Whitepaper says come down from the clouds on data security | Law

Whitepaper says come down from the clouds on data security

We are only one disaster away from eroding the confidence and validity of Cloud computing, experts involved in the launch of a major new report on data sovereignty risks have warned. 

Data Sovereignty and the Cloud - A Board and Executive Officer's Guide, has been launched in Sydney this week by UNSW Law's Cyberspace Law and Policy Centre in partnership with NEXTDC, Baker & McKenzie and Aon.

An estimated 71 per cent of Australians are using Cloud services, with many unaware of the fact, or that sensitive data may stored beyond Australia's boundaries.

David Vaile, Executive Director of the Cyberspace Law and Policy Centre and chief author of the whitepaper, said the analysis had taken the better part of a year to compile and is essential reading for those who need to understand the law, their responsibilities and best practice around managing online data.

"There is no other document in Australia which has this much detail on the issues around data sovereignty," he explained. "Knowing where and under whose jurisdictional control your data is held can be a fundamental issue for transparency and risk assessment. To date it has been overlooked among all the excitement and enthusiasm about the new Cloud tools and techniques. Hopefully this guide will help change that."

Sponsored by global insurer and risk management provider Aon, independent data centre operator NEXTDC, and global law firm Baker & McKenzie, the report's launch comes in the wake of heightened concerns over data security and privacy sparked by revelations of widespread data mining and surveillance by the US National Security Agency.

"Confidence is everything," says NEXTDC Chief Executive Officer Craig Scroggie. "We are only one disaster away from eroding the confidence and validity of Cloud computing.

"There are always risks…in the past we haven't talked about it, but soon we might not have a choice," he said.

Mr Scroggie said company Boards and CIO's needed to investigate their Cloud providers in order to assess concerns and obligations regarding data sovereignty – the issue of who controls and regulates information stored across geographical boundaries.

According to a recent survey, corporate security professionals are involved in the vetting process for Cloud providers only 9 per cent of the time – described in the report as unacceptable.

Read the full whitepaper here.