Asia govts working hard to rid cloud security stigma

Asia govts working hard to rid cloud security stigma

Summary: Officials from Singapore, Hong Kong, and South Korea point out companies remain concerned over cloud security, and stress education and common understanding is needed to overcome this hurdle.


SINGAPORE--Asia's governments are working hard to remove the security hurdle in order to promote cloud computing adoption among companies, particularly the less IT-savvy small and midsize businesses (SMBs). Establishing common standards and upping education efforts are some of their key thrusts to address the issue, officials say.

Daniel Lai, government CIO for the government of Hong Kong SAR (Special Adminstrative Region), said cloud computing uptake in the market increased 20.9 percent from 2011's figure to 33 percent last year. Of these, large enterprises took up 53 percent while SMBs made up the remaining 47 percent, he noted, citing figures from a 2012 survey from the Hong Kong Productivity Council.

Speaking at a panel discussion as part of the CloudAsia 2013 forum held here Wednesday, Lai said cloud adoption remains stifled by security concerns though. Citing the same survey, he noted 50 percent of the companies not using cloud identified security as the No. 1 reason for their inaction.

This sentiment was echoed by Seo Seung-il, director of the division of ICT Industry at South Korea's Ministry of Knowledge Economy. He said in the same panel discussion that businesses view cloud offerings as unsafe, and was one of the two obstacles for adoption in the country.

The other reason was how business leaders there have a culture of wanting to own their IT systems and not procuring from third-party vendors on demand, Seo noted.

Establish standards, improve awareness

To address the cloud security conundrum, Khoong Hock Yun, assistant chief executive for infrastructure & services development at the Infocomm Development Authority of Singapore (IDA), said the key is to foster "trust" among cloud service providers (CSPs) and end-users.

He noted the importance of having a common understanding of terms used in cloud-based service level agreements and procurement contracts will help the industry as all parties know what they are entering into. This is why the IDA is embarking to develop a multi-tier cloud security standards to certify CSPs, which is scheduled to be available as a nationwide standard in August this year, he noted.

IDA CEO Ronnie Tay also said in his keynote at the forum: "The proposed standards adopt a multi-tier approach that specifies several tiers of security provisions, to cater for the different security needs of various cloud users. These standards and guidelines will highlight the key security areas to be addressed and associated controls needed in a cloud computing environment."

The local ICT regulator is also cross-certifying the proposed standards with international schemes such as the Cloud Security Alliance's Open Certification Framework and facilitating CSP's ISO 27001 certification, Tay added.

Lai, meanwhile, said tackling cloud security is "the same" as overcoming security issues for IT systems in general. It is premised on identifying the challenges, coming out with solutions for them, and educating CSPs and end-users on these best practices, he said.

As such, the local government in Hong Kong has been ramping up awareness events and training sessions to teach end-users what they need to be wary of when using cloud services, he revealed.


Topics: Security, Cloud, Government Asia, Singapore, Hong Kong, Korea

Kevin Kwang

About Kevin Kwang

A Singapore-based freelance IT writer, Kevin made the move from custom publishing focusing on travel and lifestyle to the ever-changing, jargon-filled world of IT and biz tech reporting, and considered this somewhat a leap of faith. Since then, he has covered a myriad of beats including security, mobile communications, and cloud computing.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Cloud be regulated as Telecom

    Good article, Kevin!

    Bringing SMEs and less IT-savvies to cloud services can be possible only if CSPs provide provide trusted services at affordable prices. It is also learnt that CSPs are introducing Security as a service (SaaS) which will definitely give rise to prices. Such business models must be avoided at this stage as this will not be a win-win model.

    Having common standards is very good idea but there must be a watchdog to verify whether the cloud provider is following those standards. It is also a fact that most of SMEs and less IT-savvy companies do not have budget and resources to do this by own. For that, as is being done for telecom companies, there must be a regulatory body countrywide and/or worldwide to help regulate this sector which in return will boost end-user trust on cloud services and help cloud penetration to SMEs.
    Shahzada Mukarram Hameed
  • Great post

    Great Post . Security is a major concern for many businesses migrating to the cloud.Readers might find this whitepaper very useful.It offers good insight on cloud risks ans security issues
    Jayashree Sundaramurthy