Practice Guide for Cloud Computing Security in Hong Kong

Regulation Overview

Practice Guide for Cloud Computing Security (ISPG-SM04) is the guidance notes to Bureaux and Departments (B/Ds), it highlights common security considerations and industry security best practices for the adoption of cloud computing with the purposes below:

• Enhance B/Ds' understanding on the basics of cloud security; and
• Facilitate B/Ds on the secure use of cloud computing when building their own private cloud or acquiring cloud services from external parties.

Cloud computing uses similar management tools, operating systems, databases, server platforms, network infrastructure, network protocol, storage arrays, and so on. Therefore, security controls in the cloud are largely similar to those controls in traditional IT environments. As such, security controls described in HK government security documents including the Baseline IT Security Policy [S17] and IT Security Guidelines [G3] will still apply. The description of ISPG-SM04 focuses on the following security domains:

• Management Responsibilities
• IT Security Policies
• Human Resource Security
• Asset Management
• Access Control
• Cryptography
• Physical and Environmental Security
• Operation Security
• Communications Security
• System Acquisition, Development and Maintenance
• Outsourcing Security
• Security Incident Management
• IT Security Aspects of Business Continuity Contingency Management
• Compliance

Thales enables Bureaux and Departments (B/Ds) in Hong Kong to align the ISPG-SM04 requirements through:

• Asset Management
• Access Control – Key Management and Identity and Access Management
• Cryptography

Asset Management

Thales CipherTrust Data Security Platform (CDSP), an integrated suite of data-centric security products and solutions, helps Bureaux and Departments (B/Ds) complying the guidelines effectively by protecting data at rest and in transit with strong encryption.

Access Control – Key Management

Thales CipherTrust Data Security Platform (CDSP) offers advanced encryption and centralized key management solutions that enable organizations to store sensitive data in the cloud safely. CDSP delivers robust enterprise key management across multiple cloud service providers (CSP) and hybrid cloud environments to centrally manage encryption keys and configure security policies so organizations can control and protect sensitive data in the cloud, on-premise and across hybrid environments.

• Thales Cipher Trust Cloud Key Manager (CCKM) of CDSP

Access Control – Identity and Access Management (IAM)

Thales Access Management and Authentication solutions provide both the security mechanisms and reporting capabilities organizations need to be compliant.
 

Cryptography

Bureaux and Departments (B/Ds) can manage and protect cryptographic keys with Thales Luna HSM & CipherTrust Manager.

• Thales Luna HSM protects cryptographic keys and provides a hardened, tamper-resistant environment for secure cryptographic processing, key generation and protection, encryption, and more.
• CipherTrust Manager simplifies the management of encryption keys across their entire lifecycle, including secure key generation, backup/restore, clustering, deactivation, and deletion.