What a slow process it is to watch jurisdictions implement “cloud first” policies.  State and federal governments are all doing it and in the end they all look pretty similar.  Some might say it’s a policy of considered common sense, or a policy not to exclude the obvious.  At least the process is getting done.  
Though as I was reading the latest commentary on the Coalition’s new “cloud first” policy it struct me that this drawn out response is hiding some of the real impacts that Cloud will have. Not just as an obvious technology choice, but as a real disruptor to business and government.  
Of course, this “cloud first” mandate is always qualified – but it’s the nature of these qualifications that is telling.  In the case of the latest policy, the qualifications are simply that the Cloud solution also needs to be fit for purpose, competitively priced, and met the Protective Security Policy Framework.  So it’s a mandate to use the best approach even if it’s cloud. You’d wonder why you need a mandate to use the best approach so I’m sure the policy doesn’t fundamentally change the existing risk aversion, lake of knowledge and vision, or whatever else was stoping Cloud adoption in the first place.
As we know, the problem with mandates is that they tend to reduce individual accountability.  So the very real data governance and privacy issues relating to Cloud are likely to lose some attention for a while; particularly when paired with the removing of the need for double ministerial sigh-off for storing data off-shore.  I personally don’t see the problem with requiring double-ministerial sign-off to do something.  The only problem might be if I were one of the ministers who signed off and then something went wrong… Oh, hang on, I get it.
Problem is, like everything else, decisions are not just made by getting the right sign-offs.  You actually need to make the right decisions.  So policy that does nothing but try to gate decisions or make somebody accountable isn’t as useful as policy that actually helps decision-making.  There must be better uses for policy development effort than the use of Cloud as a technology choice.  Say for example as a disruption.  
The impact of Cloud on ICT strategy is that application architectures will be made up of silo’ed by highly functional applications that support a particular business function or customer touchpoint very well.  
These applications will also have imbedded analytics which already cover the management and operational decision-making relevant to the area they support.  
Integration will be achieved only where there is a business case to do so.  Except the integration imperative will be so strong – as its absence reduces enterprise agility – that there won’t be individual business cases for each integration.  Instead, a top-down approach such as enterprise information management (EIM) will be used to build a single cohesive business case for integration as part of a program of driven by information governance, analytics, business intelligence, and the recognition of what I call “core shared information”.
The impact of Could on organisational design is that the functional organisation is dead.  The ability to acquire cloud-based services that provide not only the application services, but in the case of business functions the backend management of the function itself, means functional organisation is no longer viable.  
The management trend where everything of value is being managed as “a cross-functional team” is now the norm.  The only thing left is to remove the functional organisation that created that language in the first place.  Functional organisation made it easier for managers (i.e. to shift across organisations, and also because they only had to understand how their function fits + strong stakeholder management) now managers have to be better at managing.  Though they also have better [cloud-enabled] management tools to help deal with this.  
Impact of cloud on information governance is that it’s time to disconnect Cloud from information governance and privacy issues.  Dumping the off-shore data double-ministieral sign-off policy because it happened to be inconvenient to Cloud initiatives is simple baby-with-the-bath-water stuff.  
Sending personal data off-shore is still a breech of Australian privacy legislation if this hasn’t been agreed with the individuals who own that private data.  Organisations are still at risk of legal action if damages occur due to mis-handing of personal data.  So this shouldn’t have ever been mixed up with Cloud.  
Impact of cloud on business strategy means that your differentiation cannot be based on what is easy to acquire – because value comes from scarcity not from abundance.  Actually this has always been the case but the impact of Cloud is the breadth and depth of things that are now easy to acquire.  
Your ERP was never going to differentiate you from your competitors.  But because it was expensive it was able to provide a competitive advantage at a pinch (as long as the business case held up after the inevitable cost overruns).  Now that ERPs and significantly more valuable targeted services are available in the cloud they are much easier to aquire.  So they have value, sure – but don’t have value as a differentiating feature of your organisation.
The impact of Cloud on government is that there are so many things that peer-to-peer markets can do better than government.  The government shouldn’t just be shifting the services they offer to cloud-based solutions. The government’s Cloud policy should be how does a cloud-enabled market solution remove the need for this government function?  How do we ensure services are more effectively targeted by using Cloud services to manage the market for services?
In a way, the impact of Cloud is nothing more than the impact of lower transaction costs played out on the acquisition of services.  Sure, it’s probably bigger than that be it will be called something else by the time it become outcome-as-a-service.  So for now “Cloud polices” are the place to ask the disruptive questions.