TOKYO >> The Japanese government is planning to introduce a system to certify the safety of online cloud data storage services, and government institutions would exclusively use certified services.
As part of strengthening defense against cyberattacks from China and other nations, the government is requiring that companies in charge of important infrastructure, such as electricity and railway networks, find secure cloud services. This comes at a time when an increasing number of companies are adopting cloud storage as an efficient means of data management.
The government plans to draw up security standards and start trial runs this year, with the aim of introducing a full system in 2020. It will create a list of approved providers allowed to bid for government contracts.
Standards will include three security levels. The highest — level three — would require data centers to establish defense mechanisms and confirm the safety of telecommunications equipment. This would apply to institutions that handle highly confidential data such as national security. An auditing body providing regular inspections would ensure that standards are met.
For now, the government is gradually transferring data from in-house servers to private cloud services, armed with specialized technology that can defend against increasingly sophisticated cyberattacks.
Excluded from the cyber world are highly classified documents; legal regulations dictate that storage mediums for such items are not connected to the internet.
Japan currently lacks uniform standards on cloud security, and the U.S., Britain and other nations have voiced concerns over sharing information with Japan due to possible “back doors” in its security systems. These nations have certification systems in place.
The U.S. is believed to be moving toward excluding Chinese companies from supplying telecommunications equipment for government institutions. Japan is headed in the same direction.