Add to collection(s) Add to saved
  1. Social Science
  2. Political Science
  3. Public Administration
Uploaded by Douglas Leong

[ENG][2021] Garis Panduan Pengurusan Keselamatan Maklumat Melalui Pengkomputeran Awan (Cloud Computing) Dalam Perkhidmatan Awam

advertisement 
Machine Translated by Google
Machine Translated by Google
Machine Translated by Google
Machine Translated by Google
Machine Translated by Google
Machine Translated by Google
Appendix to General Circular Letter No. 2 of 2021
Guide line
Information Security Management Through
Cloud Computing (
Cloud Computing
Public services
OFFICE OF THE CHIEF SECURITY OFFICER
MALAYSIA GOVERNMENT
) In
Machine Translated by Google
CONTENTS
Acronyms AND DEFINITIONS ............................................................... ........................................iv
1. INTRODUCTION ............................................... .................................................. ..1
2. PURPOSE ............................................................... ................................................................. ............1
3. IMPLEMENTATION OF CLOUD COMPUTING IN THE PUBLIC
SERVICE ......................................... .................................................. ............................ 2
4. CLASSIFICATION OF INFORMATION OR DATA ............................................ .............. 3
4.1 Official Secrets ............................................... ............................................... 3
4.2 Official ................................................ .................................................. ......... 4
4.3 Open Data.......................................................... ...............................4
5. BASIC FEATURES AND MODELS OF CLOUD COMPUTING
SERVICES ....................................... .................................................. .............................. 5
5.1. Basic Features of Cloud Computing ............................................ .......... 5
5.2. Cloud Computing Services Model ........................................... 6
6. DETERMINATION OF CLOUD COMPUTING IMPLEMENTATION MODEL FOR PUBLIC
SERVICE ........................................ ................................................. 8
6.1 Private Cloud ..............................................................................................8
6.2 Public Cloud..............................................................................................10
6.3 Hybrid Cloud.............................................................................................10
7. SAFETY RISKS TO BE CONSIDERED .................... 11
7.1 Data Sovereignty................................................................. ............11
7.2 Risks From Changes In Jurisdiction ............................................ 12
7.3 Forensics / Data Seizure .......................................... ...............................13
7.4 Dependencies ................................................ ....................................... 14 7.5 MultiTenancy ...... .................................................. ................................... 14
7.6 Threats From Internal Sources CSP ............................................ ......... 15
7.7 Vendor Lock-in .........................................................................................16
7.8 Privacy.......................................................... ................................................................. ......16
8. GOVERNANCE .............................................. .................................................. .17
8.1 Risk Management ............................................... .................................... 17
9. OFFICIAL CONFIDENTIAL INFORMATION MANAGEMENT COMPLIANCE ........................ 18
9.1 Classification of Information ............................................... ................................. 18
9.2 Jurisdiction ............................................... ........................................... 19 9.3 Consumer
Control . .................................................. ................................ 20
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ ii
Machine Translated by Google
9.4 Legal Advisory Services ............................................ ............... 20
10. CONTRACT MANAGEMENT AND SECURITY TERMS ........................... 20
10.1 Due Diligence............................................................................................20
10.2 Service Level Agreement (SLA) ..............................................................21 10.3 Hak Milik Data
(Data Ownership).............................................................21
10.4 Privacy.......................................................... ................................................................. ......21
10.5 Audit ..........................................................................................................22
10.6 Compensation ............................................. ........................ 22
10.7 Liabilities ................................................ .................................................. ..... 23
10.8 Right to Reach Element............................................... ................................23
10.9 Exit Process ........................................... ...... 23
11. THE IMPORTANCE OF PROTECTING INFORMATION IN THE ICT ENVIRONMENT 24
12. METHODS OF DATA AND INFORMATION PROTECTION ................................... 24
12.1 Encryption ................................................................ ................................................................. ...25
12.2 Isolation ................................................ ............................................. 26 12.3 Access Management
and Identities ................................................. .............. 26
12.4 Security Software and Applications ............................................. ........... 28
12.5 Safety Level Assessment .............................................. ................... 28
12.6 Data Sanitation............................................................... ..............................................29
12.7 Data / Information Leakage ............................................. ........................... 30
13. PHYSICAL SECURITY CONTROL OF ICT DATA CENTERS AND
INFRASTRUCTURE ........................................ .................................................. ................................ 31
13.1 Safety Assessment ............................................... .............................. 31
13.2 Security Certification ............................................... ............................. 32
13.3 Classified Areas ............................................... .............................. 32 13.4 Security
Screening ................ .................................................. ............. 32
13.5 Official Secret Security Validation ............................................. ......... 32
13.6 Support ................................................ .................................................. 33
13.7 Notifications ................................................................ ................................................................. .33
14. INCIDENT MANAGEMENT .............................................. ................................... 33
15. SERVICE CONTINUITY MANAGEMENT ................................. 34
16. DATA AVAILABILITY AND BACKUP ............................................ ... 34
17. CONCLUSION............................................................... ................................................................. .35
18. REFERENCES ............................................... .................................................. ....... 36
Guidelines for Information Security Management through Cloud Computing )
Computing) In Public Serviceÿ iii
Machine Translated by Google
ACRONYMS AND DEFINITIONS
TERMS
CSP
ACRONYMS AND DEFINITIONS
Cloud / Cloud computing service providers
Services Provider
Refers to where a business, industry body or Government determines that data is
Data
Residency
stored at a geographical physical location of their choice, for a number of reasons
such as regulatory requirements and policy compliance.
HTTP
HyperText Transfer Protocol
IPSec
Internet Protocol Security
A Ministry, Government Department, Statutory Body, Local Government and other
Department
agencies to which Act 88 applies.
MFA
Multi Factor Authentication
PDA
Various mobile devices that function as personal information managers / Personal
Digital Assistants
PII
Personally Identifiable Information
Information
Official documents, official information and official materials that if disclosed
without permission would endanger national security, cause substantial damage
Secret
to Malaysia's interests and dignity or provide substantial benefits to a foreign
power should be classified as "Secret".
Official documents, official information and official materials which if disclosed
Secret
Big
without permission will cause substantial damage to Malaysia, should be classified
as
"Big secret"
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ iv
Machine Translated by Google
SFTP
Snapshot
Secure File Transfer Protocol
Method for copying memory and disk of running server
Official documents, official information and official materials which if disclosed
without permission although not endangering national security but detrimental
to the interests or dignity of Malaysia or the activities of the Government or
Difficult
individuals or will cause embarrassment or inconvenience to the administration
or will benefit a foreign power shall be classified as “Confidential ”.
SSL
Secure Sockets Layer
Official documents, official information and official materials other than those
Limited
classified as “Top Secret”, “Secret” or “Confidential” but also required to be
given a level of security protection shall be classified as “Restricted”.
TLS
Transport Layer Security
VPN
Virtual Private Network
The process of creating/creating a representation of something based on
software, or virtual such as virtual applications, servers, storage and
networks. In cloud computing, it is an important technology that allows
Virtualization
information systems to be obtained (abstract) from the underlying hardware
by using a hypervisor , which is software that allows the server host to run
multiple operating systems (multiple guest operating systems) at one time.
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ v
Machine Translated by Google
INFORMATION SECURITY MANAGEMENT GUIDELINES THROUGH
CLOUD COMPUTING IN
PUBLIC SERVICES
1. INTRODUCTION
Cloud Computing is a model
enables network access to a collection of computing resources
(examples: networks, servers, storage, applications and services) easily
and fast through interaction arrangements and minimal management effort
with service providers. A cloud computing service
flexible and elastic (according to the needs and demands of users) is seen
able to offer cost savings while increasing efficiency
ICT services. However, the use of such services
in carrying out the general affairs and functional affairs of a Department
presents new challenges compared to conventional approaches.
Such challenges include security, management change, mutual
interoperability and legal aspects that need to be taken into account
before it is adopted and implemented. Information security and
Government data handled in cloud computing especially
involving official Government secrets shall be managed and controlled by
preferably to prevent leakage of Government information.
2. PURPOSE
Guidelines for the Management of Information Security Through Computing
Cloud Computing in Public Service aims to:
i. As a reference to the Department on security management
protection in relation to official matters and official secrets of the Government in
cloud computing environment;
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 1
Machine Translated by Google
ii. Assist the Department in understanding the management of official secrets within
cloud computing in accordance with legal provisions
current as under the Official Secrets Act 1972 [Act 88] and Directives
Security (Revisions and Amendments 2017); and
iii. Describe appropriate and effective mitigation control measures
based on the treatment of risks that have been identified above
ICT assets transferred or used in the service
cloud computing.
3. IMPLEMENTATION OF IN -SERVICE CLOUD COMPUTING
AWAM
Cloud computing is a reference to a paradigm or model
computing that allows network access to assemblies
flexible and elastic computing resources by way of sharing
shared resources, either physically or virtually with capabilities
supply on a self -service basis or management by a third party according to
user requests.
Official secret management in in -service cloud computing
the public shall comply with paragraph 139, Safety Instructions (Revised)
and Amendment 2017) as follows:
The use of cloud computing (cloud computing) such as
information sharing, data processing etc. for the purpose
official secrets are not allowed at all except cloud computing
developed and authorized by the Government and subject to
to directions issued by the Government from time to time
during.
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 2
Machine Translated by Google
Basically the meaning of cloud computing is developed and
allowed by the Government is a cloud computing service
which is owned, managed or operated by the Government itself
based on the principles, assessments and requirements of cybersecurity
comprehensively and strategically involving technology, people and processes.
It aims to make such cloud computing services meet
security objectives, business direction as well as regulatory and legal requirements
law in force.
4. CLASSIFICATION OF INFORMATION OR DATA
Official Secrets Act 1972 [Act 88] and Security Instructions (Revision and
Amendment 2017) essentially states some pre-defined rules in
in the process of classifying information based on value, impact and
sensitivity. To provide an initial understanding, between information categories and levels
classification of information often managed by the Department below
public services are as follows:
4.1 Official Secrets
Official Secret has the meaning as given to the definition of “secret
official ”under the Official Secrets Act 1972 [Act 88] i.e. “ any document that
specified in the Schedule and any related information and materials
with it and include any official documents, information and other materials
as can be classified as “Top Secret”, “Secret”, “Confidential”
or “Restricted”, as the case may be, by a Minister,
Menteri Besar or Chief Minister of a State or any officer
public appointed under section 2B ”.
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 3
Machine Translated by Google
4.2 Official
Official is in relation to the public service. Official information
created, used, accepted or officially issued by
any Government Department while conducting official business. It is too
is a public record subject to the rules of the Archives
Country. Here are some examples of official government information:
i.
Financial;
ii.
Medicine;
iii.
Health;
iv.
Academic;
v.
Taxation;
we.
are you coming.
viii.
Agreement/Contract;
Study Data; and
Personally Identifiable Information (PII).
Official Information as above can also be an official secret if
the initiator (data owner) makes a risk interpretation that corresponds to one
the level of security of the official secret in question. Release and
ownership of official things without permission from the originator also becomes one
such offenses as are subject to laws and regulations
current rules. For example section 203A, Penal Code.
4.3 Open Data
Open Data is official information that has been screened and
authentication at the beginner level of data for free use, sharing as well
reused by the public, Government agencies and private organizations
for various purposes. The department must comply with the circular regarding data
open which is in effect.
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 4
Machine Translated by Google
5. BASIC FEATURES AND MODELS OF COMPUTING SERVICES
CLOUD
5.1. Basic Features of Cloud Computing
5.1.1. On Demand Self -Service
Users can perform all requirements setting processes
desired cloud computing, e.g. storage, networking,
applications without human intervention from service providers.
5.1.2. Broad Network Access
Services provided in the network available from
various locations and through various devices for example desktops,
laptops, PDAs, smartphones and so on.
5.1.3. Resource Pooling
Computing resources are assembled to provide services
to multiple users using a multi-tenant model with
physical and virtual resources are allocated dynamically according to
user requests. Examples of sources include storage,
processing, memory and broadband networks.
5.1.4. Rapid Elasticity
The ability to scale services is increased or decreased
dynamics as needed.
5.1.5. Measured Service
The system is capable of measuring (metering) the value of services (costs and
ICT resources) provided to appropriate users
by service type (example: storage, bandwidth or volume
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 5
Machine Translated by Google
active user account). Measurement of service-level agreement
(SLA) offered by cloud service providers (CSPs) must be consistent
with core service requirements and stakeholder consent
Department.
5.2. Cloud Computing Services Model
5.2.1. Software -as-a-ServiceSaaS)
a) A service model that allows the Department to
using the app
and infrastructure facilities
cloud computing developed or provided by
service providers. The application can be accessed by the device
users through various channels (web browsers, web-based email).
Departments are only allowed to make basic configurations against
applications while computing infrastructure facilities such as
network, server, operating system, storage and configuration
applications are managed by service providers;
b) The main objective of this service model is to reduce
operating costs, procurement of hardware and software, costs
application maintenance or infrastructure maintenance costs
cloud computing; and
c) Provision of security for applications and infrastructure
cloud computing is entirely below
service provider responsibilities.
5.2.2. Platform -as-a-Services-
PaaS)
a) A service model that provides a platform to
Department to develop an application or software, tested
and deployed in a computing environment
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 6
Machine Translated by Google
clouds. Application or software development life cycle
using specific equipment and programming methods
(example: programming language, libraries) that have been provided
by the service provider;
b) The main objective of this service model is to reduce costs
operations, simplify the process of purchasing, placing and
management of hardware components and software platforms,
including any requirements in program development
and databases; and
c) The security provisions for this service model are in
under the responsibility of the service provider and the Department.
5.2.3. Infrastructure as a Service (Infrastructure-as-a
Services - IaaS)
a) A service model that provides basic resources
computing such as storage, networking, virtual servers
to support the operation of the Department's applications or software. Model
this service only allows the Department to manage and
control the operating system (OS), storage, applications and
specific network components (example: firewall). IaaS is
a service provided where the basic infrastructure
computing such as servers, operating systems and equipment
the network is provided according to the request or requirements of the Department;
b) The main objective in the selection of IaaS service model is
for cost savings to be incurred by the Department in
purchase of computing equipment, rental of location as well
maintenance of infrastructure (hardware and software);
and
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 7
Machine Translated by Google
c) Security provisions other than basic infrastructure
computing is under the responsibility of the Department.
6. DETERMINATION OF CLOUD COMPUTING IMPLEMENTATION MODEL FOR
PUBLIC SERVICES
Determining the cloud computing implementation model to be selected
is based on the classification of information that has been made by
data owner (data/ business owner) for a Department. Classification
this information is evaluated in terms of implications for security,
defense, functions and administration of government, interests and dignity
country.
The determination of the cloud computing implementation model is as follows:
6.1 Private Cloud
Cloud infrastructure provided specifically for the use of the Department. It is
may be owned, managed and operated by the Department, a third party, or
both at once and they exist inside or outside the premises.
Third parties here refer to entities that provide services to
the Department to manage its cloud computing, as
example:
• Local CSP - MIMOS, TM, TimesDotCom, MAMPU
• Foreign CSP - AWS, Microsoft, Ali Baba, Google
This model is suitable for all categories of government information or data.
However, for certain information classifications it needs to meet
pre-requisites as follows:
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 8
Machine Translated by Google
6.1.1 Official Confidential Information
RESTRICTED AND CONFIDENTIAL
a) Official confidential information is classified as RESTRICTED and CONFIDENTIAL including
its application system can be operated privately cloud if
the service is developed and authorized by the party
government;
b) Official confidential information on matters in the Schedule to Act 88
shall be hosted in the premises of the Department (on-premise) while
official confidential information outside the Schedule is allowed on the premises or
non-premise of the Department (off-premise); and
c) On-premise private cloud services are referenced
to cloud computing developed at the Department’s premises
itself or through the Public Sector Data Center (PDSA)
Government. The department needs to refer to MAMPU for
use the services provided by PDSA. PDSA
provide data center facilities and ICT infrastructure for common use
agencies / departments centrally. For the services offered
off -premise, the locality of such cloud computing is in
under the legal control and jurisdiction of the Government of Malaysia.
SECRETS AND BIG SECRETS
a) Management of official confidential information at the level of CONFIDENTIAL and
THE BIG SECRET in a cloud computing environment
shall first be carefully and carefully evaluated from
risk angles, impacts and threats to national security
if implemented. Errors in handling information
staged official secrets SECRET and BIG SECRET in
cloud computing will have huge implications for
National security; and
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 9
Machine Translated by Google
b) Any proposal for the management of official confidential information in stages
SECRETS and BIG SECRETS through cloud computing
shall first refer to the Office of the Chief Officer
Malaysian Government Security (CGSO) for advisory services and
security risk assessment.
6.1.2 Official Information
Official information including its application system can be operated at
private cloud developed and/or authorized by the government
either on-premise or off-premise.
6.2 Public Cloud
Cloud computing infrastructure provided for public use.
It may be owned, managed and operated by an entity
businesses, academics or government agencies that exist on the premises
service provider (Cloud Services Provider, CSP). Use of this model
is suitable for use for open data and non -official information
sensitive.
6.3 Hybrid Cloud
Cloud computing infrastructure consisting of two or more
a combination of cloud computing models (private or public) that
creating a new entity that is bound to each other through
an agreed agreement or cooperation. This model is allowed for
official information. It is also allowed for official confidential information for
level RESTRICTED and CONFIDENTIAL only taking into account the second locality
the two cloud computing are under legal control
and the jurisdiction of the Government of Malaysia.
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 10
Machine Translated by Google
In -Service Cloud Computing Implementation Matrix Table
The public according to the classification of information can refer to APPENDIX 1.
7. SAFETY RISKS TO BE CONSIDERED
Cloud computing is a medium to facilitate delivery
more effective and economical public services. However, it is
have negative impacts and implications if implemented without
adhere to the security aspects of information protection. Besides,
deliver the availability and safety of data, applications and infrastructure
ICT to third parties can invite and increase risk
safety.
Government departments wishing to implement cloud computing should
give consideration to several factors when making a selection
CSP as follows:
7.1 Data Sovereignty
7.1.1 Use of external cloud computing services
Malaysia in handling Government information can
endanger data security and sovereignty
country. Data stored, processed and transferred through
such services may be subject to legal provisions
the laws of the country concerned as well as being out of control and scope
the powers of the Government of Malaysia;
7.1.2 This includes for any registered supplier and
has its Headquarters abroad
conducts its business operations in Malaysia. Other necessary factors
taken into account if the CSP uses external sources or
relying on third parties to deliver its services
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 11
Machine Translated by Google
to customer. Therefore, the Department shall
identify the source of origin of the service
such cloud computing by understanding flows and data
residency to ensure that no other foreign power can
access to information and strategic data of the country without the knowledge and
truth; and
7.1.3 Data sovereignty should refer to requirements
laws or regulations imposed on the data
based on the region or country in which it is physically located.
Data sovereignty should be a key requirement in deployment
cloud computing by the Department by identifying things
following:
i. Governance and data stakeholders in the Department;
ii. Data security;
iii. Geographical position and physical placement of data;
iv. Rules, procedures and legislation;
v. Security risks;
vi. Data classification;
vii. Data property rights; and
viii. Data flow.
For the handling of official Government secrets, the Department must be given permission
to determine where data is stored and processed.
7.2 Risks From Changes In Jurisdiction
7.2.1 The Department shall understand the legal requirements, rights
contractual and overlapping jurisdictions in relation to place
storage and processing of data logically or physically. Data
Departments may be kept in some provinces that have
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 12
Machine Translated by Google
different jurisdictions, some of them in high -risk countries;
and
7.2.2 For example, a CSP data center that is located and operates within
countries that practice autocracy, have no governance
good law or disrespectful state
international agreements that could result in such a data center
in access and the occurrence of unauthorized release of data and ICT systems
by the original owner.
7.3 Forensics / Data Seizure
7.3.1 Law Enforcement Agency,
LEA) has the authority to access communications and information
for enforcement and investigation purposes (seizure data) if
there is a violation of the law. In certain cases, the law
the law also authorizes foreign enforcement agencies
(international law enforcement) to access information either
within or outside the country;
7.3.2 Bit-by-bit imaging or copies of data for forensic purposes in
cloud computing environments are usually difficult to
implemented. The service provider is bound by the policy
security so as not to let its hardware and software
accessed by users primarily in multi-tenant environments
where customers may have access to resources in between
each other; and
7.3.3 In addition, data structures in virtualization technology are also difficult
forensic process and analysis was carried out. In certain configurations, data
may not be obtainable at all and the investigation may fail
carried out effectively.
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 13
Machine Translated by Google
7.4 Dependencies
7.4.1 Third parties may be involved in a process or
services provided to users. Dependence
the CSP to such third party may cause risk
unknown and perceived safety; and
7.4.2 These services also depend on supply chain management
(supply chain management) which needs to be seen holistically for
ensure rules, policies and good practices in security
applied by all parties involved.
7.5 Multi-Tenancy
7.5.1 In a particular cloud computing implementation model it
allows users to be made up of multiple entities (multi
tenancy) sharing the same ICT resources (resource pooling);
7.5.2 This element makes cloud computing services into
options to the Department to reduce operating and procurement costs
ICT assets compared to the usual model;
7.5.3 Risks related to multi-tenancy that the Department needs to be aware of
the habit is through virtualization or data infrastructure
commingling;
7.5.4 In a virtualization environment, malicious code attacks can occur
if there is a security vulnerability in the hypervisor and
resulting in the Department's information being accessed by other parties. As
for example, cyber attacks can be carried out through ‘guest-to-host’ or
‘guest-to-guest’ by those who already have access to
the service;
7.5.5 The Department may take snapshots at certain times for
the purpose of backup copy and redundancy more easily through
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 14
Machine Translated by Google
virtualization technology . However, if the copy (actual copy)
not properly protected, the information stored in the machine
virtual (virtual machine's local drives) may be accessible by parties
another. This also includes all stored data and encryption keys
in the memory in question;
7.5.6 In the IaaS and PaaS service models, customers are not
implement good practices in management and control
security can affect the security level of the CSP to a degree
the most risky (the lowest common denominator problem). As
for example, customers who do not make operating system consolidation and
its application may result in the occurrence of such a situation if not
appropriate controls are performed to isolate the network and
each customer's virtual machine; and
7.5.7 Meanwhile, in -service self -service demand
cloud computing makes it easy for users to register
to subscribe to the service through the Cloud Management Portal
(CMP) provided by the CSP. However this facility
can be manipulated by irresponsible parties to register
and use the service and subsequently perform
illegal and harmful activities to other users.
7.6 Threats From Internal Sources CSP
7.6.1 Departments that plan to use the service
cloud computing should assess risks if any
the possibility of information being stored in the provider’s facility at
unauthorized access either by employees, contractors or whichever
any other third party (supply chain) ;
7.6.2 The Department is concerned may not have the capacity to
measure the level of security next make a confirmation
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 15
Machine Translated by Google
the effectiveness of controls and procedures as offered by the parties
CSP; and
7.6.3 For example, the level of security assurance varies
depending on the physical location of the CSP and its staff. CSP
local subject to security conditions that need to be implemented
such as imposing security screening on all employees and
staff who handle Government strategic information.
However this procedure may not be feasible if
such cloud computing services are provided from outside
country.
7.7 Vendor Lock-in
7.7.1 Vendor lock-in is a situation where the Department
have difficulty transferring services or data
available to CSP or other parties. It may be due to
data formats or CSP infrastructures that are different from each other
neither the current CSP party failed to provide that cooperation
is supposed; and
7.7.2 The Department needs to ensure that this issue is given attention and action
appropriate such as providing a team of experts (Subject Matter Expert,
SME) who can provide technical support during the transition process
and cloud computing migration is performed.
7.8 Privacy
7.8.1 Privacy refers to the rights of a department or individual acting for
the department or himself, to determine the extent to which it will
interact with its surroundings. This includes the extent to which it is
willing to share information or data between Departments or other entities;
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 16
Machine Translated by Google
7.8.2 Of
in
rating
know
certain
risk,
Departments need to make sure cloud computing proposals don’t
involves a breach of data privacy to the Department. Data control
can be enhanced through a data -like data anonymization process
masking or scrambling data to ensure the actual data is not
exposed but can still be analyzed, processed and used by parties
CSP according to user needs. The department can first
implement proof-of-concept (PoC) to ensure solution
technical requirements meet the objectives of its implementation, the Data
has gone through the anonymization process can be transferred and on
processes in the CSP facility while the original data is sensitive and
controlled placed under the care of the Department for matching purposes.
7.8.3 The scope of security includes a cloud computing model
managed by a third party on government premises (on-premises) or owned
Departments in non -Government premises.
8. GOVERNANCE
Governance structures should be identified and established to plan,
manage and control policies and functions related to
information security in cloud computing management. Governance
created shall take into account the following:
8.1 Risk Management
8.1.1 Risk management in cloud computing is among the challenges
should be given attention by the Department in view of the large part
computing resources are under the control of the CSP and
there is a possibility that it may not be accessible by the Department. Risk is necessary
evaluated based on technical control, management,
operations and the steps taken to
minimize risk to an acceptable level; and
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 17
Machine Translated by Google
8.1.2 Risks of using cloud computing involving information
official and official secrets of the Government shall be determined and decided
by stake holders in positions based on results
risk assessments that have been made. The department shall identify
protection security risk management governance structure
against ICT assets that use computing services
cloud. This management is responsible for the following:
i. identify vulnerabilities (vulnerability);
ii. identify threats (threats);
iii. assess risk (risk assessment);
iv. determine risk treatment (risk treatment);
v. monitor the effectiveness of risk management; and
vi. monitor threats associated with residual risk
risk) and accepted risk.
9. OFFICIAL CONFIDENTIAL INFORMATION MANAGEMENT COMPLIANCE
Compliance with the management of official confidential information in the ICT environment
be a prerequisite for any proposed use
cloud computing services.
9.1 Classification of Information
9.1.1 For the proposed use of cloud computing, the Department shall
refers to the procedures for handling official confidential information as well
Office of the Chief Government Security Officer of Malaysia (CGSO) for
matters relating to the creation, classification, handling, storage,
release and disposal of information;
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 18
Machine Translated by Google
9.1.2 Classification of official secret data, information and records shall
implemented in advance and guided by the rules and
instructions in force;
9.1.3 Classification of information facilitates management to determine levels
protection and control according to the level of security
appropriate to meet legal and regulatory requirements
related. Among the necessary security control methods
considered are such as multiple access controls, mechanisms
encryption, data sanitation and the like. All controls
such shall be agreed and documented; and
9.1.4 Improper use of security levels in making
the determination of information classification gives effect and impact as in
lower :
i.
Under-classification can result in government information
managed in cloud computing services no
have appropriate and vulnerable security controls
to risk; and
ii.
Over-classification in turn is burdensome to the consumer
handling government information, increased costs due
excessive control and resulting in selection
cloud computing services are done with no
appropriate.
9.2 Jurisdiction
All official confidential information stored and processed shall
are under the control and legal jurisdiction of the Government
Malaysia. The CSP must ensure all such official confidential information
remain operated in an environment or facility certified by the Government only in
accordance with the Safety Instructions
(Revision and Amendment 2017), Act 88 and other relevant laws.
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 19
Machine Translated by Google
9.3 Consumer Controls
The department shall ensure that access to critical data or
official confidential information is restricted to certain users only )
user) who can access the file specifically. Individuals who have
access to official confidential information is responsible for
their respective actions and subject to rules and provisions
safety as stated in the Safety Instructions (Revised)
and Amendment 2017). This accountability must be made clear to all
users who have access to those cloud computing resources.
9.4 Legal Advisory Services
The department shall seek the advice of legal counsel
in relation to the ability of foreign legislative power to be granted
permission of access to information or applications of the Department especially that
managed by a foreign CSP. This is because, foreign CSP parties are also subject
to the legislative and administrative powers of the country concerned.
10. CONTRACT MANAGEMENT AND SECURITY TERMS
10.1 Due Diligence
10.1.1 Before any decision to use the service
cloud computing is made, the Department shall make an assessment
in detail based on requirements, compliance to
existing policies and related legal constraints; and
10.1.2 The Department shall ensure that the contents of the contract such as
Customer Agreement, Service Level Agreement (SLA) atau
Acceptable Use Policy (AUP) is understood before signing up for
use any
service.
Department
consider other CSPs in the event of any terms within
the contract is misunderstood and dubious.
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 20
can
Machine Translated by Google
10.2 Service Level Agreement (SLA)
10.2.1 Usually the SLA contained in the contract explains
the level of service agreed through a number of factors
(attributes) such as availability, performance or serviceability
(serviceability); and
10.2.2 The SLA shall clarify the matrix threshold along with the penalty
financial in the event of a service disruption or
breach of contract.
10.3 Data Ownership
10.3.1 Procurement specifications provided by the Department shall
contains certain clauses regarding the ownership status of the data )
ownership);
10.3.2 Data or information is the sole exclusive property of the Government
and should not be considered an asset to the CSP and the Government
may take such action as may be necessary. Hal
this is to avoid any issues that may arise
if the CSP has transferred, gone bankrupt or is subject to action
under the law; and
10.3.3 The CSP is not allowed to use the information or data
Department for commercial purposes or for other purposes without
knowledge and permission of the Government.
10.4 Privacy
Ensure that organizational data is not copied, modified, deleted,
accessed without the permission of the Department. Misuse of organizational data through
cloud computing services not only violate the policy
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 21
Machine Translated by Google
the organization may even face legal action
is in effect.
10.5 Audit
10.5.1 The Government shall be given the right to conduct an audit on
CSP. The department shall review the requirements
specified in the CSP Terms of Service ;
10.5.2 In certain cases such audit rights may be vested in
a third party who has no interest in
service providers with the consent of the Government;
10.5.3 This audit serves as a method to ensure that none
any security vulnerabilities and non -compliances occur other than
be able to ensure that risk management activities are tested periodically,
comprehensive and updated accordingly; and
10.5.4 The audit methodology used should also take into account
all information life cycle processes to ensure effectiveness
control measures taken, adequate and within
good condition as well as functioning all the time.
10.6 Compensation
Incidents or security breaches can have implications and
catastrophic damage to reputation, image, finances,
security and defense. The department shall ensure that the CSP provides
protection and indemnification in the event of an incident
arising from an offense by the service provider (clause
indemnification contained in his customary contract for
protect the CSP from being sued by the consumer).
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 22
Machine Translated by Google
10.7 Liabilities
The Department shall assess the limits of liability that may exist as a result of
service interruptions that occur outside the control of the CSP. That matter
including power supply interruptions, service dependencies by
law, force majeure or internet access issues from the Internet Service
Provider (ISP).
10.8 Right to Reach Element
All procurement specifications and commercial contracts shall contain
mandatory statements as follows:
“CSP should give the right to achieve the elements of the system
contains official information and official secret information, parties
The government can take action as needed ”.
10.9 Exit Process
Clauses relating to decommissioning or
termination of the contract shall be clearly stated in the contract
service. It includes the responsibilities of the Department and the CSP
if the contract is terminated earlier such as failure of CSP to comply
SLA or from any other factor.
The department must ensure that an exit plan is prepared to ensure the process
transition and migration went smoothly without loss, damage or
data leakage. The department also has an appropriate time period
to make copies of data and related logs such as system logs, logs
network, server logs, transaction logs and audit trail until the exit process
fully implemented.
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 23
Machine Translated by Google
11. THE IMPORTANCE OF PROTECTING INFORMATION IN THE ICT ENVIRONMENT
Protection of information handled in an ICT environment
particularly in cloud computing should take into account each
the life cycle process of such information as in Figure 1. This includes to
equipment components, databases and applications available on the system
cloud computing.
EXISTENCE
STORAGE
culling
AUDIT TRACK
DELIVERY
EARNING
RELEASE
DATA BACKUP
Figure 1: Information Life Cycle
12. DATA AND INFORMATION PROTECTION METHODS
Data or information security requires technology and control
specific to enforcing safety rules and provisions.
Things to pay attention to are data migration protection
to cloud computing, data protection during transmission and
protection of data in logical or physical storage by the provider
service.
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 24
Machine Translated by Google
12.1 Encryption
12.1.1 The Department or CSP shall ensure safety features
information such as confidentiality, availability and data integrity
protected. Confidentiality and integrity of data or information can
protected through encryption methods at all levels
transactions and data flows;
12.1.2 Ensure that data is always encrypted in all circumstances
(data at rest, data in motion, data in use) before being stored in
cloud computing to minimize the impact of incidents if
such cloud computing services are compromised;
12.1.3 Among the security controls that can be applied in
data transmission (data in motion) is like consumption
secure communication channels (HTTPS, SFTP, VPN using
SSL or IPSec and TLS) where key management, algorithms and
key length meets security requirements;
12.1.4 This method of encryption shall also be applied to the use
virtualization, multi tenant, data backed storage in particular
in PaaS and SaaS services; and
12.1.5 Use of Trusted Cryptographic Products (CCP) is
mandatory in matters involving official confidential information
in accordance with the National Cryptography Policy.
*
key management (encryption key management) must comply
Information Technology Instructions.
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 25
Machine Translated by Google
12.2 Isolation
12.2.1 Official confidential information shall be stored and processed within
dedicated cloud computing infrastructure and
placed in a Government -certified facility;
12.2.2 Data streams for official confidential information shall be segregated
logical (software/ virtualization-based architectures) or physical
(network, storage, database) in each model
cloud computing; and
12.2.3 Design and multi-tenancy mechanism provided by CSP
shall be evaluated by the Department first to ensure
information cannot be accessed by other legitimate users (tenants)
which use the same software and resources.
12.3 Access and Identity Management
12.3.1 Access and identity management is a critical function of a
Departments that use cloud computing. This section
describes information related to verification
(authentication), access limit control and task segregation and
responsibilities (segregation of duties) for each employee who
engage with cloud computing services;
12.3.2 Basic features of cloud computing such as network access
broad (broad network access) requires the Department to have
a robust identity management cycle to implement. This
because, users can access information or
computing resources from various locations and equipment
feared to have security impacts and risks; and
12.3.3 Therefore, identity management and user access control shall
reviewed and prepared to ensure the use of the service
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 26
Machine Translated by Google
cloud computing can be achieved safely and easily by
users. Among the processes and controls that need to be implemented
is covering the following:
i. Cloud computing resources can only be accessed by
authorized users only;
ii. Access will only be granted if the role or function
users who need such information or resources;
iii. The existing CSP provides Role Based Access Control (RBAC)
can help the Department manage computing resources
better such as making a determination of who and what
what they can do with the resource;
iv. User access rights should be reviewed immediately or withdrawn
return when a user profile changes;
v. The user account must be terminated as soon as the user
terminated or no longer granted permission for access to
cloud computing;
vi. The department shall ensure the use of a password
long and safe to confirm service
cloud computing;
vii. Access to cloud computing services
containing official confidential information shall be based on
more than one user identification (Multi Factor
Authentication);
viii. The user authentication function should be separated from
such applications for centralized management. It aims to
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 27
Machine Translated by Google
simplifies the user and allows for immediate response
against threats; and
ix. All ICT information systems that use computing
the cloud should be able to record and track actions
user.
12.4 Security Software and Applications
12.4.1 To ensure that the security applications used are effective,
maintained periodically (version updates, policies etc.),
reliable and legal to use; and
12.4.2 Applications or cyber security products that may be used
including Antivirus, Advanced Threat Protection (ATP), Next
Generation Firewall (NGFW), Intrusion Detection System (IDS),
Intrusion Prevention System (IPS), Data Leakage Protection (DLP),
Web Application Firewall (WAF) and other similar functions.
12.5 Safety Level Assessment
The department shall ensure that the desired cyber security products
used to comply with the following safety assessments:
12.5.1 Undergo safety testing such as penetration testing
periodically (annually);
12.5.2 Undergoing regular product and system configuration audits
(annual);
12.5.3 Obtain the EAL2 Common Criteria certification subject to below
Common Criteria Recognition Authority (CCRA) recognition or
other equivalent certification from a certification body
recognized by the Government; and
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 28
Machine Translated by Google
12.5.4 Obtaining Technology Security Assurance (TSA) scheme certification
or other equivalent certification from a certification body
which is recognized by the Government.
In addition, an assessment of the level of security should also be carried out on
all elements of cloud computing are based on concepts
security-in-depth includes components
as follows :
Web Interface;
i.
ii.
Authentication/ Authorisation;
iii.
Network Services;
iv.
Transport Encryption;
v.
Crypto System;
we.
Cloud Interface;
Mobile Interface;
are you coming.
viii.
Security Configurability;
ix.
Software/ Firmware; and
x.
Physical Security.
Any technical compliance assessment such as Security Posture activities
Assessment (SPA) shall be conducted by a competent individual and
allowed.
12.6 Data Sanitation
12.6.1 Data sanitation is an important element used
during the process of disposing of information in a computing system
cloud. The main objective of implementing data sanitation is to
disposing of information permanently involving several processes
and certain methods are used such as overwriting, removal,
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 29
Machine Translated by Google
degaussing, physical destruction of media or other methods
to protect information leakage;
12.6.2 The Department shall determine the procedure for disposal of information in
CSP cloud computing facilities can be done according to
safety requirements;
12.6.3 The CSP may clearly present methods of sanitation and control
taken when information is to be disposed of. In the situation
certain, the CSP may not be able to provide the process and
information disposal methods appropriate to the classification
information;
12.6.4 The data sanitation process should also be implemented on all
backup copy of data (backup, recovery center) especially after
decommissioning . Sanitation too
should be implemented when the scale of services such as consumption
storage space is reduced (scales down); and
12.6.5 Data sanitation process in both storage media and devices
electronics shall refer to the Media Sanitation Guidelines
Public Sector Electronics.
12.7 Data / Information Leakage
12.7.1 In -depth awareness and knowledge of officers
public in handling official secrets can cause data
critical Government moved into cloud computing on a regular basis
Did not mean to. This leakage control can be made through fixation
policies and the use of technological solutions such as Data systems
Leakage Protection (DLP) dan Digital Rights Management (DRM); dan
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 30
Machine Translated by Google
12.7.2 If official confidential information has been transferred, the sanitation process
corresponding to the classification of the information shall be performed.
The CSP cannot be held accountable and has no
liability for consumer negligence on the part of the customer. Department
it is recommended to make an initial agreement with the CSP so that
flexibility is given to storage media that keep official secrets
given access for sanitation purposes.
13.DATA CENTER PHYSICAL SECURITY CONTROLS AND
INFRASTRUCTURE ICT
In cloud computing services, security control
to data centers and ICT infrastructure is under the responsibility and
CSP control.
13.1 Safety Assessment
13.1.1 The Department shall ensure safety assessment
comprehensive is implemented to ensure security controls
provided by the service provider in accordance with the standard and
regulations in force;
13.1.2 Evaluation covers location selection, design and layout
physical data center, network cabling system, cooling system
(HVAC), electrical systems, detection and prevention systems
fire, safety management system, control system and
environmental monitoring; and
13.1.3 Appropriate physical security controls shall also
applied to all supporting places, rooms and facilities
such cloud computing services.
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 31
Machine Translated by Google
13.2 Security Certification
Data Centers that have obtained security certification from the body
Government -recognized bodies or international bodies are
encouraged and prioritized.
13.3 Classified Areas
A CSP or Data Center facility that stores or manages secrets
official can mean a classified area and
should be given full protection in accordance with paragraph 39,
Safety Instructions (Revision and Amendment 2017). To determine
the need to declare the area under the Act
Prohibited Areas and Prohibited Places 1959 (Act 298) and Act 88,
a reference must be made to the Director General of Security
Government.
13.4 Security Screening
13.4.1 Community Safety
Security community involved in managing and
operating cloud computing must undergo a process
and pass the Security Screening; and
13.4.2 Certificate of Official Secrets Act 1972
The Safety Community is also required to sign a Certificate
Official Secrets Act 1972 in APPENDIX “E” and “F” as the case may be
the requirements of the Safety Directive (Revision and Amendment 2017).
13.5 Official Secret Security Validation
The Department shall refer to the Office of the Chief Security Officer
Government of Malaysia to seek advice on
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 32
Machine Translated by Google
evaluation of cloud computing services to be used
for official secret purposes.
13.6 Support
Identify CSPs that can provide quick feedback
if the user encounters any problems on the system.
Among the support platforms that can be used are such as phones,
emails or websites that have feedback forums
such as the frequently asked questions column and others.
13.7 Notifications
The CSP shall inform the user of any
incidents or security breaches in accordance with established SOPs.
14. INCIDENT MANAGEMENT
14.1 The Department shall ensure the management of information in
cloud computing can be monitored through mechanisms
appropriate safety monitoring whether graded
departmentally or centrally for the purpose of any coordination
incidents of possible cyber threats can occur over
cloud computing infrastructure.
14.2 The Department should refer to the Cyber Security Policy on
the latest incident management established by the respective Departments
respectively.
14.3 All incidents need an implication assessment and risk assessment
security at the Department level before being reported to the agency
responsible for further action.
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 33
Machine Translated by Google
15. SERVICE CONTINUITY MANAGEMENT
15.1 The Department shall ensure that the CSP creates or has
service continuity management plan (PKP) to ensure
functions and services transferred to cloud computing
can be restored in the event of any disruption or failure
to cloud computing infrastructure.
15.2 In certain circumstances, the Department is given permission to test and
make an on-site assessment at the CSP facility to determine
controls and measures to be taken during and after the event
disaster.
15.3 The Department can also review and verify PKP documents
if the CSP has Business Continuity related certification
Management (BCM) from any accredited body. When
PKP tested a notification or official notification to the Department
shall be made regardless of whether it meets the SLA or
neither.
16. DATA AVAILABILITY AND BACKUP
16.1 Departments should not be entirely dependent on providers
service in the event of a disruption. A recovery plan
disasters should be provided to facilitate the migration process and
failover is performed within the appropriate time period.
16.2 The contract shall clearly state the CSP’s obligations to
ensure the system or service can be restored
within a specified period when a failure occurs at the source
cloud computing. Data validation can also be done
automatic for checking data integrity at any time
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 34
Machine Translated by Google
required. In addition, CSP has related resources and policies
with an easy -to -manage online data backup process.
17.CONCLUSION
These guidelines are provided as a guide and reference to the Department
on the management of official matters and official secrets and interests
implement internal protection security control measures
cloud computing environment to ensure asset security and
Government information is secured at all times.
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 35
Machine Translated by Google
18.REFERENCES
1. Official Secrets Act 1972 [Act 88]
2. National Archives Act 2003 [Act 629]
3. Digital Signature Act 1997 [Act 562]
4. Personal Data Protection Act 2010 [Act 709]
5. Prohibited Areas Prohibited Places Act 1959 [Act 298]
6. Evidence Act 1950 [Act 56]
7. Safety Instructions (Revision and Amendment 2017)
8. Directive 24 - National Cyber Crisis Management Policies and Mechanisms
9. Information Technology Directive 2007
10. Basic Cryptography of the Country 2013
11. Public Sector Cyber Security Framework (RAKKSSA)
12. General Circular Letter No. 2/1987 - Secret Management Rules
Official In Accordance With The Provisions Of The Official Secrets Act (Amendment 1987).
13. General Circular Letter No. 4 of 2006 - Operations Management
Information and Communication Technology (ICT) Sector Security Incidents
Public
14. General Circular Letter No. 3 of 2009 - Evaluation Guidelines
Level of Network Security and Public Sector ICT Systems.
15. General Circular No. 1 of 2001 - Incident Reporting Mechanism
Information and Communication Technology (ICT) Security
16. General Circular Letter No. 6 of 2005 - Risk Assessment Guidelines
Public Sector Information Security
17. General Circular No. 1 of 2015 - Implementation of Sector Open Data
Public
18. Other directives in force
19. ISO/IEC 27001:2013 Information Technology – Security Techniques –
Information Security Management Systems – Requirements
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 36
Machine Translated by Google
20. ISO/IEC 27017:2015 Information Technology – Security Techniques –
Code of Practice for Information Security Controls based on ISO/IEC
27002 for Cloud Services
21. ISO/IEC 22301: 2010 Security and Resilience – Business continuity
management system – Requirements
22. NIST Special Publication 800-145 - The NIST Definition of Cloud
Computing
23. NIST Special Publication 800-144 - Guidelines on Security and Privacy
in Public Cloud Computing
24. NIST Special Publication 800-53, Revision 2 Recommended Security
Controls for Federal Information Systems
25. NIST Cloud Computing Reference Architecture (National Institute of
Standards and Technology, Gaithersburg, MD), NIST Special Publication
(SP) 500-292
26. Cloud Security Alliance, Security Guidance for Critical Areas of Focus in
Cloud Computing
27. OWASP Top 10 Application Vulnerabilities
Guidelines for Information Security Management through Cloud Computing )
Computing) In the Public Serviceÿ 37
Machine Translated by Google
APPENDIX 1
INFORMATION CLASSIFICATION MATRIX IN THE IMPLEMENTATION OF CLOUD COMPUTING IN THE PUBLIC SERVICE
DATA RESIDENCE
CLOUD MODELS ALLOWED
Classification
Information
Rating
Security
(Center
Data
Department)
Private
Hybrid
Off-Premise
(Government Premises)
( including
Foreign CSP
(developed for
MyGovCloud@PDSA)
OFFICIAL
Country)
On-Premise
Public
Local CSP
Open Data
Off-Shore (Outside
On-Shore (Domestic)
Traditional
CSP Awards
Local CSP
/ Foreign CSP
Government
/
/
/
/
/
/
x
/
/
RESTRICTED
/
x
/
DIFFICULT
/
x
Isolate
Isolate
/
/
/
/
/
/
x
/
/
/
/
/
/
/
x
x
x
x
x
x
x
x
x
x
x
x
x
x
Controlled Data
(Financial,
Record
Medicine,
PII)
/*
/*
x
x
SECRET
OFFICIAL
SECRET
SECRET
BIG
* off -schedule information only.
139. Use of cloud computing
(cloud computing)
such as information sharing, data processing etc. for the purpose of official secrecy is not allowed at all except cloud computing developed and authorized by the
Government and subject to instructions issued by the Government from time to time
Guidelines for Information Security Management through Cloud Computing in the Public Serviceÿ 38
Machine Translated by Google
Related documents
ELEMENTS OF WEATHER SUMMARY
ELEMENTS OF WEATHER SUMMARY
One of the lead activities assigned to ITU-T Study Group... presentation gives an overview on the ongoing work of Study... SG13 Activities and Achievements Related to Cloud Computing
One of the lead activities assigned to ITU-T Study Group... presentation gives an overview on the ongoing work of Study... SG13 Activities and Achievements Related to Cloud Computing
Cloud Based Business Growth Support Processes
Cloud Based Business Growth Support Processes
Security Position
Security Position
Download
advertisement