AUCyber logo
Data-protection

The very reasonable expectation of citizens in our digital age

The shift to cloud provides enormous flexibility, agility and efficiencies in data.

The last decade is testament to the scale and reach of cloud services. The trend has been worldwide, led mostly by global cloud providers. As more data finds its vay to the cloud – ,with more of it being confidential data about citizens – sensitivity about where that data is stored, moved and who can access it is driving a pivot in that trend.

The ability to protect data breaks down as it is moved, managed, stored, analysed and used across the global digital supply chain. The concern is twofold.

The first being an antagonistic cyber landscape that makes it increasingly difficult to assure the protection of data against evolving and more sophisticated security threats. Threats to the confidentiality, integrity and availability of data are real. From energy and logistics companies, to universities and health services, the pain of data breach and/ or operational disruption has been acute.

The second concern is jurisdictional control – more specifically, concern about losing it. That data can be moved offshore, or even remain onshore but open to overreach by authorities with jurisdictional control over non­sovereign-owned cloud providers, raises much more serious concerns.

Research this year by IDC throws weight behind previously anecdotal concerns about where cloud data ‘goes’, how and where it is moved, how it is stored, and who can access it.

Involving decision-makers from the public sector, financial services and healthcare industries globally, the research shows that some 63 per cent of respondents believe it is very/extremely important to have cloud solutions that provide complete jurisdictional control and authority over data.

As the pendulum of globalisation swings back to localised control of citizen data, sovereign data protection is not just about residence. It is fundamentally about ensuring that data is subject only to the jurisdictional control and authority of the nation where the data is collected, with certainty that other jurisdictions cannot assert similar rights. This mitigates the risk and complexity of data being subject to multiple and overlapping legal standards and, importantly, assures sovereign data protection.

In signing up to the cloud infrastructure of global providers, many Australian organisations are unaware of the contractual detail they agreed to. Few have little if any, transparency of what data (customer data, metadata, support. analytics, etc.) is moved, where or the level of extra-jurisdictional access to it.

As well as assurance that your data will never leave Australia and that systems will be operated, managed and supported by security personnel in Australia, sovereignty of cloud services means as implied – they are only ever subject to Australian legislation and judicial process.

Once upon a time, the insistence of (data) localisation and control raised the hackles of protectionism; however, without the ability to ring-fence and protect citizen data, managing risk and growing trust in a national digital infrastructure and building much-needed sovereign resilience is fundamentally undermined.•

To read the IDC report, ‘Deploying the
Right Data to the Right Cloud in Regulated Industries’, visit: https://bit.ly/3vsiCxA