Security implications for government organisations moving to the cloud are the same as a normal corporate, according to computer security company, Kaspersky Lab.
Kaspersky Lab cloud services director, Bernie Bengler gave a talk at the Cloud 2.0 Conference in Sydney about concerns when moving to the cloud and a strategic approach to security.
“A corporate wants to save costs because they want it cheaper or more profit or better revenue ratio and government gets under pressure if they waste tax payers’ money so from that point of view, it’s the same,” Mr Bengler said.
He said for a majority of government institutions, the risk considerations are similar because if someone is stealing customer information or employee information from a corporate and sells it off, it is the same damage.
According to Mr Bengler, there is the question of what to expect on how governments handle cloud security from a legal standpoint.
“I hope they finally get into the stage to start discussions about standardisation and certification of cloud services because with all the concerns, this dilemma is only caused because there is no such standard.
“If we had a standard that guarantees people using the cloud in a secure fashion, we’re done,” he said.
Mr Bengler said local governments have a “little bit more freedom†in what they apply.
“Hosted web services or hosted mail services could work for any local government, city or for a national government.
“From that point of view, it is always the same question of what to do and how efficient does it have to be,” he said.
According to Mr Bengler, a government has “a little bit more demand on screening”.
“If it takes a hell of a lot of training for users to use cloud computing, they are in the wrong game; it should actually make things much more easy and comprehensive.
“I think it is key that IT departments have a good relationship with their vendors and not only that everything works fine,” Mr Bengler said.
He said if an organisation wants to use cloud computing or certain aspects of cloud computing, “start small, so break it up”.
“Build the goal and look at how you can do it, and that’s easy because it doesn’t take a whole lot of skill,” he said.
According to Mr Bengler, small companies do not have the skills, so their take up on cloud is much higher, but a governmental organisation can still do the same thing and “ultimately move to make it more cost effective”.
Mr Bengler said the clearer the scope of what an organisation wants to use cloud and the clearer it is defined, the easier it is to deploy.
In terms of what regional governments need, they would have to discuss what they want to do with cloud computing, such as pre-emptive e-mail filtering, Mr Bengler said.
In the context of e-mail filtering, a government organisation would need to assess the ongoing costs of what they actually have in place, be it hardware or software and how much they pay for the licences, which would be multiplied by 36 for that amount of months.
“If you just look at the hardware and licence costs and compare that with a hosted model, at face value it would appear that the hosted model is a more expensive option.
“However, when you add in all the recurring costs required to run and maintain the on-premise hardware and software, costs such as energy, the real value of the hosted model becomes clear,” he said.
Additionally, there are also costs associated with lost productivity when staff are dealing with spam emails.
Mr Bengler said if users spend three minutes deleting spam e-mail in a company of a thousand workers, the total multiplied time spent on that task is 3000 minutes. Taking these factors into consideration, the true cost calculation would find that it is “much cheaper with a hosted service”.
Source:http://www.governmentnews.com.au/2011/11/25/article/Cloud-2-0-Kaspersky-Lab-addresses-cloud-security/LQUEPEUFRX.html
