dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
571

ashrc4
Premium Member
join:2009-02-06
australia

ashrc4

Premium Member

Aus Gov goes cloud.

»nakedsecurity.sophos.com ··· tragegy/

Posting mainly as a topic of interest but plenty too consider.
Either as secure or progressive.

norwegian
Premium Member
join:2005-02-15
Outback

1 edit

norwegian

Premium Member

We seem to be using 1 fine at work to no ill effects.
However who will be managing their cloud?
As I posted here »ASIO's new building.. where the blue prints of a 163 million dollar building were supposedly taken from a third party, you have to wonder at the security of the govt using the cloud.

Will they hold the employees of the cloud provider to contracts stating they won't give away federal secrets?
Will they outsource part of it to overseas, such as India?
Will regular audits of the cloud for network security occur and who will do them?

There is all sorts of implications of allowing federal secrets, issues and policies to float external to their internally locked down systems.

However on the positive side, if they do have it set up correctly with a company that knows their computer and network security, I can see it as an added bonus, because a contracted supplier might be able to pay it's staff to deal with the variety of issues, and manage to suit, where as a govt employee tends to be under-paid and or slack workers hiding in the system making lots of promises but ethically keeping to none.
norwegian

norwegian to ashrc4

Premium Member

to ashrc4
This article seemed interesting and points out a few positives of using a cloud.

»www.itnews.com.au/News/3 ··· icy.aspx
quote:
“From my experience, with 2094 data centres, some agencies didn’t even know where they were,” he said.

“The old model of security was very much around building a fence or perimeter around your systems. That model is broken, it’s not sustainable.

“What we realised was these public cloud companies were actually improving transparency around security, and were hiring the best security experts from around the world, and that was their core business. It was a very easy decision [to shift to public cloud] when we started being intellectually honest about our current security practices.”

He said holding on to legacy technology rather than embracing new options was an ineffective way of dealing with cyber security.