NEXTDC warns Australia's data fabric is one disaster from unravelling
ENERGETIC and innovative data centre operator, NEXTDC, has spearheaded research with the University of New South Wales (UNSW), Baker & McKenzie and Aon which reveals the complexities and vulnerabilities for business in managing data in current ‘cloud' environments.
While recent data breaches afflicting high profile organisations like Facebook, Google and Commonwealth Bank have made headlines, as have internet security and corporate espionage issues internationally, there has been little in the way of considered advice offered to business leaders and owners in Australia.
This research looks specifically at Australia and New Zealand contexts and is designed to offer a series of signposts - including ‘10 Commandments of Data Sovereignty' -- for executives who need to understand the law, their responsibilities, and best practice measures for managing data in the cloud, according to NEXTDC CEO, Craig Scroggie.
Mr Scroggie said NEXTDC was a sponsor of the whitepaper research, titled Data Sovereignty and the Cloud - A Board and Executive Officer's Guide, because it "needed to be produced to shine light on the much debated issue and guide organisations" on their technology journeys.
"Most customers in our data centres have an interest in the issues relating to their obligations and concerns regarding data sovereignty, yet there wasn't a comprehensive piece of work available to advise them on the topic," Mr Scroggie said.
"We supported this project to ensure they have access to the important need-to-know facts."
At the whitepaper launch Mr Scroggie shared his view of the 10 Commandments of Data Sovereignty- a core list of considerations for executives.
"These are essential points that should be factored into all future plans to maintain confidence in the cloud," he said.
The report shows that data sovereignty and the selection of a cloud provider extends beyond the domain of the chief information officer (CIO), and should draw on expertise from corporate security, risk management, and legal counsel within the organisation.
According to a recent Ponemon survey, corporate security professionals are involved in the vetting process for cloud providers only nine percent of the time - and this report described that as unacceptable.
The whitepaper surmised that once the cloud data location and jurisdictions are identified and analysed, the obligations for each option understood, the assessment criteria developed, and procedures trialled, these components can be drawn together and integrated into normal operations.
FEAR OF DATA BREACHES
The whitepaper has been produced just as Australia's Privacy Amendments (Privacy Alerts) Bill 2013, which stated that mandatory data breach notifications will benefit both Australian consumers and industry stakeholders, was postponed.
Academic and chief author of the 90-page whitepaper, David Vaile from the Cyberspace Law and Policy Centre at the UNSW Faculty of Law, Sydney, said the analysis has taken the better part of a year to compile and includes information as recent as the commentary on PRISM, the national security electronic surveillance program operated by the United States National Security Agency.
"There is no other document in Australia which has this much detail on the issues around data sovereignty," Mr Vaile said.
"Knowing where and under whose jurisdictional control your data is held can be a fundamental issue for transparency and risk assessment. To date it has been overlooked among all the excitement and enthusiasm about the new cloud tools and techniques. Hopefully this guide will help change that."
The whitepaper was launched in Sydney this week following a panel discussion on data sovereignty and the cloud. The panel included perspectives from the academic, legal, risk, and technology sectors to give a view of the business considerations decision makers in Australia need to assess when moving or storing data in the cloud.
Panel members included co-authors Mr Vaile, global law firm Baker & McKenzie partner Adrian Lawrence, and global insurer Aon risk expert Eric Lowenstein.
Australian Communications and Media Authority (ACMA) chairman Chris Chapman was also at the launch.
"The whitepaper highlights a series of important issues central to digital data protection in the cloud which are of important interest to the Australian Communications and Media Authority," said Mr Chapman.
"The ACMA has been closely monitoring these issues and working with industry and citizens to facilitate a safe transition to cloud services. Our recent research paper emphasises the need for a coherent regulatory framework for cloud computing."
The whitepaper indicated that the smooth operation of a Cloud Data Location and Jurisdiction Policy will depend on how well it interacts with and is supported by, current and future online tools and data related policies.
Researcher Mr Vaile said it was important to design a development, audit and evaluation process to assess and help refine the operation of each part of the policy.
Mr Scroggie said NEXTDC's purpose-built facilities in Brisbane, Melbourne and Canberra -- with centres soon to open in Perth and Sydney -- have been designed to address the emergence and growth of cloud internet-based computing and the market's growing appetite for energy-efficient, independent data centres in which organisations can host their critical IT infrastructure.
ends