النسخة العربية

Oman National CERT Towards a safe cyber environment

Oman Cybersecurity CTF competition

Oman Cybersecurity CTF competition

ARCC in collaboration with Cyber Talents are organizing "Oman Cybersecurity CTF competition" hosted by ITA through Oman National CERT.

View

" Red Chungu" Training

For the first time in Oman ARCC is conducting the "Red Chungu" Training in Oman from 15 Oct 2017 to 19 Oct 2017

View
6th Regional Cyber Security Summit

6th Regional Cyber Security Summit

Date : 20th to 21st November 2017 ... Location : Sheraton Oman Hotel, Muscat

View
4th Oman National Cyber Drill

4th Oman National Cyber Drill

Date :23rd – 25th , October, 2017 ... Location : Grand Hormuz Hotel, Muscat

View
OIC-CERT Annual Conference 2017

OIC-CERT Annual Conference 2017

Date : 6 – 9 November 2017 ... Location : Baku, Azerbaijan

View

Share it

Online Incidents Report
Request OCERT Services
Information Security Glossary

Article Details

 

Government on the Ground or to the Cloud A Security Perspective

Government on the Ground or to the Cloud A Security Perspective

Category: Networking Security | Published Date: 30/09/2012 | Author: Fakhriya Said Al-Zadjali | Rating: Government on the Ground or to the Cloud A Security Perspective(1188 Votes)


The Cloud, one of the current technology trends and buzz words which vendors and solution providers are trying to push through various events and workshops to organizations. Promising faster setting up and running applications, improved manageability, and scalability. Furthermore, claiming cutting the cost of owning hardware and software assets by switching to asservice based model, whether its Infrastructure-as-a-Service (IaaS), Platform as a service (PaaS), or Software as a service (SaaS).

However, on all these show casing events it is noticed clearly that none of the vendors are able to or willing to address the participants security concerns. Especially, for government organizations who are required by legislation and law to conform to the rules and policies concerning holding sensitive data outside the country. One such example relevant to Oman is ITA.4.1 Website policy for hosting government digital content within the sultanate.

The cloud entails several security risks. Being based mainly on a virtualized and shared infrastructure introduce many security concerns. According to a Forrester Research these risks could be grouped into three general areas: Security and Privacy, Compliance, and Legal or Contractual Issues[1].

Government organizations are more reluctant on using the cloud because they need more understanding on the risks associated from using it. A Ponemon survey finds that while the White House continues to push cloud computing, federal IT managers still worry about security and costs[2].

Furthermore, the absence of guidance, policies, and standards to regulate the cloud use is another important factor that plays a role in its take up and adoption. While, the cloud use in this region for government is still under investigation, some other parts of the world are developing or already developed cloud strategies targeting government. One of the ambitious initiatives is the G-Cloud framework which is driven by the UK Cabinet Office for government to set up its own cloud computing system . It has been under development for more than two years, with the aim of providing IT services on a 'pay as you go' basis through a Cloud Store. It has a target for 50% of its IT spend to go on cloud services by 2015[3].

The G-Cloud encapsulates the Cabinet Office strategy to cut government cost and achieve large, cross government economies of scale, while, regulating the cloud use with policies and standards to minimize security risks. Albeit this effort, not surprisingly, security concerns and lack of understanding still come into play as main reasons for skepticism about using the G-Cloud services by a great percentage (59%) of UK government IT staff as reveled by a recent survey [4].

Similarly, the USA government is working on a Federal Cloud Security Program (FedRAMP) aiming to accelerate the adoption of cloud computing and cut security costs[5].

In summary, it is evident from the previous examples from UK and USA cloud strategies for government that for cloud to add value it should be taken as a nationwide initiative. Government organizations should not be left alone to take the decision nor pushed into a new technology that still needs to establish its proper ground and trust through awareness, policies, and standards. On the other hand vendors and solution providers have to be transparent and responsible in regard to cloud risks when trying to sell cloud based services to customers.

References:

  1. "Cloud Security Front and Center". Forrester Research. 2009-11-18. Retrieved 2012-06-10
  2. "Cloud Security, Costs Concern Federal IT Pros" . Informtionweek. 2012-0131. Retrieved 2012-06-11
  3. "GPS launches next G-Cloud procurement". The Guardian. 2012-05-24. Retrieved 2012-06-11
  4. “UK government may miss cloud computing targets”. BBC news. 2012-05-17. Retrieved 2012-06-11
  5. “GSA Details Federal Cloud Security Program”. Informtionweek. 2012-02-08. Retrieved 2012-06-11