The New Zealand Privacy Commissioner, Marie Shroff, has released a document discussing data and security implications for companies moving to the cloud.
Even though the report looks at the relative basics of cloud computing from an enterprise perspective, the guidelines it recommends still make interesting reading.
The key tenet from the research was that nobody else except the user is ultimately responsible for the information they put in the cloud. “If there’s a privacy breach, you’re going to be the one answering questions about what went wrong,” the report notes.
Yet in terms of security, the report advocates that users be clear on the different elements of security and whose responsibility they are; the user’s or the provider’s.
Above all, however, the report advocates that if all goes wrong, check the contract and the SLA and perform due diligence on the cloud provider. This is particularly key for assessing whether the provider is obliged to tell you if a breach has occurred; how to tell customers if their data is lost; who is liable for breaches and the penalties for it, alongside other disaster recovery strategies.
The report also discusses exit strategies – not getting involved in wrangles if you want to leave a cloud provider – as well as where data is located and the legal implications of that.
Cloud computing in New Zealand is distinctly on the rise, if previous reports are anything to go by. Back in November, Frost & Sullivan released research stating that more than half of NZ companies surveyed were looking to increase their cloud budgets.
Similarly, various reports have been published on the state of Asia Pacific cloud computing; ACCA (Asia Cloud Computing Association) found in its October Cloud Readiness Index that New Zealand ranked at an unchanged sixth out of 14 Asia Pacific nations, ranking the best in data privacy and data sovereignty respectively.
However, where NZ – and indeed Australia – was let down in the ACCA survey was in terms of international connectivity and low offshore bandwidth, where the nations placed last.
“Despite its relatively small size, New Zealand continues to offer an attractive environment for cloud computing,” the report notes. Japan was top of the rankings at the most ‘cloud ready’ Asia Pacific nation.
Given that New Zealand ranks so strongly in data privacy according to ACCA, it’s intriguing that this document has been released as a tip for SMEs. The full report can be read here.