DTA moves to clarify secure cloud strategy

The Digital Transformation Agency has moved to clarify common questions and misconceptions about the government's new secure cloud strategy.

In a list of FAQs, the agency noted that the new strategy does not change the way cloud services are certified, but instead confirms existing practices.

These include the need to keep the government's lead information security agency informed about any cloud projects and to give government agencies the option to arrange their own security assessments using the accredited professionals and requirements followed by the Australian Signals Directorate.

Likewise, the DTA noted that cloud deals are no different to any other outsourcing deals to technology service providers. The same principles of knowing who a supplier is, what access they have to government data and what they do to protect stored information apply to the cloud.

The strategy also confirms that using offshore cloud services is acceptable so long as the government information being stored does not include any private or sensitive data.

Finally, despite questions of whether there should be one solution for every agency, the DTA said because each agency is in a different place in terms of cloud adoption, a one-size-fits-all solution would not fit all.

Instead the DTA has asked agencies to publish their own cloud strategies so they can be shared and disseminated with other departments.

Image credit: ©alphaspirit/Dollar Photo Club

Follow us on Twitter and Facebook