Data Security and Cloud Adoption Challenge


Over the past two years, Australia has faced unprecedented change and unpredictable patterns in the form of wildfires, floods, and the effects of the global pandemic – with the pandemic, in particular, forcing government agencies to renew their focus on digital transformation.

Post-pandemic, the Australian government placed $1.2bn of the 21-22 budget into their revised digital economy strategy, aiming for all NSW government bodies to adopt public cloud for 25% of their ICT services by 2023.

Data-driven insights for decision making are a key pillar of every agency’s digital strategy, and unlocking that true potential of data has been viewed as agencies top priority. Implementation of a cloud data analytics platform plays into each agency’s technology plan.

The big haul involves overcoming moving the analytics platforms to the cloud due to the majority of data security concerns involved.

Information security, data sovereignty, and privacy are the bigger risks with cloud services, and whilst these are valid for traditional ICT delivery – moving data to offshore locations brings risks of non-compliance. Cloud Service Providers have set up robust controls to ensure these risks are effectively addressed – such as Microsoft Azure which provides confidentiality and integrity with the availability of customer data along with transparent accountability.

PIA

Australian governments are subject to the privacy act and all high privacy risk projects are to be conducted under a privacy impact assessment (PIA). this allows for organizations to follow their PIA process to identify privacy risks early in any project. This also helps align the process to the organization’s Information Security Risk Assessment Process.

This will require data classification processes to be lean and apply a risk-based approach. These form part of the information management framework consisting of the necessary governance and control to manage the collection, distribution and archiving of data.

ISRA

If the organizations do not have the frameworks in place, publicly available tools can classify the data and involve a specialist in privacy and confidentiality to conduct the PIA for data analytics on the cloud.

Collaborating with security teams from the beginning and starting an Information Security Risk Assessment helps to ensure all risks are fully documented and have an agreed owner, treatment and controls. This risk-based approach is supported by the Queensland Government’s implementation of ISO:27001.

Putting Solutions Together

Implementation of data analytics on the cloud ultimately rests on how agencies set up for the change. Whilst motioned processes may differ depending on the maturity levels of the organizations, the intent to provide expert advice and analysis on making informed decisions on proposed solutions via analytics on the cloud should remain.

Implemented correctly, processes like these will alleviate security concerns stemming from the cloud conversation on government agencies and data analytics.

For more information on public sector IT and any upcoming risk management events, check out the upcoming IT Security events 2022 from Whitehall Media.