Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cloud Data Privacy and Data Sovereignty Chris Dury

Similar presentations


Presentation on theme: "Cloud Data Privacy and Data Sovereignty Chris Dury"— Presentation transcript:

1 Cloud Data Privacy and Data Sovereignty Chris Dury

2 Agenda Government Leadership Australian and State Government Frameworks for Mortals Managing and Evaluating Risk Office 365 Compliance

3 Australian Government Leadership Opens $5B in ICT spending to cloud Requires federal agencies to consider cloud

4 Australian Government Leadership GOAL:- “The Australian Government will be a leader in the use of cloud services to achieve greater efficiency, generate greater value from ICT investment, deliver better services and support a more flexible workforce STATEMENT:- Australian Government agencies will: - consider cloud services for new ICT procurements - commence procurement of public cloud services for their test & dev needs, as appropriate value for money - transition public facing websites to public cloud hosting at natural ICT refresh points - establish info sharing initiatives to facilitate continual improvement, case studies, risk models, lessons etc

5 SA Government Leadership Discussion Paper which focuses on the importance of “connectedness” and improving the state’s ability to innovate Digital by default Moving from… Buying software to buying services Big monolithic projects to rapid prototyping Competing for resources to sharing first Little mention of… Social Computing Cloud Computing

6 Security Policies and Frameworks Standards

7 What does it mean for Office 365? ISMF Standard 12 - Section Risk identification associated with external organisations - Responsible Parties must conduct a thorough risk assessment in accordance with Section 5.1 of the PSMF and supported by the Government of South Australia Risk Management Policy Statement prior to granting access to information and/or information processing facilities by any External Organisation ISMF Standard 13 Access provided to third parties (including customers, contractors etc.) shall be controlled based on the specific business requirements of the Responsible Party

8 So… There are no specific aversions to cloud based technologies, and There are no requirements for cloud infrastructure to be hosted in Australia If… A Risk Assessment is completed, and The Business Requirements are compatible

9 Because… Privacy Act 1988 Schedule 3 – National Privacy Principles – 9 – Trans border Data flows An organisation in Australia or an external Territory may transfer personal information about an individual to someone (other than the organisation or the individual) who is in a foreign country only if: (a) the organisation reasonably believes that the recipient of the information is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to the National Privacy Principles; or

10 Risk Assessment

11

12 Office 365 Compliance

13

14 Bridging the gap Use Rights Management Service E3,E4 or On-Premise Use your Risk Assessment to build a Classification Scheme and don’t store certain data in the cloud Office 365 provides What you need to do

15

16 Questions & Next steps Microsoft is working to reduce uncertainty with PSPF, ISMF More Risk Analysis Tools coming


Download ppt "Cloud Data Privacy and Data Sovereignty Chris Dury"

Similar presentations


Ads by Google