The cloud data platform landscape in Australia has changed rapidly both in the infrastructure as well as in the applicable data laws. The conversation has moved on from the issues which dominated a decade ago, especially to do with cross-border risks and the reliability of managed hosting cloud solutions. The implementation of the Australian Data Centre Strategy has gradually eliminated cloud computing cross-border risks in modern data warehousing.
- A History of Australian Cloud Computing Risk
- Are there Real Technical Risks in Cloud Platforms?
A History of Australian Cloud Computing Risk
What are Cloud Computing Cross-Border Risks?
A report commissioned by Macquarie Telecom offers an insight into the doubts that were present around utilising the cloud for organisations circa 2011. This was a time when the costs and capabilities of cloud services were becoming cost-effective enough to be of interest to enterprises of all sizes. With a lack of data centres in Australia, the actual storage location was typically in Singapore. This brought up numerous questions and apprehensions about hosting data off-location and how to remain in compliance with both countries’ data laws.
Many questions are raised about the consistency of data privacy laws across the jurisdictions as well as how responsibility for compliance is established. The report states:
“In addition to compliance with Australian law, businesses offshoring data to Singapore will have to comply with over 160 disparate, sector-specific statutes that regulate the use and disclosure of data management in Singapore.”
There are also concerns about “onerous police investigative power" and that there are inherent difficulties in enforcing rights granted under Australian consumer law to a service provider in Singapore.
Another paper, also from 2011, asks similar questions but in relation to hosting data on US territory and the associated cross-border risks. Once again, there is a major focus on the difficulty of compliance as well as additional concerns that transactional data improperly utilised on US servers can be treated as “conduct of business” and unintentionally generate a “taxable presence”. Additionally, the paper mentions the significantly greater powers that the US government has in warrantless data access from servers on its territory.
Australian Cloud Computing Risk Review
The Gershon Review of the Australian Government’s use of Information and Communication Technology was delivered in 2008, passing judgement on how government was handling its own sensitive data, which is an interesting benchmark on overall attitudes to the cloud. It identified a lack of a strategic plan for data centres which was leading to ad-hoc implementation which was wasting money and leading to slipshod outcomes.
It recommended a serious, whole-of-government approach to building reliable data centre infrastructure. The report’s recommendations were accepted and implemented, leading to an official Australian Data Centre Strategy. This sustained focus in infrastructure development affected not only government ICT resources, but the technological trajectory of the entire country since the goal of government has been to use the public cloud if possible and not build its own parallel capacity.
Implementation of the Australian Data Centre Strategy
As the recommendations of the Gershon review were gradually implemented over the years, investments in building out Australian-based data centres soared. By 2017, Australia was rated as “one of the most mature data centre service markets in the Asia-Pacific” with an annual growth rate of 12.8% and a total revenue of almost $1 billion. Government has, of course, been one of the major drivers of this growth through the implementation of the Australian Government Data Centre Strategy. However, another one of the reported major drivers of this growth is “highly regulated verticals” such as finance, which require “strict data confidentiality and complete management control of their operations”.
In 2016, Equinix, a carrier-neutral data centre company whose infrastructure is used by Microsoft Azure essentially doubled their capacity with the opening of their SYD4 centre. In less than a decade, thinking about cloud platforms in Australia drastically changed, moving from nervous reports about the many questions and uncertainties regarding cross-border data risks to having a robust, dependable and rapidly growing local infrastructure that could be used.
Are there Real Technical Risks in Cloud Platforms?
Despite the many different outdated and insubstantial concerns, there are real issues that were brought up a decade ago that are relevant and need to be considered. An Australian Institute of Criminology report in 2010 attempted to zero in on the risk areas around infrastructure, platforms and software as a service.
Virtual Machine and Data Centre Colocation Risks
The report identifies as most of the risk being presented by the shared-tenancy nature of cloud data storage. This means that multiple virtual machines (VMs) from different will be running on a single physical machine. Although theoretically VMs are supposed to be entirely insulated from each other in their data channels, the paper outlines what is called a “side-channel attack” in which a common memory cache can be used to access data that is restricted. It also brings up VM-based rootkits, botnet hosting and pure brute force attacks as being other potential hostile avenues for disruption.
While these are real issues which still represent technical challenges to this day, they are only really relevant to organisations which decide to use a colocation data centre setup in which they are typically responsible for setting up and maintaining their own data architecture and security. The fastest growing sector, however, is managed hosting which means using the established services and platforms of one of the major cloud providers and deferring most of the upkeep and security issues.
Does Managed Hosting Prevent Data Centre Colocation Risks?
The security and reliability of the main players in cloud services has progressed so much that an executive of one of Australia’s major banks has stated that he is more comfortable relying on Microsoft, Amazon or Google data centres rather than ones maintained by the bank themselves. This allows for a major transformation in the bank’s cybersecurity strategy, freeing up major resources that would normally be invested in proprietary data centres.
The sheer level of cybersecurity investment that is made by the biggest providers is on a level which only governments can potentially match. Even then, over five thousand government agencies use Amazon Web Services as their data platform, relying on it for large volumes of very sensitive data.
As of 2017, the Australian Government Secure Cloud Strategy full-throatedly states that the public cloud market is the best solution for all agencies. The report highlights that both in terms of speed as well as security, the main providers can be relied upon to dependably stay ahead of the curve.
It is clear to see how the Australian attitude to cloud platforms has changed dramatically over a decade. If you’re still labouring under 2010 anxieties it is important to keep up to date with the discourse to make sure you’re not being held back by outdated assumptions. If you want actionable steps to improving data security within your organisation, you should be focusing on building and implementing a data governance framework.
If you're interested in data systems, check out our blog on real time vs streaming analytics. If you're looking for results fast, contact us about the BizData Finance OneView Solution which helps consolidate all of your most sensitive data and move it to the cloud in the most security-conscious manner possible.