August 24, 2018 Study Group on Security Assessment of Cloud Services to be launched

The Ministry of Internal Affairs and Communications (MIC) and the Ministry of Economy, Trade and Industry (METI) decided to jointly convene a Study Group on Safety Assessment of Cloud Services, and to hold the first meeting on August 27, 2018.

The study group will hold discussions on method of security assessment of cloud services in order to encourage both the public and private sectors to introduce cloud services into their systems in a more safe and secure manner and to continue to use such services.

1. Background

In recent years, cloud services have been playing a core role in a variety of services for data utilization and management. In this trend, as both the public and private sectors are advancing the introduction of such services into their systems, the major platform for information management and systems is shifting from the conventional means to cloud computing systems.

In light of this trend, the government of Japan stipulated a Cloud Adoption Policy for Government Information Systems in June 2018 and upheld a Cloud-by-Default Principle as a basic policy that requires the government to consider utilization of cloud services as the first candidate for information services. However, there are some concerns over security derived from unique, potential risks lying in cloud services, while more and more people are expected to use such services in the future.

Against this backdrop, the Future Investment Strategy 2018 stipulates that Japan should start discussions from 2018 on method of security assessment of cloud services in order to encourage both the public and private sectors to introduce cloud services into their systems in a more safe and secure manner and to continue to use such services by placing weight on the level of importance of information assets from the perspective of securing trustworthiness of such services in parallel with referring to overseas case examples

In response, MIC and METI decided to convene a Study Group on Security Assessment of Cloud Services consisting of information security and data utilization experts. The study group will hold discussions on methods for security assessment of cloud services.

2. Meeting schedule

The study group will hold its first meeting on August 27, 2018. The series of meetings will not be open to the public, but a summary of the proceedings and the compiled results will be publicized.

Divisions in Charge

• ICT Strategy Policy Division, Information and Communications Bureau, MIC
• Information Economy Division, Commerce and Information Policy Bureau, METI