Wellington City Council has not renewed its five-year outsourcing contract with Dimension Data, now NTT, in favour of in-house services alongside external providers.
The shift comes after significant service failures were noted by the council's auditors.
"We were advised that Dimension Data’s contract will expire in late 2020 and it will not be renewed in its current form," a report from Audit NZ posted last month said.
"The city council will implement a different operating model to prevent too much reliance placed on one supplier that could put the city council at risk."
After a 2015 tender, Porirua City Council, Upper Hutt City Council and Wellington Water were also being served by Dimension Data/NTT through an ICT shared services office (SSO).
The single source model is now being replaced by a mix of in-house IT services, including IT service desk support, and specialised outsourcing.
James Roberts, acting chief operating officer of Wellington City Council, told Reseller News the five year contract with Dimension Data expired in October 2020.
"We had to make a decision: do we carry on with it or do we look at other options," Roberts said.
The four parties to the agreement collectively decided it was a very different market environment now compared to 2015, with different challenges and better options.
The biggest market change was cloud, Roberts said, particularly the availability and maturity of services such as AWS and Azure and Microsoft's O365 has as well as SD-WAN networking.
"The market in essence has delivered what this construct was trying to achieve, which was to create economies of scale around infrastructure and network," he said.
"The market has delivered it more cheaply and better, quite frankly. So we'll just use that."
Acknowledging the changes, the auditor said it would review the new IT services arrangements as part of its 2021 audit.
The audit report also noted progress on an issue first raised in 2018 - a failure to patch systems.
Audit NZ reviewed patching for June 2018 and found a very low rate of compliance: eight per cent for all agencies’ servers and just 1.14 per cent for the council’s desktops and 2.27 per cent for all agency desktops.
"We also noted the city council has engaged an external consultant to perform penetration test of systems," the auditor said.
The testing report recognised an underlying problem with Dimension Data's patch management process.
Patching plays an important role in fixing potential security holes. Low rates of patch compliance increased the risk of unauthorised access to sensitive data.
"It leads to the risk of accidental or deliberate access, alteration, corruption and deletion of data," the auditor warned.
"The city council should actively monitor the finalisation of the improved patch management policy and processes and strongly request SSO and Dimension Data to implement good patching processes as soon as possible."
Council management updated its progress this year's report.
"We are happy to report that our overall patch management has improved significantly," it said. "With the insourcing of services away from Dimension Data, we have managed to uplift our patch management compliance..."
Desktop and server patching rates have both now been substantially fixed.
Since the original report, the council has migrated all of its servers to AWS and deployed Microsoft O365 with Active Directory in the cloud. Liquid IT now manages its SD-WAN.
Going to Active Directory in Azure allowed the council to subscribe to the highest Microsoft cyber security license for extra resilience, Roberts said.
"Our belief was it is heavily in AWS' and Microsoft's interest to make this stuff as secure as possible. So we let them do the heavy lifting as much as possible."
As for service management, while Dimension Data had done a lot of good work during its five years, the council felt it could do better in this new environment using its own people.
"Things are never perfect, but ultimately I think the market moved past that construct," Roberts said.
The cloud shift also offered an opportunity to build engineering capability internally. Service management and customer service management were also in-sourced because that fitted better with council culture.
Roberts said the council had not done anything particularly clever or radical to achieve all that, just followed industry best practice.
"The interesting challenge for vendors like Dimension Data/NTT is what is the value proposition going forward?" Roberts said.
"A lot of what was relevant as a value proposition five years ago has gone."
Roberts admitted, however, the council's journey was a "hell of a lot" more simple than that facing the likes of banks and hospitals, which have to deal with much greater complexity and legacy.
NTT declined to comment on the grounds of client confidentiality.