دانلود کتاب White Paper – Cloud Services in Sustaining Societal Functions – Risks, Appropriateness and the Way Forward
by Swedish Social Insurance Agency
|
عنوان فارسی: کاغذ سفید - خدمات ابری در پایداری عملکردهای اجتماعی - خطرات، مناسب بودن و راه رو به جلو |
دانلود کتاب
جزییات کتاب
Several countries, including the U.S., China and India, have legislation designed so that under specific circumstances their governmental agencies are given access to data and information stored by service providers under their jurisdiction, even if the physical storage is provided outside the territory of that country. With this in mind, a debate has arisen regarding compliance with Swedish and EU legislation when using a cloud service provided by the private market. The Swedish Social Insurance Agency notes that provisions in both Swedish and EU law prohibit Swedish governmental agencies from using certain public cloud services operated by private service providers for the purpose of handling confidential information or personal data, if said service provider is under the jurisdiction of a state that has legislation such as that described above.
We are, however, of the opinion that an essential issue has not been addressed in the Swedish debate, namely whether it is appropriate for Swedish governmental agencies to hand over to private companies or other countries control of information concerning activities which we have labelled as sustaining societal functions. There are also a number of security related issues. For example, the possibility of a generally greater vulnerability, an increased risk of unauthorised access to data, as well as difficulties in conducting security checks on technical staff and accurate risk and vulnerability analysis.
The Swedish Social Insurance Agency will not contract the operation of critical digital systems for sustaining societal functions to private companies under the jurisdiction of states with the type of legislation mentioned above. Regarding IT- systems in security-sensitive activities, the aim of the Swedish Social Insurance Agency is for IT-systems to be under governmental control.
In order to ensure that sustaining societal functions are secure against cyber attacks, to protect privacy and to reduce dependence on the provision of individual services by the private market, Sweden needs to formulate an overarching governmental strategy and a long-term action plan to protect digital sovereignty. In addition, in order for Swedish governmental agencies to continue to benefit from all the opportunities provided by digitalisation, we should ensure – through cooperation nationally and within the EU – that the private services we choose to use are adapted to our requirements and current legislation and have a level of security that allows us to maintain control over our functions and data. This will enable Sweden to take advantage of the innovation and efficiency benefits often associated with IT-services provided by the private market whilst at the same time securing the digital sovereignty of Sweden.