Asia govts working hard to rid cloud security stigma

SINGAPORE--Asia's governments are working hard to remove the security hurdle in order to promote cloud computing adoption among companies, particularly the less IT-savvy small and midsize businesses (SMBs). Establishing common standards and upping education efforts are some of their key thrusts to address the issue, officials say.

Daniel Lai, government CIO for the government of Hong Kong SAR (Special Adminstrative Region), said cloud computing uptake in the market increased 20.9 percent from 2011's figure to 33 percent last year. Of these, large enterprises took up 53 percent while SMBs made up the remaining 47 percent, he noted, citing figures from a 2012 survey from the Hong Kong Productivity Council.

Speaking at a panel discussion as part of the CloudAsia 2013 forum held here Wednesday, Lai said cloud adoption remains stifled by security concerns though. Citing the same survey, he noted 50 percent of the companies not using cloud identified security as the No. 1 reason for their inaction.

This sentiment was echoed by Seo Seung-il, director of the division of ICT Industry at South Korea's Ministry of Knowledge Economy. He said in the same panel discussion that businesses view cloud offerings as unsafe, and was one of the two obstacles for adoption in the country.

The other reason was how business leaders there have a culture of wanting to own their IT systems and not procuring from third-party vendors on demand, Seo noted.

Establish standards, improve awareness

To address the cloud security conundrum, Khoong Hock Yun, assistant chief executive for infrastructure & services development at the Infocomm Development Authority of Singapore (IDA), said the key is to foster "trust" among cloud service providers (CSPs) and end-users.

He noted the importance of having a common understanding of terms used in cloud-based service level agreements and procurement contracts will help the industry as all parties know what they are entering into. This is why the IDA is embarking to develop a multi-tier cloud security standards to certify CSPs, which is scheduled to be available as a nationwide standard in August this year, he noted.

IDA CEO Ronnie Tay also said in his keynote at the forum: "The proposed standards adopt a multi-tier approach that specifies several tiers of security provisions, to cater for the different security needs of various cloud users. These standards and guidelines will highlight the key security areas to be addressed and associated controls needed in a cloud computing environment."

The local ICT regulator is also cross-certifying the proposed standards with international schemes such as the Cloud Security Alliance's Open Certification Framework and facilitating CSP's ISO 27001 certification, Tay added.

Lai, meanwhile, said tackling cloud security is "the same" as overcoming security issues for IT systems in general. It is premised on identifying the challenges, coming out with solutions for them, and educating CSPs and end-users on these best practices, he said.

As such, the local government in Hong Kong has been ramping up awareness events and training sessions to teach end-users what they need to be wary of when using cloud services, he revealed.