AUSTRALIAN INDUSTRY GROUP SUBMISSION to. Australian Computer Society. Discussion paper on the Cloud Computing Consumer Protocol



Similar documents
ACS CLOUD COMPUTING CONSUMER PROTOCOL. Response from AIIA

Cloud Computing Consumer Protocol. ACS Cloud Discussion Paper July 2013

Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the protocol).

AARNet submission to the Australian Computer Society Cloud Protocol Discussion Paper. James Sankar, Alex Reid August 2013

Cloud Computing Consumer Protocol

HKCS RESPONSE COMMONLY ACCEPTED AUDIT OR ASSESSMENT MECHANISM TO CERTIFY INFORMATION SECURITY STANDARDS

COMMUNICATIONS ALLIANCE LTD

Draft Australian Privacy Principles (APP) Guidelines first tranche

Ai GROUP SUBMISSION 14 AUGUST Ai Group Submission on Regulator Engagement with Small Business

National Broadband Network Companies and Access Arrangements Bills

Reporting of Taxable Payments to Contractors in the Building and Construction Industry. Consultation Paper

Chapter 2. Key issues and committee view

Agricultural Competitiveness Green Paper

ACS Cloud Protocol Consultation Report on the outcomes of the ACS public consultation on Cloud Protocol. 11 November 2013

BEST PRACTICE CONSULTATION

How To Regulate Speech Pathology

Australian Computer Society. Policy Statement

Trusted Cloud Europe

New Zealand Cloud Computing Code of Practice

ITCRA Response. Request for Submissions on the Draft Version of the APP Guideline Chapters A to D and 1 to 5 covering APPs 1 to 5

National Cloud Computing Strategy. May 2013

COMMUNICATIONS ALLIANCE LTD DOCUMENT MAINTENANCE POLICY AND PROCESS

Submission to Standing Senate Committee on the Environment, Communications and the Arts on the adequacy of protections for the privacy of Australians

Measuring Outcomes in the National Disability Insurance Scheme From Theory to Reality

Evidence-informed regulation The ACMA approach

AUSTRALIAN COMMUNICATIONS AUTHORITY CALL FOR EXPRESSIONS OF INTEREST FOR A TIER 1 REGISTRY OPERATOR FOR THE AUSTRALIAN TRIAL OF ENUM

Data Centre Capacity - The Need For Federal Government Agreements

Australian Government Cyber Security Review

Broadcasting and Telecom Regulatory Policy CRTC

Submission. Ministry of Social Development. A Five Year Action Plan for Out of School Services Consultation Document. To the.

Business Council of Australia

Standardising privacy and security for the cloud

Joint Committee on Enterprise & Small Business 31 May 2006 Statement by Patrick Neary, Chief Executive

CLOUD COMPUTING GUIDELINES FOR LAWYERS

Rationale for a Cloud Services Framework

APES GN 30 Outsourced Services

RURAL DOCTORS ASSOCIATION OF AUSTRALIA. Submission to the Private Health Insurance Consultation

CommBank Accounting Market Pulse. Conducted by Beaton Research + Consulting November 2014

Accreditation under the Health Practitioner Regulation National Law Act 1 (the National Law)

DISCLOSURE STATEMENT PREPARED BY

REFORM OF STATUTORY AUDIT

Records Management And Hybrid Cloud Computing: Transforming Information Governance

Chiropractic Boards response 15 December 2008

Cloud Computing in the Victorian Public Sector

Using AWS in the context of Australian Privacy Considerations October 2015

Cloud Computing Consumer Protocol Response to ACS Discussion Paper. Submission by Telstra Corporation Limited

Cloud Computing Consumer Protocol

IMMIGRATION INDUSTRY PARTNERSHIPS WITH EDUCATION PROVIDERS Purpose

Submission to the National Commission of Audit (Health and related expenditure) December 2013

Auditors and Audit Firms in New Zealand - A Review

COMMUNIQUÉ ON PRINCIPLES FOR INTERNET POLICY-MAKING OECD HIGH LEVEL MEETING ON THE INTERNET ECONOMY,

Contact: Dr. Judy Hyde. 1 P a g e. President ACPA. judy.hyde@acpa.org.au

Submission to the Australian Tax Office Response to Single Touch Payroll Discussion Paper

Submission to the Department of Broadband, Communications and the Digital Economy Telecommunication Industry Ombudsman Scheme Discussion Paper

Top 5 Cloud Computing Questions Answered!

Submission to the Department of Environment Regulation s Draft Guidance Statement on Regulatory Principles December 2014

Disclosure Requirements of CloudCode Software

Personally Controlled Electronic Health Record System: Legislation Issues Paper

Review of Electricity Customer Switching

The Netherlands response to the public consultation on the revision of the European Commission s Impact Assessment guidelines

AUSTRALIAN DIRECT MARKETING ASSOCIATION SUBMISSION PRODUCTIVITY COMMISSION DRAFT RESEARCH REPORT

Revised discussion draft on Action 6 (Preventing Treaty Abuse)

Australian JobSearch (JobSearch)

A Compelling Case for AP Automation in the Cloud

Vocational Education and Training Reform Submission

ESS BIZTOOLS Small Business Advisors Services Package

Introduction. Comments - Memorandum of Understanding

Public Consultation regarding Data Sharing and Governance Bill. Contribution of Office of the Data Protection Commissioner

Productivity Enhancing Tools Drive Aussie Small Business Growth

Information Integrity & Data Management

SETTLEMENT SYSTEMS, FUTURES, AND EMISSIONS UNITS BILL: APPROVAL FOR INTRODUCTION AND PARALLEL POLICY PROCESS

XIT CLOUD SOLUTIONS LIMITED

The Reduction of HECS Debt through Community Service. Comment on the Initiative Proposed at the 2020 Summit

Chamber SME E-Business Survey 2002

AANA Submission: Advertising Therapeutic Goods in Australia: Consultation Paper

BOOSTING THE COMMERCIAL RETURNS FROM RESEARCH

Australian Government Cloud Computing Policy

Docket No. DHS , Notice of Request for Public Comment Regarding Information Sharing and Analysis Organizations

Cyber Security and Cloud Computing. Dr Daniel Prince Course Director MSc in Cyber Security

DRAFT AUSTRALIAN PRIVACY PRINCIPLES GUIDELINES 6-11

Public Consultation: Expanded use of automated processes by IP Australia

Cloud Computing and Records Management

Australian Energy Market Commission

Enhancing Online Safety for Children

Overview 3 Electricity price increases 4 Capital and operating expenditure 6 Demand side management 7 Issues with sales/demand forecasts 8

The Business of the HR Crisis

Submission. Transport and Industrial Relations Select Committee. Employment Relations Amendment Bill (No 2) to the. on the

Ai GROUP SUBMISSION. Foreign Affairs, Defence and Trade References: Australia s relationship with Mexico. OCTOBER 2015

Productivity Commission s Regulator Engagement with Small Business Study Brisbane City Council Response

AISA Position Statement: Mandatory Data Breach Notification in Australia

Sensis e-business Report 2015 The Online Experience of Small and Medium Enterprises

Establishment of the Entrepreneurs Infrastructure Programme discussion paper. SUBMISSION by the OFFICE OF THE AUSTRALIAN SMALL BUSINESS COMMISSIONER

REAL ESTATE INSTITUTE OF AUSTRALIA SMALL BUSINESS CREDIT RESOLUTION SERVICE DISCUSSION PAPER

APES GN 30 Outsourced Services

Table of Contents. Introduction. Audience. At Course Completion. Prerequisites

Succeeding with new hospital developments Laying the right technology foundation

19 May Dear Mr Hawkins

Queensland Government Human Services Quality Framework. Quality Pathway Kit for Service Providers

Transcription:

AUSTRALIAN INDUSTRY GROUP SUBMISSION to Australian Computer Society Discussion paper on the Cloud Computing Consumer Protocol 6 September 2013

EXECUTIVE SUMMARY The Australian Industry Group (Ai Group) welcomes the opportunity to comment on the Australian Computer Society s (ACS) discussion paper on a proposed voluntary cloud computing consumer protocol (Cloud Protocol) in Australia. Ai Group is a peak industry association in Australia which along with its affiliates represents the interests of more than 60,000 businesses in an expanding range of sectors including: manufacturing; engineering; construction; automotive; food; transport; information technology; telecommunications; call centres; labour hire; printing; defence; mining equipment and supplies; airlines; and other industries. The businesses we represent employ more than 1 million employees. Ai Group s interest in the discussion paper reflects our high proportion of members in the technology sector as well as our numerous members outside the sector that are current or potential cloud computing users. Our submission addresses two issues raised by the discussion paper: Evidence of small to medium enterprises (SME) take-up and attitudes to cloud services and potential barriers to adoption; Whether a voluntary Cloud Protocol is the most effective means of addressing these concerns. Ability of Cloud Protocol to address barriers to SME take-up of cloud services Ai Group considers that definition of cloud computing services provided in the paper is clear. The issue of barriers to SME take-up of cloud computing is complex. Small and medium businesses generally show lower take-up rates across key ICT indicators. The latest data from the Australian Bureau of Statistics (ABS) s Business Use of Information Technology series, for example, shows that small businesses are significantly less likely to have a website compared to large businesses (34% of compared to 97%) or to place orders online (48% of small businesses compared with 81% of large businesses). The OECD s 2012 Internet Economy Outlook report also found that in all countries and across all measures of ICT indicators small companies lag in adoption compared with larger businesses. Lack of time, finance and skills are commonly cited barriers to lower ICT take-up rates. It is unclear to what extent a Cloud Protcol would address these fundamental issues. Ai Group has not been able to find a significant body of evidence on the extent to which consumer concerns are holding back SME adoption of cloud computing services. For example, research undertaken by the Australian Communications and Media Authority (ACMA) and quoted in The cloud services, computing and digital data as well as the ACS s discussion paper considered consumer attitudes to privacy and data protection, but not business attitudes specifically. Similarly, the 2012 MYOB Australian SMEs and Cloud Computing study quoted in the ACS paper found that while around four out of five SMEs claimed to not use cloud services, it was likely many were using some form of cloud services without realising it, for example, Internet banking, for email marketing, or to host the businesses website. It also found that knowledge and interest were just as big a barrier as security concerns, for example, 27% of respondents claimed they lacked enough information about cloud services to make the right business decisions and 22% of businesses expressed interest but had other more important business priorities. This compares to 26% of respondents who were unsure about the security of storing data 1

in one or more servers or overseas; 21% who were unsure as to whether data stored in the cloud was as secure as data stored on a server located at the business premises; and, 16% who were unsure who had ownership of data stored in the cloud. In late 2012, Ai Group surveyed close to 350 CEOs about their investment in technology in 2012.The survey asked what percentage of technology expenditure the company had spent on Internet / cloud based software in 2012. The average was 11.5% but small businesses spent proportionately less, with cloud-based expenditure accounting for 7.7% of total technology expenditure. However, industry sector was a far more significant differentiator of the proportion of expenditure on cloud based software than business size. On average, manufacturers spent just 2.9% of technology expenditure on internet and cloud based software, compared with 48.6% for service sector businesses, 28.2% for construction businesses and 1.9% of mining businesses. As part of the same research project, focus groups were held with businesses across Australia. The groups discussed technology investments, including cloud computing. SMEs were generally positive about cloud computing, particularly as it offered a more level playing field than conventional ICT software models. For example, they commented: We d probably look at moving to a cloud type environment.we were quoted originally $64,000 for a [software] package and now we can get it for a five grand connection to the cloud. Transactional costs should come down a lot because ordering and payment cycles should be just automated that should be more of an equaliser because small companies can be on par with big companies. You don t have to spend a lot of money on infrastructure. There was some recognition of the increasing complexity for SMEs of incorporating cloud services within a business, with one company commenting We use the cloud but we re running into problems now with [customers questioning]. the security it s becoming a real business challenge for us They re also asking a lot of harder questions, some of which we just can t answer because we don t know what levels of security we re dealing with and we re not in a super security conscious world in terms of our data. We love the cloud but we ve got to convince our clients to love it too. However, a Cloud Protocol would be unlikely to assist SMEs address complex customer queries about cloud computing services as these would ultimately hinge on the individual needs of the customer and business and the configurability of individual services. While we expect that the issues covered by the New Zealand CloudCode cited in the ACS paper, such as data portability, business continuity, security and ownership of data and information, are relevant considerations for SMEs, more work is needed to understand SME attitudes to cloud computing and any barriers to take-up. Necessity and effectiveness of a Cloud Protocol Ai Group supports the findings of the ACMA s The cloud services, computing and digital data discussion paper that a variety of strategies are needed to address barriers to cloud services take-up. These include: 2

Development of international and Australian standards The regulatory stocktake proposed in the National Cloud Computing Strategy Industry-led strategies to empower consumers and SMEs to make informed decisions about cloud services. Ai Group was not involved in the advisory group that recommended the establishment of the protocol. However, based on the evidence we have seen, we do not consider that the case has yet been made for a Cloud Protocol to be introduced in Australia. As a general principle of good policy-making, Ai Group supports an approach that first defines the problem and then investigates different options to address it, along with an analysis of the costs and benefits of each approach. It is not clear to us that this work was done prior to the Cloud Protocol being recommended. While a Cloud Protocol may assist to build SME confidence in cloud services, it is possible that the same outcome could be achieved through other less costly and time intensive means. Before proceeding with the Cloud Protocol, we recommend the ACS considers whether there are alternative measures the industry could undertake, such as the development of a short, plain English checklist aimed at SMEs interested in purchasing cloud computing services. This could include a list of questions or issues for SMEs to consider when selecting a provider or service. It could be based on the issues dealt with the in the New Zealand code and the issues outlined in the ACS discussion paper. This would address many of the issues that appear to inhibit SME take-up, but with a substantially lower cost to produce and maintain. There are also a number of pieces of work underway that may serve some of the same functions as the Cloud Protocol or should at least be completed before a protocol is initiated. Standards Australia's IT-038 Distributed application platforms and services (DAPS) technical committee which is the mirror committee to ISO/IEC JTC 1/SC 38 Distributed application platforms and services (DAPS) is extensively involved in international standards development work associated with cloud computing. JTC 1 SC is shortly to be commencing work on SC38 N 881 which is a new area of work relating to Service Level Agreements Framework and Terminology. Therefore, IT-038 has the capacity to also look at the Cloud Protocol and other related areas. Given the well-established and robust standards development process in Australia, it would be sensible to consider whether this route could be employed to address any consumer issues arising from cloud computing before introducing another voluntary protocol outside the standards framework which may impact or possibly overlap with this work. This ensures a link between international standards making and work undertaken in Australia, which is critical given the global, cross-border environment in which cloud services can operate. We would also support DBCDE completing the regulatory stocktake proposed in the National Cloud Computing Strategy to identify if and where gaps exist in the current regulatory framework. As the discussion paper notes, similar initiatives to the proposed Cloud Protocol have recently been established overseas, such as New Zealand s CloudCode and the Cloud Security Alliance s STAR registry. It may be prudent to monitor the success of these approaches before finalising the protocol in Australia. If the idea of a Cloud Protocol is investigated further, the following issues should be considered in determining where it will be an effective solution: The capacity to effectively promote the protocol to the intended audience of SMEs. 3

The ability of the ACS to expeditiously review cloud solutions for inclusion in the protocol, bearing in mind this is a rapidly expanding area of the market; that companies may offer a number of products; that these products may be regularly updated; and, that some services may be provided by overseas based companies. The cost and administrative burden involved in signing up to the protocol. We would be concerned, for example, if this burden were so high that it made compliance prohibitive for new and smaller cloud providers, creating the impression they were less trustworthy than larger competitors. The rigour of the complaints process and the ability of the ACS to resource it, bearing in mind that it can be time intensive and may require additional staffing resources. The New Zealand Code, for example, has an extensive investigation and review process. The ability of the protocol to balance conflicting and sometimes complex considerations. For example, while in some instances overseas hosted data may give rise to concerns about discrepancies between Australian law and the law in jurisdictions where data is hosted, in other cases overseas hosting may fuel competition and lower service prices without compromising data security or integrity. This may be beneficial for SMEs. The potential for confusion about matters that can be dealt with by the Protocol, and matters that are covered by other legislation, such as Australian Consumer Law and the Privacy Act any by relevant standards. Whether focussing solely on public and hybrid cloud services may imply these are less trustworthy or suitable solutions compared with private cloud services, undermining the consumer confidence that the protocol is designed to build. 4

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information