Security, legal and contractual concerns associated with the Cloud have been communicated by the Australian Government Information Management Office (AGIMO) in a recent discussion paper.
Quite rightly, the Australian Government has identified potential risks and issues surrounding Cloud computing including legal concerns such as information discovery; compliance with the Privacy Act and Archives Act; jurisdictional issues; and SLAs. AGIMO go on to raise the point that responsibilities need to be clearly spelled out in SLAs with providers.
Here in the UK, CIF has already set up a Code of Practice, whereby cloud service providers must demonstrate accountability, transparency and capability to end users, to be self-certified. CIF’s Code states that service providers must adhere to their SLAs. Therefore allowing the potential customer to make an informed decision about the most suitable service provider for them.
Since the industry body was established in 2009, CIF has dealt with end-users’ concerns surrounding the Cloud to help them resolve them and feel confident to invest in cloud-based services.
As the Australian Government is starting to address the issues and risks that are associated with the Cloud, it would pay to collaborate as the UK is arguably more advanced in its thinking and has taken steps to mitigate these risks through industry self certification. Australia requires an industry body like CIF, to set up Best Practice and to adopt a Code of Practice as we have here in the UK.
As a result, end users can be educated and encouraged to invest in reputable cloud service providers, to encourage a wide-spread adoption of the Cloud. We have no problem with working with our industry colleagues around the world to share our experience and utilise the Cloud Service Provider Code of Practice to encourage international alignment.