15
Cloud Computing Security & Regulatory Compliance Jakarta, 21 Januari 2015 Disampaikan dalam acara seminar “Datacomm Cloud Business” Oleh : Aidil Chendramata Direktur Keamanan Informasi, Kementerian Kominfo

Cloud Computing Security & Regulatory Compliance

Embed Size (px)

Citation preview

Page 1: Cloud Computing Security & Regulatory Compliance

Cloud Computing Security & Regulatory Compliance

Jakarta, 21 Januari 2015

Disampaikan dalam acara seminar “Datacomm Cloud Business”

Oleh : Aidil ChendramataDirektur Keamanan Informasi, Kementerian Kominfo

Page 2: Cloud Computing Security & Regulatory Compliance

Cloud Computing

• Suatu model untuk memberikan kenyamanan dalam akses jaringan dari manapun sesuai kebutuhan ke dalam wadah bersama sumber daya komputasi (seperti; jaringan, server, penyimpanan, aplikasi dan layanan) yang dapat dikonfigurasi dan di rilis secara cepat dengan upaya manajemen yang minimal atau minimal interaksi dengan penyedia jasa manajemen (NIST, Special Publication 800-145, 2011).

• Sarana menyimpan, mengakses dan sharing data melalui internet- suatu model teknologi komputasi online- dibangun oleh penyedia jasa- setiap layanan digunakan/disewakan sesuai kebutuhan pengguna yang ditetapkan melalui SLA (service Level Agreement)

Page 3: Cloud Computing Security & Regulatory Compliance

Kebutuhan Cloud Computing

• Terbentuk dan tumbuh akibat maraknya kebutuhan infrastruktur jaringan, server, penyimpanan dan aplikasi

• Sejalan dengan perkembangan TI dan program pemerintah mengelektronisasikan layanan melalui program eGov berdampak meningkatnya kebutuhan Infrastruktur Sistem konvensional membutuh:- biaya tinggi, jaringan, listrik, tempat, server, dll- pemeliharaan- SDM bidang TI yang kompeten

• Memberikan dampak ekonomis dengan sistem yang upto date• Sistem fleksibel, memudahkan memberikan layanan,

meningkatkan efektifitas dan kinerja pemerintah.

Page 4: Cloud Computing Security & Regulatory Compliance

Penggunaan Cloud di EU

Page 5: Cloud Computing Security & Regulatory Compliance
Page 6: Cloud Computing Security & Regulatory Compliance
Page 7: Cloud Computing Security & Regulatory Compliance

Peraturan dan perundangan terkait

1. Undang-undang No. 11 tahun 2008 tentang Informasi dan Transaksi Elektronik (ITE)

2. Undang-undang No.14 tahun 2008 tentang keterbukaan Informasi Publik

3. Peraturan Pemerintah RI No. 82 Tahun 2012 tentang Penyelenggara Sistem dan Transaksi Elektronik

4. Peraturan Pemerintah RI No. 61 Tahun 2010 Tentang Pelaksanaan UU no 14 Tahun 2008 Tentang Keterbukaan Informasi Publik.

05/24/11

Page 8: Cloud Computing Security & Regulatory Compliance

Disadur dari: Saiful Hidayat, 2010

E-Signature

1.Hardware2.Software3.Expert

4.Manajemen5.Certification of

Reliability

Lingkup PP PSTE No. 82/2012

Page 9: Cloud Computing Security & Regulatory Compliance

Penyelenggaraan Sistem Elektronik (PSE)

• Pengaturan Penyelenggaraan Sistem Elektronik (PSE) sebagaimana diatur dalam PP PSTE, secara ringkas dapat dikelompokan sbb.,:1.    Kewajiban Pendaftaran bagi PSE Pelayanan Publik (Pasal 5)2.    Kewajiban Sertifikasi Kelaikan Hardware (Pasal 6)3.    Persyaratan Software bagi PSE Pelayanan Publik(Pasal 7)4.    Ketentuan tentang Penggunaan Tenaga Ahli (Pasal 10)5.    Penerapan manajemen risiko penyelenggaraan SE (Pasal 13)6.    Kewajiban memiliki kebijakan tata kelola dan SOP (Pasal 14)7.    Kewajiban dan ketentuan tentang pengelolaan kerahasiaan, keutuhan, dan ketersediaan Data Pribadi (Pasal 15)8. Penempatan Pusat Data dan Pusat Pemulihan Bencana serta mitigasi atas rencana keberlangsungan kegiatan PSE (Pasal 17)9. Sistem Manajemen Pengamanan Informasi (Pasal 18 s.d. Pasal 29)10.Kewajiban Sertifikasi Kelaikan Sistem bagi PSE Pelayanan Publik (Pasal 30 s.d. Pasal 32)

05/24/11

Page 10: Cloud Computing Security & Regulatory Compliance

Peraturan Menteri

• Peraturan Menteri (PM) No. 28 Tahun 2006 Tentang Penggunaan Nama Domain GO.ID

• PM No. 23 Tahun 2013 Tentang Pengelolaan Nama Domain• PM No. 7 Tahun 2013 Tentang Interoperability Dokumen

Perkantoran• PM No. 36 Tahun 2014 tentang Tata Cara Pendaftaran

Penyelenggaraan Sistem Elektronik• PM No. 19 Tahun 2014 tentang Penanganan Situs Internet Negatif• PM No.5 Tahun 2015 tentang Registrar Nama Domain Instansi

Penyelenggara Negara• PM No. 24 Tahun 2015 tentang Penerapan SKKNI bidang

Komunikasi dan Informatika

Page 11: Cloud Computing Security & Regulatory Compliance

Standard Kompetensi Kerja Nasional

Page 12: Cloud Computing Security & Regulatory Compliance

Tantangan Cloud Computing

• Tanpa internet pengguna tidak bisa melakukan apapun• Garis batas kewenangan terhadap sistem tidak jelas, harus pastikan penyedia

yang di percaya• Data security, data lokasi dan storage harus compliance dengan peraturan

dan perundangan• Audit dan compliance harus benar2 diterapkan• Kesiapan incident respon• Ketergantungan pada penyedia layanan:

- Keamanan informasi, kualitas sistem informasi- backup recovery dan pemulihan dari bencana- keberlangsungan penyewaan layanan jangka panjang tergantung dari kesehatan keuangan penyedia layanan

Page 13: Cloud Computing Security & Regulatory Compliance

Permasalahan Implementasi eGov

• Ketidak sesuai sistem/aplikasi yang dikembangkan dengan yang dibutuhkan• Sistem/aplikasi susah untuk diterapkan• Sistem membutuhkan biaya besar untuk operasional• Ketidak sinambungan antara pengembang sistem, apalagi pengembangan sistem

bukan merupakan proyek multi year• Ketidak mampuan sistem bertukar data• Rendahnya kinerja pembangunan sistem akibat tidak adanya tahapan uji coba yang

baku- struktur pengembangan yg kurang aman- kesalahan coding- sistem tidak bisa di akses dengan request yang besar

• Kurangnya dukungan organisasi• Beragamnya SIM dan pengerjaan

Page 14: Cloud Computing Security & Regulatory Compliance

Komputasi Awan sebagai Solusi

• Konsolidasi lebih mudah/lebih efisien menaikan utilitas

• Mempercepat waktu pengembangan aplikasi• Membuat sistem lebih aman sistem siap pakai• Membuat reliabilitas lebih tinggi (down time rendah),

mengurangi resiko pada infrastruktur• Mengurangi biaya operasi

Page 15: Cloud Computing Security & Regulatory Compliance

Terima kasih


Regulatory Compliance and Safety Information Regulatory Compliance and Safety ... · Regulatory Compliance and Safety Information—Regulatory Compliance and Safety Information for

Regulatory Compliance and Safety Information Regulatory Compliance and Safety ... · Regulatory Compliance and Safety Information—Regulatory Compliance and Safety Information for

Documents
Regulatory Compliance - What You Need to Kno · John is a frequent speaker on regulatory compliance trends, BSA/AML, compliance management, advertising compliance and website compliance

Regulatory Compliance - What You Need to Kno · John is a frequent speaker on regulatory compliance trends, BSA/AML, compliance management, advertising compliance and website compliance

Documents
Regulatory/Compliance Issues

Regulatory/Compliance Issues

Documents
Chemical Regulatory Compliance Management · Chemical Regulatory Compliance Management EHS Compliance Audits Identify areas of risk before they are identified by the local regulatory

Chemical Regulatory Compliance Management · Chemical Regulatory Compliance Management EHS Compliance Audits Identify areas of risk before they are identified by the local regulatory

Documents
Sustainable Regulatory Compliance[1]

Sustainable Regulatory Compliance[1]

Documents
Ensuring Regulatory Compliance

Ensuring Regulatory Compliance

Documents
Rapid Regulatory Compliance: Non-clinical: Part I ... · HealthStream Regulatory Script Rapid Regulatory Compliance: Non-clinical: Part I: Corporate Compliance, Sexual Harassment,

Rapid Regulatory Compliance: Non-clinical: Part I ... · HealthStream Regulatory Script Rapid Regulatory Compliance: Non-clinical: Part I: Corporate Compliance, Sexual Harassment,

Documents
Managing Regulatory Compliance using Compliance 360 and … · 2017. 7. 17. · The compliance team focused initially on facilitating their regulatory compliance assessments. The

Managing Regulatory Compliance using Compliance 360 and … · 2017. 7. 17. · The compliance team focused initially on facilitating their regulatory compliance assessments. The

Documents
„Ensuring Regulatory and Pharmacovigilance Compliance“ „Ensuring Regulatory and Pharmacovigilance Compliance“

„Ensuring Regulatory and Pharmacovigilance Compliance“ „Ensuring Regulatory and Pharmacovigilance Compliance“

Documents
Regulatory & Compliance Alert - FINRA · 2015-07-10 · Regulatory & Compliance Alert. 2 CONTENTS NASD REGULATION, INC./ REGULATORY & COMPLIANCE ALERT FALL 2000 NASD REGULATION, INC

Regulatory & Compliance Alert - FINRA · 2015-07-10 · Regulatory & Compliance Alert. 2 CONTENTS NASD REGULATION, INC./ REGULATORY & COMPLIANCE ALERT FALL 2000 NASD REGULATION, INC

Documents
Annual Regulatory Compliance and Quality Report · regulatory compliance- reporting quarterly on audit firms’ compliance with our 2014/15 regulatory requirements as set out in the

Annual Regulatory Compliance and Quality Report · regulatory compliance- reporting quarterly on audit firms’ compliance with our 2014/15 regulatory requirements as set out in the

Documents
Control Regulatory Compliance

Control Regulatory Compliance

Documents
Ensuring Regulatory Compliance Integrating Risk … Regulatory Compliance Integrating Risk ... Audit with the legislative universe of ... Ensuring Regulatory Compliance Integrating

Ensuring Regulatory Compliance Integrating Risk … Regulatory Compliance Integrating Risk ... Audit with the legislative universe of ... Ensuring Regulatory Compliance Integrating

Documents
Regulatory and accounting compliance

Regulatory and accounting compliance

Business
REGULATORY COMPLIANCE MONITORING CHECKLIST

REGULATORY COMPLIANCE MONITORING CHECKLIST

Documents
Understanding Regulatory Compliance

Understanding Regulatory Compliance

Technology
Regulatory and Compliance Landscape

Regulatory and Compliance Landscape

Documents
Regulatory Compliance and Safety Information Regulatory ... … · Regulatory Compliance and Safety Information —Regulatory Compliance and Safety Information —Cisco Firepower

Regulatory Compliance and Safety Information Regulatory ... … · Regulatory Compliance and Safety Information —Regulatory Compliance and Safety Information —Cisco Firepower

Documents
Trends in Regulatory Compliance

Trends in Regulatory Compliance

Documents
& Regulatory Compliance System

& Regulatory Compliance System

Documents
Solving financial regulatory compliance through crowd computing

Solving financial regulatory compliance through crowd computing

Business
US Regulatory/Compliance Orientation

US Regulatory/Compliance Orientation

Documents
Managing regulatory compliance

Managing regulatory compliance

Documents
Regulatory Compliance Update

Regulatory Compliance Update

Documents
REGULATORY COMPLIANCE INFORMATION...802.11b/g Regulatory Compliance Information (if installed) This section details the regulatory compliance information specific to the wireless components

REGULATORY COMPLIANCE INFORMATION...802.11b/g Regulatory Compliance Information (if installed) This section details the regulatory compliance information specific to the wireless components

Documents
Agility meets regulatory compliance

Agility meets regulatory compliance

Documents
Private Funds Regulatory Compliance Calendar 2020 · Regulatory Compliance Calendar 2020 . This Regulatory Compliance Calendar for 2020 is being furnished on a confidential basis

Private Funds Regulatory Compliance Calendar 2020 · Regulatory Compliance Calendar 2020 . This Regulatory Compliance Calendar for 2020 is being furnished on a confidential basis

Documents
Qld Regulatory Compliance: Ensuring your site workforce ... Regulatory Compliance Final ws.pdf · Qld Regulatory Compliance: Ensuring your site workforce has the requisite qualifications

Qld Regulatory Compliance: Ensuring your site workforce ... Regulatory Compliance Final ws.pdf · Qld Regulatory Compliance: Ensuring your site workforce has the requisite qualifications

Documents
FDA Regulatory Compliance Reconsidered

FDA Regulatory Compliance Reconsidered

Documents
PTC Environmental Regulatory Compliance Solution · PTC Environmental Regulatory Compliance Solution ... PTC Environmental Regulatory Compliance Solution ... effectivity of 09/04/06,

PTC Environmental Regulatory Compliance Solution · PTC Environmental Regulatory Compliance Solution ... PTC Environmental Regulatory Compliance Solution ... effectivity of 09/04/06,

Documents