النسخة العربية

Oman National CERT Towards a safe cyber environment

OIC-CERT Drill 2019

OIC-CERT Drill 2019

The OIC-CERT1 Drill is an annual event for the OIC-CERT member teams ...

View
National Cyber Security Drill ( Malware and dark web: The Persistent Threat )

National Cyber Security Drill ( Malware and dark web: The Persistent Threat )

The objective of this Cyber Drill is to enhance communication, teamwork, and participating teams’ incident response capabilities to ensure continued collective efforts against cyber threats through the CIRT of the region.

View
Oman Threat Hunters 2019

Oman Threat Hunters 2019

The ITU- Arab Regional Cybersecurity Centre (ITU-ARCC), hosted by Information Technology Authority and Oman National CERT, and in partnership with Silensec , is organizing “Threat Hunters 2019” , a national cybersecurity competition.Registration is open now through : https://cyberstars.pro/profile/register/

View
ISO/ IEC 27001: 2013 Lead Auditor training course – IRCA Certified

ISO/ IEC 27001: 2013 Lead Auditor training course – IRCA Certified

The ISO/IEC 27001 Lead Auditor training is an intensive five-day course where you’ll discover internationally- recognized best practice auditing techniques so you can confidently lead auditing activities...

View
Safer Internet Day 2019

Safer Internet Day 2019

To mark Safer Internet Day 2019 with the rest of the world, the Information Technology Authority (ITA), represented by Oman National CERT organizes...

View

Share it

Online Incidents Report
Request OCERT Services
Information Security Glossary

Article Details

 

Government on the Ground or to the Cloud A Security Perspective

Government on the Ground or to the Cloud A Security Perspective

Category: Networking Security | Published Date: 30/09/2012 | Author: Fakhriya Said Al-Zadjali | Rating: Government on the Ground or to the Cloud A Security Perspective(1188 Votes)


The Cloud, one of the current technology trends and buzz words which vendors and solution providers are trying to push through various events and workshops to organizations. Promising faster setting up and running applications, improved manageability, and scalability. Furthermore, claiming cutting the cost of owning hardware and software assets by switching to asservice based model, whether its Infrastructure-as-a-Service (IaaS), Platform as a service (PaaS), or Software as a service (SaaS).

However, on all these show casing events it is noticed clearly that none of the vendors are able to or willing to address the participants security concerns. Especially, for government organizations who are required by legislation and law to conform to the rules and policies concerning holding sensitive data outside the country. One such example relevant to Oman is ITA.4.1 Website policy for hosting government digital content within the sultanate.

The cloud entails several security risks. Being based mainly on a virtualized and shared infrastructure introduce many security concerns. According to a Forrester Research these risks could be grouped into three general areas: Security and Privacy, Compliance, and Legal or Contractual Issues[1].

Government organizations are more reluctant on using the cloud because they need more understanding on the risks associated from using it. A Ponemon survey finds that while the White House continues to push cloud computing, federal IT managers still worry about security and costs[2].

Furthermore, the absence of guidance, policies, and standards to regulate the cloud use is another important factor that plays a role in its take up and adoption. While, the cloud use in this region for government is still under investigation, some other parts of the world are developing or already developed cloud strategies targeting government. One of the ambitious initiatives is the G-Cloud framework which is driven by the UK Cabinet Office for government to set up its own cloud computing system . It has been under development for more than two years, with the aim of providing IT services on a 'pay as you go' basis through a Cloud Store. It has a target for 50% of its IT spend to go on cloud services by 2015[3].

The G-Cloud encapsulates the Cabinet Office strategy to cut government cost and achieve large, cross government economies of scale, while, regulating the cloud use with policies and standards to minimize security risks. Albeit this effort, not surprisingly, security concerns and lack of understanding still come into play as main reasons for skepticism about using the G-Cloud services by a great percentage (59%) of UK government IT staff as reveled by a recent survey [4].

Similarly, the USA government is working on a Federal Cloud Security Program (FedRAMP) aiming to accelerate the adoption of cloud computing and cut security costs[5].

In summary, it is evident from the previous examples from UK and USA cloud strategies for government that for cloud to add value it should be taken as a nationwide initiative. Government organizations should not be left alone to take the decision nor pushed into a new technology that still needs to establish its proper ground and trust through awareness, policies, and standards. On the other hand vendors and solution providers have to be transparent and responsible in regard to cloud risks when trying to sell cloud based services to customers.

References:

  1. "Cloud Security Front and Center". Forrester Research. 2009-11-18. Retrieved 2012-06-10
  2. "Cloud Security, Costs Concern Federal IT Pros" . Informtionweek. 2012-0131. Retrieved 2012-06-11
  3. "GPS launches next G-Cloud procurement". The Guardian. 2012-05-24. Retrieved 2012-06-11
  4. “UK government may miss cloud computing targets”. BBC news. 2012-05-17. Retrieved 2012-06-11
  5. “GSA Details Federal Cloud Security Program”. Informtionweek. 2012-02-08. Retrieved 2012-06-11