Canada wants to keep federal data within national borders
Wed 3 Aug 2016
Canada has released its latest federal cloud adoption strategy, now available for public comment, which includes policy concerning the storing of sensitive government information on Canadian citizens within national borders.
The newly-published Government of Canada Cloud Adoption Strategy requires that only data which the government has categorised as ‘unclassified’, or harmless to national and personal security, will be allowed outside of the country. This information will still be subject to strict encryption rules.
The new strategy, which has been in development over the last year, stipulates that all personal data stored by the government on Canadian citizens, such as social insurance numbers and critical federal information, must be stored in Canada-based data centres in order to retain ‘sovereign control’.
According to the proposal document, the Canadian government’s national IT department has already started buying cloud capacity, capable of processing ‘unclassified’ data. By 2017, it is expected that Shared Services Canada will have purchased even greater cloud capacity for handling ‘sensitive’ information, but not for data marked as ‘secret’ or ‘top secret’.
The new guidelines come after two years of federal discussions in Canada about driving cloud adoption, cutting data centre costs and optimising IT infrastructure. The consultations have involved participants from over 60 industry organisations.
The strategy aims to allow government bodies to only pay for the cloud capacity they require. This management will be the responsibility of the individual departments and organisations, which will choose the ‘right cloud’ strategy for their specific business context. This could utilise secure public clouds, private clouds, and/or the government’s existing systems.
‘The Government of Canada’s (GC) IT landscape reflects the past five decades of IT evolution, comprising tailored solutions, commercially acquired solutions, legacy solutions and much more. Given such diversity, a one-cloud-fits-all solution will not serve all needs,’ the document notes. ‘Instead, the GC will adopt a right cloud strategy that will enable CIOs to have a number of cloud- and non-cloud deployment models to choose from.’
The proposal argues that the ability to match solutions to a particular business operation, and the variety of IT solutions to be made available, will ensure a wider migration to the cloud across the Canadian public sector.