Case Study: Cloud Security Strategy

In response to an emerging strong value proposition for the use of cloud services and the Queensland Government’s approach to increase the adoption of Cloud services to address the cost of IT and the unfunded application portfolio lifecycle, our Agency client began to assess the need for the adoption of cloud services. 

A major consideration in any cloud adoption and subsequent strategy is information security.  As such the Agency requested Business Aspect to develop a Cloud Security Strategy.

The strategy defined a framework and associated taxonomy for assessment and review of any proposed cloud solutions within the Agency. The key components of the framework were policies, processes and standards.  The framework is realised as a set of documents, and extension to existing documents.

It was suggested that while the use of cloud would present major benefits to the Agency and to the broader Queensland Government in the future, its use does present a number of risks as identified in the strategy. For the Agency some of these risks are likely to push the boundaries of risk appetite and compliance obligations. For these situations it may not be appropriate to use a cloud service but the Agency should continue to monitor the availability of mature and well controlled cloud services and the progress of the whole of Government initiatives to provide or broker secure and vetted cloud based solutions.