IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
The perceived risks of cloud depend on where you are standing
Fri, 13th May 2016
FYI, this story is more than a year old

Summary

Adoption of cloud services by government agencies is steadily increasing, albeit at a slower rate than in other sectors. Take-up is often held back by the perceived risks related to security and jurisdiction, but agencies need to look at cloud services based on their specific circumstances rather than adopting a generic approach.

Potential benefits depend on what you have now

As the variety of cloud service offerings has proliferated, there has been an ongoing debate regarding the relative risks when compared to traditional in-house deployments. This has been particularly prevalent in the public sector, where a traditionally risk-averse approach to significant business change has fostered concerns regarding the security of systems that are no longer directly under the agency's physical control. This reluctance has been exacerbated by the disjunction with legal systems based on unambiguous physical location, which are becoming increasingly irrelevant when considering data that could potentially be stored anywhere in the world.

Early international concern regarding the theoretical ramifications of the US Patriot Act have been bolstered by the stream of revelations exposed by Snowden and others that confirm just how pervasive nation-state digital surveillance activities have become. In such a climate, the response of many large government organisations has been that “going into the cloud is too risky.

However, such a black or white response loses sight of the fact that there are no zero-risk options. Smaller and less well-resourced organisations can be at considerable risk through their current in-house IT operations, which are often lacking capacity in security, governance, and business resilience. In fact, for smaller organisations it can be more appropriate to state that “staying out of the cloud is too risky.” Identifying the right approach depends on understanding your organisation's profile and honestly assessing the existing risks embedded in your current operational model.

Appendix

Further reading

  • 2016 Trends to Watch: Government, IT0007-000847 (November 2015)
  • Government Cloud: Where Are We Now? IT0007-000832 (August 2015)