blog Remember how twelve months ago, the Federal Government released a new cloud computing security and privacy directive which required departments and agencies to explicitly acquire the approval of the Attorney-General and the relevant portfolio minister before government data containing private information could be stored in offshore facilities? Remember how the policy was strongly criticised by Microsoft, Government CIOs and Delimiter? Well, it looks like the policy is about to be reversed. iTNews reports today (we recommend you click here for the full article):
AGD’s Mike Rothery said his team was “probably about a week away from going to the Attorney-General with some revisions” of the policy. “The main proposed revision is the removal of the ministerial approval and leaving that to agency heads,” he said.
I wrote an extensive article on the new policy for Delimiter 2.0 back in July 2013 (now available for free online). At the time, I wrote:
I don’t want to criticise the Federal Government’s new cloud computing risk management policy too harshly in this article. From a certain point of view, it is tremendously useful that the Federal Government is discussing the issue at all, instead of taking the ‘head in the sand’ approach that so many departments and agencies have in the past when faced with new technology paradigms. In addition, the explicit guidelines allowing non-sensitive data to be stored in offshore cloud computing facilities will certainly open up use by departments and agencies of those platforms. I suspect we’ll see a lot of agency website transferred to Amazon Web Services within the next year, as we’ve seen in other sectors.
However, it is also incumbent upon central IT strategists and decision-makers in the Federal Government to think in a nuanced way about the adoption of new technology, and not simply apply a blanket ban on its use that can only be overcome through exceptions stamped into approval by no less than two ministers (a feat, which many in the public sector will agree is virtually impossible to accomplish). This concept is particularly important when it comes to cloud computing, which is not a single technology nor even a single class of technology, but a whole plethora of wildly varying technologies that need to be evaluated separately and not as a whole class.
It’s only when we start thinking intelligently about government IT procurement that the best options will come to the fore. Putting artificial limitations on the adoption of new technology has never been a recipe for success.
It sounds as though someone in the Federal Government agreed.