Page 455 - Shaping smarter and more sustainable cities - Striving for sustainable development goals
P. 455

       Balancing traditional versus cloud delivery

            Within a SSC environment, all the smart services mentioned so far in the analysis can be delivered
            through  a  traditional  client‐server  approach,  but  also  through  a  cloud  computing  model,  both
            private and hybrid, in order to leverage “as‐a‐service” capabilities and efficiencies.

            These  models  require  a  secure  virtualized  environment  where  data  can  be  safely  guarded  and
            processed with appropriate service level agreements (SLAs) in order to guarantee the provision of
            essential services to citizens. Authentication and encryption policies and techniques can help ensure
            the integrity of the cloud environment and its safe operation in the virtual space. Availability and
            disaster recovery solutions should guarantee compliance with SLAs, as well as resilience for critical
            city services.

                   Managing security services and Computer Emergency Response Teams (CERTs)
            SSC should also consider outsourcing security services to providers who can leverage extensive,
            global expertise in the field of cybersecurity to minimize security‐related disruptions and data loss.
            The ICT leadership can then be relieved from this particular complex and time‐consuming aspect
            and focus on the functional duties of running the city's ICT.

            SSC should also rely on their national CERTs to align with national coordination on cyber incidents
            and  security,  and  thus  benefit  from  the  international  visibility  this  type  of  coordinated  efforts
            provide.

                   Protecting infrastructure

            Securing  endpoints,  messaging  and  web  environments,  defending  critical  internal  servers  and
            implementing  the  backup  and  recovery  of  data,  should  be  among  the  key  priorities  of  SSC
            strategists. Organizations also need visibility and security intelligence to respond to threats rapidly.

                   24x7 availability of the critical infrastructure

            Ensuring resilience in case of an incident can be achieved through the adoption of solid backup and
            recovery software or appliances, as well as adequate policies, processes and tools.
                   Developing an information management strategy

            This should include an information retention plan and policies. Organizations need to refrain from
            using  backup  for  archiving  and  legal  retention,  and  should  instead  implement  deduplication
            mechanisms  to  free  up  resources,  adopt  a  full‐featured  archive  system,  and  deploy  data  loss
            prevention technologies.
                   Access control at the boundary of network

            Access  control  at  the  boundary  can  isolate  attacks  away  from  internal  networks.  Different
            boundaries can be implemented, with different policies enforced.
            A firewall that consists of access rule, verification tools, packet filtering and application gateway,
            can greatly improve the security of an internal network. Since only selected protocols can pass
            through the firewall, the network environment has become more secure. Firewall can prevent well‐
            known unsafe protocols, making it impossible for external attackers to use these vulnerabilities to
            attack the internal network. The firewall should be able to reject all of the above types of attack
            packets, and immediately alert the administrator.








            ITU‐T's Technical Reports and Specifications                                                  445
   450   451   452   453   454   455   456   457   458   459   460