The government of Israel was in the process of finalizing a cloud strategy and governance, and establishing a Cloud Center of Excellence to support the transformation from on-premises solutions to Google Cloud. Information Technology (IT) began advocating for centralized, organization-wide governance, security, and control, while more than two dozen ministries would each want assurances that their specific government, risk, and compliance (GRC) components and constructs, data migration needs, and user experience goals would be met.
The addition of a cloud foundation would help achieve the balance of central control with multi-user accounts. However, developing a fully enabled cloud foundation typically takes about nine months, while the government had only weeks to begin a pilot migration and meet the pace of progress it set for itself.
Weeks away from a pilot migration, the government needed a secure cloud foundation.
Before
After
Next
Replace aging applications that differed across divisions and subsidiaries
Reduce manual, disparate processes freeing up more resources for advanced analytics
Enable enhanced reporting and make it more widely available across the enterprise
Act with greater speed and agility to capture value in acquisitions
•
•
•
•
Company-wide
opportunities
Process hundreds of thousands of transactions per month with greater efficiency
Reduce 10,000+ manual journal entries per period
Decrease >3-week close
Shorten the >3-month annual budgeting cycle
Provide better support for a growing e-commerce business
Control rising finance function costs and derive greater value
Finance
opportunities
Reduce 10,000+ manual journal entries per period
Decrease >3-week close
Shorten the >3-month annual budgeting cycle
Provide better support for a growing e-commerce busines
Control rising finance function costs and derive greater value
•
•
•
•
•
•
Improve technical capabilities to keep pace with increased hiring needs
Reduce dependence on IT and tech resources for supporting and enabling continuous compliance with more than 800 collective bargaining agreements
Unify and automate workforce administration processes across the enterprise
Eliminate the need for employees to learn new systems and interfaces as they move from recruitment to training to managing benefit
•
•
•
•
HR
opportunities
Before
Next
After
The government’s quick, decisive actions helped lead to the successful creation of a cloud foundation MVP in a fraction of the time it typically takes to develop a fully enabled cloud foundation. As a result, the government was able to introduce pilot workloads—meeting short-term commitments—while also pursuing Google Cloud foundation enhancements in preparation for fast-paced migration of ministries in the future.
Maintaining rapid review and approval schedules for cloud foundation configurations, go-live validations, and supporting architecture were key for meeting the aggressive timeline. Successful delivery of a provisional cloud foundation with Secure Cloud Computing Architecture (SCCA) provided powerful features across multiple domains.
A solution for the short term is also a rock-solid foundation in the long run.
Developed all the necessary processes to support a single, modernized digital platform serving the entire enterprise
Migrated 290,000 employees from legacy systems to Oracle Cloud
Increased insight-driven decision making across functions, driving performance and growth gains
•
•
•
Company-wide
success
Decreased balance sheet reconciliations
by 85%
Achieved a consolidated retail and
corporate close within a shortened period
Reduced the types of P&L statements from 100+ to 4
Reduced operations costs across the board
Enhanced availability of data-driven insights that help to capture maximum value during acquisitions
Achieved a consolidated retail and corporate close within a shortened period
Reduced the types of P&L statements from 100+ to 4
Reduced operations costs
across the board
Enhanced availability of data-driven insights that help to capture maximum value during acquisitions
•
•
•
•
•
Finance
successes
HR
successes
Deployed a custom application for union-rule processing enabling a single HCM platform to administer benefits to all employee populations under 800+ complex union agreements
Created a digital-first, digital anywhere experience resulting in higher employee engagement
Reduced new-hire onboarding time
•
•
•
Reduced new hire onboarding time
Streamlined and improved the process integration of new employees post-acquisition
Integrate processes and technology across the employee lifecycle from recruiting through compensation and performance
1/2
•
•
•
2/2
Even while rolling out pilot workloads, the government has been supporting full cloud foundation enablement. It can now quickly demonstrate how the Google Cloud foundation can meet a specific ministry’s end-user needs, make a ministry’s data both more secure and more accessible, and support compliance with GRC requirements. After providing the assurances a ministry needs to make the decision to migrate, the government can then provide the tools and features to ease the process of the move itself:
- Cloud foundation Standard Operating Procedures (SOPs)
- Enviroment and security hardening
- Further automation of compliance controls and audits
- Cloud Agnostic integrations, including SIEM/SOAR, SOC, IAM, logging and monitoring, and threat detection
- Business Continuity/Disaster Recovery (e.g., multi-region resiliency)
- Integrated IT Service Management (e.g., service portal/catalog, integration with incident and change management)
- Cloud Financial Management including establishing FinOps framework, chargeback mechanisms, and reporting
- Cloud Management including automation of Day 1 and Day 2 operations.
Continue to enhance analytics-driven planning and forecasting
Optimize the supply chain
•
•
Company-wide
vision
Achieve a continuous, virtual accounting close
Achieved a consolidated retail and corporate close within a shortened period
•
•
Finance
vision
HR
vision
Establish a continual feedback-and-improvement loop based on quarterly HR reports from the field and deployment of new capabilities
Migrate payroll, benefits, and absence management to Oracle cloud for 2023
Insource benefits administration
Moving to a fully enabled, production-ready solution
•
•
•
1
2
3
4
1
2
3
4
After
After
Future
1
2
3
4
CSP native logging, monitoring, and alerting based on leading practices
Ministry logs collected in centralized account managed by Israeli government
•
•
Governance features
Logging and monitoring features
•
•
•
•
•
Initial guardrails based on leading practices
Organizational policies in Google Cloud
Resource hierarchy (org folders/projects)
Standard labels enforced
at the project level
Resource naming standards enforced
Security features
Virtual Private Clouds (VPCs) and subnets configured
Bastion hosts
Interconnect and VPN gateways
Network/Security firewall rules and routing
•
•
•
•
Network features
Google Cloud native IAM and MFA for ministry cloud credentials
CSP native security services configured in a central security project
Enabled Google security center and configured security baseline policies
Configured IAM groups and roles
•
•
•
•
Configured tool chain and CI/CD pipeline to deploy cloud foundation features
Developed terraform IaC templates
•
•
•
•
•
Billing features
Logging and monitoring features
Security features
DevOps/Automation
Governance features
Network features
Billing account configured and tied to organization account
Payment process established with CSP
Established billing-specific labels to support showbacks
Billing features
DevOps/Automation