Macquarie Government has criticised the Australian Government’s ‘eggs-in-one-basket’ approach to data centres.
An Australian provider of cloud and data centre services says the country’s government data is at serious risk with 79% of it housed with only one provider.
Following the release of the Devolved Data Centre Decisions report from the Australian Strategic Policy Institute (ASPI), Macquarie Government says this is a risk that would notbe toleratedin the corporate world.
It adds that government departments are not considering the aggregated risk created as each agency moves data to one provider and this should be a genuine concern for the Australian Government to address.
Aidan Tudehope, Managing Director, Macquarie Government, said: “ASPI’s report highlights risks to government data from a whole-of-government perspective. Clearly, having 79% of all government data housed with one provider – as the ASPI report has found – is a very big risk. This is an ‘eggs-in-one-basket’ situation that should be a genuine concern for government.
“In the corporate world, organisations would never tolerate such risks to their data and will often ensure they have supplier diversity in case the unthinkable ever happens. It’s unclear why government departments don’t do likewise.
“While individual government departments may be considering their specific circumstances and risk exposures, they are not assessing the risks created from decisions made by multiple government agencies in aggregate. This aggregated risk rises every time a government agency moves its data into this single provider.”
The report says the fragmentation and continued devolution of government procurement and responsibility for cybersecurity and physical security have created an unnecessary vulnerability for government data, which is increasingly being managed in outsourced data centres.
It states: “There’s a lack of oversight and management of government data security on the whole-of-government level. The problem’s creation can be directly linked to the cumulative impact individual agency decision-making in both ICT procurement and security assessments and actions, without sight, or the ability to understand, assess and manage, whole-of-government implications and risk.
“This is exacerbated by the public sector’s risk-averse culture and the focus on whole-of-government ICT (the technology and its application), rather than whole-of-government data, which is seen as an ‘interesting notion’ rather than an asset.”
In conclusion the report states: “In the case of data centre facilities holding and managing increasing volumes of government data and the potential and real risks arising from concentration with a single dominant provider, there’s a need to consider and address the unintended consequences of what, in some important if narrow way, has been a successful approach to outsourcing.
“The compounding effects from having a dominant provider seem likely to grow as more cloud services and functions are bundled with, or accessed through, specific data centre providers.
“Data and information management need to be elevated to the level at which government finances are managed to ensure top-to-bottom understanding of the implications of data centre procurement decisions.”Click below to share this article