This post is also available in: עברית (Hebrew)
The Japanese government plans on strengthening its defenses against cyber attacks from China, among other nations. It aims to do so through regulating and securing the use of cloud services.
The government plans to draw up security standards and start trial runs this year, with the aim of introducing the full system in 2020.
An increasing number of companies are adopting cloud storage services as an efficient means of data management that saves the time and effort that in-house information systems require, according to elevenmyanmar.com.
The government is also working out a policy to encourage government-linked institutions to use cloud services, in principle, including for information systems that store the public’s data, such as on taxes.
However, unsecured cloud systems are vulnerable to data leaks from cyber-attacks. Therefore, the government decided to create a framework to screen the security of cloud service providers and prioritize services that fulfill certain security standards.
There are to be three security grades. The highest — level three — would require the establishment of a defense mechanism for data centers and the confirmation of the safety of telecommunications equipment.
Institutions that handle highly confidential data, such as on national security, would only be allowed to use cloud services from providers that fulfill these standards.
To ensure security standards are being met, the auditing body that the government authorizes would regularly inspect these operators.
A list of approved providers would be created. Government institutions would invite providers on the list to bid for government contracts.
On the other hand, legal regulations demand that specified secrets and highly classified documents be kept in storage mediums that are not connected to the internet. Thus cloud storage would not be used for these types of data.
The United States, Britain and Australia already have similar certification systems. The Japanese government is considering a mutual recognition system in which different countries would approve each other’s security standards.
It is said that the United States is moving to exclude Chinese companies from supplying telecommunications equipment that government institutions use, and applying strict security standards to cloud services would further freeze out Chinese firms.
The Japanese government is also planning to essentially ban Huawei Technologies Co. and ZTE Corp. — major Chinese communications equipment manufacturers — from supplying government institutions with telecommunications equipment.
The government is gradually transferring data management and administrative systems operations from in-house servers to private cloud services.
The government believes it is safer and more efficient to leave the defense of increasingly sophisticated cyber-attacks up to the specialized technology of the private sector.
However, the government lacks uniform standards on cloud security. The United States, Britain and other nations have voiced concerns over sharing information with Japan due to possible “back doors” in its security systems.