Macquarie’s launch of a secure cloud service for healthcare data is just the latest in a stream of as-a-service offerings designed to overcome lingering concerns about the security of cloud data.
Having debuted this month, Macquarie Cloud Services’ Launch Health Cloud is being spruiked as a method for addressing data sovereignty concerns by storing sensitive data in a physically separate, government-accredited cloud infrastructure that is only accessible to staff with security clearances.
Reliance on government-grade security requirements was a nod to Department of Human Services policies designed to improve the security and integrity of data held by the department – something that Macquarie Cloud Services group executive James Mystakidis said in a statement was “a great example of leadership by a government agency, and of the way organisations with a good understanding of cyber security can drive change beyond their own business.... [and] use supply chains to push secure transformation through an industry.”
“Data moving from a health software company’s cloud services into the Medicare system will be protected end-to-end to the same standard,” Mystakidis said. “The health system is a case study of an industry delivering an essential service, but which is widely dispersed across private and public organisations of many sizes in many places. Private data in such situations is only as secure as the weakest link in the chain.”
Macquarie Government’s GovZone cloud services were recently listed in the Australian Signals Directorate’s Certified Cloud Services List (CCSL) and certified for the handling of data up to PROTECTED classification.
An abundance of secure options
Yet it is only one of numerous secure-cloud offerings bowing in recent months, as faster-than-expected cloud adoption and new compliance requirements push organisations to get on top of their data-governance obligations.
Fujitsu this month leveraged Vault Systems’ CCSL-listed infrastructure to launch its Fujitsu Protected Cloud software-as-a-service (SaaS) offering for Australian government agencies. The offering includes Fujitsu Protected Infrastructure (IaaS), backup (BaaS) and government desktop-as-a-service (GovDaaS) capabilities that are managed by Fujitsu to ASD security standards.
“With government agencies aggressively adopting cloud-first strategies, security has been a key concern,” Fujitsu ANZ CEO Mike Foster said in a statement. “Digital transformation investments to date have been focused on customer-facing initiatives. Meanwhile, employee-facing systems are ripe for transformation.”
The value of hosted, secure cloud offerings has been reinforced by local data-protection requirements such as the Victorian Protective Data Security Standards – but their effectiveness has been compromised by the ongoing challenges businesses and government agencies face in getting appropriately skilled technicians to help with their transformation efforts.
A recent Rackspace-London School of Economics report, for one, warned that lack of suitable cloud skills could cost Australian organisations over $226 million in revenues – with 48 percent of IT decision makers saying they don’t have the cloud expertise they need.
Some 46 percent of respondents said the lack of skills is impacting their ability to deploy cloud platforms, while 56 percent said the cost of developing those skills inhouse is holding them back from maximising their use of new cloud platforms.
Little wonder that secure cloud-services providers are rushing to fill the gap. Cloud file-storage provider Box, for one, recently responded to GDPR’s tighter governance requirements by announcing multizone support for Box Zones that allow data to be restricted to certain geographical areas including Australia and seven other countries.
Dekko Secure, for its part, debuted a Microsoft Azure-based secure cloud file storage service called DekkoVAULT that supports workgroup collaboration on a secure cloud platform that enables control over access to secured files, as well as logging and access revocation when needed.
That platform, which complements existing secure email and secure chat offerings, uses end-to-end encryption to secure files at rest, with two-factor authentication providing an additional optional security measure.
This approach “eliminates the unknowns associated with sharing sensitive information outside your IT environment,” Dekko Secure managing director Jacqui Nelson said in a statement. “Security has been built in from the start.”
That level of security and monitoring will be crucial for organisations that are struggling to get the same level of visibility in their cloud deployments.
Read more: Cloud security: how to protect your data