Originally aired on January 25 @ 11:00 AM - 11:30 AM EDT
In this CIO Week segment, join Cloudflare's Head of Australia & New Zealand Raymond Maisano for a fireside chat with David Clarke, Director, Platforms, Integration & Data, at Australia's National Disability Insurance Agency, NDIS.
CIO Week Hub for every announcement and CFTV episode — check back all week for more! Hello, welcome to Cloudflare TV, the extension of our CIO Week. My name is Raymond Maisano, the Head of Cloudflare for Australia and New Zealand, and it gives me great pleasure today to introduce David Clarke, who's the Director of Platforms, Integration and Data at NDIA. Welcome. Thank you. Well, I'm going to start with a couple of very left-field questions, just to get the ball rolling, and then we can get in and learn a little bit about yourself. But here's my quickfire questions for you. Coke or Pepsi? As long as it's Coke Zero or Pepsi Max either. All right, that's good. Well, how about this one? Coke or wine? I think I'd have to go Coke. Okay, all right, fair enough. This is a religious one, so you can bat it off if you don't like. Star Wars or Star Trek? Star Wars. Excellent. EV or V8? EV, definitely. All right, and the last one, a sporting one, another religious one, cricket or AFL? Definitely cricket. Very good. All right, thanks for giving us a little bit of insight. While we're hearing about you, give us a little bit about your background, your journey to the role where you are today. Sure. I was just saying this before to someone this morning that I've been working for 20 years now. I can't believe it. It seems like such a long time. I started out working for my own business and then helped a couple of my friends actually start their businesses and do some of their IT for them as well at the same time. I moved into government pretty quickly, and I started working for Large Government Enterprise where I ran IT support across Australia for them. That was really cool because we got to have a really good view of all the latest technology and all that kind of stuff. Along my journey, along the way, it's pretty gray in between that. About five, six years ago, I got the opportunity to start working with the NDIS, and I really liked what they won't call the NDIS then, but I really liked what their organization was about, and I ended up moving over to the NDIS to look at their data and analytics capabilities. I'd come from an IT background. We really were after to enhance the agency's capabilities in that stage, in that place. Worked over there for a couple of years, and about halfway through last year, moved over to the ICT area to help them with their cloud journey and move all of our services completely out to the cloud using a few different vendors. It's been quite a journey, but that's what's got me here today. Excellent. There's a fascinating run through to where you are. There could be people from all around different places around the world who may be listening to this. Explain a little bit around the NDIS. If I recall correctly, this was a Gillard government initiative that really enacted around 2013. Do you want to just give a little brief insight into who the agency is and what their focus is? The NDIS is there to allow Australians with a permanent significant disability freedom choice to live the life they want to live. We're here to help people with a disability access the right supports, as well as assisting to help build their skills and actively participate in the community. It's there to also help and give peace of mind to families and keep people's loved ones knowing that people are getting the right support to live an ordinary life on their terms. It's an amazing representation for what the government does for its citizens. I assume that makes you proud of the dog in the background. The dogs are proud. That's great. You must be proud to be part of an organisation who helps those who need that assistance and helps Australians really live a better life. 100%. It's amazing the work we get to do and the people we get to work with. Then at the end of it all, we know what cause we're doing it for. It's an absolutely amazing agency to work for in terms of the outputs and outcomes that we get out of it. And citizens get out of it, as well. I think it's definitely come a long way since it was a trial. Today, we see all the excellent technology with the mobile app that's been announced and the really good usability and user experience design that's gone into that from the team. Things like that really, really show what we're doing here is really important. Oh, yeah. I think that's wonderful. It's great to be passionate about. You certainly come across as being passionate about who you represent and what you do. So, Director of Platforms Integration Data. It's an interesting title. Give us an idea of your priorities, your focus and define what you believe success is for you and your team. Yeah, sure. It's a pretty big question. So, the name of the title actually came about because we thought about what we want to be really clear on what we do. A lot of other teams in different agencies call themselves like cloud services, this kind of stuff. We wanted to be really clear on what we look after. Our priorities are around, you know, ultimately providing the best experience to participants, staff and our partners and increasing our reliability and performance and usability, right? So, that's our main focus and priority. Behind that, we're moving everything to cloud. We're going cloud only. And we've also, you know, obviously, we're migrating lots of applications from their legacy state into either new services that we're provisioning that are cloud native or actually moving the applications into cloud. Obviously, with that, there's a lot of work because, you know, when you have a castle and moat network, it's a lot different to going into the cloud, maintaining your security and, you know, you're a lot more vulnerable in that position because of intrinsically how it works. So, it's really important that, you know, we don't just go and grab something, go put it there. And from a cost perspective as well, we've got to be careful of that because, you know, a lot of people that have sort of moved to cloud previously have sort of gone like, you know, most projects when this went on about six years ago failed across private sector, government, all this kind of stuff because people went to cloud thinking that they were just going to save a lot of money. And then they realized, well, actually, you know, you've got to be careful on it. It's not just a thing. We're not just going to lift and shift everything to move it out. We've got to be really careful about what we do, where we put it and why we put it there and how we actually do those things as well. I think that's excellent governance on what you do. Actually, I think it's interesting for people to also note, if I'm correct in this, please correct me if I'm wrong, NDIS was embedded in, was it DHS as those sort of group services and as it became a bigger agency, really extracted them. So you've, is that correct? You've sort of separated from an agency? Yeah. So obviously there's certain services that we are, you know, steering our own destiny on, you know, Services Australia, Human Services, as though I know previously is still a big part of what we do every day. We are, but with some services where, you know, we're moving those to cloud to get an advantage on some of the things that we have around Salesforce and our other programs that we've got to improve the experience with our participants. So this is our CIO week or the extension of our CIO week. And there's obviously lots of, you know, CIOs and interested who are listening to this and getting an insight into an organization, government agency and a government agency who I believe is, you know, one of the forward thinkers. Last year's difficult, well, the last two years has been a really challenging time. COVID really turned everything upside down. Paint me a little bit of a picture of how one contended with the immediacy of everyone having to be remote and also then to, how did that impact the plans and how did you manage the pivot if there was one? Yeah. It's really weird because before COVID, you know, I mean, being in an on -premise environment, you tend not to use a lot of video conferencing and, you know, most of your stuff is via teleconference via your mobile phone or the desk phone. And, you know, one of the really successful things that we did as an agency was pivoting to teams. You know, our branch manager, Lyle Wells, quickly got that in and we were able to, you know, like that was spread across the agency very quickly and really enabled the agency to, you know, do those remote workforce kind of things. One thing it was like, you know, my team especially, you know, we're spread across the country as it is. So, it wasn't a huge change to us. The change was interacting probably more with other teams. So, rather than seeing them, rather than hearing them on the phone now, we were seeing them face-to-face via video conference. I think if I'm honest though, you know, a lot of my team, we've got a lot of passionate individuals and we talk loudly and we're very, I should say, we're very good at communicating and projecting our voice. However, not everyone else in the office likes it. So, maybe that was actually a positive thing to us being on the video conference at home because it was a lot better for people probably than hearing our loud voices, especially when there's two or three of us in an office. You know, there's not always a meeting room available because lots of meetings going on. So, probably better in some ways for others. I like there's always, well, with every challenge there's an opportunity and how we learn from them. I think that's a good thing. And I agree with the same sort of sentiments around, you know, we're seeing people more often and I think part of what we've also learned as people and society is the acceptance of having these new tools and really turning them on and leveraging to the great extent. Has that also enabled you to pick up resources in other areas that you may not have traditionally looked at because you're not as office bound as once was? Yeah, I don't think it's made any difference to the resources we picked up. I think it's definitely given people, while COVID was on a lot more flexibility in, you know, what was quite a tense situation for the whole country. It's been a lot more flexible for people dealing with that crisis at the same time across the country. It's been, you know, especially when there's been, you know, potentially outbreaks and that kind of thing, being able to, you know, continue the workforce and not have to worry about that and to be able to attend the office when it's suitable to has been a lot easier. Whereas previously, you know, when you don't have everyone potentially working from home, your technology in that area is not necessarily the best it could be, right? Because before COVID, I think most organisations would have thought that, you know, working from home some, but most would have thought, you know, working from home is a rare thing. So you wouldn't necessarily have everyone out there. And then, you know, a lot of gateways and stuff, a lot of traffic, all this kind of thing, people weren't prepared for it. I think that's what's been good about it is that flexibility of being productive when you're at home now and making sure that, you know, the technology is working for people. So how's, yeah, sorry. How's that changed the your team sort of works? And really, what have you learned through that period of challenge? Yeah. I think it's probably highlighted that the communication mechanisms that we were using previously around chat and telephone probably weren't enough. I think we definitely miss face-to -face. Obviously, we're starting, we're moving back to offices now and we're starting to come back to the office. Obviously, you know, the flexibility has its place, but being able to see people face-to-face is never going to get beaten really. But I mean, having a video conference there and being able to really engage with people and see their faces is really important. We have a rule in our team whenever we're in a team meeting, everyone's got to have the video on. And that's because we like to make sure we can, you know, read people's facial expressions and all this kind of stuff, because it's, you know, when you're talking to someone on the phone or you're talking to chat, you really do miss that, you know, what people are trying to say. It's like texting someone. And I think over this period, we've definitely learned that having that is definitely a better asset than definitely not having that, especially as our country, as my team works across the country. We've got Sydney, Brisbane, Melbourne and WA, and Canberra. So having people across that number of states, you know, not being able to see people is hard. It's a great insight. So thank you for sharing that. And, you know, just on the coverage across Australia, every one of those being in different states of lockdown or not, the like, it's been obviously challenging for everyone in that regard. Definitely. So let's sort of move on to security and understanding the sort of frameworks and guidelines that, you know, are really helpful to you and your team. And, you know, did this sort of force the view of, you know, would we be thinking about Zero Trust or did this help accelerate the drive around Zero Trust? I think it's done both. I think when we looked at how we were going to migrate to cloud, it was always going to be via a Zero Trust strategy. Definitely. It's definitely accelerated it because we're accelerating our plans to make sure that, you know, we move to cloud successfully. Zero Trust is, you know, part of our core ecosystem. The idea behind it with every service we use, and thankfully, you know, the vendors that we work with and the products that we have fit into that ecosystem nicely of Zero Trust where, you know, from an architectural perspective and security, that's really one of the pillars that we need to consider when we're doing anything. And if we have applications and products that don't meet that, we really need to evaluate their use within our environment so that we don't have security holes. It's important because, you know, we don't have anything to protect us out there like Commote where we can, you know, say, oh, well, everything on the inside is secure because it can't get out. We don't have that in the cloud and we don't have that in the new office space, which is at home, right? Or, you know, in a cafe or and not for our agency, but just in general, the workforce is moving to not necessarily office space around the world. Like we've seen a lot of people, I think we're 75,000 people moving to Queensland in a six-month period last year, in over half a year. So, you know, we see that obviously employers are being more flexible where people can work and, you know, those network locations that people are going to access it from are very varied where once upon a time 90% of your 95, 99% of your traffic would come from an internal network and possibly having a, you know, your WAN set up accordingly. Now we've got people at home, we've got people at offices, we've got people at different things. We need to consider that and that's why Zero Trust is so important to us. And the other thing is like from a security perspective, you know, we are dealing with some if not the most vulnerable people in our country and we're dealing with the information and the information is very important and therefore from a data security perspective we've got to make sure that this is extremely tight. So implementing Zero Trust to us is critical across our landscape, you know. Thank you for that insight. It's, you know, great to understand and it's great to also hear the focus of ensuring the privacy and protection of not just your team but also Australian citizens and especially, you know, vulnerable citizens as well. Now, you know, this is obviously a Cloudflare TV segment so interested with understanding a little bit about NDIS and Cloudflare, how that came together and your view of, you know, how this started and the journey of how we've really engaged as a partnership. Yeah, I think it was about a year and a half or two years ago we were looking for a more centralised way to manage our DNS and that's sort of where it began because we have services on multiple providers. We really needed to, it was probably one of the first products we got and we really needed to be able to do and to use that and we actually initially only provisioned it on a subdomain because our DNS was hosted separately. And, you know, right away we saw the speed and agility we could get by using some of those services especially around with the APIs and that kind of stuff. To us it was around being able to enact change quite fast but also have assurance that it wasn't bad. And, you know, we started out with moving our DNS and we were actually quite impressed. Obviously, you guys being one of the core providers of DNS around the world, we did our DNS change and what we thought, you know, I mean, I've been on the Internet for 20 years or longer than that, 25 years, 30 years, whatever, 97 when it first came out Australia. And, you know, when we, you know, DNS change and I remember back in the day even 10 years ago would take you 24, 48 hours and if you made a mistake, you know, your stuff is down for that long. And it was quite, as a small business owner, it was quite a frustrating experience but, you know, we did our DNS change, we had no outages and it had propagated to 99% of the Internet in just under 20 minutes which is pretty incredible. That we were, you know, even after minutes we had seen that pretty much it had gone through Australia and the US and then it just went to the other countries. So, it was pretty good for us to be able to do that and I think one of the things we benefited out of that is the protection and the orange clouding. I mean, we've been involved in a lot of trials of a lot of products but I'll be honest, that was one of the most impressive ones that we had of things just working almost like magic. So, you know, that was and I think, you know, if we look at what's changed over the years, obviously, it's really interesting to see the amount of things that are coming. We've been involved in a lot of, you know, I'll say research trials with Cloudflare and in feature releases and, you know, the feature releases to me are almost no different to when they go to production. It's pretty impressive to be honest. What we have had even released to us over the last year and a half has been great and obviously, you know, most of those releases, well, all of those features we've had released to us have been not at our cost, they're included as the services. So, to us that's really, really important that the products and services that we use are continually being improved which, you know, makes our life easier, makes us, you know, we obviously try to follow shift left as much as we can. So, we're trying to move a lot of the stuff into the start of the process and that sort of empowers us to do that. Thank you for sharing the thing that I love about Cloudflare is just the rate of innovation and the insight but it's driven by the feedback that we get from great customers like yourselves. So, you know, is that a process that works for you? Is it, you know, providing some insight, hey, there's some things that we think are gaps or some things that we're trying to do, how do we get that function piece working? Definitely. It's definitely a key component for us. We want to, obviously, you know, we're a very new agency and we want to partner with organizations that want to help us make the agency and the scheme amazing. You know, user experience is really important to us and for us to be able to move fast and deliver great services, we've got to be able to provide that feedback to our vendors and organizations that we work with to make sure that they're meeting our needs as well. So, it's definitely one of the criteria that we look for when we engage with different organizations is their ability to take on feedback about their services and do what they say they're going to do. I think if you look across the world at different software vendors, I think gone are the days where, you know, you ask for a feature and then maybe two or three years later, you get it. And, you know, I think vendors that are still doing that probably are the ones that are starting to die off because there's new, more innovative companies that can pivot a lot easier. Well, I hope and I implore our team to continue to drive the innovation, continue to take the feedback from great organizations such as yourself. Sort of looking forward and when we talked about the rate of innovation for Cloudflare, is there anything that sort of caught your eye as a direction or product that you've heard that we're bringing out that sort of caught your interest of something that you may want to look at or something that you think is an exciting innovation? Yeah, so actually we noticed some of the stuff that you added in the other week around privileged access and it's actually pretty cool. So, purpose justification and that kind of stuff, you know, there's privileged access management is obviously a hot topic at the best of times. But, you know, one thing that it doesn't consider is when you have products that, you know, are web-based that because of licensing constraints, you have the same account that you use for it with your admin as well. And obviously that presents challenges in itself. But being able to use that purpose justification on just even a specific URL or a subdomain or whatever it is, is really cool. And we've just noticed that popped up, so that was good. And also I think there's another feature that we sort of looked at which was the, you know, break glass instant access stuff, which is also in beta at the moment. We just noticed that, you know, my team really liked looking at the ways we can make things more secure and use some of the features that you guys put out. Most notably to us, if I'm completely honest, is, you know, with all this log4j stuff that's been going on around this week, you know, we were really quick to patch that. As soon as we were notified last Friday, within I think a couple of hours, we had all our services patched. And then you would have noted on Tuesday or Wednesday, I think it was, we had another vulnerability disclosed about the log4j issue that it wasn't quite complete. And the team were able to respond in record time of having all our services patched while people were online during the day without an outage. So it was really good. I think the best thing about that though is, you know, obviously we went into let's patch it mode straight away. And our cybersecurity team went into investigation mode. What was amazing was there was no fix out. However, Cloudflare had already patched our WAF for us and added in that protection. And we could see from, because really a lot of the attacks started after Friday night. And we could see that Cloudflare patched at the previous day and that, you know, they started about Saturday morning at 1am continually all weekend. Some security researchers, but obviously we were getting attacks from across the world and they were being blocked. And it was amazing that we were like, oh, that's already, you know, been done for us. And we didn't even know. So we're very thankful that that was done. And it's one of the really good things. And one of the reasons we actually got Cloudflare in the first place was around the zero day protection and the global security presence. And obviously when you're serving half the Internet, you probably have a lot of intel there that will give us a lot of insight into making sure that, you know, the NDIS is safe and secure. Thank you for sharing that. It's a great insight. And, you know, my little plug here on the Cloudflare side, the great thing from my perspective that I think shows who we are as a team, as a business, as an organization, is one to protect obviously our customers, our enterprise customers, our self-serve customers, but essentially anyone who had a Cloudflare service, we turned on that protection because we recognize how impactful and disruptive it could have been. So even customers who didn't have our WAF, we turned it on for them. And I think that that's part of Cloudflare's mission. It's pretty audacious to say to help make the Internet better, you've got to do it for everyone. And that's a little bit of insight into who we are. So thank you for sharing that. And I certainly hope that no one has any disruption because of it. Final, we've just got a minute to go. It's gone incredibly fast, so thank you. But if you could, you know, sort of give people in your role who are listening today a bit of advice as to, you know, things they should think about or things that you can really help them share. I think people really need to think about these days of working with their partners really close, especially when you've got other vendors in your close circle, partnering with people and making sure that we listen to the vendors as well about how their products and services should be used. You know, quite often they become, you know, the services become part of your organization. So trying to use them outside of what they're being designed or a purpose to just because we know better, it's probably not the way to do it. And it's definitely something that we try to do. I think making sure that we listen to our people as well and our people are, you know, our customers, our staff, you know, and make them part of the decision because, you know, most of these technical issues that we face as technical people aren't really technical issues. The technical part's quite easy to solve with technology. There's heaps of technology these days, but it's actually a change management exercise and we need to manage that across our people, our partners and our customers. David, thank you so much for your time today. I really appreciate it. I know everyone got great insights from you. It's been a pleasure. Enjoy the rest of your day. Thanks very much.