Data sovereignty policy arrives
Greg Boorer: "We now know exactly what the barriers of entry and hurdles are"
The Australian government quietly introduced on Friday afternoon a whole-of-government data hosting strategy to address immediate issues around risks to data sovereignty, data centre ownership and the supply chain.
According to the Digital Transformation Agency, the strategy will also serve as a policy guidance for how government agencies and industry can adopt new technologies.
InnovationAus.com understands the strategy is a long-awaited response to the debacle the Australian government found itself in when Chinese consortium Elegant Jubilee bought a 49 per cent stake of Global Switch’s London-based parent company, Aldersgate Investments, for $4 billion in 2016.
The Australian government is known to store some of its most classified government files, including defence and intelligence files, at datacentres owned by Global Switch.
Under the strategy, a new Digital Infrastructure Service will be established within the DTA that will guide agencies on how to assess their own risks, and ensure government hosting services are more efficient and cost-effective by enhancing secure communication for transfer of data across facilities.
The service will also provide certainty on the Australian government hosting operating environment for industry and agencies by setting government policies and standards, including recognising host services will be delivered in partnership with industry.
Greg Boorer, chief executive of Canberra Data Centres (CDC), which is partly owned by the Australian government’s pension fund provider Commonwealth Superannuation Corporation and operates as a sovereign datacentre, told InnovationAus.com the strategy is the “missing piece” of certification that cloud service providers need.
“We’ve finally got some transparency and clarity from government on their expectations with regards to service providers like CDC,” he said.
“Historically, a lot of the language they use in these strategy documents is a little bit wishy-washy, so there’s a lot of interpretation. But there’s not a lot of interpretation in this, which is great. We now know exactly what the barriers of entry and hurdles are.”
Mr Boorer said without the strategy it meant that “datacentres could easily be sold out from under any of the cloud providers or any of the managed service providers and that could potentially lead to a very difficult situation for government.”
Microsoft Australia Azure engineering leader James Kavanagh agreed the strategy signals the government’s recognition that data is a national critical infrastructure asset that is at risk when it’s unprotected.
“This new policy creates a digital infrastructure service. It creates a framework for certifying that and assuring datacentres and applying that assurance all the way up to managed or cloud services that operate within them,” he said.
Macquarie Telecom managing director Aidan Tudehope said the strategy will help government agencies avoid the risks associated with potential foreign access to sensitive data.
"Putting the onus on data centre owners to give assurances and cover costs related to a change of ownership is a good approach,” he told InnovationAus.com.
"The other important development is the more sophisticated approach to the potential for data to become more sensitive over time, or for community expectations about the standards of protection to change.
"The strategy gives a signal to agencies and departments to err on the side of caution. Digital trust in the government has to be built, which in turn will allow citizens to see the benefits of digital transformation.”
Vault Cloud chief executive Rupert Taylor-Price said the strategy puts data sovereignty front-of-mind for government and industry.
“Data sovereignty wasn’t something people thought about too much and then in Europe you had the introduction of GDPR and for most countries there was some sovereignty requirement around data, so in a way Australia is playing a bit of catch up on this issue because pretty much every country has pretty clear sovereignty requirements,” he said.
“But it’s good we’re getting there. The government has started at the bottom at the data centre level and my expectation is over time that is going to move up the stack just like it has in other countries.”