• Enjoy the freedom to innovate and grow your business


    [ad] With Microsoft Azure you have hybrid cloud flexibility, allowing your platform to span your cloud and on premise data centre. Learn more at microsoftcloud.com.

  • IT Admin: No Time to Save Time?


    [ad] Do you spend too much time patching machines or cleaning up after virus attacks? With automation controlled from a central IT management console accessible anytime, anywhere – you can save time for bigger tasks. Try simple IT management from GFI Cloud and start saving time today!

  • Free Forrester analysis of CRM solutions


    [ad] In this 25 page report, independent analyst house Forrester evaluates 18 significant products in the customer relationship management space from a broad range of vendors, detailing its findings on how CRM suites measure up and plotting where they stand in relation to each other. Download it for free now.

  • Great articles on other sites
  • RSS Great articles on other sites


  • Reader giveaway: Google Nexus 5


    We’re big fans of Google’s Nexus line-up in general at Delimiter towers. Nexus 4, Nexus 7, Nexus 10 … we love pretty much anything Nexus. Because of this we've kicked off a new competition to give away one of Google’s new Nexus 5 smartphones to a lucky reader. Click here to enter.

  • Enterprise IT, News - Written by on Tuesday, July 30, 2013 15:42 - 7 Comments

    “A real barrier”: Sports Commission CIO
    speaks up on new Govt cloud policy

    stolk

    news A chief information officer from a minor agency has publicly criticised the Federal Government’s new risk management guidelines on storing offshore data, stating that they constitute “a real barrier” to the adoption of public cloud technologies in the public sector.

    Earlier this month, the Federal Government released a new cloud computing security and privacy directive (PDF) which requires departments and agencies to explicitly acquire the approval of the Attorney-General and their relevant portfolio minister before government data containing private information can be stored in offshore facilities. Data which doesn’t include personal information — and thus isn’t subject to privacy regulations — won’t suffer the same conditions.

    Unlike existing cloud computing policies used in the Federal Government, the policy did not emanate from either the office of the whole of government chief information or technology officers, key parts of the Australian Government Information Management Office which helps set central government IT strategy and policy.

    Instead, the new policy appears to be a document created by the Attorney-General’s Department, as part of the Protective Security Framework which it administers to help ensure the physical and information security of the Federal Government as a whole. At the time the document was released, Attorney-General Mark Dreyfus, issued the following statement:

    “The policy will aid decision-makers in determining when to allow the use of offshoring or outsourcing on a case-by-case basis. I have paid special attention to the security of personal information, which people expect will be treated with the highest care by all organisations, but by government in particular.”

    “Safeguards have been incorporated so that before personal information can be stored in the cloud, the approval of the Minister responsible for the information, and my own approval as Minister for privacy, must be given. This is to ensure that sufficient measures have been taken to mitigate potential risks to the security of that information.”

    However, the new policy raised eyebrows inside Federal Government IT circles. And last week some of that criticism made it into the public domain courtesy of Steven Stolk, the chief information officer at the Australian Sports Commission, in comments first reported by iTNews.

    “The new policy from AG to have any public cloud with personal info approved by Minister & [Attorney-General] is a real barrier to use public cloud,” wrote Stolk on his Twitter account. “The flow chart shows all flow that has personal info going to the Minister!” And then, the CIO added: “The process just seems too risk averse. Privacy risk outways security, which can be assessed at the agency level.”

    Although the Australian Sports Commission represents a relatively minor part of the Federal Government’s IT spend, Stolk himself is a veteran in government technology circles. The executive has served the ASC as CIO for four and a half years, and has also held senior technology positions at the Civil Aviation Safety Authority, as well as at IT services company KAZ (now part of Fujitsu).

    Stolk told iTNews, which first reported this story (we recommend readers click through to read iTNews story as well; it contains further details), that his views were personal and not the views of his agency; but he also added that there was a disconnect on the issue between the Attorney-General’s Department and AGIMO.

    opinion/analysis
    I strongly agree with Stolk. I published an extensive analysis of this precise situation on Delimiter 2.0 several weeks ago (paywalled), including a detailed criticism of the concept of “risk” as detailed in the new policy. My key introductory paragraph:

    “The Federal Government has taken many positive steps forward in the past year with respect to freeing up its departments and agencies to adopt the new class of cloud computing technologies. But the release of an overly bureaucratic policy this month on offshore data storage has the potential to set that progress back substantially, relying as it does on several outdated concepts of risk management in IT projects.”

    To tell you the truth, I’m not surprised to see a mid-level CIO like Stolk expressing his opinion on this issue in public. The launch of the new policy must have come as a surprise to many IT executives in the Federal Government. From AGIMO and departments such as DBCDE, they’re getting the view that cloud computing is an emerging paradigm which they need to consider in all their IT purchases. But from the Attorney-General’s Department, they’re getting the opposite view — roadblocks and all.

    The fact that the CIO chose to speak out reveals that the Attorney-General’s Department didn’t consult enough internally in the Federal Government on this one. It seems obvious that if Stolk was surprised by the release of this policy, then many others in similar positions would have been surprised as well. I applaud Stolk for at least having the courage to raise the issue in public in the diplomatic manner he did, and we need more of this kind of effort from senior public servants across a wide range of areas. In this context, the few sentences which Stolk put on Twitter about the issue, as his personal view, would very much represent the tip of the iceberg in terms of this situation. I’ll be seeing if I can plumb some of those depths over the next several months.

    Image credit: Steven Stolk

    submit to reddit

    7 Comments

    You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

    1. Adam
      Posted 30/07/2013 at 4:16 pm | Permalink |

      I think you’re overlooking the fact that if we do store our data overseas, then other governments are gaining access to that data. I don’t think we should be rushing into government cloud computing just because it’s fashionable.

    2. Russell
      Posted 30/07/2013 at 4:26 pm | Permalink |

      I don’t believe that jumping to the public cloud is a sensible approach for it.gov.au there is surely tons of public $ tied up in federal government IT infrastructure that could readily be converted to private cloud capacity to be shared amongst government departments. It only needs some vision and will.

    3. Russell
      Posted 30/07/2013 at 4:28 pm | Permalink |

      I don’t believe that jumping to the public cloud is a sensible approach for ggovernment IT there is surely tons of public $ tied up in federal government IT infrastructure that could readily be converted to private cloud capacity to be shared amongst government departments. It only needs some vision and will.

    4. TrevorX
      Posted 30/07/2013 at 7:01 pm | Permalink |

      I haven’t looked at this policy in detail, but from initial impressions it seems like the AGD is really just being sensible here. Given recent disclosures about NSA access to data, storing government data of any sort, let alone private information, in extraterritorial data warehouses would be negligent in the extreme. There is no efficiency or cost reduction gain that justifies expedient transfer of government data of a private or sensitive nature to overseas cloud computing infrastructure. I would go so far as to say there is no justification for putting such data on any platform not explicity controlled by the Federal Government ever – we know if won’t be secure, we know it will be trawled through by security agencies, foreign governments and law enforcement. That has gone way beyond the level of speculative risk and ‘conspiracy theories’, we know it happens for a fact.

      So please, do explain the rationale behind calls to remove these barriers, these checks against unregulated adoption of multinational cloud computing infrastructure by government departments to store private and confidential data of Australian citizens. Because from where I’m sitting, private clouds are the only ones government departments should even be considering – multinational corporate clouds should be denied outright. What compelling justifications do you have to allow it?

    5. TrevorX
      Posted 30/07/2013 at 7:03 pm | Permalink |

      I also have difficulty taking anything seriously from someone who spells outweigh ‘outway’… :-\

    6. Posted 31/07/2013 at 10:28 am | Permalink |

      We can quibble about how high up the chain of command is the appropriate level for seeking approval for offshoring of personal information, but I for one think that management of data privacy and security is one area in which governments SHOULD be very risk-averse. Commercial entities play fast and loose with private information all the time, and must be dragged kicking and screaming via regulation and penalties to appropriately resource data management. Government needs to set the bar on this.

      By all means, government should be embracing ‘cloud’ delivery and storage, but it should be private cloud, managed either by government itself (‘cloud as a service’), or via stringently-vetted service providers whose infrastructure is housed in Australia. It’s called data sovereignty for a reason.

      (And TrevorX, +1 on the spelling thing. :-/ )

      • TrevorX
        Posted 31/07/2013 at 7:07 pm | Permalink |

        +1 on pretty much everything ;-)

        Just on the commercial privacy infringement thing, until such time as there are severe criminal and civil penalties for commercial entities (and government, frankly) that fail to follow industry best practices to secure their systems and data resulting in a loss of private data under their control and protection, we should all continue to be extremely concerned about the data that companies might have about us, and governments and their departments should not be allowed to store or share confidential private data of Australians with corporations or NGOs. Yes, such a law or ruling would bring the country to a grinding halt overnight, but so it should – neither governments, our representative Ministers or corporations take the private data problem seriously, it is on no one’s agenda, statistics like the $1.4bn annual cost of fraud are dismissed as a ‘personal education’ problem when in reality the lion’s share of the cause rests with the procurement and illegal sale and distribution of stolen private data, almost exclusively the fault of large businesses and governments.




    Get our 'Best of the Week' newsletter on Fridays

    Just the most important stories, one email a week.

    Email address:


  • Most Popular Content


  • Six smart secrets for nurturing customer relationships
    [ad] Today, we are experiencing a world where behind every app, every device, and every connection, is a customer. Your customers will demand you to be where they and managing customer relationship is the key to your business’s growth. The question is where do you start? Click here to download six free whitepapers to help you connect with your customers in a whole new way.
  • Enterprise IT stories

    • NetSuite in whole of business TurboSmart deal turbosmart

      Business-focused software as a service giant NetSuite has unveiled yet another win with a mid-sized Australian company, revealing a deal with automotive performance products manufacturer Turbosmart that has seen the company deploy a comprehensive suite of NetSuite products across its business.

    • WA Health told: Hire a goddamn CIO already doctor

      A state parliamentary committee has told Western Australia’s Department of Health to end four years of acting appointments and hire a permanent CIO, in the wake of news that the lack of such an executive role in the department contributed directly to the fiasco at the state’s new Fiona Stanley Hospital, much of which has revolved around poorly delivered IT systems.

    • Former whole of Qld Govt CIO Grant resigns petergrant

      High-flying IT executive Peter Grant has left his senior position in the Queensland State Government, a year after the state demoted him from the whole of government chief information officer role he had held for the second time.

    • Hills dumped $18m ERP/CRM rollout for Salesforce.com hills

      According to a blog post published by Salesforce.com today, one of Ted Pretty’s first moves upon taking up managing director role at iconic Australian brand Hills in 2012 was to halt an expensive traditional business software project and call Salesforce.com instead.

    • Dropbox opens Sydney office koalabox

      Cloud computing storage player Dropbox has announced it is opening an office in Sydney, as competition in the local enterprise cloud storage market accelerates.

    • Heartbleed, internal outages: CBA’s horror 24 hours commbankatm

      The Commonwealth Bank’s IT division has suffered something of a nightmare 24 hours, with a catastrophic internal IT outage taking down multiple systems and resulting in physical branches being offline, and the bank separately suffering public opprobrium stemming from contradictory statements it made with respect to potential vulnerabilities stemming from the Heartbleed OpenSSL bug.

    • Android in the enterprise: Three Aussie examples from Samsung androidapple

      Forget iOS and Windows. Today we present three decently sized deployments of Android in the Australian market on Samsung’s hardware, which the Korean vendor has dug up from its archives over the past several years for us after a little prompting :)

    • Businesslink cancelled Office 365 rollout cancelled

      Microsoft has been on a bit of a tear recently in Australia with its cloud-based Office 365 platform, signing up major customers such as the Queensland Government, Qantas, V8 Supercars and rental chain Mr Rental. And it’s not hard to see why, with the platform’s hybrid cloud/traditional deployment model giving customers substantial options. However, as iTNews reported last week, it hasn’t been all plain sailing for Redmond in this arena.

    • Qld Govt inks $26.5m deal for Office 365 walker

      The Queensland State Government yesterday announced it had signed a $26.5 million deal with Microsoft which will gain the state access to Microsoft’s Office 365 software and services platform. However, with the deal not covering operating system licences and not being mandatory for departments and agencies, it remains unclear what its impact will be.

    • Hospital IT booking system ‘putting lives at risk’ doctor

      A new IT booking platform at the Austin Hospital and Olivia Newton-John Cancer and Wellness Centre in Melbourne is reportedly placing the welfare of patients with serious conditions at risk.

  • Enterprise IT, News - Apr 17, 2014 16:39 - 0 Comments

    NetSuite in whole of business TurboSmart deal

    More In Enterprise IT


    News, Telecommunications - Apr 17, 2014 11:01 - 133 Comments

    Turnbull lies on NBN to Triple J listeners

    More In Telecommunications


    Featured, Industry, News - Apr 17, 2014 9:28 - 1 Comment

    Campaign Monitor takes US$250m from US VC

    More In Industry


    Digital Rights, News - Apr 17, 2014 12:41 - 13 Comments

    Anti-piracy lobbyist enjoys cozy email chats with AGD Secretary

    More In Digital Rights