On November 3, the “Joint Governmental Technological Platform (MCloud) Security Architecture” was approved.
The MCloud Platform represents an innovative model of information delivery, based on infrastructure, platform and software application as a service. The adoption of MCloud by PCAs as the basic platform for electronic service delivery depends, largely, on ensuring the security of the given platform.
In order to minimize the threats, the MCloud platform security architecture proposes a new approach to its security by applying the “in-depth security” principle. This principle consists in using new security levels for general safety, operating independently from each other, where the next security level provides protection in the case the previous one has failed.
Thus, 8 levels of security are provided:
- data centers and information processing equipment physical security;
- network infrastructure security;
- virtual infrastructure security;
- access control and data security;
- software applications’ security;
- security monitoring and testing;
- operations’ management;
- information security risk management and business continuity.
The security architecture of the platform is composed of 15 components:
- Purpose
- Scope
- MCloud platform general description
- MCloud platform security architecture overview
- Responsibility for ensuring the MCloud platform security
- Physical security of data centers and information processing equipment
- Network infrastructure security
- Virtual infrastructure security
- Access control and data security
- Software applications’ security
- Security monitoring and testing
- Operations’ management
- Information security risk management and business continuity
- Responsibility assignment matrix
- Security threats
