النسخة العربية

Oman National CERT Towards a safe cyber environment

The 7th Regional Cybersecurity Summit

The 7th Regional Cybersecurity Summit

ITU-ARCC is organizing The 7th Regional Cybersecurity Summit which is kindly hosted by CITRA Kuwait on 21- 22 October 2018.

View
The 6th Arab Regional Cyber Drill

The 6th Arab Regional Cyber Drill

ITU-ARCC is organizing the 6th Arab Regional Cyber Drill (ALERT) for the Arab Region ,Kuwait (CITRA) from 23-25 October 2018.

View
Oman Threat Hunter 2018

Oman Threat Hunter 2018

“THREAT HUNTER” a national competition that is organized by ITU-Arab Regional Cybersecurity Center (ITU-ARCC) in a partnership with Silensec ...

View
Guide Manual for Reporting Abuse Through Social Media

Guide Manual for Reporting Abuse Through Social Media

This guidance booklet is written to facilitate reporting abuse process through Social Media and afford easy, smooth, and clear way of guidance to report over social media correctly.

View
Cybersecurity Specialized Training Courses

Cybersecurity Specialized Training Courses

Oman National CERT in cooperation with the Arab Regional Cybersecurity Center (ARCC) is conducting a series of specialized training in cybersecurity hosted in Oman.

View

Share it

Online Incidents Report
Request OCERT Services
Information Security Glossary

Article Details

 

Government on the Ground or to the Cloud A Security Perspective

Government on the Ground or to the Cloud A Security Perspective

Category: Networking Security | Published Date: 30/09/2012 | Author: Fakhriya Said Al-Zadjali | Rating: Government on the Ground or to the Cloud A Security Perspective(1188 Votes)


The Cloud, one of the current technology trends and buzz words which vendors and solution providers are trying to push through various events and workshops to organizations. Promising faster setting up and running applications, improved manageability, and scalability. Furthermore, claiming cutting the cost of owning hardware and software assets by switching to asservice based model, whether its Infrastructure-as-a-Service (IaaS), Platform as a service (PaaS), or Software as a service (SaaS).

However, on all these show casing events it is noticed clearly that none of the vendors are able to or willing to address the participants security concerns. Especially, for government organizations who are required by legislation and law to conform to the rules and policies concerning holding sensitive data outside the country. One such example relevant to Oman is ITA.4.1 Website policy for hosting government digital content within the sultanate.

The cloud entails several security risks. Being based mainly on a virtualized and shared infrastructure introduce many security concerns. According to a Forrester Research these risks could be grouped into three general areas: Security and Privacy, Compliance, and Legal or Contractual Issues[1].

Government organizations are more reluctant on using the cloud because they need more understanding on the risks associated from using it. A Ponemon survey finds that while the White House continues to push cloud computing, federal IT managers still worry about security and costs[2].

Furthermore, the absence of guidance, policies, and standards to regulate the cloud use is another important factor that plays a role in its take up and adoption. While, the cloud use in this region for government is still under investigation, some other parts of the world are developing or already developed cloud strategies targeting government. One of the ambitious initiatives is the G-Cloud framework which is driven by the UK Cabinet Office for government to set up its own cloud computing system . It has been under development for more than two years, with the aim of providing IT services on a 'pay as you go' basis through a Cloud Store. It has a target for 50% of its IT spend to go on cloud services by 2015[3].

The G-Cloud encapsulates the Cabinet Office strategy to cut government cost and achieve large, cross government economies of scale, while, regulating the cloud use with policies and standards to minimize security risks. Albeit this effort, not surprisingly, security concerns and lack of understanding still come into play as main reasons for skepticism about using the G-Cloud services by a great percentage (59%) of UK government IT staff as reveled by a recent survey [4].

Similarly, the USA government is working on a Federal Cloud Security Program (FedRAMP) aiming to accelerate the adoption of cloud computing and cut security costs[5].

In summary, it is evident from the previous examples from UK and USA cloud strategies for government that for cloud to add value it should be taken as a nationwide initiative. Government organizations should not be left alone to take the decision nor pushed into a new technology that still needs to establish its proper ground and trust through awareness, policies, and standards. On the other hand vendors and solution providers have to be transparent and responsible in regard to cloud risks when trying to sell cloud based services to customers.

References:

  1. "Cloud Security Front and Center". Forrester Research. 2009-11-18. Retrieved 2012-06-10
  2. "Cloud Security, Costs Concern Federal IT Pros" . Informtionweek. 2012-0131. Retrieved 2012-06-11
  3. "GPS launches next G-Cloud procurement". The Guardian. 2012-05-24. Retrieved 2012-06-11
  4. “UK government may miss cloud computing targets”. BBC news. 2012-05-17. Retrieved 2012-06-11
  5. “GSA Details Federal Cloud Security Program”. Informtionweek. 2012-02-08. Retrieved 2012-06-11