Deakin University

File(s) under permanent embargo

COMPLEX REGIMES: Mapping Australia's Cyber Security Regulatory Landscape for Cloud Services

posted on 2023-04-05, 04:54 authored by Tyrone BergerTyrone Berger, Susanne Lloyd-Jones, Kayleen Manwaring, Rob Nicholls, Lyria Bennett Moses
The cloud computing services sector supplies significant benefits to the Australian economy, but these benefits rely on robust cyber security protection. At present, the cyber security regulatory and guidance regime is unclear, inconsistent, and difficult to navigate. This problem is complicated by Federal law reform imposing significant new obligations on cloud service providers. This report will assist the cloud industry and its customers navigate the new legislation in conjunction with existing cyber security regulations and other expectations.




Research statement

Background This report aims to assist the cloud industry and its customers navigate new legislation along with existing cyber security regulations and guidance documents. It aims to provide guidance to Parliament and government agencies on current problems with the cyber security obligations placed on cloud services providers, and the best ways to overcome those problems to bolster sustainable and robust cyber security in cloud services provision. Contribution The report critically analyses the current cyber security regulatory regime and its impact on cloud service providers and customers, the first research to do so in Australian jurisdictions (Commonwealth, NSW and Qld). The research found that the legal and regulatory framework regarding cloud service providers and cyber security is unclear and inconsistent, a problem exacerbated by changes imposing significant new obligations and costs on cloud service providers. It also found that the numerous legislative, policy, strategy, and guidance instruments to bolster cyber security introduced in Australia are not well-aligned, unclear, and difficult to navigate. Significance The significance of this research is in its findings around regulatory overlap in the Australian regulatory frameworks applicable to cyber security, critical infrastructure and the cloud sector. Its excellence is demonstrated in the following: * it was commissioned as the major output of a competitively funded project; * peer review was provided by several members of the Cyber Security Cooperative Research Centre (CSCRC) and industry participants; * it will be used as the basis for a CSCRC short report.

Publication classification

A6 Research report/technical paper



Place of publication

Sydney, N.S.W.

Usage metrics

    Research Publications


    No categories selected


    Ref. manager