The Dutch secretary of state for digitization Alexandra van Huffelen has announced that government organizations are allowed to make use of commercial cloud services under strict conditions (Ministry of General Affairs, 2022). Before this announcement government organizations were only allowed to use their own private cloud services.
They only were allowed to use the private cloud service due to the fact that there still were many security and privacy challenges for the public cloud. These concerns are very broad with the main concern that unauthorized people get access to applications and data for which they are not authorized (Ren et al., 2012). Rapid advancements in the infrastructure of ICT have solved a lot of these concerns (Dahunsi et al., 2021).
The service reliability increased, the security improved and response times to vulnerabilities became faster (Ministry of General Affairs, 2022). These improvements and the fact that the benefits (lower cost, flexible, redundancy and scalability) (Yang et al., 2010) outweigh against the drawbacks have made the Dutch government switch to the hybrid use of public clouds and private clouds.
The risk of using a public cloud is still higher than with the use of a private cloud. Therefore every Dutch governmental institution must first make a risk analysis before they are allowed to make use of the public cloud services. There are also some other conditions that must be met before usage. The public cloud may not be used for state secrets, nor may cloud services be purchased from suppliers which are based in countries with an active cyber program against the Netherlands and the ministry of defense is excluded in advance from the use of the public cloud (Ministry of General Affairs, 2022).
We can conclude that the use of private cloud is saver than the use of public cloud. With the growing trend of cyber wars, this could pose additional dangers for the Dutch government (Lal, 2022). The guidelines for the mandatory risk analysis that must be fulfilled before the usage of public clouds is allowed have yet to be determined (Ministry of General Affairs, 2022).
Defining these guidelines needs to be done very carefully in my opinion with the emerging trend of cyber wars. An option for this case is the development of a tool, this tool will make an assessment based on several questions about the data whether it is safe to store the data in the public cloud or in the private cloud. If organizations doesn’t follow up the outcome of the tool or manipulate the tool, should they be banned from using the public cloud from that point on. These assessment must must be checked by a higher-ranking official so that a mistake by a lower-ranking official does not exclude the entire organization. However, I think there are still a lot of snags to make this system completely safe!
References
Dahunsi, F., Idogun, J. & Olawumi, A. (2021, 10 maart). Commercial Cloud Services for a Robust Mobile Application Backend Data Storage. Indonesian Journal of Computing, Engineering and Design (IJoCED), 3(1), 31–45. https://doi.org/10.35806/ijoced.v3i1.139
Lal, A. (2022, 15 juli). Cyberwarfare: What’s At Stake In The Era Of Digitization? Forbes. Geraadpleegd op 21 september 2022, van https://www.forbes.com/sites/forbesbusinesscouncil/2022/07/15/cyberwarfare-whats-at-stake-in-the-era-of-digitization/
Ministry of General Affairs. (2022, 29 augustus). Werken ‘in de cloud’ wordt mogelijk voor Rijksoverheid. Nieuwsbericht | Rijksoverheid.nl. Geraadpleegd op 20 september 2022, van https://www.rijksoverheid.nl/actueel/nieuws/2022/08/29/werken-in-de-cloud-wordt-mogelijk-voor-rijksoverheid
Ren, K., Wang, C. & Wang, Q. (2012, januari). Security Challenges for the Public Cloud. IEEE Internet Computing, 16(1), 69–73. https://doi.org/10.1109/mic.2012.14
Yang, X., Kandula, S. & Zhang, M. (2010). CloudCmp. Proceedings of the 10th annual conference on Internet measurement – IMC ’10. https://doi.org/10.1145/1879141.1879143