As government agencies and private sector organisations drive towards lowering costs and digital transformation the use of cloud infrastructure and services continues to expand. Many of the clouds that are on offer are located overseas or run by overseas providers.

In a survey conducted by the Office of the Australian Information Commissioner 93% of Australian citizens don’t want their data processed or stored overseas and 58% say they have avoided a business over these kinds of issues.

The Australian Center for Cyber Security (ACSC), under the Australian Signals Directorate (ASD), publishes the Australian Government Information Security Manual (ISM) for government and industry use.


“Outsourced information technology or cloud services located offshore may be subject to lawful and covert collection, without an organisation’s knowledge. Additionally, use of offshore services introduces jurisdictional risks as foreign countries’ laws could change with little warning. Finally, foreign owned service providers operating in Australia may be subject to a foreign government’s lawful access.”

 – Australian Government Information Security Manual


The ISM makes it clear that data in overseas located, or overseas owned, clouds comes with associated risks in terms of lawful or covert access. This means that onshore foreign owned clouds in Australia are effectively the same as the offshore facilities to which 93% of Australians say they object.

In addition to this risk the ISM highlights that there is regulatory risk when you aren’t with a sovereign provider, particularly as regulations can change so quickly. Regulations like the GDPR or CCPA can have real business impact for private sector organisations moving to the cloud.

A sovereign cloud provider:


  • Guarantees your cloud is not subject to any jurisdiction other than Australia’s
  • Protects you against regulatory risk like the GDPR in the EU or the CCPA in the USA
  • Protects against foreign criminal or civil judicial decisions which could involve the seizure of data or equipment
  • Protects against legal interference from other nations, such as that used access data centres located in Australia when run by overseas companies
  • Guarantees the network between you and your workloads is also free of interference or disruption


Public expectations are extremely high and it’s almost impossible to guarantee you aren’t subject to foreign jurisdiction in one form or another without using a sovereign cloud provider. For those considering a sovereign provider, Vault Cloud is entirely owned and operated within Australia. Vault offers:


  • Complete sovereignty
  • Redundancy through multiple Australian locations
  • Low latency high speed networking, including ICON connectivity for government
  • Infrastructure built to the TOP SECRET controls of the ISM
  • Vault Cloud was in the first group to achieve PROTECTED certification, the highest available
  • Our PROTECTED certification is without caveats or qualifications
  • Our technology has successfully undergone an IRAP assessment to SECRET controls and we offer configurations like this for those seeking to adopt SECRET level posture for security or assessment purposes
  • We operate in a community cloud model – a cloud exclusive to government and a cloud exclusive to government and critical infrastructure providers – which mitigates attack vectors present on public cloud


Sign up to our portal to learn more, or get in touch by phone or email