Stern Curator| Whatech
The Australian Computer Society has drawn up a draft Cloud Consumer Protocol, a voluntary code of practice that, if adopted, would, it says, do much to dispel SMEs’ reluctance to make use of cloud services.
The ACS has set out its proposed protocol in a discussion paper to which it has invited submissions. In so doing it is acting on a recommendation contained in the Federal Government’s National Cloud Computing strategy, released in May. The Government asked the ACS to take the lead in developing the Protocol by the end of 2013 through consultation with the cloud industry and with cloud users and potential users.
In the discussion paper the ACS says that, despite the clear and compelling value of the cloud, SMEs and non-profit organisations “appear reticent to integrate the cloud into their businesses and operations…due to a combination of a lack of understanding of what the cloud actually is, and secondly a lack of confidence in using cloud services due to concerns around issues such as privacy and security.”
Its discussion paper explores possible reasons for this aversion to cloud computing with a view to identifying what needs to be addressed in a voluntary cloud protocol that will give SMEs and NFPs “the protection and tools they need to acquire cloud services with confidence.”
The ACS’s view is that the protocol should provide:
- adequate protection for consumers of cloud services;
- clear and relevant information about products and services before, during and after point of sale for consumers;
- open, honest and fair dealings between cloud service providers and consumers;
- adequate privacy protection; and
- responsiveness to market and technology developments.
The Protocol will complement existing legislation. According to the ACS it will also recognise current guidelines issued by the Government that, while aimed at Government agency adoption of cloud, still contains useful guidance for consumers. These include the AGIMO Better Practice Guides and the security outline for cloud users issued by the Defence Signals Directorate. This document addresses the availability of data and business functionality, the protection of data from unauthorised access and the handling of security incidents.
In addition to these resources, the OECD and the European Commission both provide a wealth of information and data about practices for cloud adoption. The ACS says that many of these documents are useful for Australian consumers because of the comprehensive analysis they contain and it intends that the Protocol will reference these resources as well as the relevant Australian national legislation and regulations applicable to cloud services.
It is also likely to draw on the New Zealand CloudCode, released at the NZ Cloud Computing Summit in Auckland on May 2012 and expected to go live in mid to late August this year.
The ACS’s intention is that the Protocol will be a voluntary, industry-supported activity. However, it says that for it to be effective, “there needs to be a means by which users of cloud services can raise concerns and lodge complaints against service providers who are signatories to the Protocol but who have allegedly made untrue or inaccurate statements in their disclosure document.”
