Defence Signals Directorate (DSD)'s Cloud Computing Security Considerations

Australia releases cloud computing guide

Defence Signals Directorate (DSD), an Australian intelligence agency, has released an 18-page document urging government agencies in the country to carefully consider risks associated with cloud computing before adopting the technology.

The Cloud Computing Security Considerations deals with traditional cloud fears like security, location of servers and Service Level Agreement (SLA) issues. Agencies are advised to “balance the benefits of cloud computing with the security risks associated with the agency handing over control to a vendor”.

DSD treated cloud vendors with a big dose of caution in case of vendors who may “insecurely transmit, store and process the agency’s data”.

“Vendor’s responses to important security considerations must be captured in the SLA,” advised the paper. “Otherwise the customer only has vendor promises and marketing claims that can be hard to verify and may be unenforceable.”

The paper urged agencies to consider where offshore location data is stored, backed up and processed in, which country hosts the failover or redundant data centre and whether or not the vendor will notify the agency of any change in this area. Agencies were also asked to pick vendors who stored and managed data within Australia itself.