SDN Journal Authors: Elizabeth White, Yeshim Deniz, Liz McMillan, Pat Romanski, TJ Randall

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Agile Computing, Cloud Security, SDN Journal

@CloudExpo: Article

Australia Introduces New Updates to Policies on Cloud Security

More Countries to Follow Suit?

Australian Government agencies have some new regulations to consider when they are contemplating moves to the cloud, particularly clouds hosted outside of Australian borders. These guidelines, known as "The Australian Government policy and risk management guidelines for the processing and storage of Australian Government information in outsourced or offshore ICT arrangements", are part of the broader Protective Security Policy Framework announced earlier this year and are aimed at protecting data being stored and processed in cloud environments.

The Framework document clearly acknowledges the benefits that Australian Government agencies can gain from moving to cloud environments but points out that privacy, security, integrity and availability of personal information cannot be sacrificed in pursuit of these benefits. In particular, "offshoring" of information (e.g., using US-based cloud services) is highlighted as a situation that creates a number of challenges in this arena, and the Framework is meant to help agencies determine when to use these services on a case-by-case basis.

For example, the Framework would allow for information that does not require privacy protection to be put in offshore clouds after an agency has conducted the appropriate detailed risk assessments. For privacy protected information, Government Ministry approvals are required. Security classified information is not permitted to be stored offshore unless very specific circumstances are met and special approvals obtained.

More Country-Specific Regulations to Come?
In the wake of headlines involving surveillance programs such as PRISM, as well as weekly news reports on cyber-security threats and associated business risk, it can be expected that we will see more country-specific guidelines taking shape. These guidelines, at their core, will attempt to establish (or re-establish) a degree of data "control" and ownership for the enterprise that is traditionally ceded when offshore cloud services are adopted. And for some types of sensitive data, cloud services may be ruled out altogether because the certitude in the security and privacy of the information cannot be contractually guaranteed in the cloud service provider's environment. This is an unfortunate circumstance for government agencies that will be placed in this situation; since they will be forced to consider using costly and inefficient on-premise approaches. Fortunately there is an alternative approach that can provide the data control these organizations require, even while moving to public cloud services located offshore.

Cloud Data Protection Gateway
Even without these guidelines being in place, some Australian organizations have been proactively deploying solutions known as Cloud Data Protection Gateways in order to retain control of their sensitive data assets when using offshore services. These companies are fully securing sensitive information before it leaves their environment and goes to the public cloud in the United States (or elsewhere) for processing and storage. One critical benefit of these gateways is that they are designed to preserve the end-user's experience with the cloud application.

Our solution, the PerspecSys Cloud Protection Gateway, was built to secure any organization's sensitive data, including sensitive citizen data, before it is sent to the cloud. Any cloud application an enterprise or government agency needs to use to store and share information is therefore secure from surveillance or cyber-attacks (because the sensitive data is no longer stored or processed in the cloud). The solution is installed inside the organization itself and allows full data control to stay within its walls. With the sensitivities and amount of security needed in the public/government sectors, the solution is ideal for any organization moving data to the cloud.

So while the Framework guidelines rightly point out the real challenges many agencies face with putting data in the cloud, these groups do not have to feel forced into considering on-premise only deployment models. Any organization concerned about putting highly sensitive data on the cloud should learn more about the PerspecSys Cloud Protection Gateway and find out how their data can remain fully within their control at all times.

Read the original blog entry...

PerspecSys Inc. is a leading provider of cloud protection and cloud encryption solutions that enable mission-critical cloud applications to be adopted throughout the enterprise. Cloud security companies similar to PerspecSys remove the technical, legal and financial risks of placing sensitive company data in the cloud. PerspecSys accomplishes this for many large, heavily regulated companies across the world by never allowing sensitive data to leave a customer's network, while maintaining the functionality of cloud applications. For more information please visit http://www.perspecsys.com/ or follow on Twitter @perspecsys.

More Stories By Gerry Grealish

Gerry Grealish is Vice President, Marketing & Products, at PerspecSys. He is responsible for defining and executing PerspecSys’ marketing vision and driving revenue growth through strategic market expansion and new product development. Previously, he ran Product Marketing for the TNS Payments Division, helping create the marketing and product strategy for its cloud-based payment gateway and tokenization/encryption security solutions. He has held senior marketing and leadership roles for venture-backed startups as well as F500 companies, and his industry experience includes enterprise analytical software, payment processing and security services, and marketing and credit risk decisioning platforms.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

CloudEXPO Stories
DXWorldEXPO LLC announced today that Big Data Federation to Exhibit at the 22nd International CloudEXPO, colocated with DevOpsSUMMIT and DXWorldEXPO, November 12-13, 2018 in New York City. Big Data Federation, Inc. develops and applies artificial intelligence to predict financial and economic events that matter. The company uncovers patterns and precise drivers of performance and outcomes with the aid of machine-learning algorithms, big data, and fundamental analysis. Their products are deployed by some of the world's largest financial institutions. The company develops and applies innovative machine-learning technologies to big data to predict financial, economic, and world events. The team is a group of passionate technologists, mathematicians, data scientists and programmers in Silicon Valley with over 100 patents to their names. Big Data Federation was incorporated in 2015 and is ...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like "How is my application doing" but no idea how to get a proper answer.
All in Mobile is a place where we continually maximize their impact by fostering understanding, empathy, insights, creativity and joy. They believe that a truly useful and desirable mobile app doesn't need the brightest idea or the most advanced technology. A great product begins with understanding people. It's easy to think that customers will love your app, but can you justify it? They make sure your final app is something that users truly want and need. The only way to do this is by researching target group and involving users in the designing process.
CloudEXPO New York 2018, colocated with DevOpsSUMMIT and DXWorldEXPO New York 2018 will be held November 12-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI and Machine Learning to one location.
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.