Rupert Taylor-Price | Vault Cloud | IP Expo
Rupert Taylor-Price, founder of Vault, speaks to Disruptive Live about community cloud within government and why people in Australia opt out of healthcare to protect their data. Hosted by Andrew Mclean.
Andrew: I am now delighted to be joined by the CEO and founder of Vault Cloud, Rupert Taylor-Price. Welcome.
Rupert: Thanks for having me.
Andrew: Right let’s start from beginning, Vault Cloud tell me about it.
Rupert: Sure. So in sort of a short sentence Vault cloud is a community cloud for government and critical infrastructure and primarily focused around hyperscale services in the cloud space and sovereignty of data for Australian citizens.
Andrew: I’m very interested in the government thing. But I am going to start from the beginning. Community cloud. Can you define what a community cloud is?
Rupert: Sure. So I think there’s a lot of definitions from a lot of different people, but here’s my one. So you’ve got public cloud which is your global multinationals where anyone can essentially sign up on to become a customer. Then you’ve got private cloud, which is probably gotten even more definitions but ultimately something that is on premise for a single tenant or a single user and community cloud is a vertical that sits inbetween. So community cloud, it’s like a public cloud but it’s for a select number of users. So in our case, we have two communities. We have two clouds. So one is government and one is critical infrastructure. So if you just take government the only people using that infrastructure are government themselves, now that’s the sort of a more technical list definition. The reality of a community cloud is it’s the company has committed to that community. So if you’ve got policy change or legislative change or regulatory change that cloud will change and adapt from a technology as well as an operational point of view to meet the needs of that community.
Andrew: It’s very interesting. Well the next thing I mean it mentions here about a secure cloud but I suppose government critical infrastructure, it’s all about security.
Rupert: Yeah. So if we sort of take what Vaults done, I actually have to admit when we were building Vault we thought a lot of people would be doing the same thing, but it turns out there weren’t too many of us. So what we did was we took a project called Openstack don’t know if you’re familiar with that but it’s the world’s largest open source project now and we took that from about the Diablo release and then we re-engineered all of the security components to a specific security standard. So in Australia, we’ve got something called the Protective Security Policy Framework and the Information Security Manual and within those there are thousands of controls that you have to put in place into that cloud. And so there are two ways to do this. You can either take a commercial solution and add layered security around the outside or you can natively alter the infrastructure itself and make it meet those security requirements nativel. So this is a massive R&D project that we entered into and working in collaboration with ASD, was part of the Department of Defense at the time in Australia. We spent about six years configuring and coding this environment to natively meet all of the government’s security requirements.
Andrew: Can you tell me a little bit about you mentioned open standards. Can you tell me a little bit about what that means?
Rupert: So if you think back to sort of mainframes very proprietary technology very hard to move in or out of that technology and that sort of exemplified by the fact that many banks and governments still have them in operation today and sometimes the same equipment that was there probably from around the time I was born so then we had proprietary file formats, proprietary software and essentially organizations have gone through the decades of trying to lock their customers in by having a lack of interoperability with other systems. So what’s happening in the cloud space is pretty much the same thing at the moment if you think of the big public cloud, lots of them are proprietary in nature and the best way I try to explain this to people is if you imagine you’ve got the iPhone and iOS and you’ve got Android and all the vendors there, so Samsung, LG, Sony and all the others. Openstack in some ways is to Cloud what Android is to the mobile phone now, of course, the big sexy one is the iPhone but then actually Android has 93 percent market share. So sometimes what makes the headlines and what’s actually being done behind the scenes can be a little bit different. And it’s the same story in Cloud as well. So lots of organisations including IBM, SAP, Oracle, Intel and a whole range of others were worried that the whole market was gravitating towards these proprietary technologies. So they all collaborated together in something called Openstack and ultimately Openstack has opened software and therefore open APIs and then meets an open standard. So what that means is if you’re in the UK government and you’re using a company over there called UK Cloud which runs an open standards cloud and you deploy something in there for the UK government as a managed service provider, you can take that same deployment and deploy it on Vault in minutes. So it’s kind of just a sort of an interoperable layer where each of the cloud speak the same language and there are thousands of Openstack clouds around the world including here we’ve got OBH which of course is massive in France, they’ve got over 300,000 servers. I think they’ve invested just over 1.5 billion US Dollars into infrastructure in the last five years. So the Openstack movement is a massive movement and I think particularly for government, if you think they sort of take in to decades time frames on IT projects and transformation having open standards that can be consistent across that’s pretty important for government.
Andrew: It’s interesting. I mean keep returning to where we began with this conversation community clouds and back in the dark ages of 2009 community clouds were kinda cropping up. People were experimenting with this and were creating community clouds around verticals. Were usually commercial verticles like recruitment. They never really got them to work because essentially it was this I don’t know paranoia that what my competitors on here and whatever it was, but you’ve managed to get it to work. What’s the secret sauce? How do you get all these? That’s the whole thing about community cloud it’s almost a shared ethos, isn’t it?
Rupert: Yeah, it is absolutely and so I think there’s two stories here. So one is in government and one is in critical infrastructure. So if we look at government community cloud has been successful around the world even in the U.S. I mean, ultimately Amazon and Microsoft are actually running community clouds for government. The government there doesn’t use public cloud. They’re using government community cloud from very large cloud providers admittedly. In the UK and in Europe and across Asia and in China, it’s the same story. So it’s not just the bolts had a breakthrough here. Community cloud for government makes sense. And of course as you said, there’s a little bit of tension between the people in the community, but of course in government, you know in Australia the Australian tax office and the Department of Human Services in theory and in largely in practice and not really trying to compete for intellectual property, so that works well there in the government space. I think the critical infrastructure space is a little bit different. So critical infrastructure in Australia is governed by the Department of Home Affairs which has decided what’s critical infrastructure for Australia. Now banking for instance fit within that group and so they’re part of that community for us. Now, I’d probably say the banks are a little less keen and you know, would obviously like exclusivity with what they do with us, and there’s a whole sort of narrative and construct there. And that does make it harder but ultimately with sort of the amount of investment and technology we’ve got it still becomes compelling to make that move and make their choice and when you’re talking about the protection of citizens data.
Andrew: Well I can imagine. So you’re the founder. I mean, how how did this all come about?
Rupert: So I had a and still do own a previous company to Vaults and that holds a lot of Australia’s sensitive data including Social Security Information. And that company was trying to be a software company rather than an infrastructure company, but of course because of the security and sovereignty requirements of the data there weren’t really many viable choices for us out there. So I think we did what many other people have done and we couldn’t find a solution to our problem. So we created a new company which is now of course larger than the company that it was founded out off.
Andrew: So my final question would therefore be Vault Cloud. Where next?
Rupert: So I think the big challenge for us is really communicating to government the importance of sovereignty. It’s actually interesting. So the population of Australia 93 percent according to a government survey last year actually want sovereignty of their data. So it’s a really big important voter issue for citizens, but I think to then translate that into practical procurement decisions for government that can be a bit of a disconnect there. So we’re going through a big education process of trying to get our partners and government to understand the implications of sovereignty and how data needs to be treated.
Andrew: It’s a tough one. You know, my mother struggles to remember a password for a computer and I kind of think this is the thing with data sovereignty of giving people control of their own data. That’s a huge educational thing, its a lot of education. I mean is it achievable?
Rupert: I think it absolutely is achievable and I think the interesting thing so a lot of people have that sort of response, you know, a lot of people choose to give away their data. They’re not very good at security themselves. Why should government really be any better? But the cold hard truth is that there is an expectation of citizens from their government which exceeds their expectations of themselves. Now we could argue whether that’s fair or not, but that expectation is there and so I think that the need to have government instill trust in people is important and we’ve got an interesting situation in Australia at the moment a recent survey came out or research report that came out that said that 22,000 Australians die per year because medical professionals don’t have access to health records in an immediate fashion. At the same time as that we’ve had a million Australians opt out of eHealth and that’s not ticking a form as you go through a process that’s actively going to a website and registering to opt out. So if you think of how important this issue is for people, they’re literally willing to risk their health or have a reduced health service in order to secure their privacy and sovereignty of information.
Andrew: Why would I mean just help me here. Why would they opt out of, why would a million people opt out of this?
Rupert: I wouldn’t want to speculate too much but I think that the main reasons around that are lack of trust in government security, a lack of belief in that the government would treat their data with privacy .
Andrew: So it is a problem in Australia?
Rupert: I actually think it’s a global problem. I think it’s a global trend and I think as I said, there’s a really strong movement within the population of Australia, but then obviously it takes government a while to catch up to that change.
Andrew: It’s really interesting because obviously in the UK we have the NHS but I don’t think there is such a thing as the option to opt out of being on the database records.
Rupert: No there’s not.
Andrew: So I’m very surprised to even hear that the options available and because the option is available there have been a million people that have removed themselves from it, it’s very very very different than what I’ve seen in Europe. So it’s very interesting.