services.

What we are interested in is the Common Capability set of services. These are the ones that are occasionally mandated by government, are high-end ICT services, and are part of the government strategy to centralise and share ICT resources. This blog is going to look at each of them in some detail and ask whether they provide a good fit to agency needs. My opinion, of course.

Before we do that, let’s look at what “mandated” actually means. The only people who can mandate the use of a service are Cabinet, or the Head of the State Services Commission on recommendation from the Government Chief Information Officer (GCIO). “A mandate means that a capability must be taken up when there is a natural place to do so in the product lifecycle, and Agencies can only ‘opt out’ under exceptional circumstances with permission from the GCIO.” – Source: Common Capabilities Forum Presentation December 2013 (CCF2013).

Mandates only apply to Public Service and non-Public Service departments, the rest of the state sector and crown agencies can opt in if they choose to do so. However “the GCIO expects an agency’s plans to take up common capability services to be reflected in core agencies’ planning processes and investment intentions.” – CCF2013

Basically what this says is that for mandated services, where an agency is due to replace them, then it [the agency] should make an effort to adopt that service. However, if that service is expensive, or does not meet agency needs, then I would suggest that falls into the “extraordinary” opt-out clause. As we will see, not all mandated services will help all agencies and some come at a hefty price where the same, or better service, can be sourced directly from the market.

The services themselves are a very small proportion of an agencies overall ICT needs. It’s worth remembering that. They are valuable in their own right, but they do not allow for almost all of where the ICT money is spent, core business applications, and they can’t, because every agency’s core applications are heavily customised to that environment, so sharing them is almost impossible. Worse, surrounding applications that might be able to be shared, Finance for example, are heavily integrated with the core applications making them heavily customised.

The current Common Capabilities are then:

  • Common Web Platform
  • Common Web Services
  • Desktop as a Service
  • Enterprise Content Management Systems
  • Infrastructure as a Service
  • IT Managed Services
  • Microsoft Licensing
  • One.Govt
  • RealMe
  • Security and Related Services
  • Secure Encrypted Email
  • Office Productivity as a Service (Coming)
  • Identity and Access Management (Coming)

Let’s take a look at each in turn, because they are all different. Again, this is my opinion, you need to go and read the full fact sheets for each to make up your own mind.

Common Web Platform and Common Web Services

I’m lumping them together because they sort of go with each other. One is the platform that websites run on and the other are the services that you use to create and manage web services. The Common Web Platform is delivered by Silverstripe and runs on the Gen-I – Revera Infrastructure as a Service. Neither are mandated and both have contracts that run through until 2016. There are twenty one different suppliers for web services.

Without seeing pricing these both seem like a good idea and its nice to see that a New Zealand company won the platform deal. The contract is short, and the number of providers in the web services area is high, so agencies have excellent choice.

Desktop as a Service

This is one of the newest and best, in my opinion, services. As well as providing virtual desktops to agencies the service also allows for the management of the desktop itself. This means that things like application fault calls, service calls, packaging of agency bespoke applications, and the like are an extension of the service itself.

The service is smart because it represents the way that end user services will migrate in the next few years. Away from fixed desk personal computers to work anywhere, anytime, secure access on remote devices that will also cater for bring your own device (BYOD).

It won’t cater for every user in government, but it will cater for the majority. The pricing I have seen, despite what I had heard earlier, is extremely competitive. It will stand up against the current Amazon pricing as I understand, which is a victory for Common Capability as others don’t.

The contract length is not known, it is not mandated, and there are four companies (Dimension Data, Datacom, Fujistu, and Gen-I – Revera) that can provide the service in two standard flavours. There is a rush on from agencies to investigate the service and the uptake is likely to be rapid and high. It is what you expect a Common Capability to look like.

Enterprise Content Management Systems

The bane of every ICT organisation a content management system is the evolution of the old file server to a newer, supposedly more open and searchable data repository. This contract runs until 2017 and includes three providers. Intergen (Sharepoint), OpenText (Content Suite), and TEAM Informatics (Oracle.)

It’s my opinion that this is one of the contracts that is flawed. Possibly because it was put together by commercial and legal people and the ICT professionals didn’t have as much influence as they should have? The contract is not flawed by what it contains, but by what it doesn’t contain.

For example, more than a third of agencies use a product called Objective. The company has over twenty local staff and has been in busy for more than a decade. In Australia they are deploying their Cloud based system, which, according to the marketing spiel is saving customers up to 80% in costs.

So why didn’t they make the cut? Where we have some services that have up to twenty one providers (or more) this contract has only three and misses a product that is already embedded in a third of the market.

Worse, content management systems are notoriously embedded within agency ICT systems, which means the amount of work to change from one to another, is high, and very expensive. At least it hasn’t been mandated.

Infrastructure as a Service (IaaS)

This was one of the first Common Capabilities and she is showing her age. One of the most misunderstood and potentially in today’s market, least cost effective, the service itself is misnamed and its capabilities are less than realised. Doesn’t make it bad, but the record should be set straight.

IaaS is a cluster of services that could be summarised as Facilities Management, Capacity on Demand, and Backup Services. Facilities Management means that an agency can take their datacentre from their own premises and put it in a leased, shared, datacentre. It’s a smart service and a lot of agencies are working toward doing just this. Capacity on Demand is the ability to quickly deploy processor, storage, and servers to an agency. Both services will save you money over traditionally managing your own facilities and purchasing your own infrastructure. Backup Services are a little more tricky and its questionable as to whether it makes financial sense, or indeed, whether Backup Service will even be around in two years.

Where the problem lies is firstly in the name. IaaS is a standard definition for a very specific Cloud Service. It allows companies to rent infrastructure over a wire as they need it. There is no contract and the end user can procure the services without the intervention of the vendor. Services can be rented down to seconds and hours, so you only ever pay for what you use. IaaS in this case should possibly be renamed Utility Computing, in order to take the somewhat Cloud washed definition out of the market.

The contract extends out a very very long way, 2019, with a right of renewal for five years after that. It’s too long in today’s age. There are three providers, Datacom, Gen-I – Revera, and IBM, who deliver the service from within New Zealand. There is a persistent rumour that IBM will exit this market as they, apparently, have not had a great deal of success attracting agencies to their datacentres.

Prices vary wildly between the three providers and without giving away too much, agencies are well advised to carefully shop around. Some prices for storage are as high as 75c per GB or more while others are down around 40c per GB, as an example.

Not all ICT services can be managed by the service. Generally, it provides a standard view of services that does not necessarily provide a good fit for agencies that have older, proprietary systems. This means that the agency has to migrate across from one type of infrastructure to another which can have very high cost implications.

Putting aside the cost, complexity, incorrect name, and risk of transitioning, the market itself is a very long way ahead of the IaaS services.

Amazon, Microsoft, Rackspace, and other big Cloud IaaS providers are in Australia and will be in New Zealand shortly. It’s inevitable. Either through a reseller agreement, or through deploying their own datacentres, its only a matter of time. The cost and service they deliver will force another migration of services from IaaS to true Cloud providers. Let me give you an example of cost.

For a thousand server agency, with a petabyte of data, including high availability, and DR, the cost per month is approximately $30,000 USD. Local prices are going to average ten times that amount or more. As for data sovereignty, often raised as a reason for not using local services, its a non-issue. There are a number of industrial strength solution available that allow you to store data overseas without breaking any data sovereignty rules.

It doesn’t help that IaaS is mandated.

A lot of agencies are in the process of investigating, choosing, planning, or moving their datacentres into an IaaS provider. This is a good thing and the companies involved are highly skilled at managing facilities. It saves money and significantly reduces risk, including that of a disaster.

The question is can IaaS evolve as quickly as the market while on a continuing cost reduction plane? Most large Cloud IaaS providers are decreasing their costs as time goes by. Amazon has had over eighty cost reductions since it started delivering the service with the most recent in the last week.

The jury is out on IaaS and its future. I suspect that if those companies start to wrap other valuable services around the offering then it will make it far more attractive to agencies.

ICT Security Services Panel

Nothing to see here. A list of twenty one suppliers that can help you with all aspects of ICT security management. It is a mandatory service, and the contract runs until 2015.


This has been around for years and is delivered solely by Dimension Data, the contract extends to 2019 (a long time again). It allows for the secure delivery of email up to a certain classification level. Over time, as new products evolve in the market (thanks to the NSA and PRISM), this service will be harder to justify and at some stage the question will need to be asked as to whether it should be opened up and reviewed. Until then, it just works, which is always good in ICT. The service is not mandated.

Microsoft Licensing Agreement

Effectively a bulk purchasing method for all Microsoft products delivered via a variety of Large Account Resellers. Makes sense, most agencies use it. The service is not mandated.


This was one of the original Common Capabilities that grew out of the old Government Shared Network that fell over with a hiss and a roar a few years back. It is contracted to 2019, mandated, and only delivered by Dimension Data.

It suffers from pricing problems. Initially it was the cheapest service on the block, however over the last couple of years at least one large agency has managed to buy the services from another telco at a much reduced price, and opted out of the mandate.

New telecommunication constructs, companies, services, and pricing are evolving every day. Once again, this is a service that should be reviewed well before 2019 with the advent of newer services like the Research and Education Advanced Network (REANZ) that some agencies are starting to investigate.

IT Managed Services

Buyer beware. The idea behind this service is to be able to purchase ICT Service Management from a variety of providers. So those of you who aren’t ICT savvy, ICT Service Management is a middle layer of services that are often bought within an outsource contract or are managed in house.

The include things like Incident Management, Problem Management, Capacity Management, and other industry standard processes.

Here are the issues. If an agency isn’t doing their own Service Management well, then asking someone else to do it often results in a poor outcome with a much increased cost. In other words, you don’t  outsource your problems.

Secondly, if you do outsource this service you do it as a total package. In other words, a full outsource contract. It’s the only way that it works in practice and its tried and true.

Buying Service Management in an existing outsourced contract setting is a recipe for miscommunication and disaster.

That will probably be why the service is noted on the website as: ”Scope is currently under review to meet agency demand in alignment with common capabilities and the Government ICT Strategy and Action Plan to 2017.” In other words, it ain’t working.

It is not mandated.


Around for many years and managed via New Zealand Post RealMe is the service by which you and I use to get a username and password to interact with Government online. It’s a tried and true, slowly evolving, identity access management system that will most likely continue to grow and support the increasing online transactions between the citizen and government.

RealMe is mandated.

Office Productivity as a Service – OPaaS (Coming Soon)

Originally slated to be delivered by July 2013, work is still continuing to refine and make the service available. This service was effectively the deployment of Microsoft 365 onshore, though indications are that it may have changed. “Priority for first phase will focus on calendar services and email – including archive and data loss prevention. This phase will also include a proof of concept to demonstrate usability to interested agencies.” - CCF2013

If it is an onshore deployment of Microsoft 365 it is likely to run into a host of problems for agencies.

Firstly, Desktop as a Service (DaaS) effectively provides a simpler, more elegant delivery of Office systems, so why would you choose OPaaS if you were going to get that, and more, from DaaS?

Secondly, the costs are likely to be high given that Microsoft will have to establish local infrastructure to house the service. The reason for this is that this was the only initiative that mandated data sovereignty, and as I’ve pointed out, that comes at a cost, and with today’s add-on Cloud services, is a non issue.

Lastly, office systems are generally very tightly integrated with an agencies core applications and enterprise content management systems. For example, agencies using content management systems couple those, at a software plugin level, with office systems. So how does that work in a Microsoft 365 scenario?

It will be interesting to see how this pans out and what the final service looks like.

Identity Access Management (Coming Soon)

Little is known about this yet, except to say that the problem that is trying to be solved is one of Cloud. Each Cloud service has its own security system that must be integrated with an agency’s security system.

The problem is finding a common system when agency’s have differing security systems, Cloud providers have differing security systems, and the number of moving parts is high.


  • Not all Common Capabilities are equal
  • Common Capabilities will not service all of an ICT organisation’s needs
  • Risks of integration, complexity, cost, and lock-in exist

Ian Apperley is an independent cloud computing consultant. He posts at


More by Ian Apperley

Comments and questions

A good article to clarify the "geek speak" which the average consumer does not understand, and I suspect will still not understand. The biggest problem with govt ICT is not the complexity of the technology (and it is) but the complicated nature of the processes it is trying to provide services for.

A professional business analyst is not an IT analyst but someone who understands the underlying organisation purposes, principles and processes, and whose job it is to create a system that upholds those things. He is the guy who will question and recommend changes to the underlying processes in order to create a system that is more efficient and streamlined. Unfortunately most ICT analysts just see the complicated underlying systems as a cash cow because of the immense work required to create an ICT system that manages the complications. NovaPay and Incis immediately spring to mind. It is a rare analyst who will downsize their own contract by advocating underlying change to simplify.

The role of every good CEO is to maximise productivity while minimising expenditure on overheads and administration. One of the health factors of a good organisation is more reliance on systems not people, and reducing complexity and micromanagement. By systems I do not mean ICT, I mean the processes and procedures that are aligned to the goals and objectives of the organisation. Proper alignment requires keeping things simple.

All the ICT in the world will never DE-complicate govt or reduce ICT expenditure or issues. It has to happen with the govt first.

"You can put all the lipstick you want on a pig, but at the end of the day it's still a pig."

Good article, reveals how government infrastructure works at the public-scrutiny level. How about doing an article that reveals 'deep, hidden' government infrastructure, eg hacking / spying on public computers, cellphones, and ATM purchases? What microsoft products are in use there? What is the ICT infrastructure? Would be a fascinating read. Timely.

Hi Ian

I think the 22,000 seat Auckland City Council and NZ Police could have benefited from this type of VDI infrastructure. Unfortunately they are a physical desktop roll-out and Citrix farm respectively.

A good read, thanks.

Two more big services that are listed as being explored within the GCIO's Action Plan are finance and HR. See Action 25 - while they talk about introducing FMIS and HRIS common capabilities they actually go so far as exploring the feasibility of providing common services in this area.

The panel system and AoG initiatives are depressingly unimaginative and in most cases ridiculously exclusionary. There is very little strategic or visionary thinking and nothing much to suggest that new businesses or technologies will get a look in until they are old.

Case in point, the DaaS RFP (lauded in TFA) stipulated that it was mandatory that suppliers supported Windows. Whilst it is important Windows retains support that was hardly a stipulation that will drive choice, competition a new thinking.

The fact that there is no strategy for open source adoption is bizarre. Of interest and relevance is this article pointing to the UK governments drive for innovation, open source and use SME suppliers. It's a long road and battle against hegemonic interests, but at least they are on the right track.

Money quote:

"The incumbent big supplier bid £4m; a UK-based small business offered
to do it for £60,000. We saved taxpayers a whopping 98.5%. I don't think we can make savings of that scale everywhere but hard-working people expect us to try as hard as we possibly can."

Yes, thanks to Ian for laying out these various programmes in a digestible format for busy people. I must, however, second with Don's question: why are we content to commit our government (and therefore our business and private IT users who are required by law to interact with government online) to a proprietary proprietary platform like MS Windows, Office, and Sharepoint?

I gather very few business people (or government policy makers) actually follow one of the main rules of business: never make your business dependent on a single supplier you don't control. In the case of MS and it proprietary products, our government is doing precisely that - not only failing to question the wisdom of an MS monopoly in NZ, but *actively underwriting it* with gov't policy.

It's absurd, expensive (monopolies are *always* more expensive), and ultimately working against NZ's domestic IT industry who can only ever nip around the edges of the MS monoculture. Even worse, these pro-Microsoft government-wide policy decisions force the rest of us to comply in order to maintain compatibility.

Thanks to you all for taking the time to make some great comments.

I agree with the sentiment.

It's amazing the number of people, ICT companies, that come to me and say "we agree, but there is no way that we can express it in case we get cut out."

To me, that it is a large part of the problem.

I've always expressed my opinion, and that has cost me work, and I think that we need to express more as an industry about what actually happens on the ground.

This is our year to make a lot of noise, express our ideas, influence government policy, and engineer change.

I encourage everyone to do that, and I am more than happy to be contacted by you all so that I can keep pushing the point.

ICT in New Zealand is a rising star that can outdo oil, dairy, and manufacturing.

Would be great to see market forces maintaining the market, yes a set frame work/ terms and conditions wrapped around ICT service offerings makes sence as does a competeitive marke place, however in my experince when you put one head at the top controlling whos in and whos out its a recipe for disaster, restricts innovation, creativity and fuels conspiracy.