1 / 16

Cloud Data Privacy and Data Sovereignty

Cloud Data Privacy and Data Sovereignty. Chris Dury chris@dury.me. Agenda. Government Leadership Australian and State Government Frameworks for Mortals Managing and Evaluating Risk Office 365 Compliance. Australian Government Leadership. Opens $5B in ICT spending to cloud

zephania-camacho
Download Presentation

Cloud Data Privacy and Data Sovereignty

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cloud Data Privacy and Data Sovereignty Chris Dury chris@dury.me

  2. Agenda • Government Leadership • Australian and State Government Frameworks for Mortals • Managing and Evaluating Risk • Office 365 Compliance

  3. Australian Government Leadership Opens $5B in ICT spending to cloud Requires federal agencies to consider cloud

  4. Australian Government Leadership GOAL:- “The Australian Government will be a leader in the use of cloud services to achieve greater efficiency, generate greater value from ICT investment, deliver better services and support a more flexible workforce STATEMENT:- Australian Government agencies will: - consider cloud services for new ICT procurements - commence procurement of public cloud services for their test & dev needs, as appropriate value for money - transition public facing websites to public cloud hosting at natural ICT refresh points - establish info sharing initiatives to facilitate continual improvement, case studies, risk models, lessons etc

  5. SA Government Leadership • Discussion Paper which focuses on the importance of “connectedness” and improving the state’s ability to innovate • Digital by default • Moving from… • Buying software to buying services • Big monolithic projects to rapid prototyping • Competing for resources to sharing first • Little mention of… • Social Computing • Cloud Computing

  6. Security Policies and Frameworks Standards

  7. What does it mean for Office 365? • ISMF Standard 12 - Section 7.2.1. Risk identification associated with external organisations - Responsible Parties must conduct a thorough risk assessment in accordance with Section 5.1 of the PSMF and supported by the Government of South Australia Risk Management Policy Statement prior to granting access to information and/or information processing facilities by any External Organisation. • 7.2.2 ISMF Standard 13Access provided to third parties (including customers, contractors etc.) shall be controlled based on the specific business requirements of the Responsible Party

  8. So… • There are no specific aversions to cloud based technologies, and • There are no requirements for cloud infrastructure to be hosted in Australia If… • A Risk Assessment is completed, and • The Business Requirements are compatible

  9. Because… • Privacy Act 1988 • Schedule 3 – National Privacy Principles – 9 – Trans border Data flows • An organisation in Australia or an external Territory may transfer personal information about an individual to someone (other than the organisation or the individual) who is in a foreign country only if: •                      (a)  the organisation reasonably believes that the recipient of the information is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to the National Privacy Principles; or

  10. Risk Assessment

  11. Office 365 Compliance http://trustoffice365.com/

  12. Office 365 provides Bridging the gap What you need to do • Use Rights Management Service • E3,E4 or On-Premise • Use your Risk Assessment to build a Classification Scheme and don’t store certain data in the cloud

  13. Questions & Next steps • Microsoft is working to reduce uncertainty with PSPF, ISMF • More Risk Analysis Tools coming

More Related