How to adopt public cloud services
What to do before using public cloud services, and how government organisations make them available to their people.
-
1
Classify information properly
Since only data that’s classified as RESTRICTED or below can be used with a public cloud service, classifying information in your organisation is essential.
Make sure you know the classification levels for information before doing risk assessments.
-
2
Know the benefits of using public cloud services
There are immediate and long-term benefits to government organisations using public cloud services.
-
3
Use your organisation’s cloud plan
Check your organisation's approach to public cloud services and if there's already an approved tool that meets your business needs. Your responsibilities for a cloud plan depend on whether you're:
- part of the senior management team
- a leader in a business unit
- in another role in your organisation.
-
4
See how to buy public cloud services
Government organisations can access public cloud services by using:
- All-of-Government agreements
- Marketplace contracts
- separate contracts with other providers of public cloud services — set up by you and your organisation.
-
5
Use the risk discovery tool
Use this tool to find out which risks and security controls to consider. This helps you do your risk assessment in a way that matches your effort with the risk and value of the information you’ll be using in a public cloud service.
-
6
Use your organisation’s process for assessing risks
Government organisations should have a process for assessing risks approved by their senior management.
There might be situations when your organisation is developing or improving the process and need an example template. The Government Chief Digital Officer (GCDO) has guidance on:
Help with public cloud services
In addition to the information on Digital.govt.nz, the GCDO has set up a network for learning about using public cloud services.
Utility links and page information
Last updated
