Building Resilient Government IT: Strategies for Secure, Compliant, and Scalable Connectivity

As Australian government agencies progress in their digital transformation journeys, IT leaders face a familiar tension: how to innovate without compromising compliance, sovereignty, or operational stability. While cloud services promise scalability and agility, the public sector must remain cautious stewards of sensitive data and citizen trust. This is especially true as regulatory expectations, guided by frameworks like the PSPF and ASD's Essential Eight, continue to evolve.

So, what does secure, future-ready infrastructure look like in practice? And how can government departments modernise while maintaining resilience and control?

These questions took centre stage at the recent “Navigating the Future of Government IT” webinar, hosted by Public Sector Network in partnership with Megaport. Here, we break down the key considerations discussed by senior technology leaders from Megaport and the NSW Government.

Sovereignty by Design: Keeping Control in a Cloud-First World

Sovereignty is not a passive outcome, it must be architected from the outset.

As Peter McMillan, Principal Product Owner GovDC / GSN, NSW Department of Customer Service, noted during the webinar:

“You need to know where your data resides, how it's being transmitted, and who’s managing the infrastructure. That includes whether support teams are based onshore or overseas.”

Ensuring that sensitive or protected information remains under Australian control is not simply a best practice, it’s a mandate under the Protective Security Policy Framework (PSPF). The PSPF directs agencies to understand the security classification and criticality of their data, ensure it is appropriately stored and transmitted, and mitigate exposure to foreign jurisdictions and unauthorised access.

This level of control is not guaranteed by default in many software-as-a-service or public cloud deployments. It requires:

• Hosting in government-accredited or sovereign data centres
• Vetting the policies and commitments of cloud and connectivity providers
• Verifying end-to-end encryption and data routing paths

Megaport’s collaboration with Australian Data Centres and Oracle to support the Aus-Gov Cloud region (where dedicated FastConnect links enable direct, private access to Oracle Cloud Infrastructure (OCI) within a sovereign environment) offers a practical example of how infrastructure and network decisions can reinforce compliance.

🛠 Consideration for IT leaders: Review the legal and operational visibility of your cloud and network service providers. Are you leveraging infrastructure designed with sovereignty in mind, or patching compliance onto legacy architectures?

Beyond Borders: Securing Data in Motion

While data at rest has received considerable attention, data in motion is increasingly the focus of attackers—and therefore of compliance frameworks.

The Australian Signals Directorate (ASD), in its 2023–24 Cyber Threat Report, flagged public sector systems as key targets for cybercrime and state-based actors. Vulnerabilities often stem not from the data itself, but from how it traverses networks.

Jason Bordujenko, Global Head Channel Solution Architecture, Megaport, summarised the issue:

“You can have great controls on your systems, but once data traverses the public internet, you lose guarantees around routing, repeatability, and who has visibility.”

This is where dedicated, private connectivity models offer significant advantages. Compared to public internet links or basic VPNs, secure interconnects like AWS Direct Connect, Azure ExpressRoute, or OCI FastConnect reduce exposure, improve performance, and simplify compliance reporting.

For agencies pursuing ASD’s Essential Eight maturity, secure network segmentation, encrypted transport, and visibility into traffic patterns are vital. According to Bordujenko:

“We’re seeing agencies take advantage of observability tools and network telemetry—often paired with machine learning—to baseline normal traffic and detect anomalies faster.”

🛠 Consideration for IT leaders: Audit your cloud access paths. Are critical workloads routed through internet-exposed gateways, or through dedicated, monitored connections that reflect your cyber risk profile and segmentation strategy?

Hybrid Reality: Scaling Resilience Through Flexible Architecture

Few agencies today operate in purely on-premises or cloud-native environments. Most inhabit a hybrid world, with workloads split across private data centres, cloud platforms, and SaaS providers. In this complex environment, network resilience becomes critical to service continuity.

Government Secure Network programs, such as those implemented in NSW, are increasingly investing in encrypted backbone connectivity between data centres, cloud zones, and agencies. Meanwhile, the ability to segment and route traffic intelligently between these environments can help isolate workloads, reduce blast radius in the event of failure, and accelerate disaster recovery.

“Resilient infrastructure means planning for what might go wrong... You need to consider dig-ups, outages, or supplier issues, and make sure there’s always a second path.”

Solutions like Megaport Cloud Router allow agencies to route traffic directly between cloud providers without tromboning through central locations. For disaster recovery, this enables architectural patterns such as active-passive or pilot-light deployments across regions or platforms.

🛠 Consideration for IT leaders: Does your current network architecture lock you into fixed topologies or single-vendor dependencies? Can you reconfigure or scale securely in response to evolving risks or operational priorities?

Innovation Without the Risk: Budget-Sensitive Experimentation

Innovation in government often competes with resource constraints. Long procurement cycles, legacy dependencies, and a risk-averse culture can stifle exploration of new architectures.

Here, consumption-based network models are helping level the playing field. As McMillan explained:

“With Megaport, we can spin up a link for a month to test a solution or transfer data between environments. That flexibility is a real enabler—especially for smaller agencies or proof-of-concept pilots.”

This approach supports a continuous innovation model, where ideas can be trialled in isolation before scaling to production. It also complements shifting funding models, where infrastructure is increasingly seen as a service rather than a capital expense.

Practical Pathways: Future-Proofing Starts Now

For IT leaders, future-proofing is less about predicting the next big shift, and more about building adaptable systems that can respond to change. That includes:

• Investing in observability tools that surface performance or security issues early
• Maintaining agility in network configurations and provider relationships
• Aligning infrastructure with best-practice frameworks like the PSPF and Essential Eight
• Ensuring staff and partners have the right expertise to manage and evolve complex hybrid environments

Bordujenko concluded:

“The goal is to avoid lock-in and be ready to pivot. Whether that’s changing regions, clouds, or scaling capacity, infrastructure needs to support, not constrain, modern service delivery.”

Where to Next?

The landscape of government IT is becoming more dynamic, more distributed, and more regulated. IT leaders face real challenges, but also real opportunities to lead with clarity, agility, and accountability.

Megaport is helping agencies across Australia navigate this transformation. Through secure, high-performance connectivity options, deep expertise in hybrid cloud, and a scalable platform model, they are enabling infrastructure that meets today’s expectations, and tomorrow’s unknowns.

Ready to explore how your agency can modernise with confidence?