Bolivia proposes “sovereign cloud” to secure data.

♠ Posted by Mario in nube soberana at 11:57

Bolivia will build its own cloud computing platform, or “sovereign cloud”, to store sensitive government information after a spate of hacker attacks put data at risk.

The bill, proposed by Senator Nelida Sifuentes who is also first vice president of the Senate, claims it will protect government data by “strengthening Bolivia’s sovereignty and computer security” and users’ data privacy. Dubbed Sumaj Wakaycha, the initiative will see the sovereign cloud facility based in the city of Sucre, which is also the seat of the country’s Supreme Court.

If passed, the bill would mean that all public institutions must centralise their information through Sumaj Wakaycha, where it will be secure but also easily available.

Bolivia has been scrambling since hackers targeted a number of government agency websites including the police, navy and ministry of communications. Hackers from Chile have been blamed for the attacks, stemming from disputes Bolivia has with Chile over access to waterways to the coast.

Bolivia is currently taking legal action against Chile to secure coastal access through the country and this is believed to have angered pro-Chilean hackers who vandalised the Bolivian government sites.

The government responded by stating that national security was not threatened by the attacks but measures needed to be taken to enhance protection while also building on data efficiency.

What the experts think

While no data was compromised in the cyber intrusions, the incident, along with the spate of recent cybercrime, has done little for Bolivians’ trust in the security of their data; so can an initiative like this make a difference?

“The fact is there are pros and cons to this approach for securing sensitive data and critical services,” says Ben Desjardins, director of security solutions at Radware.

One of the benefits he says, includes creating a standard and consistent policy for security across the government. “This can have the effect of bringing previous security gaps or deficiencies up to speed,” he explains. “Additionally, there may be benefits from information sharing across services in this cloud where certain data or events can be correlated to improve visibility into cybersecurity threats.”

There are risks at the same time. “By consolidating sensitive data and critical network services, you may create a very rich target for those malicious actors,” says Desjardins. “Ultimately, it will be the security measures Bolivia puts around these consolidated resources that will determine whether or not they improve their security posture.”

The initiative isn’t necessarily a new one, says Asaf Cidon, CEO and co-founder of Dropbox encryption service Sookasa. “But the idea of centralising all of the government into one centralised cloud, as Bolivia plans to do, is a novel concept,” he says.

Security from the very beginning

If Bolivia is to build a dedicated IT infrastructure data centre of their own from the ground up, they will need to build in the strongest security measures possible, rather than retrofit security down the road, which could make Sumaj Wakaycha formidable.

“That said, Bolivia is neither the first nor the most influential government to implement a sovereign cloud, as many US government entities have already moved to the cloud,” explains Cidon. “For example, the CIA has an Amazon-built cloud. The difference is that Bolivia is doing it for all of its governmental bodies in a single place.”

Plenty of government agencies in various parts of the world are moving towards the cloud and Bolivia seems to just be the latest country. However if the trend continues says Cidon, “it could create an interesting new market.”

Lyncoln De Mello of Australian cloud provider Brennan IT offers another perspective of what Bolivia can do to secure its proposed cloud. Assuming the best secure infrastructure is built in from the beginning, he believes that cloud technology offers the best solution for governments and should be adopted on a wider scale.

Smaller government agencies that hold highly sensitive data are usually more vulnerable to compromise, he adds. “These smaller firms often do not have the resources required to match the security levels that can be achieved with centralised, quality endorsed cloud services,” says De Mello.

The cloud is already used to store extremely sensitive information such as financial and medical data but recent data breaches in these areas like JPMorgan Chase and Anthem may damage the public’s trust in these systems.

“Sophisticated data segregation and security systems, best practice networking design and strong data encryption technology are some of the measures required to ensure best practice infrastructure design,” say De Mello.

“Strict user data access policies such as two-factor authentication, document permissions policies, tiered user security levels and data leakage prevention systems are some measures required to ensure tight governance on legitimate end user access.”

Cidon adds that companies like his own and countless others have been banking on the cloud as the next generation for institutions and their relationships with data and the web. “[It] is why we’re laser-focused on enhancing its security. Bolivia’s move is further confirmation of that theory,” he says.

Fuente: IDG.

Traducción al español, vía Google Translate.