Information security
-
Understand the information security lifecycle
- Understand what information and ICT systems you need to protect
- Assess the risks to your information security
- Design fit-for-purpose information security measures
- Implement your information security measures
- Validate your security measures
- Operate and maintain to stay secure
- Review your security measures
- Retire information securely
INF041
Cloud computing
Cloud computing offers organisations cost effective, agile information storage. Cloud computing is generally more secure and provides greater choice than in-house solutions.
Cloud computing is key to the Government ICT Strategy and Action Plan to 2017 for improving service delivery, and will deliver substantial savings across government. Cabinet’s Cloud First policy requires agencies to adopt cloud services in preference to traditional IT systems.
Cloud computing poses some security risks for organisations. The Government Chief Digital Officer (GCDO) provides useful guidance for agencies when implementing cloud computing. digital.govt.nz has a cloud risk assessment process outlining the requirements for New Zealand government agencies.
Supporting documents and information
- Cloud Services — digital.govt.nz
- Public Cloud security — New Zealand Information Security Manual
- Also see Outsourcing, offshoring and supply chains for more information and specific policies for when your organisation is considering outsourcing to cloud providers.
Page last modified: 23/03/2023