ℹ️ CIO Week: Fireside Chat with David Clarke

Hello. Welcome to Cloudflare TV The Extinction of Al CIO Week. My name is Raymond Maisano, the head of Cloudflare for Australia and New Zealand, and it gives me great pleasure today to introduce David Clarke, who's the director of Platforms, Integration and Data at NDIA. Welcome, Thank you. Well, I'm going to start with a couple of very leftfield questions just to get the ball rolling and then we can get in to learn a little bit about yourself. But here's my quick five questions for you. Coke or Pepsi? As long as it's Coke Zero or Pepsi Max either. All right. That's good. Well, how about this one? Coke or wine? I think I'd have to go Coke. Okay. All right, fair enough. This is a religious one, so you can you can bet it off if you don't like Star Wars or Star Trek. Star Wars. Excellent. A they all they ate. Uh, ev, definitely. All right. And the last one. A sporting one. Another religious one. Cricket raffle. Definitely cricket. Very good. All right. Thanks for giving us a little bit of insight while we're hearing about you, give us a little bit about your background, your journey to the role, that way you where you are today. Sure. I was just saying this before to someone this morning that I've been working for 20 years now. I can't believe it. It seems like such a long time. I started out working for my own business and then helped a couple of my friends actually start their businesses and do some of their IT for them as well. At the same time, I moved into government pretty quickly and I started working for large government enterprise where I ran it support across Australia for them. That was really cool because we got to have a really good view of all the latest technology and all that kind of stuff. Along my journey along the way, you know, it's pretty gray in between that about five, six years ago I got the, got the, got the opportunity to start working with the NDIS and I really liked what they won't call the NDIS then, but really like what their organization was about and ended up moving over to the NDIS to look at their data and analytics capabilities. I'd come from an I.T. background we really were after to enhance the agency's capabilities in that stage, in that in that place, worked over there for a couple of years and about halfway through last year moved over to the ICT area to help them with their cloud journey and move all of our services completely out to the cloud using a few different, few different vendors. It's been quite a quite a journey, but that's what's got me here today. Excellent. I mean, there's a fascinating sort of run through to where you are for these people. Could be people from all around different places around the world who may be listening to this. Explain a little bit around the NDIS. If I recall correctly, this was a Gillard government initiative that really enacted around 2013. Do you want to just give a little brief insight into who the agency is and what their focus is? So, so the NDIS is, is there to allow Australians with a permanent significant disability freedom choice to live the life they want to live. We're here to help people with a disability, access the right supports, as well as helping them build this system to help build their skills and actively participate in the community. And it's there to also, you know, help and give peace of mind to families and keep people's loved ones knowing that, you know, people are getting the right support to leave an ordinary life on their terms. It's an amazing sort of representation for what the government does for its citizens. So I assume that makes you proud of the dog in the background. The dogs are proud. I mean, you must be proud to be part of an organization who helps those who need that assistance and helps Australians really live a better life. 100% like I can't. It's amazing the work we get to do and the people we get to work with, and then at the end of it all, we know what cause we're doing it for. It's an it's an absolutely amazing agency to work for in terms of the outputs and outcomes that we get out of it and citizens get out of it as well. I think it's definitely come a long way since it was a trial and today we see all the excellent technology with the mobile app that's been announced and the really good usability and user experience design that's gone into that from the team. Things like that really, really show what we're doing here is, is really important. Yeah, I think that's wonderful and it's great to be passionate about doesn't really come across as being passionate about who you represent and what you do. So. Director of Platforms Integration Data It's an interesting, interesting title. Give us an idea of your priorities. You focus and define what you believe success is for you and your team. Yeah, sure. It's a pretty big question. So the name of the title actually came about because we thought about what we want to be really clear on what we do. A lot of other teams in different agencies call themselves cloud services, this kind of stuff. We want it to be really clear on what we look after. Our priorities are around ultimately providing the best experience to participants, staff and our partners and increasing our reliability and performance and usability, right? So that's that's our main focus and priority behind that. We're moving everything to cloud. We're going cloud only. And we've also obviously we're migrating lots of applications from their legacy state into either new services that we're provisioning that are cloud native or actually moving the applications into cloud. Obviously with that is a lot of work because when you have a Castle and moat network, it's a lot different to going into the cloud, maintaining your security, and you're a lot more vulnerable in that position because of intrinsically how it works. So it's really important that we don't just go and grab something, go put it there. And from a cost perspective as well, we've got to be careful of that because a lot of people that have sort of moved to cloud previously have sort of gone like most, most projects when this went on about six years ago, failed across private sector, government, all this kind of stuff because people went to cloud thinking that they were just going to save a lot of money. And then they realized, well, actually, you know, you've got to be careful on it. It's not just the thing. We're not just going to lift and shift everything to move it out. We've got to be really careful about what we do, where we put it and why we put it there and how we actually do those things as well. I think that's excellent governance on what you do. Actually, I think that's interesting for people to also note, if I'm correct in this place, correct me if I'm wrong, this was embedded in was it DHS as those sort of group services and as it became a bigger agency, we really extracted them. So is that correct? You've sort of separated from the agency? Yeah. So obviously there's certain services that we are steering our own destiny on. You know, Services Australia, Human Services, as they were known previously, is still a big part of what we do every day. We are, but with some services where we're moving those to cloud to get to get an advantage on some of the things that we have around Salesforce and our other programs that we've got to improve the experience with our participants. So this is our CIO Week or the extension of our CIO Week. And there's obviously lots of CIOs and interested who are listening to this and getting an insight into an organization, government agency and a government agency who I believe is one of the forward thinkers. Last year, difficult. While the last two years has been a really challenging time, COVID really turned everything upside down. Paint me a little bit of a picture of how one contended with the immediacy of everyone having to be remote and also then to how did that impact the plans and how did you manage the pivot, if there was one? Yeah, really weird because before COVID, I mean, being in an on premise environment, you tend not to use a lot of video conferencing and most of your stuff is via teleconference, via your mobile phone or the desk phone. And one of the really successful things that we did as an agency was pivoting to to teams. You know, our branch manager, Lyle Wells, quickly got that in and we were able to like that was spread across the agency very quickly and really enabled the agency to do those remote workforce kind of things. One thing it was like my team especially, you know, we're spread across the country as it is. So it wasn't a huge change to us. The change was interacting probably more with other teams. So rather than seeing them, rather than hearing them on the phone now, we were seeing them face to face via video conference. I think if I'm honest, though, you know, a lot of my team, we got a lot of passionate individuals and we talk loudly and we're very I should say we're very good at communicating and projecting a voice. However, not everyone else in the office likes it. So maybe this was actually a positive a positive thing to us being on the video conference at home, because it was a lot better for people probably than hearing our loud voices, especially when there's two or three of us in an office. You know, there's not always a meeting room available because lots of meetings going on. So yeah. Probably better in some ways. For others I like there's always well with every challenge there is an opportunity and how we how we, how we learn from them. I think that's a good thing. And I agree with the same sort of sentiments around. We're seeing people more often. And I think part of what we've also learned as people and society is the acceptance of having these new tools and really turning them on and leveraging to a great extent. Has that also enabled you to pick up resources in other areas that you may not have traditionally looked at because you're not as office bound as once was? Yeah, I think I don't think it's made any difference to the resources we picked up. I think it's definitely given people what cover was a lot more flexibility in what was quite a tense situation for the whole country. It's it's been a lot more flexible for people dealing with that crisis. At the same time across the country, it's been, you know, especially when there's been potentially outbreaks and that kind of thing, being able to continue the workforce and not have to worry about that and to be able to attend the office when it's when it's suitable to, it's been a lot easier. Whereas previously, you know, when you don't have everyone potentially working from home, your technology in that area is not necessarily the best it could be, right? Because before COVID, I think most organizations would have thought that working from home some but most would would have thought, you know, working from home is a rare thing. So you wouldn't necessarily have everyone out there. And then, you know, a lot of gateways and stuff, a lot of traffic or this kind of thing. People weren't prepared for it. I think that's what's been good about it is that flexibility of being productive when you're at home now and making sure that the technology is working for people. So yeah, sorry. How has that changed the way your team sort of works? And really, what have you learned through that period of challenge? I think it's probably highlighted that the communication mechanisms that we were using previously around chat and telephone probably weren't enough. I think we definitely miss face to face. Obviously, we're starting we're moving back into offices now. And we're starting to come back to the office. Obviously, the flexibility has its place, but being able to see people face to face is never going to get beaten, really. But I mean, having a video conference there and being able to really engage with people and see their faces is really important. We have a we have a rule in our team when whenever we're in a team meeting, everyone's got to have the video on. And that's because we like to make sure we can read people's facial expressions and all this kind of stuff because it's when you when you're talking to someone on the phone or you're talking to chat, you really do miss that. You know what people are trying to say? It's like texting someone. And I think over this period, we've definitely learned that having that is definitely a better asset than definitely not having that, especially as our country, as a as our my team works across the country, we work, we've got Sydney, Brisbane, Melbourne and WA. So having people in Canberra, so having people across that, that number of states, not being able to see people is hard. It's a great insight. So thank you for sharing that. And just on the coverage across Australia, every one of those being in different states of lockdown or not. Yeah, the like. It's been obviously challenging for everyone in that regard. Definitely. So, so let's let's sort of move on to security and understanding the sort of frameworks and guidelines that are really helpful to you and your team. And, and did, did this sort of force the view of we'd be thinking about Zero Trust or did this help accelerate the drive around zero trust? I think it's done both. I think when we looked at how we were going to migrate to cloud, it was always going to be via a Zero Trust strategy. Definitely. It's definitely accelerated it because we're accelerating our plans to make sure that we move to cloud successfully. Zero Trust is part of our core ecosystem. The idea behind it with every service we use and thankfully, you know, the vendors that we work with and the products that we have fit into that ecosystem nicely of zero trust where you know, from our architectural perspective and security, that's really one of the pillars that we need to consider when we're doing anything. And if we have applications and products that don't meet that, we really need to evaluate their use within our environment so that we don't have security holes. It's important because, you know, we don't have anything to protect us out there like a moat where we can say, Oh, well, everything on the inside is secure because it can't get out. We don't have that in the cloud and we don't have that in the in the new office space, which is at home. Right. Or, you know, in a cafe or and not for our agency. But just in general, the workforce is moving to not necessarily office space around the world like we've seen a lot of people, I think with 75,000 people moving to Queensland in a six month period last year with over half a year. So, you know, we see that obviously employers are being more flexible where people can work and those network locations that people are going to access it from are very varied where once upon a time 90% of your 95, 99% of your traffic would come from an internal network and possibly having a, you know, you can set up accordingly. Now we've got people at home, we've got people at offices, we've got people at different, different things. We need to consider that. And that's why Zero Trust is so important to us. And the other thing is, like from a security perspective, we are dealing with. Some, if not the most vulnerable people in our country. And we're dealing with that information. And the information is very important. And therefore, from a from a data security perspective, we've got to make sure that this is extremely tight. So implementing zero trust is critical across our landscape. Thank you for that insight. It's great to understand and it's great to also hear the focus of ensuring the privacy and protection of not just your team but also Australian citizens and especially vulnerable citizens as well. Now this is this is obviously a Cloudflare TV segment, so interested with understanding a little bit about NDEs and Cloudflare, how that came together and your view of how we how this started and the journey of how we've really engaged as as a partnership? Yeah, I think, I think it was about a year and a half or two years ago, we were looking for a more centralized way to manage our DNS. And that's sort of where it began because we have services on multiple providers. We really needed to. It was probably one of the first products we got and we really needed to, to, to be able to do that and to use that. And we actually initially only provisioned it on a subdomain because our DNS was hosted separately and right away we saw the speed and agility we could get by using some of those services, especially around with the eighties and that kind of stuff. To us it was, it was it was around being able to enact change quite fast, but also have assurance that it wasn't bad. And we started out with moving our DNS and we're actually quite impressed. Obviously you guys being one of the core providers of DNS around the world, we did a we did our DNS change. And what we thought I mean, I've been on the Internet for 20 years longer than that, 25 years, 30 years whatever, 97 when it first came out Australia and you know when we DNS change and I remember back in the day even ten years ago it would take you 24 to 48 hours and if you made a mistake, you know your stuff is down for that long. And it was quite a quite a small business owner. It was quite a frustrating experience. But we did our DNS change, we had no outages and it had propagated to 99% of the internet in just under 20 minutes, which is pretty incredible that we were even after minutes we had seen that pretty much had gone through all Australia and, and the US and then it just went to the other countries. So it was, it was, it was pretty good for us to be able to do that. And I think one of the things we benefited out of that is, is the protection and the orange cloud. I mean, we've been involved in a lot of trials of a lot of products, but I'll be honest, that was one of the most impressive ones that we had of things just working almost like magic. So that was and I think if we look at what's changed over the years, obviously if I just it's really interesting to see the amount of things that are coming. We've been involved in a lot of, you know, say research trials with Cloudflare and in feature releases. And, you know, the feature releases to me are almost no different to when they go to production. It's pretty impressive, to be honest. What we have had even released us over the last year and a half has been great. And obviously, you know, most of those releases, all of those features we've had released to us have been not at our cost, they included as the services. So to us, that's really, really important that the products and services that we use are continually being improved, which makes our life easier, makes us we obviously try to follow shift left as much as we can. So we're trying to move a lot of the stuff into the start of the process and that sort of empowers us to do that. The Thank you for sharing. The thing that I love about Cloudflare is just the rate of innovation and the insight, but it's it's driven by the feedback that we get from great customers like yourself. So is that a process that works for you is providing some insight? Hey, there's some things that we think are gaps or some things that we're trying to do. How do we get that function base working? Definitely. It's definitely a key component for us. We want to obviously we're a very new agency and we want to partner with organizations that want to help us make the agency and the scheme amazing. And user experience is really important to us. And for us to be able to move fast and deliver great services, we've got to be able to provide that feedback to our the vendors and organizations that we work with to make sure that they're meeting our needs as well. So it's definitely one of the criteria that we look for when we engage with different organizations is their ability to take on feedback about their services and do what they say they're going to do. I think if you look across the world at different software vendors, I think gone are the days where you ask for a feature and then maybe two or three years later you get it. And I think vendors that are still doing that probably are the ones that are starting to die off because there's new, more innovative companies that can pivot a lot easier. While I hope and I, I implore our team to continue to drive the innovation, continue to take the feedback from great organizations such as yourself, sort of looking forward. And we talked about the rate of innovation for Cloudflare. Is there anything that sort of caught your eye as a direction or product that that you've heard that we're bringing out that sort of caught your interest of something that you might want to look at or something that you think is an exciting innovation. We noticed some of the stuff that you added in the other week around privileged access and it's actually pretty cool. So purpose, justification and that kind of stuff, you know, there's privilege access management is obviously a hot topic at the best of times, but one thing that it doesn't consider is when you have products that are web based that because of licensing constraints, you have the same account that you use for it with your admin as well. And obviously that presents challenges in itself. But being able to use that, that purpose justification on just even a specific URL or a sub or a subdomain or whatever it is is really cool like and we just noticed that popped up. So that was, that was good. And also I think there's another feature that we sort of looked at, which was the break glass instant access stuff, which is which is also in beta at the moment. We just noticed that, you know, my team really like looking at the ways we can make things more secure and use some of the features that you guys put out, most notably to us, if I'm completely honest, is with all this log forge stuff that's been going on around this week. You know, we were really quick to patch that as soon as we were notified last Friday, within, I think a couple of hours we had all our services patched. And then you would have noted on Tuesday or Wednesday, I think it was we had another vulnerability disclosed about the Log Forge issue that it wasn't quite complete and the team were able to respond in record time of having all our services patched while people are online during the day without an outage. So it was really good. I think the best thing about that though is obviously we went into let's patch it mode straight away and our cybersecurity team went into investigation mode. What was amazing was there was no fix out. However, Cloudflare had already patched our force and added in that protection. And we could see from because really a lot of the attacks started after Friday night and we could see that cloud for patched at the previous day and that they started out Saturday morning at 1 a.m. continually all weekend, some security researchers. But obviously we were getting attacks from across the world and they were being blocked. And it was amazing that we were like, Oh, that's already been done for us. And we didn't even know. So we're very thankful that was done. And it's one of the really good things. And one of the reasons we actually got Cloudflare in the first place was around the zero day protection and the global security presence. And obviously when you're serving half the Internet probably have a lot of intel there that will give us a lot of insight into making sure that, you know, the NDIS is safe and secure. Thank you for sharing that. It's a great insight and my little plug here on the Cloudflare side. The great thing from my perspective that I think shows who we are as a team, as a business, as an organization, is one to protect. Obviously, our customers, our enterprise customers, our self serve customers. But essentially anyone who had a cloud service, we turned on that protection because we recognize how impactful and disruptive it could have been. So even customers who didn't have LF, we turned it on for them. And I think that's part of Cloudflare's mission. It's pretty audacious to say to help make the Internet better, you've got to do it for everyone. And that's a little bit of insight into who we are. So thank you for sharing that. And I certainly hope that no one has any any disruption because of it. Our final we've just got a minute to go. It's gone incredibly fast. So thank you. But if you could sort of give people in your role who are listening today a bit of advice as to things they should think about or things that you can really help them share. I think I think people really need to think about these days of working with their partners really close, especially when you've got other vendors in your close circle partnering with people and and making sure that we listen to the vendors as well about how their products and services should be used. Quite often they become the services become part of your organization. So trying to use them outside of what they're being designed or a purpose to, just because we know better, it's probably not the way to do it. And it's definitely something that we, we, we try to do. I think making sure that we listen to our people as well and our people are our customers, our staff and make them part of the decision. Because, you know, most of these technical issues that we face as technical people aren't really technical issues. The technical part is quite easy to solve with technology. There's heaps technology these days, but it's actually a bigger change management exercise and we need to manage that across our people, our partners and our. customers. David, thank you so much for your time today. I really appreciate it. I know everyone got great insights from you. It's been a pleasure.