Secure Cloud Services. New perspectives from the Australian Information Commissioner (OAIC).
New mandatory data breach reporting legislation introduced in 2018 provides a powerful new insight into the types of threat you face in today’s cloud environment. While comparing cloud service providers can be challenging due to the sheer complexity involved, the stakes for protecting the integrity of your data have never been higher.
When you put aside all the buzzwords, cloud computing is simply a service model that offers enterprise scale compute – storage – backup – hosting – networking – backup – disaster recovery and other solutions over public or private connections as and when you need them, with a more flexible ongoing OPEX cost model.
While cloud services can represent a wide range of technologies and solutions, for 8-in-10 Australian organisations, it’s likely to represent a hybrid cloud model combining in-house, collocated, private and public cloud elements. No two organisations start from the same place, or have the same goals, so no two designs are alike. This is significant, because the Cloud Services requirements for users in different industry vertical can be quite unique. Healthcare providers may need to meet rigorous standards imposed by the Department of Human Services for example. Fintech providers may need to meet global industry standards such as PCI DSS V3.2.1 for individually identifiable data. Education providers may need to opt for Caudit certified cloud service providers, and those participating securely in the national AARnet academic network.
This vertical-specific view is reinforced by data breech reporting which shows Cyber security risks can vary widely between verticals. Healthcare was the most at-risk sector, making up over 18% of all reported security and process failures, ahead of the finance sector (14%), legal, accounting and management services (14%), private education providers (7%) and personal service providers with over 5% of all reported breaches.
New perspective.
The Office of the Australian Information Commissioner, which sits within the Attorney-General’s office, reports quarterly on the mandatory breech notices issued by Australian organisations. The latest data represents all declared events, with 245 reported in the last quarter alone. While the intent of this legislation is to increase transparency and accountability, it represents a major escalation in legal, fiscal and reputational risk posed to cloud services users by any security breach of their data.
Macquarie Cloud Services have become Australia’s most-recommended cloud service provider, by recognising it’s about technology. And people. Our unique model delivers cloud services with the partners and technologies you already know and trust (such as our exclusive VMware Showcase Partner status), our own Australian Data Centres, over 100 NV1 engineers over here, not over there, and in-house Telco and security capabilities. Nowhere is this more important, than in our defence-in-depth cloud hosting model. While OIAC data show human error is the second greatest cause of data breaches (36%) ahead of system faults (12%), the clear majority were the result of malicious actors (59%)2.
So, while meeting with our cloud service architects can cover your fundamental computer-storage-hosting-network-backup-recovery requirements, it’s crucial they take into account not just your existing solutions, and your goals over time, but your specific industry, regulatory and compliance requirements to protect your interests and those of your clients and partners.
[1] Dell EMC Forum keynote; Rightscale 2018 State of the Cloud report, August 2018.
[2] https://www.arnnet.com.au/article/644556/health-sector-ranks-first-oaic-data-breach-report/
[3] Net promoter score +84; https://macquariecloudservices.com/customer-experience/; independently audited Matrix CX Mar18.
[4] https://www.arnnet.com.au/article/648895/health-service-providers-remain-top-data-breach-reporting/