The Tasmanian Information Security Policy Manual outlines a framework based on a risk management approach that requires government agencies to implement policies and procedures that are proportionate to the level of risk.
A Guide to Implementing Cloud Services: Better Practice Guide shows how appropriate risk mitigation strategies can protect data according to its level of security classification.
Advice such as Cloud Computing Myths address some misconceptions which can lead to a loss of opportunity if information management is unnecessarily restrictive.
The challenge then, is to use cloud services that are optimal for the security classification of the data in question while maximising the opportunities afforded by cloud services.
Locking all education data into computing services and storage that are best suited to 'x-in-confidence' information is expensive, restrictive and reduces the possibilities for innovation in the provision of IT services for learning.
On the other hand storing 'x-in-confidence' data in social media services can be high risk.
The following mapping is a little simplistic but it shows how there could be room to choose 'best practice' third party cloud storage as well as social and mobile media where the terms of service are sufficient to meet needs.
By selecting the appropriate storage for each level of information security required we can make the most of the opportunities that cloud computing services bring while carefully managing the risks.
This risk management also includes best practice password management.
