SDN Journal Authors: Liz McMillan, Yeshim Deniz, Elizabeth White, Pat Romanski, TJ Randall

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Agile Computing, Cloud Security, SDN Journal

@CloudExpo: Article

Australia Introduces New Updates to Policies on Cloud Security

More Countries to Follow Suit?

Australian Government agencies have some new regulations to consider when they are contemplating moves to the cloud, particularly clouds hosted outside of Australian borders. These guidelines, known as "The Australian Government policy and risk management guidelines for the processing and storage of Australian Government information in outsourced or offshore ICT arrangements", are part of the broader Protective Security Policy Framework announced earlier this year and are aimed at protecting data being stored and processed in cloud environments.

The Framework document clearly acknowledges the benefits that Australian Government agencies can gain from moving to cloud environments but points out that privacy, security, integrity and availability of personal information cannot be sacrificed in pursuit of these benefits. In particular, "offshoring" of information (e.g., using US-based cloud services) is highlighted as a situation that creates a number of challenges in this arena, and the Framework is meant to help agencies determine when to use these services on a case-by-case basis.

For example, the Framework would allow for information that does not require privacy protection to be put in offshore clouds after an agency has conducted the appropriate detailed risk assessments. For privacy protected information, Government Ministry approvals are required. Security classified information is not permitted to be stored offshore unless very specific circumstances are met and special approvals obtained.

More Country-Specific Regulations to Come?
In the wake of headlines involving surveillance programs such as PRISM, as well as weekly news reports on cyber-security threats and associated business risk, it can be expected that we will see more country-specific guidelines taking shape. These guidelines, at their core, will attempt to establish (or re-establish) a degree of data "control" and ownership for the enterprise that is traditionally ceded when offshore cloud services are adopted. And for some types of sensitive data, cloud services may be ruled out altogether because the certitude in the security and privacy of the information cannot be contractually guaranteed in the cloud service provider's environment. This is an unfortunate circumstance for government agencies that will be placed in this situation; since they will be forced to consider using costly and inefficient on-premise approaches. Fortunately there is an alternative approach that can provide the data control these organizations require, even while moving to public cloud services located offshore.

Cloud Data Protection Gateway
Even without these guidelines being in place, some Australian organizations have been proactively deploying solutions known as Cloud Data Protection Gateways in order to retain control of their sensitive data assets when using offshore services. These companies are fully securing sensitive information before it leaves their environment and goes to the public cloud in the United States (or elsewhere) for processing and storage. One critical benefit of these gateways is that they are designed to preserve the end-user's experience with the cloud application.

Our solution, the PerspecSys Cloud Protection Gateway, was built to secure any organization's sensitive data, including sensitive citizen data, before it is sent to the cloud. Any cloud application an enterprise or government agency needs to use to store and share information is therefore secure from surveillance or cyber-attacks (because the sensitive data is no longer stored or processed in the cloud). The solution is installed inside the organization itself and allows full data control to stay within its walls. With the sensitivities and amount of security needed in the public/government sectors, the solution is ideal for any organization moving data to the cloud.

So while the Framework guidelines rightly point out the real challenges many agencies face with putting data in the cloud, these groups do not have to feel forced into considering on-premise only deployment models. Any organization concerned about putting highly sensitive data on the cloud should learn more about the PerspecSys Cloud Protection Gateway and find out how their data can remain fully within their control at all times.

Read the original blog entry...

PerspecSys Inc. is a leading provider of cloud protection and cloud encryption solutions that enable mission-critical cloud applications to be adopted throughout the enterprise. Cloud security companies similar to PerspecSys remove the technical, legal and financial risks of placing sensitive company data in the cloud. PerspecSys accomplishes this for many large, heavily regulated companies across the world by never allowing sensitive data to leave a customer's network, while maintaining the functionality of cloud applications. For more information please visit http://www.perspecsys.com/ or follow on Twitter @perspecsys.

More Stories By Gerry Grealish

Gerry Grealish is Vice President, Marketing & Products, at PerspecSys. He is responsible for defining and executing PerspecSys’ marketing vision and driving revenue growth through strategic market expansion and new product development. Previously, he ran Product Marketing for the TNS Payments Division, helping create the marketing and product strategy for its cloud-based payment gateway and tokenization/encryption security solutions. He has held senior marketing and leadership roles for venture-backed startups as well as F500 companies, and his industry experience includes enterprise analytical software, payment processing and security services, and marketing and credit risk decisioning platforms.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

CloudEXPO Stories
Despite being the market leader, we recognized the need to transform and reinvent our business at Dynatrace, before someone else disrupted the market. Over the course of three years, we changed everything - our technology, our culture and our brand image. In this session we'll discuss how we navigated through our own innovator's dilemma, and share takeaways from our experience that you can apply to your own organization.
DXWorldEXPO LLC announced today that Nutanix has been named "Platinum Sponsor" of CloudEXPO | DevOpsSUMMIT | DXWorldEXPO New York, which will take place November 12-13, 2018 in New York City. Nutanix makes infrastructure invisible, elevating IT to focus on the applications and services that power their business. The Nutanix Enterprise Cloud Platform blends web-scale engineering and consumer-grade design to natively converge server, storage, virtualization and networking into a resilient, software-defined solution with rich machine intelligence.
Founded in 2002 and headquartered in Chicago, Nexum® takes a comprehensive approach to security. Nexum approaches business with one simple statement: “Do what’s right for the customer and success will follow.” Nexum helps you mitigate risks, protect your data, increase business continuity and meet your unique business objectives by: Detecting and preventing network threats, intrusions and disruptions Equipping you with the information, tools, training and resources you need to effectively manage IT risk Nexum, Latin for an arrangement by which one pledged one’s very liberty as security, Nexum is committed to ensuring your security. At Nexum, We Mean Security®.
Having been in the web hosting industry since 2002, dhosting has gained a great deal of experience while working on a wide range of projects. This experience has enabled the company to develop our amazing new product, which they are now excited to present! Among dHosting's greatest achievements, they can include the development of their own hosting panel, the building of their fully redundant server system, and the creation of dhHosting's unique product, Dynamic Edge.
The Transparent Cloud-computing Consortium (T-Cloud) is a neutral organization for researching new computing models and business opportunities in IoT era. In his session, Ikuo Nakagawa, Co-Founder and Board Member at Transparent Cloud Computing Consortium, will introduce the big change toward the "connected-economy" in the digital age. He'll introduce and describe some leading-edge business cases from his original points of view, and discuss models & strategies in the connected-economy. Nowadays, "digital innovation" is a big wave of business transformation based on digital technologies. IoT, Big Data, AI, FinTech and various leading-edge technologies are key components of such business drivers.