January 12, 2024 | Posted in News
The Smart Nation Group’s chief digital technology officer outlines the government’s cloud journey, including its approach to cloud migration and how it came to host mission-critical workloads on AWS
The Singapore government has been a big proponent of cloud computing, starting with its Government Commercial Cloud (GCC) service that makes it easier for public sector agencies to manage and secure their use of public cloud services from the likes of Amazon Web Services (AWS), Google Cloud and Microsoft Azure.
By the end of the year, it expects to have at least 70% of eligible government systems on commercial cloud services, including mission-critical systems that involve sensitive or confidential data that will be run on AWS’s new Dedicated Local Zones service.
Speaking to Computer Weekly on the sidelines of the recent AWS re:Invent 2023, Chan Cheow Hoe, government chief digital technology officer at the Smart Nation Group, said the government’s cloud journey started about seven years ago, when it started hosting unclassified workloads such as school websites on public cloud services through the GCC.
At the time, Chan said the work on GCC had enabled it to clarify the policies and regulations that would determine if the government could host its workloads on public cloud services.
“There were three things that were non-negotiable – one was for critical and private data to be ‘geofenced’ to Singapore, a requirement that came not from me or security, but from a legal point of view so that those workloads are subject to the laws of the country, like the Official Secrets Act and the Computer Misuse Act,” he said.
Other requirements included the need for secure connectivity between the government’s on-premise backend systems and front-end systems on the public cloud, along with baseline security measures, such as using infrastructure-as-code to automate deployments and prevent cloud misconfigurations that could be exploited by threat actors.
But for mission-critical workloads with more sensitive and confidential data to be moved to public cloud, Chan said there had to be more transparency on how public cloud infrastructure is run, with even higher levels of security. “We don’t know what’s happening inside there,” he said. “We don’t even know how they run it. Everything is kind of like a black box, so transparency is important.”