Peter Farrelly / Chief Information Security Officer / AUCloud
Trust – we talk about it a lot. The trap for business is assuming you have it or can get it (the trust of your customers) because you tick all the certification and compliance boxes. Time and again, however, compliance has proved to be the very poor cousin to ‘trust’, with no better evidence than in the world of technology. In our domain (cloud IaaS), experience shows that building the trust needed to be a worthy provider of cloud services, requires more than resting on your IRAP compliance laurels.
The Protective Services Policy Framework (PSPF) and underlying Australian Government Information Security Manual (ISM) are (and should be) the standard for many organisations providing services to government – specifically cloud IaaS services, like we do at AUCloud.
Reflecting on a decade of cloud service delivery, however, the most salutary lesson we’ve learned is that compliance it simply is not enough. It’s a ‘must have’, but neither a promise of business success nor a substitute for building the trust that agencies and the public are looking for when it comes to managing their data.
Any number of things go to building trust with customers. In the cloud business, our experience is it’s all about sovereignty, security, and sanctity of data.
AUCloud’s focus on sovereignty is no coincidence. In an increasingly volatile, borderless cyber space alive with more aggressive and pervasive nation states than our own, the public wants certainty – and transparency – about where their data is and where it goes. In fact, not just their data but as important, the metadata and monitoring data that sits alongside it. Furthermore, and often underestimated, they deserve the assurance that their data will NEVER be subject to the laws of other countries, friendly or otherwise. Sovereignty of cloud services means just that – only ever subject to Australian legislation and judicial processes.
Meeting security compliance requirements is imperative. The compliance bar, particularly for government is high. But, as technology continues to evolve at an increasingly rapid pace, there is no room for complacency and even less room for error. You need to look further than the immediate compliance horizon to earn the trust that you will keep pace with, and indeed stay ahead of the game.
Next generation protective monitoring, quantum quality encryption and PROTECTED level controls as a minimum (irrespective of whether you are hosted in our OFFICIAL or PROTECTED data environment) reflect a single-minded focus on securing the trust of government agencies, businesses, and the Australian public. The focus is not just now; it’s about anticipating the future and the assurance requirements necessary to ensure that the best interests of our customers are always covered.
Sanctity of Data
We hear it all the time now, ‘data is the new currency’. It has real, tangible, monetised value. When sharing our own data (personal, financial or corporate), we make our own choices about what we do with it. This is not an option for government and organisations dealing with citizen information. People expect (and rightly so) that the organisations they share their data with, will protect and not share it.
At AUCloud we get it, the protection of data is sacrosanct. That’s why our IaaS platform is underpinned by an active cyber security monitoring solution based on national intelligence capabilities.
Our experience is that trust is earned not by goodwill but through real action; anticipating what customers value and doing it (before they ask).
What differentiates AUCloud from its competitors is that these features are native to our IaaS platform. They are not nice to haves or add-ons with an additional price tag. They are inherent in the AUCloud IaaS; designed and built into our service for the benefit of all our customers, every single one of them.
When you’re in the business of trust, compliance to mitigate anticipated risks is simply not enough. ‘Engineered to Protected’ means security from the ground up, anticipating what sits much further than just the foreseeable compliance horizon.