Cloud Computing Security Considerations - Australia

Name of the programme: Cloud Computing Security Considerations

Governing of the standard: Australian Government – Department of Defence

Accreditation Body/Bodies: CSOC–Cyber Security Operations Centre


  • Availability of data and business functionality
  • Protecting data from unauthorized access
  • Handling security incidents

Cloud-relevance: It refers to all types of service models (SaaS, PaaS, IaaS) and to all deployment models (Public, Hybrid, Private, Community).

Type of certifiable organisation: Any agency that wishes to migrate to the cloud.

Type of trust models applicable: Self-attestation.

Is the certification proprietary or open: Open

Programme, status (operational, in development): Operational

The Australian Department of Defence issued the Cloud Computing Security Considerations, which explains several cloud related terms such as delivery models, deployment models and service types and benefits. The document targets users with the aim of increasing their understanding of the fundamentals of the cloud computing paradigm and helps them identify security threats that might have a malicious impact on their applications and data deployed in the cloud. Instead of being a list of security issues that need to be taken into account, they are expressed as a series of questions that need to be answered by the potential user and can help the user understand the risks that he or she might be taking when migrating to the cloud.

This document is also aimed at providing the means for agencies to perform a risk assessment to determine the viability of using cloud-computing services. This assessment is based on a list of thought-provoking questions on the risks associated with adoption of cloud services. The ultimate goal of the guidelines is to facilitate business and IT professionals to make more informed decisions and determine the extent to which cloud meets their strategic business goals while mitigating the risks involved.

Download the full report