النسخة العربية

Oman National CERT Towards a safe cyber environment

INNOVATE OMAN

INNOVATE OMAN

We are very excited to launch Innovate Oman with the UK Oman Digital Hub , Plexal , CyLon , Imperial College London , and AL JABR . We’re supporting digital innovators in Oman through hackathons, accelerators and mentoring. Apply for our first cyber hackathon and we’ll help you build your pitch.

View
Oman 3rd best Arab country in Cybersecurity Index 2020

Oman 3rd best Arab country in Cybersecurity Index 2020

Oman has been ranked third in the Arab world and 21st globally in the Global Cybersecurity Index 2020 report released by the International Telecommunication Union (ITU).

View
Innovation Hub Oman’s 1st Virtual Hackathon

Innovation Hub Oman’s 1st Virtual Hackathon

Under the theme innovation in Fintech and Cybersecurity, Oman National CERT is partnering with Oman Arab Bank to host Oman’s 1st 24 hours virtual hackathon on 2nd and 3rd April 2021.The registration is open for all students and professionals. Join us by registering at www.oabinnovation.com

View
Safer Internet Day 2021

Safer Internet Day 2021

Safer Internet Day 2021 will take place on Tuesday, 9 February 2021, when - once again - we'll join forces across the globe to work "Together for a better internet".

View
6th National Cybersecurity drill

6th National Cybersecurity drill

The virtual drill is organized by the Ministry of Transport, Communications and Information Technology, represented by Oman National Computer Emergency Readiness Team (OCERT) in cooperation and coordination with the Cyber Defence Centre. Thirty-two government institutions participate in the drill.

View

Share it

Online Incidents Report
Request OCERT Services
Information Security Glossary

Article Details

 

Government on the Ground or to the Cloud A Security Perspective

Government on the Ground or to the Cloud A Security Perspective

Category: Networking Security | Published Date: 30/09/2012 | Author: Fakhriya Said Al-Zadjali | Rating: Government on the Ground or to the Cloud A Security Perspective(1189 Votes)


The Cloud, one of the current technology trends and buzz words which vendors and solution providers are trying to push through various events and workshops to organizations. Promising faster setting up and running applications, improved manageability, and scalability. Furthermore, claiming cutting the cost of owning hardware and software assets by switching to asservice based model, whether its Infrastructure-as-a-Service (IaaS), Platform as a service (PaaS), or Software as a service (SaaS).

However, on all these show casing events it is noticed clearly that none of the vendors are able to or willing to address the participants security concerns. Especially, for government organizations who are required by legislation and law to conform to the rules and policies concerning holding sensitive data outside the country. One such example relevant to Oman is ITA.4.1 Website policy for hosting government digital content within the sultanate.

The cloud entails several security risks. Being based mainly on a virtualized and shared infrastructure introduce many security concerns. According to a Forrester Research these risks could be grouped into three general areas: Security and Privacy, Compliance, and Legal or Contractual Issues[1].

Government organizations are more reluctant on using the cloud because they need more understanding on the risks associated from using it. A Ponemon survey finds that while the White House continues to push cloud computing, federal IT managers still worry about security and costs[2].

Furthermore, the absence of guidance, policies, and standards to regulate the cloud use is another important factor that plays a role in its take up and adoption. While, the cloud use in this region for government is still under investigation, some other parts of the world are developing or already developed cloud strategies targeting government. One of the ambitious initiatives is the G-Cloud framework which is driven by the UK Cabinet Office for government to set up its own cloud computing system . It has been under development for more than two years, with the aim of providing IT services on a 'pay as you go' basis through a Cloud Store. It has a target for 50% of its IT spend to go on cloud services by 2015[3].

The G-Cloud encapsulates the Cabinet Office strategy to cut government cost and achieve large, cross government economies of scale, while, regulating the cloud use with policies and standards to minimize security risks. Albeit this effort, not surprisingly, security concerns and lack of understanding still come into play as main reasons for skepticism about using the G-Cloud services by a great percentage (59%) of UK government IT staff as reveled by a recent survey [4].

Similarly, the USA government is working on a Federal Cloud Security Program (FedRAMP) aiming to accelerate the adoption of cloud computing and cut security costs[5].

In summary, it is evident from the previous examples from UK and USA cloud strategies for government that for cloud to add value it should be taken as a nationwide initiative. Government organizations should not be left alone to take the decision nor pushed into a new technology that still needs to establish its proper ground and trust through awareness, policies, and standards. On the other hand vendors and solution providers have to be transparent and responsible in regard to cloud risks when trying to sell cloud based services to customers.

References:

  1. "Cloud Security Front and Center". Forrester Research. 2009-11-18. Retrieved 2012-06-10
  2. "Cloud Security, Costs Concern Federal IT Pros" . Informtionweek. 2012-0131. Retrieved 2012-06-11
  3. "GPS launches next G-Cloud procurement". The Guardian. 2012-05-24. Retrieved 2012-06-11
  4. “UK government may miss cloud computing targets”. BBC news. 2012-05-17. Retrieved 2012-06-11
  5. “GSA Details Federal Cloud Security Program”. Informtionweek. 2012-02-08. Retrieved 2012-06-11