Govt releases security and privacy requirements for cloud

The federal government has set out provisions for government agencies using cloud without compromising security or privacy.

Attorney-General Mark Dreyfus said the policy will help government agencies make decisions around whether to offshore or outsource processes and requires agencies to seek government approval before storing personal information in the cloud.

The policy follows the May release of the National Cloud Computing Strategy and the Australian Government Cloud Computing Policy v2.0.

“Cloud technology offers not just agility, flexibility and scalability, but also cost savings. In fact, cloud computing is fundamentally changing the way we think about communications technology,” Kate Lundy, Minister Assisting for the Digital Economy, said in a statement.

“Combined with the rollout of the National Broadband Network, cloud computing has the potential to revolutionise how we consume and use digital technology.”

Dreyfus said several privacy safeguards have been built into the policy, which has been called the Australian government policy and risk management guidelines for the storage and processing of Australian government information in outsourced or offshore ICT arrangements.

Under the policy, approval will be required by both the minister responsible for the information and the Attorney-General before personal information can be stored in the cloud.

“This is to ensure that sufficient measures have been taken to mitigate potential risks to the security of that information,” Dreyfus said.

“Government is trusted to hold a great deal of information on citizens and business and it is expected that this information is protected. As much of our work is online, and technology is constantly evolving, we must regularly ensure we are continuing to meet our obligations in protecting the information given to us.”

The new cloud policy allows for information to be stored offshore or in outsourced arrangements following a risk assessment if it does not need privacy protections. It also includes strict provisions for classified security information to not be stored offshore unless it is “special locations”, such as Australian embassies.

Glenn Archer, the Australian government CIO, recently told CIO he remains cautious about agencies moving to the cloud and said there are still challenges that need to be overcome.

The government plans to further analyse the benefits of cloud and the drawbacks of centralising the provision of cloud services by the end of this year.

Follow Stephanie McDonald on Twitter: @stephmcdonald0

Follow CIO Australia on Twitter and Like us on Facebook… Twitter: @CIO_Australia, Facebook: CIO Australia, or take part in the CIO conversation on LinkedIn: CIO Australia