Does your cybersecurity technology ensure data sovereignty in Australia? Here’s how to check.
Data sovereignty is an important requirement of many Australian cloud technology purchases. Given we procure majority of our cloud technologies from offshore providers, there are often questions and risks on where the data is hosted and who has access to it.
So, WHAT IS DATA SOVEREIGNTY?
Data sovereignty refers to where your data is actually stored geographically in the cloud—whether it is stored in one or more data centers hosted by your own organisation or by a public cloud provider. Due to differing laws in each country, sometimes the data held by the cloud provider can be obtained by the government in whose jurisdiction the data is stored, or perhaps by the government of the country where the data provider is based, or even by foreign governments through international cooperation laws.
This poses a risk to Australian businesses who may host confidential data in their cloud networks, and puts that data and system at a risk of attack.
Australian businesses that are using public cloud services and cybersecurity technologies should examine the policies and practices of a prospective cloud cybersecurity technology provider to answer the following questions:
- Where will data, metadata, transaction history, personally identifiable data, and billing data be stored?
- Where is the identity and access management stored?
- Where is the backup and disaster recovery data stored?
- How is retired data media securely disposed? Noting that retired data and backup systems are often the most prone to attack.
- Who and where support personnel are located and to what do they have access? Can they access our portal data easily?
- Where is the provider’s primary headquarters and under which laws and jurisdictions do they fall?
- Is the government authority or third party obligated to notify you if there is a cybersecurity breach or if someone has accessed your data?
To protect your customers and your company risk, you should request that data be stored in the country of your choosing that is applicable to the corporate laws that your company abides by, in this example, for Australia. It is crucial to have in-country support and locally hosted data to ensure rapid response to cybersecurity breaches and protection, including your Identity and Access Management.
Loop Secure works with SecurID, a leading Identity and Access Management technology provider, to provide secure cloud and remote access and authentication methods. SecurID has a Canberra based data centre of which all authentication data is stored, ensuring that Australian customer data is protected and kept on-shore.