CCCS release guidelines aimed at securing cloud-based computing

CCCS release guidelines aimed at securing cloud-based computing

Canadian organizations that want to shift to a cloud-based environment will not have to worry about cybersecurity. On June 3, 2020, the Canadian Center for Cybersecurity (CCCS) has issued four sets of guidance related to cybersecurity. Initially set for the government of Canada, the four guidelines aim to help organizations to move to a safer and more secure cloud computing experience, according to the CCCS. The Center guidelines include the security categorization of Cloud-based services, defense in-depth for cloud-based services, cloud security assessment and authorization, and cloud service cryptography.

The guidelines consider creating an inventory of business activities, processes, and information assets; and assessing injuries resulting from business process and information asset failures as the first step to acquiring cloud-based computing, states Canadian Lawyer Magazine.

The government of Canada has developed a new cybersecurity strategy aiming to safeguard Canadians digital privacy, security, and economy. Cloud Adoption Strategy of 2018 is part of the Government of Canada Strategic Plan for Information Management and Information Technology 2017 to 2021.  According to CSA Group- an organization that develops standards-, $500 million is planned to be invested in the cybersecurity sector within 5 years. Funds will be allocated to create the National Cybercrime Coordination Unit in the Royal Canadian Mounted Police aiming to investigate major cybercrime attacks. The implementation roadmap strategic actions include adopting cloud computing services, establishing a cloud service broker, offering public and private cloud services. These actions are fulfilled through the strategy.

Today, Cloud-computing is essential for many companies. Protecting against risks associated with cloud computing is costly but it is always better not to put information and businesses at risk. Cloud Service Providers (CSP) are vulnerable to hackers and users have limited control over the cloud components. However, CSPs have clear incentives to build security solutions. Yet, both organizations and users have to take care about cybersecurity.

In 2018, Canada registered the most cyberattack incidents in the world. Ralph Goodale, Minister of Public Safety and Emergency Preparedness said that cybercrime causes more than $3 billion in economic losses each year, according to the National Cyber Security Action Plan (2019-2024) report. The action plan includes three main goals- secure and resilient systems, an innovative and adaptive Cyber Ecosystem, effective leadership/ governance, and collaboration.

In 2019, Canada suffered from the so-called worst cyberattack in Canadian history. According to IT World Canada, on December 17, 2019, the country faced a large cyberattack that led to the theft of personal information for 15 million people in Ontario and B.C held by medical test laboratory Lifelabs. On the other hand, two Canadian banks have reported cyberattacks and the financial information of 90000 customers were put at risk last year. Simplii Financial and the Bank of Montreal reported that breaches were generated outside Canada.

Hackers are adjusting their strategy to respond to the latest security measures implemented by companies. However, organizations are seeking to implement advanced analytics that help to detect and prevent malicious activity.