Signs that the data sovereignty discussion in Australia is maturing

With Defence and other agencies capturing and handling critically sensitive data, there’s a growing sense of maturity in the way sovereignty concerns around data carriage and storage are being addressed.

This has been several years in the making. Issues of sovereignty have not traditionally lent themselves to overtly neutral and non-politicised treatment.

This situation has led to discussions about sovereignty in physical security domains, for example, often being narrowly focused on the method of data capture — on the sensor hardware and camera technology, for example — rather than a broader and more inclusive view of sovereignty that also covers how and where the data is transmitted back to a central point for management analysis and storage.

This kind of narrow focus is often the result of an overemphasis on geopolitical concerns that are so often intertwined with sovereignty. While valid, it’s but one reason to address sovereignty risks.

In a sign of growing maturity, however, sovereignty these days is becoming a broader discussion. It’s now as much about the idea that building local capability and capacity in key areas is sensible — for surety of supply and self-sufficiency — as much as being a hedge against what might happen outside our borders.

This isn’t a new idea. Over the past decades, sovereignty has often been raised in the context of manufacturing capability, aimed at ensuring a base supply of everything from local silicon to military asset upgrades (as reflected by the existence of the Sovereign Defence Industrial Priorities and grant funding).

We see the same dynamic playing out in emerging technology areas like quantum computing and AI — where local access to hardware, software and skills dictates the extent to which a country and its constituents can actively participate in the definition and evolution of the technology and the benefits it brings. Being beholden to an offshore supply chain for any part of that introduces risks that could materially impact or undermine adoption and progress.

Increasingly, sovereignty is driven by privacy and, equally, data security. This is particularly the case for departments like Defence, Home Affairs, Health and others that deal with significant volumes of sensitive data.

Where this data resides, both in transit and at rest, is an issue that is still being worked through — at least from a physical security data perspective. With the data being transmitted across IP networks, and stored and analysed in multiple clouds, closer attention is being paid to placing some boundaries around the cloud infrastructure used to host physical security technology and to store the data it’s generating.

Some of these boundaries will be geographical — utilising local data centre facilities or services that are certified to process or store data up to a strict classification level. Other boundaries will be based on the extent to which security expectations are being met or exceeded — which may be reflected in the facility or service passing an IRAP or similar standards-based assessment.

What’s important is that these discussions are had — and solutions are found — to ensure that physical security systems, and the agencies running them, can benefit from innovation, productivity and operational efficiency improvements associated with the cloud, while ensuring that data stays protected.

Flexible innovation options

Within the physical security domain, data sovereignty has become elevated in its importance with the growing number of cloud-based services that are both available and in use. It’s apparent that much of the future innovation direction in the physical security space will be tied to some of these cloud services. Cloud services improve the flexibility of teams and organisations to oversee and run complex physical security environments and to stay abreast of key risks in these environments, as and when they materialise. This flexibility is driving increased proliferation in both the availability of new cloud services and in their use.

Some common cloud services being used include video surveillance as a service (VSaaS) for video monitoring, management and recording. Another such cloud service is access control as a service (ACaaS) for managing and monitoring access to physical spaces and cardholder credentials: used by operators to centrally control access permissions and requests and to remotely manage sites, roles and identities. These types of services enable organisations to monitor and manage premises with efficiency from anywhere.

Cloud-based physical security technology, which brings various security applications and enterprise capabilities in one flexible, open and unified solution, is enabling government agencies with sensitive requirements to unify access control, video management, forensic search, intrusion monitoring, automation and so on. Taking this unified approach interconnects security tasks and boosts operator confidence, creating a comprehensive view of what’s happening across the organisation.

Data sovereignty is an important topic and is being spoken about in the public discourse more frequently. The expectation is that sensitive data collection and operations for surveillance and access management purposes be handled securely and discreetly. This is much more possible when data is domiciled in the geography it was created, and where the operators of cloud infrastructure have demonstrated their commitment to upholding the highest standards of security and safety.

*As Country Manager for Oceania at Genetec, George Moawad leads a team of professionals delivering cutting-edge network-based security solutions for private, public, corporate and commercial clients. With over 27 years of experience in the electronic physical security industry, George has a deep understanding of the challenges and opportunities in this dynamic field.

Top image credit: iStock.com/Vladimir_Timofeev