A new board of Cloud Security Alliance (CSA) Hong Kong and Macau Chapter was announced last week. The new chairman, Claudius Lam, urges the Hong Kong government to adopt international security standards.
“Currently there are no standards adopted by the Hong Kong government regarding cloud computing or cloud security and the progress has been slow,” said Lam in an interview with Computerworld Hong Kong. “We cannot blame the government on this because the latest standards for cloud computing was just released by the International Organization for Standardization (ISO) last October. Obviously there will be a lot of consultation and study for the government to do before making up their mind on which standard to adopt.”
Some of the latest international standards that CSA offers include STAR (Security, Trust & Assurance Registry), a certification standard for services providers, and CCM (Cloud Controls Matrix) that serve as a reference of best practice for cloud adopters.
Local SMEs lack awareness
Lam added that the latest Hong Kong SMEs cloud adoption, security and privacy readiness study indicated awareness and significance of these security standards among local users remain low.
Conducted by Internet Society Hong Kong and CSA Hong Kong and Macau Chapter, the survey shows more than 50% of the surveyed SMEs stated that they rely on the data security strategy provided by the cloud service providers (CSPs), although very CSPs have adopted the international standards.
Although different industry has their own security requirements, without an internationally-recognized standard it will be difficult for organizations to identify the information security risks and choose the right protection for their Cloud deployment. This is particularly true for organizations that has with less resource and rely on their CSPs for security measures.
“We can only assume that the (local SME) users are either lucky or they don’t really know what kind of risk they are facing,” said Lam.