Where should our government data be stored? In New Zealand or is it okay for it go overseas?

That question popped up again this week as Microsoft announced two new Azure cloud computing facilities will be built in Canberra which the New Zealand government will use.

Taking advantage of cloud computing's infinite scalability and efficiencies in general is a good thing, especially for governments with limited resources and which may find it hard to hire skilled staff to manage IT in general.

Nevertheless, "stick it into the cloud" really does mean you're running your stuff on someone else's computer. This has benefits, but also risks, because you don't control the computers with your data on it - and they're in a foreign country, thousands of kilometres away.


In fact, Microsoft won't even own the data centres that our government information will go into. They will belong to subcontractor Canberra Data Centre instead.

While there have been more than enough private public partnership IT project pratfalls to make anyone wary of entrusting our important work to multinationals, it's perhaps governments themselves that are the real worry. Sure, it's Australia which, despite random acts of unkindness towards Kiwis living there, is considered a friendly jurisdiction. Still, shouldn't a sovereign nation's government information stay within its borders as much as possible?

The notion of business data being stored overseas is big enough a worry that the Inland Revenue has only approved 18 organisations to store tax records outside the country.

Then there's the question of what data can be stored overseas and how securely.

While Microsoft's Azure cloud is touted as being "highly secure", it's worth noting that it is certified to handle only the least sensitive government data, as classified by the Australian Signals Directorate spooks.

Like Amazon Web Services, which is already on the government's approved supplier list, Azure can only deal with unclassified government data. There are only two other providers in Australia who can handle protected-level government data, and none that are certified for secret and top-secret information.

This is not to say that the US cloud giants are insecure, but they clearly have some work left to convince the ASD to trust them more. Presumably, the NZ government will only allow unclassified data in the Azure cloud?

Leaving the above aside, would it not be in the national interest to use, or build, similar cloud facilities in NZ?

There are technical reasons for doing it, such as lower latency as local data centres will be closer to government users (although there are ways to hide this for overseas facilities with local caching), and transferring large amounts of information would be faster too.

They might not achieve the same economies of scale as overseas cloud computing giants, but we'd build skills in the country, instead of exporting techies and engineers to say ... Canberra.