로그아웃 하시겠습니까?

국가전략정보포털

전자도서관 바로가기 전자도서관 바로가기
로그인
  • 주제별 국가전략
  • 전체

Technical and Legal Criteria for Assessing Cloud Trustworthiness
(클라우드의 신뢰성 평가를 위한 기술적·법적 기준)

Information Technology and Innovation Foundation 2024-04-22

목차

Key Takeaways 1
Introduction 3
Trusted Cloud Is Critical to Global Data, Cybersecurity, and Technology Governance 7
Country Case Studies 8
 Australia’s Critical Infrastructure Act and How One Problematic Firm Shaped It 8
 Costa Rica’s Trusted Supplier Decree Uses the Budapest Convention as a Criterion to Assess 5G Trustworthiness 9
 The Czech Republic Uses EU and NATO Membership, Plus Other Criteria, to Assess 5G Trustworthiness 10
 The European Union’s Cloud Cybersecurity Regime and Its Sovereignty Requirements 10
 France’s Discriminatory Cloud “Sovereignty” Requirements 11
 Germany’s Information Security Law Uses Several Non-technical Criteria to Assess Trustworthiness 12
 India’s Evolving Cloud Cybersecurity Certification Scheme and Its Efforts to Target Chinese Hardware, Software, and Data 12
 Korea’s Unprecedented Public Sector Cloud Restrictions 13
 Romania Uses Strategic Partnerships as Criteria to Assess 5G Trustworthiness 14
 The United Kingdom’s Investigatory Powers Act Undermines Cloud Trustworthiness 14
 The United States’ Problematic Clean Network and Cloud Initiatives and Proposed Expansion of Data Localization in FedRAMP 15
Technical and Legal Criteria for Assessing Trusted—and Untrusted—Cloud Service Providers 15
 International Standards Are Foundational to Cloud Cybersecurity and Trustworthiness 16
 Cloud Cybersecurity Certifications Are Critical Points of Commonality and Conflict 18
Map and Work to Align Technical Controls and Standards, Audits, and Cloud Certification Requirements 20
 Government Access to Data: Assessing Legal Frameworks and What Happens in Practice 23
Transparency Reports About Government Requests for Data Provide Critical Transparency and Data on Cloud Trustworthiness 25
 Government Operational Control Over Cloud Services 26
 Cooperation With Cybersecurity Authorities Demonstrates Cloud Trustworthiness 27
Legal Criteria to Assess Geopolitical Risks and Cloud Trustworthiness 28
The OECD’s Data Free Flow with Trust Secretariat Should Be the Forum for Trusted Cloud Discussions 30
Conclusion 31
Endnotes 33

해시태그

#클라우드시스템 # 클라우드신뢰성 # 데이터거버넌스 # 개인정보보호 # 데이터보안

관련자료