Certifying the Cloud for eGov class services

The general purpose nature and widespread value of Guardtime can be seen through how the  Keyless Signatures process can be applied in lots of different ways but all for the same fundamental reason: Audit trail.

It’s always this part that’s more key than any other because we’re not actually concerned with IT security, we’re really concerned with who can be blamed if it goes wrong… 🙂

Guardtime’s technology can be applied to a document where it can guarantee it hasn’t been tampered with, the fundamental element of a legally admissable document, and the same technique can be applied to Cloud systems too, like the log files or the VM images you use to run software.

The context for this can be best explained by how the external market would define the need for such a service, conveyed through a focus on GovCloud – Government Cloud Computing.

One of the best snapshots of the current state of GovCloud can be seen in the post-review analysis document about last year’s 2011 International Cloud Symposium, which we partnered with OASIS to help organize in the UK.

John Borras (OASIS eGov) and John Sabo (OASIS IDTrust) do a really great job of capturing the event, which brought together thought leaders and government officials from across the EU to define and discuss what constitutes GovCloud, and one of the critical points he notes is:

The technical challenges are also not new but they are of a lower order of importance in so far as information itself (and finding workable information governance  and risk management policies) is more important than underlying Cloud computing technologies.

and for this

“Auditability is an absolute requirement”

Guardtime offers one of the building blocks for achieving this type of Auditability, which can be applied not just for the benefit of the IT administrators and Cloud providers, but then also to the higher layers of the applications using them too, ie. the various eGov business process like drivers licence renewals et al.

The thing is that while we’re still in the mode of having the debate about whether the Cloud is less secure than on-prem systems, we’re actually not that far from the point where not only will they be higher class environments but we’ll be able to legally prove it too. Then the tidal wave will truly be unleashed…

I’m excited to say we’ve begun planning the second event, this time for Washington DC, on the same dates of Oct 10-12 so be sure to add that to your diary, it’s going to be a powerhouse event for sure. We’ll be covering the advances of these topics.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: