Data sovereignty still misunderstood in Australia: Microsoft

Hosting data in the cloud can be beneficial as long as you do your homework first, says expert .

Legislation such as the Australian Privacy Act and US Patriot Act doesn’t have to be a deterrent to hosting data in a public or private cloud if IT executives do their homework first, according to a technical expert.

Speaking at Tech Ed 2012, Microsoft Australia Azure technical evangelist, Rocky Heckman, told delegates that data sovereignty and security are the major issues he comes across with cloud computing migration.

In depth: Navigating the cloud security minefield

In depth: Cloud exit strategy 101

Data sovereignty

According to Heckman, Australian IT executives should be more worried about the <i>Privacy Act 1988</i> than the <i>US Patriot Act</i> when it comes to data access.

He said the Privacy Act includes the provision that if a cloud provider is based in Australia, the provider does not have to notify its customer if the provider voluntarily gives out information to law enforcement agencies such as the AFP or Customs.

“The US does not allow that to happen,” he said. “In America you need to have a legal court order process to get that information hosted in the cloud.”

In addition, Heckman said the US Patriot Act did not increase America’s ability to access data from companies.

“What the Patriot Act did is take the time it requires to get a subpoena to access data down from several days to hours but only in the cases of terrorist investigations,” he said.

Cloud due diligence

Turning to cloud service providers, Heckman reminded delegates that they need to make sure the provider was up to the task.

“People should be asking if the cloud service provider has been audited for ISO security standards and if you put applications in the cloud, can you get these back?”

Heckman shared the example of an Australian organisation which ran into problems when it tried to change its cloud service provider.

“It took just over two weeks to get their data out and when they got the data it had been broken up so it wasn’t even recognisable as company data” he said.

Heckman recommended that IT executives have a back-out strategy for their cloud implementation.

“If the cloud service provider does go out of business, make sure they have proper data retention policies and that they destroy your records once you’ve got your data back,” he said.

Hamish Barwick travelled to Tech Ed 2012 as a guest of Microsoft

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia