Data sovereignty still misunderstood in Australia: Microsoft
- 18 September, 2012 10:33
- Comments
Legislation such as the Australian Privacy Act and US Patriot Act doesn’t have to be a deterrent to hosting data in a public or private cloud if IT executives do their homework first, according to a technical expert.
Speaking at Tech Ed 2012, Microsoft Australia Azure technical evangelist, Rocky Heckman, told delegates that data sovereignty and security are the major issues he comes across with cloud computing migration.
In depth: Navigating the cloud security minefield
In depth: Cloud exit strategy 101
Data sovereignty
According to Heckman, Australian IT executives should be more worried about the Privacy Act 1988 than the US Patriot Act when it comes to data access.
He said the Privacy Act includes the provision that if a cloud provider is based in Australia, the provider does not have to notify its customer if the provider voluntarily gives out information to law enforcement agencies such as the AFP or Customs.
“The US does not allow that to happen,” he said. “In America you need to have a legal court order process to get that information hosted in the cloud.”
In addition, Heckman said the US Patriot Act did not increase America’s ability to access data from companies.
“What the Patriot Act did is take the time it requires to get a subpoena to access data down from several days to hours but only in the cases of terrorist investigations,” he said.
Cloud due diligence
Turning to cloud service providers, Heckman reminded delegates that they need to make sure the provider was up to the task.
“People should be asking if the cloud service provider has been audited for ISO security standards and if you put applications in the cloud, can you get these back?”
Heckman shared the example of an Australian organisation which ran into problems when it tried to change its cloud service provider.
“It took just over two weeks to get their data out and when they got the data it had been broken up so it wasn’t even recognisable as company data” he said.
Heckman recommended that IT executives have a back-out strategy for their cloud implementation.
“If the cloud service provider does go out of business, make sure they have proper data retention policies and that they destroy your records once you’ve got your data back,” he said.
Hamish Barwick travelled to Tech Ed 2012 as a guest of Microsoft
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia
- Bookmark this page
- Share this article
- Got more on this story? Email TechWorld
- Follow TechWorld on twitter
- Build Speed and Security by Design
- Building Maturity and Experience in Successful Virtualisation Strategies
- A New Set of Network Security Challenges
- Top Words Used in Spear Phishing Attacks to Successfully Compromise Enterprise Networks and Steal Data
- The Vizada Satellite Network Selects Webroot® Web Security Services for Corporate Malware and WebSecurity Protection
-
Bitcoin finding its feet at first Silicon Valley conference
-
Australia lags Mongolia in Internet speeds
-
Salesforce.com to buy Clipboard, shutting down service
-
Investor tips on how to propel a startup
-
Review: Nokia Lumia 520
Recent comments
5 hours, 7 minutes ago
4 days, 1 hour ago
5 days, 13 hours ago
5 days, 20 hours ago
1 week, 1 day ago
1 week, 2 days ago
1 week, 2 days ago
1 week, 2 days ago
1 week, 3 days ago
1 week, 4 days ago