Australian government announces its National Cloud Computing Strategy

Filed Under: Data loss, Featured, Privacy

The Australian government has officially published its National Cloud Computing Strategy, and it makes interesting reading.

It's good to see the public service entering the risks-versus-rewards argument over cloud computing.

Make no mistake, the Aussie government is a giant fan of cloud computing, and makes no bones about the fact.

As the Strategy document explains:

The term 'cloud' refers to the fact that a user of a service no longer needs to buy, build, install and operate expensive computer hardware. Users simply access computing resources as a utility service via a ubiquitously available wired or wireless network — from 'the cloud'.

The document argues that small businesses will ignore the benefits of the cloud at their peril:

New digital technologies such as cloud services are the critical internal drivers for efficiency and innovation in small businesses. A failure to adopt new technologies will leave small business at a severe disadvantage against competitors both domestic and abroad.

But this brave new world isn't all plain sailing, not least because your data (and your customers' data) ends up out there in the cloud, too.

This presents potentially serious challenges in all three parts of computer security's 'holy trinity':

  • Availability. How do I get my data back if we part company?
  • Integrity. How do I know you'll look after it carefully?
  • Confidentiality. Who else gets a chance to peek at my data?

The good news is that these issues aren't being overlooked.

Indeed, Sophos is part of the NSCCC, or the Australian National Standing Committee on Cloud Computing, to give its full title, and both security and privacy have been core concerns in the development of the Strategy.

Here at Naked Security, we particularly like the following aspects that have emerged in the document:

• The commitment by the public service to provide small businesses with tools and online resources to learn more about the risks as well as the benefits of cloud services.

• The commitment to keep privacy on the agenda by publishing guidance for the cloud services industry about the Australian regulatory reforms due to commence in 2014.

• The concern that a poorly-supervised cloud industry might lead to small businesses getting locked in to one provider, or unable to negotiate variations in terms and conditions, for example over privacy.

• The commitment to develop a Cloud Consumer Protocol to keep cloud providers on their toes in how they communicate with their customers.

Bigger businesses, cloud providers and other public servants will also find the Strategy document useful for the timely reminder it presents of cloud providers' obligations under existing laws.

You might not have realised, but the laws you need to consider are wide-ranging, including at least the Privacy Act 1988, the Competition and Consumer Act 2010, the Freedom of Information Act 1982 and the Archives Act 1983.

The details may vary in your jurisdiction, but in most of the developed world, similar legal strictures are likely to apply. So even if you aren't in Australia, this document is worth reading.

So, well done to the Australian public service for embracing and promoting the benefits of cloud computing, but not without keeping its risks and obligations in plain sight.

Why not take a look the Strategy document [PDF] yourself, and then tell us what you think in the comments below?

You may comment anonymously. Just write "Anon" as your name and leave the email address blank.

→ Note for non-Aussies. The abbreviation ICT, used ubiquitously in the document, is public service shorthand for Information and Communications Technology. It's pretty much what most of us call simply IT.

, , , , , , ,

You might like

2 Responses to Australian government announces its National Cloud Computing Strategy

  1. Andrew Caddik · 624 days ago

    Very efficient and progressive solutions are likely to emerge into the world of technology. It is better that Australian government has set a National Cloud Computing Strategy. It will set up the stage for investors who are looking forward to investing in Cloud Computing Solutions for Businesses.

  2. deed · 623 days ago

    Just a misguided document by the bureaucrats to maximize their own career profiles. Contains no concrete discussions on the issue of ROI and Security.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog