Creating a secure, usable network of systems is top-of-mind for Australia’s Digital Transformation Agency (DTA). The recent growth of security challenges for organisations of all sizes has caused this government agency to closely examine how businesses are interacting through the cloud. The Australian government’s new Secure Cloud Strategy provides a framework for service providers to follow that is targeted to “improve resilience, life productivity and deliver better services” — lofty goals for any organisation. While the Secure Cloud Strategy is ostensibly to help the government take full advantage of the benefits of cloud computing, IT services providers will also need to adopt the more robust security measures if their systems interact with secure public information.
Ongoing Challenges with Healthcare Data Security
Moving towards compliance requires managed service providers and cloud support partners to fully embrace the enhanced security requirements of the Secure Cloud Strategy. Healthcare data breaches are at an all-time high according to the Office of the Australian Information Commissioner (OAIC), where 812 notifiable breaches occurred in 2018. Australia’s “My Health Record system” has come under attack lately, as cybercriminals seem to have discovered that this is a rich well of information simply waiting to be tapped. Healthcare leads the top sector for data breaches in Australia with 20%, while finance, professional services and education lag significantly behind. While some of these data breaches are determined to be a human error due to a variety of issues such as loss of storage devices and sending information to the incorrect individual, nearly half were caused by a malicious attack.
Key Points of the Secure Cloud Strategy
Protecting the security of your data and that of your clients is of the utmost importance to service providers, and DTA’s new Secure Cloud Strategy is targeted to do exactly that. These key points are considered crucial to protecting the security of data in the nation’s healthcare infrastructure:
- Organisations will appreciate a shared understanding of requirements, including a common assessment framework
- The Digital Transformation Agency will lead the way by developing a platform to share knowledge and expertise
- A focus on reducing the duplication of effort by providing shared services that can be leveraged by multiple organisations
- The responsibilities and accountability of cloud service providers will be clarified by a new contract model
- Renewed energy towards creating sustainable change in the data security infrastructure of the government and interconnected entities
While these common-sense measures are aimed at revising the way the healthcare industry approaches data and security, industry analysts are concerned that the efforts may prove too expensive for IT service providers that are already struggling with detailed compliance requirements, increased complexity of requirements and rising costs. The talent shortfall is also a factor in the updates that the Australian government is requiring of their IT service providers, as local experts are struggling to maintain certifications and compliance requirements.
As Australia circles the same issues that are tormenting healthcare organisations throughout the world, it may be the cloud software providers that have the most work to do to maintain adequate levels of security. IT managed services providers are often able to step in and help understand how to implement broader security requirements and automate ongoing tasks to free up time with valuable technology professionals.