Australian government agencies have several things to consider when searching for a web hosting service. Not only do they have to ensure that the needs of the organization are met by the provider, but they will also need to make certain that they comply with the standards set out by the government.
A common misconception of Australian government agencies is that cloud computing isn’t a safe and viable option; however, this isn’t the case. According to the Australian Government Information Management Office, “Cloud computing can be used to enhance privacy safeguards used to protect personal information held by Government agencies.” In fact, the Government has developed a guide to help assist agencies with how to comply with privacy laws and regulations when choosing cloud based services. As mentioned in the guide, this does not prohibit the use of cloud computing, as long as the agency has done due diligence in the following respects:
As an Australian government agency, it’s your responsibility to ensure that you are informed on the privacy issues, so that when you select a cloud service provider the Service Level Agreement (SLA) adequately addresses the applicable privacy obligations. We have compiled the six key requirements outlined in this government document and how a Windows VPS Managed Solution is a viable alternative for those searching for an Australian government web hosting service.
As an Australian government agency, you are responsible for the conditions in which you disclose personal information. If you are working with a cloud provider, and if personal information will be shared with the provider, it’s mandatory that the agency continues to have a degree of control over the personal information. The agency must have the right to access, change or retrieve the personal information when necessary, as well, there should be a non-disclosure agreement with the cloud provider.
In a Windows Managed VPS environment, the agency will have complete control over the server and personal information of its clients. The non-disclosure agreement should be outlined in the Service Level Agreement (SLA). In addition, it’s also important to talk to the provider about who will have access to your information on their side. Only those who absolutely need access to your information, should have access.
When searching for a cloud provider, it’s important that the agency ensures that the web hosting service provider complies with IPP 4 – Storage and security of personal information. This requires an agency to protect the personal information it holds and safeguard it from loss, misuse and unauthorized use. It’s up to the agency to understand if the cloud service provider’s environment will be in compliance with these requirements and ensure that the cloud service provider agrees with the applicable IPP’s in the Service Level Agreement.
Windows Managed VPS is an extremely secure solution for government agencies, because it is similar to having your own dedicated server, so there isn’t the worry of the security breaches of a shared environment. A Windows VPS will provide government agencies with all of the security and control of running a dedicated server because the systems are controlled and isolated, so the site won’t be impacted by the security of other sites. In addition, a VPS provides agencies with the flexibility to adjust resources as needs grow. Disaster recovery is key in a Windows VPS as the software will automatically failover if there is a disaster, keeping important and confidential information safe.
A government agency must ensure that when information of multiple agencies is being hosted in a single cloud, there should be adequate separation and segregation between the various datasets to prevent any accidental disclosure. This is also applicable when the government department has multiple business units that may require data segregation. It’s up to the government agency to obtain all relevant technical information from the service provider to ensure the proposed solution provides the required level of data segregation.
A government agency will benefit from knowing that in a Windows VPS, all personal information is kept behind a secure partition, accessible by the agency only. It’s up to the agency to ensure that the provider performs routine security practices so the site is protected and secure at all times. Data segregation and security must be agreed upon between the government agency and the service provider. In some cases, a hybrid cloud can be used to store some information on the cloud, and highly sensitive information on a dedicated server.
Government agencies are required to destroy or permanently de-identify personal information that is no longer required.
When entering into a contract with a service provider, government agencies should ensure that all information in the cloud can be permanently deleted when it is no longer required, or at the end of the contract. Again, this can be achieved by having the cloud service provider agree in the SLA that it will comply.
Government agencies should know the location of the cloud provider’s data centre and be aware that when contracting off-shore cloud computing services, information may be processed or stored in jurisdictions with privacy and information protection laws significantly different from those in Australia. This can make enforcement of contractual obligations, like data breaches, challenging.
To mitigate this risk, agencies looking for an Australian government web hosting service are advised to find a cloud service provider with a data centre in Australia or have the cloud service provider acknowledge in the contract that it will comply with the Act. It’s important to review your SLA with your provider to make sure that you know where all copies of your data are stored, including back-up and disaster recovery environments.
At StudioCoast, all web hosting servers are situated in the Sanity Technology Data Centre in Brisbane, Queensland, Australia, and the redundant DNS is located in Sydney, New South Wales, Australia.
Government agencies may also wish to consider including other important requirements in the SLA that will enhance control over personal information. When deciding on an Australian government web hosting service, remember the following:
When determining the best Australian government web hosting service for your government agency, you want a provider who you can trust, and who has had experience working with privacy laws. Remember to carefully review the Service Level Agreement with the provider not only at the start of the relationship, but also over the life of the contract, especially if there are any changes in privacy laws, to ensure that information security measures are kept current.
StudioCoast has been helping Australian government agencies meet their privacy protocols since 2002. If you would like more information on how Studio Coast can set up your Australian government web hosting service, contact us today.
You must be logged in to post a comment.