Practice Guide for Cloud Computing Security in Hong Kong
Thales enables Bureaux and Departments in Hong Kong to align with the ISPG-SM04 requirements on cloud computing security.
The Office of the Government Chief Information Officer (OGCIO) in Hong Kong attaches great importance to improving information and cyber security in the Government as well as to promoting awareness and preparedness in the wider community. In response to the use of cloud computing emerging as a global trend, OGCIO has developed the Practice Guide for Cloud Computing Security (ISPG-SM04).
Thales enables Bureaux and Departments (B/Ds) in Hong Kong to align the ISPG-SM04 requirements, in part through:
Regulation Overview
Practice Guide for Cloud Computing Security (ISPG-SM04) is the guidance notes to Bureaux and Departments (B/Ds), it highlights common security considerations and industry security best practices for the adoption of cloud computing with the purposes below:
Cloud computing uses similar management tools, operating systems, databases, server platforms, network infrastructure, network protocol, storage arrays, and so on. Therefore, security controls in the cloud are largely similar to those controls in traditional IT environments. As such, security controls described in HK government security documents including the Baseline IT Security Policy [S17] and IT Security Guidelines [G3] will still apply. The description of ISPG-SM04 focuses on the following security domains:
Thales enables Bureaux and Departments (B/Ds) in Hong Kong to align the ISPG-SM04 requirements through:
Asset Management
Thales CipherTrust Data Security Platform (CDSP), an integrated suite of data-centric security products and solutions, helps Bureaux and Departments (B/Ds) complying the guidelines effectively by protecting data at rest and in transit with strong encryption.
Protect Data at Rest:
Once Bureaux and Departments (B/Ds) know where their sensitive data are, protective measures such as encryption or tokenisation can be applied. For encryption and tokenisation to successfully secure sensitive data, databases and applications with modernised architecture, the cryptographic keys themselves must be secured, managed and controlled by the organisation.
Protection of sensitive data in motion
Access Control – Key Management
Thales CipherTrust Data Security Platform (CDSP) offers advanced encryption and centralised key management solutions that enable organisations to store sensitive data in the cloud safely. CDSP delivers robust enterprise key management across multiple cloud service providers (CSP) and hybrid cloud environments to centrally manage encryption keys and configure security policies so organisations can control and protect sensitive data in the cloud, on-premise and across hybrid environments.
Access Control – Identity and Access Management (IAM)
Thales Access Management and Authentication solutions provide both the security mechanisms and reporting capabilities organisations need to be compliant.
Cryptography
Bureaux and Departments (B/Ds) can manage and protect cryptographic keys with Thales Luna HSM & CipherTrust Manager.
As the leader in digital security and data protection, Thales has helped hundreds of enterprises comply with regulations worldwide by recommending the appropriate data protection technologies required to meet regulatory requirements. Thales enables Bureaux and Departments...
This ebook shows how Thales data security solutions enable you to meet global compliance and data privacy requirements including - GDPR, Schrems II, PCI-DSS and data breach notification laws.
Traditionally organizations have focused IT security primarily on perimeter defense, building walls to block external threats from entering the network. However, with today’s proliferation of data, evolving global and regional privacy regulations, growth of cloud adoption, and...
As the forces that drive a multicloud strategy become clear, the challenges of securing data across multiple clouds meets the reality that a significant amount of global sensitive data is stored in the cloud. This paper informs readers on some of the drivers for multicloud...
Perhaps the most comprehensive data privacy standard to date, GDPR affects any organisation that processes the personal data of EU citizens - regardless of where the organisation is headquartered.
Any organisation that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.
Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbour” clause.