A Comparative Study of National Cloud Security Strategy and Governance
Pages 241 - 250
Abstract
The explosive growth of data through the Fourth Industrial Revolution and the COVID-19 pandemic has brought significant changes to the computing environment. Globally, there is a consistent increase in the adoption of cloud computing service models. Cloud services, appreciated for their flexibility and cost-effectiveness, are gaining prominence, serving as a technology to store and process the escalating volumes of data. In response to these trends, major nations are announcing national visions and strategies, such as preemptive cloud adoption policies in the public sector, actively participating in the momentum of cloud transformation. However, with the rising adoption of cloud services, there is a simultaneous surge in cloud security threats. To ensure the successful transition of governments and private enterprises to the cloud, security concerns must be indispensably considered. It is at this juncture that a strategic, national-level approach is crucial, rather than relegating security issues solely to individual institutions. This paper analyzes and compare the cloud security strategies and governance of the United States, the United Kingdom, Australia, and Republic of Korea. This comparative analysis aims to identify the common cloud security approaches and characteristics of the four nations and explores the role of government in strengthening cloud security capabilities.
References
[1]
Forbes. 2021. How The Pandemic Has Accelerated Cloud Adoption. Retrieved February 2, 2024 from https://www.forbes.com/sites/forbestechcouncil/2021/01/15/how-the-pandemic-has-accelerated-cloud-adoption/?sh=4eed783c6621
[2]
CrowdStrike. 2023. 2023 Global Threat Report. https://www.cloocus.com/storage/2023/08/CrowdStrike2023GlobalThreatReport.pdf
[3]
GAVS. 2022. Increase in Cloud Services and Cloud Security Threats. Retrieved February 2, 2024 from https://www.gavstech.com/increase-in-cloud-services-and-cloud-security-threats/
[4]
Check Point. 2023. Check Point Research flags a 48% growth in cloud-based networks attacks in 2022, compared to 2021. Retrieved February 2, 2024 from https://blog.checkpoint.com/2023/01/17/check-point-research-flags-a-48-growth-in-cloud-based-networks-attacks-in-2022-compared-to-2021/
[5]
Statista. 2023. Public Cloud: market data & analysis. https://www.statista.com/outlook/tmo/public-cloud/worldwide
[6]
NIST. 2012. The NIST Definition of Cloud Computing.
[7]
Hwang Chi Ha, Yang Ji Eon. 2022. Cloud x Security Practical Guide. Freelec. (November 2020), 38-49.
[8]
LG CNS. 2019. Cloud Security Incident Cases and Security Management Responsibilities. Retrieved February 2, 2024 from https://www.lgcns.com/blog/cns-tech/cloud/18395/
[9]
Vivek Kundra. 2011. Federal Cloud Computing Strategy. The White House.
[10]
Nextgov. 2020. CIA Awards Secret Multibillion-Dollar Cloud Contract. Retrieved February 2, 2024 from https://www.nextgov.com/modernization/2020/11/exclusive-cia-awards-secret-multibillion-dollar-cloud-contract/170227/
[11]
Federal Cloud Computing Strategy. 2024. From Cloud First to Cloud Smart. Retrieved February 2, 2024 from https://cloud.cio.gov/strategy/
[12]
FedRAMP.gov. 2024. Program Basics. Retrieved February 2, 2024 from https://www.fedramp.gov/program-basics/
[13]
The White House. 2021. Executive Order on Improving the Nation's Cybersecurity. Retrieved February 2, 2024 from https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/
[14]
Congress.gov. 2021. H.R.21 - FedRAMP Authorization Act. Retrieved February 2, 2024 from https://www.congress.gov/bill/117th-congress/house-bill/21
[15]
The White House. 2023. National Cybersecurity Strategy.
[16]
The White House. 2018. OMB Announces Cloud Smart Proposal. Retrieved February 2, 2024 from https://trumpwhitehouse.archives.gov/briefings-statements/omb-announces-cloud-smart-proposal/
[17]
CIO.gov. 2024. What We Do. Retrieved February 2, 2024 from https://www.cio.gov/about/vision/
[18]
Federal Cloud Computing Strategy. 2024. CIO Council Actions. Retrieved February 2, 2024 from https://cloud.cio.gov/strategy/actions/
[19]
Federal Cloud Computing Strategy. 2024. Cloud Security. Retrieved February 2, 2024 from https://cic.gsa.gov/basics/cloud-security
[20]
U.S. Government Accountability Office. 2023. Cloud Security: Selected Agencies Need to Fully Implement Key Practices. Retrieved March 29, 2024 from https://www.gao.gov/products/gao-23-105482
[21]
CISA. 2024. Continuous Diagnostics and Mitigation (CDM) Program Retrieved February 2, 2024 https://www.cisa.gov/resources-tools/programs/continuous-diagnostics-and-mitigation-cdm-program
[22]
NIST. 2011. Guidelines on Security and Privacy in Public Cloud Computing.
[23]
NIST. 2020. General Access Control Guidance for Cloud Systems.
[24]
CISA. 2022. CISA Releases Second Version of Guidance for Secure Migration to the Cloud. Retrieved February 2, 2024 from https://www.cisa.gov/news-events/news/cisa-releases-second-version-guidance-secure-migration-cloud
[25]
CISA. 2023. The National Cyber Incident Response Plan (NCIRP). Retrieved February 2, 2024 from https://www.cisa.gov/resources-tools/resources/national-cyber-incident-response-plan-ncirp
[26]
CISA. 2024. Cyber Safety Review Board (CSRB). Retrieved February 2, 2024 from https://www.cisa.gov/resources-tools/groups/cyber-safety-review-board-csrb
[27]
CSA. 2024. Cloud Controls Matrix (CCM). Retrieved February 2, 2024 from https://cloudsecurityalliance.org/research/cloud-controls-matrix/
[28]
CSA. 2024. Security, Trust, Assurance and Risk (STAR). Retrieved February 2, 2024 from https://cloudsecurityalliance.org/star/
[29]
GOV.UK. 2017. Government Cloud First policy. Retrieved February 2, 2024 from https://www.gov.uk/guidance/government-cloud-first-policy
[30]
GOV.UK. 2013. Applying to the G-Cloud framework. Retrieved February 2, 2024 from https://www.gov.uk/guidance/g-cloud-suppliers-guide
[31]
CESG. 2013. Pan Government Accreditation Service. Retrieved February 2, 2024 from https://webarchive.nationalarc hives.gov.uk/ukgwa/20131001165748/http://www.cesg.gov.uk/servicecatalogue/PGAS/Pages/PG AS.aspx
[32]
GOV.UK. 2013. Government Security Classifications. Retrieved February 2, 2024 from https://www.gov.uk/government/publications/government-security-classifications
[33]
Richards, Tony. 2014. The G-Cloud Security Approach. Digital Marketplace Blog. Retrieved February 2, 2024 from https://digitalmarketplace.blog.gov.uk/2014/06/09/the-g-cloud-security-approach/.
[34]
National Cyber Security Centre. 2021. Cyber Essentials: Requirements for IT infrastructure v3.
[35]
Richards, Tony. 2014. Tell us your views: the G-Cloud security approach. Digital Marketplace Blog. Retrieved February 2, 2024 from https://digitalmarketplace.blog.gov.uk/2014/09/05/tell-us-your-views-the-g-cloud-security-approach/
[36]
NCSC. 2024. Incident management. Retrieved February 2, 2024 from https://www.ncsc.gov.uk/section/about-ncsc/incident-management
[37]
Australian Government. 2014. Australian Government Cloud Computing Policy. Department of Finance.
[38]
Australian Government. 2017. Secure Cloud Strategy. Digital Transformation Agency.
[39]
Australian Government. 2021. Infosec Registered Assessors Program (IRAP). Australian Signals Directorate. Retrieved February 2, 2024 from https://www.cyber.gov.au/irap
[40]
Australian Government. 2024. Protective Security Policy Framework. Department of Home Affairs. Retrieved February 2, 2024 from https://www.protectivesecurity.gov.au/about
[41]
Australian Government. 2024. About us. Digital Transformation Agency. Retrieved February 2, 2024 from https://www.dta.gov.au/about-us
[42]
Australian Government. 2024. Archived ISM releases. Retrieved February 2, 2024 from https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/archived-ism-releases
[43]
Australian Government. 2024. Cloud Computing Security for Cloud Service Providers. Retrieved February 2, 2024 from https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/cloud-security-guidance/cloud-computing-security-cloud-service-providers
[44]
Australian Signals Directorate. 2020. Cloud Assessment and Authorization.
[45]
Australian Government. 2024. Who we are. Australian Signals Directorate. Retrieved February 2, 2024 from https://www.cyber.gov.au/about-us/about-asd-acsc/who-we-are
[46]
Australian Government. 2024. Cloud Computing Security Considerations. Retrieved February 2, 2024 from https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/cloud-security-guidance/cloud-computing-security-considerations
[47]
Korea Legislation Research Institute. 2024. Act On The Development Of Cloud Computing And Protection Of Its Users. Retrieved February 2, 2024 from https://elaw.klri.re.kr/kor_service/lawView.do?hseq=60378&lang=ENG
[48]
Ministry of Science and ICT. 2021. The Third Basic Plan for Cloud Computing.
[49]
Korea Law Information Center. 2024. Rule on Standards for Using Cloud Computing Services and Securing Safety for Administrative Agencies and Public Institutions. Retrieved February 2, 2024 from https://law.go.kr/admRulSc.do?menuId=5&subMenuId=41&tabMenuId=183#liBgcolor7
[50]
Ministry of Science and ICT, KISA. 2023. Cloud Computing Services Security Certification Guide.
[51]
KISA. 2020. Cloud Vulnerability Check Guide.
[52]
KISA. 2024. Helping build cloud security companies. Retrieved February 2, 2024 from https://www.kisa.or.kr/1040205
[53]
Ministry of Science and ICT, KISA. 2021. Announcement of recruitment of companies in demand for cloud-based security service support for ICT small and medium-sized enterprises in 2021. Retrieved February 2, 2024 from https://www.kisa.or.kr/skin/doc.html?fn=202110071730501513.pdf&rs=/result/2021-10/
[54]
Financial Security Institute. 2023. Guide to Using Cloud Computing Services in the Financial Sector. Retrieved February 2, 2024 from https://www.fsec.or.kr/bbs/detail?menuNo=222&bbsNo=11152
[55]
KISA. 2024. KISA Conducts Breach Response Exercise in Cloud Environment. Retrieved February 2, 2024 from https://www.kisa.or.kr/402/form?postSeq=2178&lang_type=KO&page=1
Recommendations
Cloud Computing Security: Opportunities and Pitfalls
The evolution of modern computing systems has lead to the emergence of Cloud computing. Cloud computing facilitates on-demand establishment of dynamic, large scale, flexible, and highly scalable computing infrastructures. However, as with any other ...
Controlled Intelligent Agents' Security Model for Multi-Tenant Cloud Computing Infrastructures
Data security in the cloud continues to be a huge concern. The adoption of cloud services continues to increase with more businesses transitioning from on premise technology infrastructures to outsourcing cloud-based infrastructures. As the cloud ...
Cloud security issues and challenges
The cloud computing provides on demand services over the Internet with the help of a large amount of virtual storage. The main features of cloud computing is that the user does not have any setup of expensive computing infrastructure and the cost of its ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
June 2024
1089 pages
ISBN:9798400709883
DOI:10.1145/3657054
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 11 June 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
dg.o 2024
dg.o 2024: 25th Annual International Conference on Digital Government Research
June 11 - 14, 2024
Taipei, Taiwan
Acceptance Rates
Overall Acceptance Rate 150 of 271 submissions, 55%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 286Total Downloads
- Downloads (Last 12 months)286
- Downloads (Last 6 weeks)102
Reflects downloads up to 20 Nov 2024
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatLogin options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in