ITU‐T's Technical Reports and Specifications 445 Balancing traditional versus cloud delivery Within a SSC environment, all the smart services mentioned so far in the analysis can be delivered through a traditional client‐server approach, but also through a cloud computing model, both private and hybrid, in order to leverage “as‐a‐service” capabilities and efficiencies. These models require a secure virtualized environment where data can be safely guarded and processed with appropriate service level agreements (SLAs) in order to guarantee the provision of essential services to citizens. Authentication and encryption policies and techniques can help ensure the integrity of the cloud environment and its safe operation in the virtual space. Availability and disaster recovery solutions should guarantee compliance with SLAs, as well as resilience for critical city services. Managing security services and Computer Emergency Response Teams (CERTs) SSC should also consider outsourcing security services to providers who can leverage extensive, global expertise in the field of cybersecurity to minimize security‐related disruptions and data loss. The ICT leadership can then be relieved from this particular complex and time‐consuming aspect and focus on the functional duties of running the city's ICT. SSC should also rely on their national CERTs to align with national coordination on cyber incidents and security, and thus benefit from the international visibility this type of coordinated efforts provide. Protecting infrastructure Securing endpoints, messaging and web environments, defending critical internal servers and implementing the backup and recovery of data, should be among the key priorities of SSC strategists. Organizations also need visibility and security intelligence to respond to threats rapidly. 24x7 availability of the critical infrastructure Ensuring resilience in case of an incident can be achieved through the adoption of solid backup and recovery software or appliances, as well as adequate policies, processes and tools. Developing an information management strategy This should include an information retention plan and policies. Organizations need to refrain from using backup for archiving and legal retention, and should instead implement deduplication mechanisms to free up resources, adopt a full‐featured archive system, and deploy data loss prevention technologies. Access control at the boundary of network Access control at the boundary can isolate attacks away from internal networks. Different boundaries can be implemented, with different policies enforced. A firewall that consists of access rule, verification tools, packet filtering and application gateway, can greatly improve the security of an internal network. Since only selected protocols can pass through the firewall, the network environment has become more secure. Firewall can prevent well‐known unsafe protocols, making it impossible for external attackers to use these vulnerabilities to attack the internal network. The firewall should be able to reject all of the above types of attack packets, and immediately alert the administrator.