[LINK] itNews: 'AGIMO defends Government cloud take-up'

Bernard Robertson-Dunn brd at iimetro.com.au
Thu Aug 23 09:51:42 AEST 2012 

On 23/08/2012 9:15 AM, Roger Clarke wrote:
>> On Thu, Aug 23, 2012 at 08:17:29AM +1000, Roger Clarke wrote:
>>>   [The article below provides a useful review of the caution with
>>>   which Clth government agencies are approaching cloud technologies.
> At 9:03 +1000 23/8/12, Ben Elliston wrote:
>> Thanks for this article, Roger.  Something that this has got me
>> thinking about is data disposal.  We have already had situations in
>> the past where state governments have disposed of computer systems
>> with privacy-sensitive data on them.
>> How do people propose that data will be adequately destroyed in the
>> cloud?  How do you know, really, where your cloud service provider is
>> replicating your data to?  How can you ever hope to rein it all back
>> in?
> I've published evaluation checklists for cloud computing, here:
> -   Benefits Checklist
>       http://www.rogerclarke.com/EC/CCEF.html#RTFToC10
> -   Disbenefits and Risks Checklist
>       http://www.rogerclarke.com/EC/CCEF.html#RTFToC15
>
> And you've just poked a hole in them, because I don't actually have
> 'assured deletion of all copies of data' as a heading anywhere.  (I
> was so busy focussing on 'assured *access*' that I missed the other
> end of the data-cycle!).
>
> I'll need to revise the second checklist, and put it in under:
> -   Data Security;  and/or
> -   Compliance
>

While you are at it, you might include "forensic delete" especially 
court ordered on individual records or transactions, including in 
back-up and archived data.

An example:

An agency records a piece of information that a court of law 
subsequently determines it should not store (the reasons don't matter, 
except it does happen). The court can order that all traces of that 
information should be removed from all data stores. This is at the 
record or transaction level, not the file or database level.

Not all agencies are likely to have this requirement, but it could 
become more prevalent as more information in more areas is stored.

You might also look at expanding the section on SLAs. Setting, measuring 
and managing SLAs in a cloud environment is not a simple task. Although 
cloud computing is supposed to be based upon commodity technology, SLAs 
are far from commodities, especially if you are government department 
responsible for service delivery.

-- 
  
Regards
brd

Bernard Robertson-Dunn
Canberra Australia
email:   brd at iimetro.com.au
website: www.drbrd.com

More information about the Link mailing list