BRR: Today BRR talks with Adrian Snooks, he is a senior executive lawyer with the Australian Government Solicitor in Canberra. Welcome to BRR Adrian.
AS: Thanks very much Dave.
BRR: Adrian, government agencies now have a set of draft guidelines highlighting the key legal issues when looking at cloud computing options. What is the stand out issue in your opinion?
AS: Oh, look I think the stand-out issues have to be privacy and security – especially when governments considering putting it's information as a public cloud. The reason for that is that the public cloud is not built on these things being terribly important to the client, but for government, obviously they are, considering that the classified information government deals with and the information of individuals and so on. So I think until there is a technical resolution to those sort of issues, then government is going to be limited to putting non-sensitive information into the public cloud or perhaps exploring other options such as, a government community cloud that's available to government only. So I think those are the 2 key issues. But, other than that, I think the stand-out issue is liability and the commonwealth policy on capping a providers liability in ICT contracts is not necessarily ideal cloud computing arrangements. And that is because the sort of liability that you are likely to see in a cloud computing arrangement is somewhat different to a lot other IT and communications contracts. And here we are talking about things like loss caused by service interruption, data loss, and misuse of data by, by a, for example a rogue employee of the provider, the sort of Wikileaks scenario, we like to call it. I would say that is properly the primary legal issue.
BRR: So at this point are many government agencies using cloud services yet?
AS: Look, I think, probably more agencies are using it than they know. For example the use of software as a service, things like Google Maps in websites, Facebook pages and so on, Google Analytics to analyse work traffic. These are all cloud products and I'd suggest a lot of agencies are using those things. But when we are talking about cloud, we often think about stronger use of cloud, if you like. So, for example, putting data into the cloud, obtaining hardware and other services through the cloud. So you know, the sort of things that are offered by some of the big cloud companies like Salesforce and others. In terms of those more extensive uses of cloud, I think we are at a very early stage at the moment. The use of this sort of public cloud is very much limited by the sort of issues we are talking about privacy and security and so on. So I don’t think there is a wholesale shift towards that sort of thing yet. However the cost savings offered by the cloud are going to be very attractive to government, particularly in an environment where agencies are under an increasing level of cost pressure – you know, for example, efficiency dividends and so on to reduce their costs constantly. I think cloud and use of the public cloud is going to be very attractive to them.
BRR: And Adrian, just turning back to the guidelines. When will they be finalised and will agencies then need to strictly adhere to those guidelines?
AS: Yeah, the guidelines have been available, published by AGIMO, for a few weeks now and they have been open for public comment. So that has just closed, I think, as of Friday 9 December. So we will be evaluating those comments that have come in and looking to finalise those guidelines in the next month or so. In terms of government adhering to the guide, there is no strict requirement to adhere to the guide. Ultimately it is just an expression of best practice, rather than requirements that the government has to follow. Although I would say that some of the guidance reflects legal and policy requirements that the government does have to comply with, so there is that angle to it. But I think that the guide really represents – or covers – the majority of issues we see arising in cloud computing agreements. So I think it is a good place to start for agencies when they are considering entering into a cloud computing arrangement. And I will just say also that the guide is there as general guidance and agencies should always seek their own legal advice for, you know, specific circumstances that apply to them.
BRR: Some useful insights, leave it there for now and thanks again for your time today Adrian.
AS: Thanks very much Dave, appreciate it.
BRR: That was Adrian Snooks, a senior executive lawyer with the Australian Government Solicitor based in Canberra.