Microsoft has criticised the Australian Government's policy stance on offshore cloud hosting as a "procedural barrier" that is odds with the Coalition's rhetoric around expanding the adoption of cloud services.
The Attorney-General's Department handed down its policy in July 2013. It requires agencies looking to host sensitive data overseas to first obtain the approval of not only their own minister but also the Attorney-General.
Agencies must satisfy both ministers the necessary security measures are in place to keep the data safe.
Microsoft offers a range of enterprise cloud services hosted in countries such as Singapore and the US. It has revealed plans to launch its Azure hosting service in Australia, but has no such plans to launch the more popular Office 365 productivity software service from an Australian facility.
Microsoft has made a submission to the Department of Communication's public consultation on deregulation in the communications sector – made public today – claiming that the policy had "added an additional hurdle for agencies' consideration of cloud computing services".
Microsoft addressed the document to communications minister Malcolm Turnbull – who does not oversee the policy – in hopes the government as a whole would take notice.
"While this is not regulation that falls within the Communications portfolio, we feel it is worth drawing the portfolio's attention to, given the Minister's express desire to have a more 'aggressive take up' of cloud within government agencies," the submission said.
Microsoft suggested agencies should "be able to leverage security guidance to make their own risk-based assessments on whether to utilise cloud services".
It also said the government was sending inconsistent messages about what it expects from agencies.
"This guidance has not only added a procedural barrier into the consideration of offshore hosted cloud services for non-security classified data; it has created confusion around the privacy requirements of agencies and putting the Federal Government's internal guidance on cloud at odds with the more constructive guidance of the Office of the Australian Information Commissioner."