Implications from the safe harbour demise

Australia’s steady decline on a world corruption index has highlighted the importance of transparency and process integrity as government bodies reinvent themselves in a world where the ubiquity of cloud platforms poses a direct challenge to conventional protections for sensitive personal and corporate data.

The security of cloud-hosted information has long been a showstopper for many organisations, with cloud-first mandates of recent years only finally breaking through walls of perception in many organisations at all levels of government. Yet as reinforced by the Transparency International Corruption Perceptions Index 2015 — which saw Australia’s corruption score worsen from 85 in 2012 to 79 this year — changing perceptions of a government’s effectiveness can have a direct impact on its integrity.

Procurement rules, for example, must be carefully preserved to ensure corruption and other issues are kept away from everyday government processes — and a strong part of this protection lies in ensuring that crucial data remains both secure and whole whether stored in on-premises systems or stored outside the organisation in any of a range of cloud services.

The idea that the protection of cloud-hosted data has become of paramount operational importance to governments is coming to a head this week as 28 European Union national data protection agencies convene to mull over the composition of a revised ‘Safe Harbour’ agreement that would facilitate the flow of data between the United States and Europe, where protections for personal information are far stricter.

If a compromise cannot be reached — and early indications suggest that negotiations are faltering — US companies could be banned from accessing data on EU civilians, throwing a spanner in the works for efforts to establish smooth, global markets driven by online services.

This change — occasioned by an October ruling by the European Court of Justice — would be a cataclysmic result for expansionist-minded companies on both sides of the Atlantic, where mutually beneficial trade arrangements are long-standing and deep. It would also, by extension, resurface issues of data sovereignty by pushing expanding global cloud providers into the position of having to set up physical operations in the EU — or abandon them altogether.

This expansion isn’t without its benefits, particularly in Australia where a raft of recent data-centre investment has flooded the market with new cloud capacity. Yet with governance and other procedural issues weighing large on the market’s development, that capacity may most significantly benefit from recent moves to bolster the security of cloud-hosted services.

Infrastructure provider BT, for example, recently debuted its BT Connect Intelligence IWAN, offering more flexible cloud-infrastructure capabilities through the implementation of software-defined networking paradigms. Data-analytics giant Splunk recently announced its Splunk Cloud services had secured ISO/IEC 27001:2013 certification, attesting to its platform’s procedural integrity in terms of protecting and securing organisational data.

“Security and cloud computing are strategic priorities for businesses today,” said Peter Altabef, president and chief executive officer with Unisys, which recently released Stealth — technology designed to bolster security through ‘micro-segmentation’ that enables better control of data and resources running on the Amazon Web Services (AWS) cloud.

“Enterprise-proven security that evolves to meet future threats will provide additional assurance to enterprises and governments that are moving core operations to the cloud. Integrating Stealth onto the AWS Cloud advances Unisys’s leadership in security and reflects our commitment to continually deliver innovation that solves real-world business challenges.”

Specialist security providers are filling out their cloud capabilities, with Tenable Network Security recently extending its Nessus vulnerability management platform to Microsoft’s Azure cloud platform. Even start-ups are getting into the game, with Covertix and FireLayers offering high granularity control over cloud data that the companies say facilitates “granular auditing, forensics and alerts, ensuring compliance with regulations like SOX, PII, HIPAA, PCI, PHI, PII, and IP”.

Such investments are leading the cloud market, in Australia and elsewhere, into a novel situation: by 2018, Gartner recently forecast, cloud security will become so good that security government organisations will be moving their systems to cloud environments with the primary goal of taking advantage of that security.

By that point, security will have bypassed cost savings and agility as the primary reasons government agencies adopt public-cloud solutions. “Many cloud service providers, such as Amazon Web Services, Microsoft and Google, invest heavily in incorporating higher levels of security into their products to continue building confidence that their data is more secure,” said Neville Cannon, research director at Gartner. “Many of these providers can invest more than what most nations could afford, let alone the average government agency.”

With increased security will come increased confidence in the security of government-held information, which will be fundamental to the integrity of increasingly cloud-hosted government as, at the Commonwealth level at least, agencies are pushed towards dramatic procurement reform through the government’s broad-based National Innovation and Science Agenda.

That agenda is not only aiming to transform Australian government agencies around digital engagement with citizens, but to help them do so efficiently by tapping into the transformative power of the cloud. Dell’s Global Technology Adoption Index 2015, for example, found that organisations investing in off-premises cloud solutions have 51% higher growth rates than those that are not.