Australian Government – Digital Transformation Strategy

Australian Government – Digital Transformation Strategy

 

  • https://www.dta.gov.au/what-we-do/policies-and-programs/secure-cloud/?lipi=urn%3Ali%3Apage%3Ad_flagship3_pulse_read%3BWmMXjzgNTV2ysnBsB%2BS3DQ%3D%3D
  • https://www.dta.gov.au/files/cloud-strategy/secure-cloud-strategy.pdf
  • Principle 1: Make risk-based decisions when applying cloud security
  • Principle 2: Design services for the cloud
  • Principle 3: Use public cloud services as the default
  • Principle 4: Use as much of the cloud as possible
  • Principle 5: Avoid customisation and use services ‘as they come’
  • Principle 6: Take full advantage of cloud automation practices
  • Principle 7: Monitor the health and usage of cloud services in real time
  • Initiative 1: Agencies must develop their own cloud strategy
  • Initiative 2: Implement a layered certification model
  • Initiative 3: Redevelop the Cloud Services Panel to align with the procurement recommendations for a new procurement pathway that better supports cloud commodity purchases
  • Initiative 4: Create a dashboard to show service status for adoption, compliance status and services panel status and pricing
  • Initiative 5: Create and publish cloud service qualities baseline and assessment capability
  • Initiative 6: Build a cloud responsibility model supported by a cloud contracts capability
  • Initiative 7: Establish a whole-of-government cloud knowledge exchange
  • Initiative 8: Expand the Building Digital Capability program to include cloud skills
  • Myth 1: The Cloud is not as secure as on premise services
  • Myth 2: Privacy reasons mean government data cannot reside offshore.

  • “Generally, no. The Privacy Act does not prevent an Australian Privacy Principle (APP) entity from engaging a cloud service provider to store or process personal information overseas. The APP entity must comply with the APPs in sending personal information to the overseas cloud service provider, just as they need to for any other overseas outsourcing arrangement. In addition, the Office of the Australian Information Commissioner’s Guide to securing personal information: ‘Reasonable steps’ to protect personal information discusses security considerations that may be relevant under APP 11 when using cloud computing.” https://www.oaic.gov.au/agencies-and-organisations/agency-resources/privacy-agency-resource-4-sending-personalinformation-overseas Additionally, APP 8 provides the criteria for cross-border disclosure of personal information, which ensures the right practices for data residing off-shore are in place. Our Australian privacy frameworks establish the accountabilities to ensure the appropriate privacy and security controls are in place to maintain confidence in our personal information in the cloud.

    Myth 3: Information in the cloud is not managed properly and does not comply with record keeping obligations

     

Leave a Reply