The risky business of the cloud
- {{x.value}}
{{ twilioFailed ? 'SMS Code Failed to Send…' : 'Enter verification code' }}
{{ completedStep1 ? 'Start your free 15 day trial now' : content.trialHeading.replace('{0}', user.FirstName) }}
{{ content.upgradeHeading.replace('{0}', user.FirstName) }}
The email address you entered is registered with InvestSMART
Please login to continue
We have sent you an email with the details of your registration.
Looks you are already a member. Please enter your password to proceed
{{ upgradeCTAText }}
Updating information
Please wait ...
Your membership to InvestSMART Group recently failed to renew.
Please make sure your payment details are up to date to continue your membership.
Having trouble renewing?
Please contact Member Services on support@investsmart.com.au or 1300 880 160
You've recently updated your payment details.
It may take a few minutes to update your subscription details, during this time you will not be able to view locked content.
If you are still having trouble viewing content after 10 minutes, try logging out of your account and logging back in.
Still having trouble viewing content?
Please contact Member Services on support@investsmart.com.au or 1300 880 160
Please click on the ACTIVATE button to activate your Intelligent Investor 15-day free trial
Please click on the ACTIVATE button to finalise your membership
Unsuccessful registration
Registration for this event is available only to Eureka Report members. View our membership page for more information.
Registration for this event is available only to Intelligent Investor members. View our membership page for more information.
- You are already registered for this event.
- This event is already full.
- Please select a quantity for at least one ticket.
- {{ i }}
Forgotten password
Please enter your email address below to request a new password
- Verify your email address by clicking on the link we sent to {{user.Email}}
- You now have free access, we look forward to helping you on your financial journey.
Cloud computing has been one of the game changers of business IT, however no change comes without risks, as a University of New South Wales report on the trend revealed earlier this week.
The University of New South Wales’ Cyberspace Law and Policy Centre’s “Data Sovereignty and the Cloud” white paper released in Sydney on Tuesday is a guide for executives and company directors on the technical, legal and governance risks arising from adopting cloud computing services.
Critics of cloud computing have long pointed out the risk of foreign governments accessing business data, particularly US agencies using the country’s Patriot Act. In the wake of Edward Snowden’s revelations on government internet spying, those claims have been largely vindicated.
The UNSW report recognises those risks and seeks to put them in perspective while identifying other traps such as the jurisdiction of foreign privacy laws, contractual requirements and even the limitations of insurance policies in a connected marketplace.
Launching the guide on Tuesday, Australian Media and Communications Authority head Chris Chapman described how almost three quarters of Australians use cloud services but have “a limited understanding of how the cloud works.”
That limited understanding extends to executives and even IT professionals. Identity management expert Steve Wilson of Lockstep consulting pointed out that “in 1990s network diagrams the cloud represented the unimportant, outside world of the internet.”
Now that cloud computing has become a basic business function, understanding and managing the risks inherent in these services has become critical for managers and boards.
“This topic has gone from nervous lawyer’s backroom stuff to mainstream business risk management topic in a couple of years,” states David Vaile of the UNSW Cyberspace and Law Centre.
One concern of the experts are the different national privacy regulations with Australia’s being more aligned with European principles than those of the United States. This may leave local businesses liable for breaches which are not illegal in the cloud service provider’s home country.
Not all cloud providers are created equal and there are distinct differences between different services in terms of the security and service they provide. Major players like Google, Microsoft and Amazon each have distinctly different approaches to how data is stored and the control customers have over it.
Ultimately the responsibility for compliance comes back onto the Australian company. “It doesn’t matter where or under whose law your data is hosted,” states Vaile. Regardless of where information is saved, Australian companies are still liable under Australian law.
A clear message from the panel at the Sydney launch was Australian law offers fewer protections than from government snooping than most other developed nations.
“There's no constitutional protections in Australia as there are in the US, EU, and UK,” said Vaile. “We don't have any constitutional protections on free speech, privacy, and rights against search and seizure.”
For boards hoping their insurance cover will foot the bill for any losses, they may be disappointed. “The problem is that conventional insurance programs typically do not provide the depth of cover that cyber risks of today are presenting businesses,” said Eric Lowenstein of insurers AON.
So the risks of cloud computing and big data are firmly on managements and boards, and executives have to understand the hazards so they can adequately manage them.
Edward Snowden and Bradley Manning’s leaking of information illustrate that computer security risks are not limited to cloud services or the private sector. “The NSA is a very timely reminder of the risks,” Craig Scroggie of data centre NextDC said. “If the largest spy agency can’t protect their information, then what chance do I?”
Lockstep’s Wilson summed up the security issues wisely, “There’s no such thing as perfect security, but equally there’s no such thing as no security.”
Understanding we’re not in a perfect, secure world is an important step to effectively managing risks and the Data Sovereignty and the Cloud report is a useful guide for executives looking to identify the hazards in data systems.
Paul Wallbank is one of Australia's leading business and technology bloggers, his business Netsmarts helps organisations adapt to the new ways of doing business online.
Call 1300 880 160
Start a chat
Schedule a call
