ASD warned cloud accreditation U-turn jeopardises security, adoption

Another lesson to be learned from Australia. Is it better to have a centrally controlled, but bureaucratic and slow, process or to go for self-regulation?…:

[…] Moving to a scheme of self-regulation, where agencies are responsible for their own cloud security assessments based on advice, could become equally difficult to traverse.

And if agency compliance with the cyber security components of the protective security policy framework is anything to go by, such a change could risk the security of government data.


Original article here