• No results found

WORKING GROUP ON CLOUD SECURITY AND PRIVACY

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "WORKING GROUP ON CLOUD SECURITY AND PRIVACY"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

WORKING GROUP ON

CLOUD SECURITY AND PRIVACY Notes of the Seventh Meeting held at 2:30 p.m. on 19 September 2013

in Communal Meeting Room 3, G/F, Central Government Offices, Tamar Present

Mr Vincent CHAN Convenor (Ernst & Young Advisory Services

Limited)

Mr Paul FUNG Member (Photon Link Limited)

Ms Clara HO Member (The Hongkong and Shanghai

Banking Corporation Limited)

Mr Dale JOHNSTONE Member (Vice-Convenor, ISO Working

Group on Information Security Management Systems)

Mr SC LEUNG Member (Hong Kong Productivity

Council)

Mr SH LIM Member (Hong Kong Jockey Club)

Ms Winnie YEUNG Member (Microsoft Hong Kong Limited)

Mr Owen WONG Member (OGCIO)

Mr TS YU Member (OGCIO)

Ms Donna CHAN Secretary (OGCIO)

In attendance

Mr Patrick CHAN (OGCIO)

Absent with apologies

Professor David CHEUNG Member (The University of Hong Kong)

Ir Stephen KM LAU, JP Member (Hong Kong Computer Society)

Mr Otto LEE Member (Thomson Reuters)

Professor John LUI Member (The Chinese University of Hong

Kong)

Mr Antony MA Member (Cloud Security Alliance (Hong

Kong & Macau Chapter))

(2)

Mr Ted SUEN Member (MTR Corporation Limited)

Action by

Confirmation of minutes of last meeting

1. The notes of the sixth Working Group meeting held on 22 May 2013 were confirmed without amendment.

Matters arising from the last meeting

2. Regarding to the organisation name for Mr Dale JOHNSTONE, the notes of meeting and corresponding pages on OGCIO Homepage had been updated with the agreed changes.

Update on Cloud Expert Group and Working Groups

3. Mr Patrick CHAN updated the meeting the latest development of the Cloud Expert Group and Working Groups as well as the statistics of access to the InfoCloud Portal and download of the Practice Guide on Procuring Cloud Services and the two Security Checklists.

4. Ms Clara HO enquired if there were any figures that showed the percentage of the download of the Practice Guide from SMEs.

Mr Patrick CHAN responded that while the InfoCloud Portal

did not identify individual visitors, the web log data could help reveal the distribution of visitors by region through their IP addresses. Alternatively, the subscription function in the InfoCloud Portal to be launched in the near future could add questions to get more information of subscribers.

Update on study of Cloud Services Assessment Tools and Certification Schemes

5. Mr TS YU presented the findings from the study on the needs, availability and deployment readiness of Cloud Assessment Tools and Cloud Services Certification Schemes. He also updated that

(3)

he had relayed the e-mail from the Expert Group on Cloud Computing Certification under the Hong Kong Council for Testing and Certification to all Members of the Working Group inviting them to participate in the “Cloud computing certification survey”. Members were also encouraged to disseminate the questionnaires to their peer groups and relevant organisations to collect more views.

6. The Convenor considered that while cloud computing certification might not need to be mandated, it would certainly contribute to the promotion of wider cloud services adoption. He invited Members to express views such as whether assessment or certification should be made mandatory or remained voluntary, whether Hong Kong should create its own certification schemes or to adopt international certification schemes, and how we could collaborate with the Mainland on the adoption of certification schemes.

7. Mr SH LIM updated the meeting that the Infocomm Development Authority of Singapore was working towards mandating certification scheme for Cloud Services Providers in Singapore and cross certification with international schemes such as Cloud Security Alliance. Members then deliberated on the applicability of such scenario in Hong Kong. Some Members shared that setting any scheme as mandatory would come with a price and it would thus be more flexible for organisation to make their own choice. Some Members opined that since cloud services were usually provided across border, it would be more appropriate to go for international standards rather than localised ones. Some Members viewed that Hong Kong was market driven and it should leave flexibility for organisations to pursue certification based on market demand instead of mandating certain certification schemes. It would be more worthwhile to promote the value of certification and the variety of international or defacto certification schemes which would help establish the trustworthiness of Cloud Service Providers to the prospective consumers, in particular those who were privacy and security conscious. Regarding the collaboration with the Mainland, it

(4)

was generally agreed to keep in view the development of certification standards in the Mainland and explore further in the HK/Guangdong Expert Committee on Cloud Computing Services and Standards.

8. Mr TS YU supplemented that the Expert Group on Cloud Computing Certification intended to recommend some tools / schemes for the industry to adopt voluntarily and was expecting to collect industry's views whether there were tools / schemes in the market that were up to the standard.

9. Members generally agreed to further explore if there could be a handful of tools / schemes / standards selected (objectively with a set of criteria) for promotion to the industry. We would also further liaise and collaborate with Guangdong experts on certification schemes that could help achieve mutual trust of cloud services in the two places.

10. Mr Dale JOHNSTONE further suggested that a portal might be set up for the Cloud Service Providers to publicise the assessments or certifications they had achieved for different tiers at their installations so that the public could appreciate the trustworthiness of these service providers.

Update of progress of preparation for hosting the SC 27 meeting

11. Mr TS YU and Mr Dale JOHNSTONE updated the meeting on the progress of the preparation for hosting the SC 27 meeting in Hong Kong in April 2014. Mr TS YU added that the website for the SC 27 meeting event would be rolled out in October.

Discussion on the plan to gather views and inputs from different stakeholder groups

12. The Convenor raised if we could explore riding on the HKPC event to collect views from the key stakeholder groups apart from the WGPUCS to promote the Practice Guide. Ms Donna

(5)

HKPC for the SMEs and there would be at most one hour allocated for promoting the Practice Guide. After deliberations, the Convenor concluded that the Working Group would look for other opportunities for holding round table discussion with different stakeholder groups since each stakeholder group would have its specific kinds of concerns. The priority stakeholder groups would be SMEs and ICT industry. Details of it would be further discussed after the meeting.

Any other business

13. Mr SC LEUNG enquired whether there would be a replacement of Cloud Security Alliance (CSA) representative for Mr Antony MA in this Working Group. Ms Donna CHAN responded that Mr Antony MA was still one of the members in this Working Group though he might not be able to attend every meeting. She added that other representative from CSA could be invited to attend the meeting of the Working Group on need basis.

14. There being no other business, the meeting adjourned at 4:45 pm.

The Secretariat

Expert Group on Cloud Computing Services and Standards October 2013

References

Download now ( PDF - 5 Page - 214.72 KB )

Related documents

Honor Science and Technical Writing - Online

11-12.RL.1 Cite strong and thorough textual evidence to support analysis of what the text says explicitly as well as inferences drawn from the text, including determining where

The Eu:Cropis Assembly, Integration and Verification Campaigns: Building the first DLR Compact Satellite

The verification methods used are Review of Design, Analysis, Inspection and Test, distributed on the domains Structure, EMC, Thermal, Cleanliness and Contamination Control,

Approach to Business Architecture

We added the concepts necessary to fully support our concept of Business Architecture as defined above and those necessary to manage methods, integrate with

Exploring the relative importance of consumer motives when purchasing craft and premium beer, and the ignored role of intermediaries : a preliminary analysis with British consumers

Exploring the relative importance of consumer motives when purchasing craft and premium beer, and the ignored role of intermediaries : a.. preliminary analysis with

Intellectual property cases often

79. 2007) (recognizing irreparable injury ordinarily presumed from showing of likelihood.. Compare Hokto Kinoko Co. 16, 2011) (applying pre- sumption without discussion to

Where a licence is displayed above, please note the terms and conditions of the licence govern your use of this document.

Time from spore infection to clinical endpoint (sign of infec- tion) using the hamster model of infection for mutants CRG20291-TA (open squares), CRG20291-TG (open triangles)

Evaluation Of Medication Safety Challenges And Prescribing Errors Among Hospitalized Patients In A Saudi Arabian Private Hospital

prescribing errors reported Types of prescribing errors Medication classes involved Reference UK (two teaching and one non- teaching hospital) Prospective study

Primavera P6 Enterprise Project Portfolio Management Certified Implementation Specialist

‘Summarize Project Based on’ determines whether the Summarizer calculates and displays rolled- up data based on resource assignments at the activity or project level. Reference: