Gerry Grealish

Subscribe to Gerry Grealish: eMailAlertsEmail Alerts
Get Gerry Grealish via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: Cloud Computing, Security Journal, SOA & WOA Magazine, Cloud Security Journal


Australia Introduces New Updates to Policies on Cloud Security

More Countries to Follow Suit?

Australian Government agencies have some new regulations to consider when they are contemplating moves to the cloud, particularly clouds hosted outside of Australian borders. These guidelines, known as "The Australian Government policy and risk management guidelines for the processing and storage of Australian Government information in outsourced or offshore ICT arrangements", are part of the broader Protective Security Policy Framework announced earlier this year and are aimed at protecting data being stored and processed in cloud environments.

The Framework document clearly acknowledges the benefits that Australian Government agencies can gain from moving to cloud environments but points out that privacy, security, integrity and availability of personal information cannot be sacrificed in pursuit of these benefits. In particular, "offshoring" of information (e.g., using US-based cloud services) is highlighted as a situation that creates a number of challenges in this arena, and the Framework is meant to help agencies determine when to use these services on a case-by-case basis.

For example, the Framework would allow for information that does not require privacy protection to be put in offshore clouds after an agency has conducted the appropriate detailed risk assessments. For privacy protected information, Government Ministry approvals are required. Security classified information is not permitted to be stored offshore unless very specific circumstances are met and special approvals obtained.

More Country-Specific Regulations to Come?
In the wake of headlines involving surveillance programs such as PRISM, as well as weekly news reports on cyber-security threats and associated business risk, it can be expected that we will see more country-specific guidelines taking shape. These guidelines, at their core, will attempt to establish (or re-establish) a degree of data "control" and ownership for the enterprise that is traditionally ceded when offshore cloud services are adopted. And for some types of sensitive data, cloud services may be ruled out altogether because the certitude in the security and privacy of the information cannot be contractually guaranteed in the cloud service provider's environment. This is an unfortunate circumstance for government agencies that will be placed in this situation; since they will be forced to consider using costly and inefficient on-premise approaches. Fortunately there is an alternative approach that can provide the data control these organizations require, even while moving to public cloud services located offshore.

Cloud Data Protection Gateway
Even without these guidelines being in place, some Australian organizations have been proactively deploying solutions known as Cloud Data Protection Gateways in order to retain control of their sensitive data assets when using offshore services. These companies are fully securing sensitive information before it leaves their environment and goes to the public cloud in the United States (or elsewhere) for processing and storage. One critical benefit of these gateways is that they are designed to preserve the end-user's experience with the cloud application.

Our solution, the PerspecSys Cloud Protection Gateway, was built to secure any organization's sensitive data, including sensitive citizen data, before it is sent to the cloud. Any cloud application an enterprise or government agency needs to use to store and share information is therefore secure from surveillance or cyber-attacks (because the sensitive data is no longer stored or processed in the cloud). The solution is installed inside the organization itself and allows full data control to stay within its walls. With the sensitivities and amount of security needed in the public/government sectors, the solution is ideal for any organization moving data to the cloud.

So while the Framework guidelines rightly point out the real challenges many agencies face with putting data in the cloud, these groups do not have to feel forced into considering on-premise only deployment models. Any organization concerned about putting highly sensitive data on the cloud should learn more about the PerspecSys Cloud Protection Gateway and find out how their data can remain fully within their control at all times.

Read the original blog entry...

PerspecSys Inc. is a leading provider of cloud protection and cloud encryption solutions that enable mission-critical cloud applications to be adopted throughout the enterprise. Cloud security companies similar to PerspecSys remove the technical, legal and financial risks of placing sensitive company data in the cloud. PerspecSys accomplishes this for many large, heavily regulated companies across the world by never allowing sensitive data to leave a customer's network, while maintaining the functionality of cloud applications. For more information please visit http://www.perspecsys.com/ or follow on Twitter @perspecsys.

More Stories By Gerry Grealish

Gerry Grealish is Vice President, Marketing & Products, at PerspecSys. He is responsible for defining and executing PerspecSys’ marketing vision and driving revenue growth through strategic market expansion and new product development. Previously, he ran Product Marketing for the TNS Payments Division, helping create the marketing and product strategy for its cloud-based payment gateway and tokenization/encryption security solutions. He has held senior marketing and leadership roles for venture-backed startups as well as F500 companies, and his industry experience includes enterprise analytical software, payment processing and security services, and marketing and credit risk decisioning platforms.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.