Key lessons from the Singapore government's ambitious whole-of-government cloud migration strategy

As part of the Singapore’s Digital Government Blueprint, Singapore’s Government Technology Agency (GovTech) set an ambitious goal to shift at least 70 per cent of less sensitive government systems to the commercial cloud by 2023. 

Thus far, government agencies across Singapore have collectively migrated close to 60 per cent of workloads to the commercial cloud, and are on track to achieving their target of 70 per cent by the third quarter of 2023. 

This is no perfunctory shift. To date, 95 per cent of government transactions have been completed digitally from end-to-end. 86 per cent of citizens and 77 per cent of businesses reported that they were either “very satisfied” or “extremely satisfied” with digital government services in Singapore, according to a 2019 GovTech survey. 

A key part of this success is GovTech’s “wrapper platform” for government agencies to adopt the cloud with haste and no hassle, the Government on Commercial Cloud (GCC). The “cloud agnostic” platform enables agencies to use leading cloud service providers such as Amazon Web Services (AWS), and currently hosts over 600 government digital services. These include MyCareersFuture, MOE’s Student Learning Space, among many others. 

“Today, our tenant creation process only takes less than half an hour, from the first click of a button to the point where a tenant – a government official interested in using the GCC platform – is successfully created on the GCC,” says Mr Tang Bing Wan, product owner for the GCC. Prior to his current role, Bing Wan was part of the GovTech cloud adoption team, which consulted government agencies on the cloud architectures most suited to their needs. 

At GovInsider’s recent panel, “Navigating the cloud landscape for the public sector”, held in conjunction with AWS and Xtremax, Bing Wan spoke alongside representatives from the Central Provident Fund Board (CPF Board) and VITAL to dive deep into their experiences with cloud adoption. 

Learnings from CPF Board: A story of opportunistic cloud migration 

In 2019, the CPF Board underwent a “tech refresh journey” for their website. 

“By then, we were quite aware that the technology landscape has grown by leaps and bounds, so migrating to the cloud was a no-brainer decision for us,” said Ms Betty Lee, Director for CPF Member Applications at the CPF Board. 

“But a lift and shift approach was not something we wanted to undertake, as we wanted to eliminate some of our greatest pain points with our legacy applications – one of which was the whole-of-website downtime that occurred when we deployed new products or enhancements to the website,” Lee added. Proponents of a government cloud strategy have highlighted that the migration to the cloud offers agencies a chance to review and reform current processes.

The CPF Board rebuilt its entire infrastructure on the GCC, redesigning applications to harness the latest technologies available and incorporating security tools into their development, security, and operations (DevSecOps) processes. To reduce operations overheads, they procured managed services for their web content management system. 

But the journey did not come without difficulties. One week before the launch of their new site, users reported that they couldn’t launch the CPF website from the Singpass mobile app, Singapore’s national digital identity platform. The team quickly escalated this issue to their CIO so as to get in touch with a senior director in GovTech.

“We had to fine tune our authentication mechanism and conduct a ‘rippling effect’ of changes to our legacy authentication component. After a few to’s and fros, we managed to settle it two days before our planned launch date,” said Lee. 

The site has held steady ever since the launch, and this tribulation demonstrated the team's unwavering tenacity and creativity, even in the face of adversity, Lee added. 

Treating government agencies as the customer 

“A lot of times when we build a platform, what we thought would be an accelerator for agencies may not translate to the actual intended experience at the end of the day,” said Bing Wan. 

To address this gap, Bing Wan said that rather than merely building a platform, GovTech adopts the product making approach, and refers to other government agencies as the customers. 

Listening to customer feedback and optimising the customer experience hence became key. “In order for them to tap on our platform, do we know the pain points that we have? For example, are outsourced contractors trained with the right skills? Would they be able to use a particular platform that we have built with certain underlying technologies?” Bing Wan said. 

The same mantra applies to any government agencies providing an outward-facing digital service. This was the case for VITAL, a central agency that delivers corporate shared services to over 100 other government agencies. 

“We had to first establish the need for the product, and find out what’s really in it for the user to adopt our services,” said Mr Alex Tang, Director (Service, Innovation and Compliance), VITAL. 

To do so, they first had their own agency act as a use case for proof of concept, before moving on to polls and surveys to truly understand if other agencies had the same intent to tap on automation. 

“Current ERP systems are just like your MRT stations – they take you from town to town, but they can’t take you to your doorstep. Robotic process automation can be the last mile tool to bridge that last little journey, just like an electric scooter,” said Alex. These “journeys” could include extracting and preparing reports for management, mass-sending emails, or processing and analysing data for business decision making. 

Tapping on private sector capabilities 

Bing Wan emphasised that GovTech built on existing native services when launching the second iteration of the GCC, GCC 2.0, last May. This aimed to encourage GovTech developers to tap on existing private sector services rather than duplicating efforts.

For instance, his team has replaced jumphosts – systems used to access and manage devices in a separate security zone – with existing cloud-native solutions on GCC 2.0, such as session managers and bastion hosts by cloud providers. 

“Even as a government agency and platform provider, we realised that there’s no way we can catch up with the velocity of some of the services already offered on cloud. So we decided that our strategy is to tap on selected native services that the cloud has to offer, so we can stop building replicas of these services and focus our efforts on improving government agencies’ experience in adopting cloud technologies in a compliant manner,” said Bing Wan. 

Enter microservices: the parts that make the whole better.

James Leong, Chief Technology Officer of digital transformation company Xtremax, shared that the reason why GCC 1.0 was able to roll out within a matter of months can be credited to the engagement of microservices. Leong was one of the leading architects of the GCC 1.0 platform. 

“Microservices democratise product development such that not only one person can work on the scaling,” said Leong. This allows for multiple developers to scale up an agency’s digital services simultaneously, instead of merely hinging on a single project developer.

The challenge, therefore, comes with co-developing and good project management. Every developer must have the same way of logging and communicating with each other when they work in their respective microservice containers, Leong said. 

The security and compliance labyrinth 

When asked for one piece of advice that he would give to other government agencies earlier on in their cloud adoption journeys, Alex suggested taking a good look at the agencies' data. “ Data security is critical and different agencies have different contexts. However, are you being overly stringent in your classification of data, and perhaps even limiting your own ability to tap on cloud solutions?” he asked. 

Mr Philip Tran, partner solution architect at AWS, pointed out that after migrating to the cloud, agencies often have to engage in high-maintenance manual processes to comply with security standards. These processes could include collecting data and gathering evidence from multiple sources to audit the risk management practices that have been put in place. 

With offerings such as AWS Config, AWS Security Hub, and AWS Audit Manager, a lot of these processes can be automated while still adhering to established security standards, said Tran.

“After all, the shift itself might be analogous to a nine-month long pregnancy, but after the baby is born you still have to nurture and look after it – and you have to make sure that you have the right capabilities and people to continue on this journey,” said Lee.