Abstract - Today, there is a new scenario and environment in ICT where is most government institutions in Central, Eastern Europe, and Asia have move forward from traditional technology to cloud technology. There is no secret where is this technology become more popular. Predictions show that government will play some sort of lead role within adopting cloud computing as for data storage, applications, and processing power, as IT executives look to optimize their returns with limited budgets in these challenging economic times.
Government cloud services can be a new development in the intersection of electronic digital government and impair computing which supports the promise regarding rendering government service delivery far better, cost effective, and efficient. Cloud services are exclusive, dynamic, and potentially stateless which includes triggered governments' concern for data security, privacy, and sovereignty. This paper will evaluate the security and privacy level of this cloud that implemented by MAMPU and it will focus on the SaaS, Paas, and IaaS cloud stack with three strategic cloud models (public, private, and outsource cloud).
Keyword - Cloud computing; Saas; Paas; Iaas; cloud security; cloud technology; data security management
INTRODUCTION: DEFINITION OF CLOUD
Computer in its evolution form has been changed multiple times, as learned from its past events. Ironically, the history started with the mainframe and that time predicted to be the future of computing and indeed mainframes and large scale machines were built and used, and in some circumstances they are used similarly today. The trend and evolution go bigger and more expensive, to smaller and more affordable commodity PCs and servers which are hybrid together to construct to be cloud computing system, denoted as Cloud in short, due to their same capability in providing services, storage, computation, management, and others .
Researcher found and defined that cloud computing is a virtualized compute power and storage delivered via platform-agnostic infrastructures of abstracted hardware and software accessed over the Internet. These shared, on demand IT resources, are created and disposed of efficiently, are dynamically scalable through a variety of programmatic interfaces and are billed variably based on measureable usage . After the dotcom (.com) environment, Amazon is one of the key players in the development of cloud computing where is they have improve and modernize the data centres.
In this situation, most of the computer networks have use as little as 10% of their capacity at any one time . According to Thomas Davies, Head of Google Enterprise in Ireland and the UK, “To date, business cloud computing adoption has been mainly motivated by the IT division. The advantages of cloud computing are far beyond cost saving and the reduced burden of upholding.” The strategically important impact that cloud computing has within an organization in terms of motivating innovation and efficiency is making it an ever more attractive choice for business desire to gain competitive advantage and agility .
MAMPU & CLOUD TECHNOLOGY
Fig 1: Basic cloud computing logical diagram
MAMPU was established based on a study on “Development Administrative in Malaysia” conducted by Prof. John D. Montgomery and Milton J.Esman. In 1986, the role of human resource planning was reassigned to other agencies so that it can focus on Public Sector administrative modernisation and management consultation. Since then ICDAU was known as the Malaysian Administrative Modernisation and Management Planning Unit (MAMPU) . For the period 2011-2015 MAMPU has charted the strategies and directions for e-Gov through the Public Sector ICT Strategic Plan (ISP).
The goal is to transform government services online and increase productivity specifically towards a paperless government. The responsibility encompasses the planning, designing, executing and implement e-Gov initiatives. MAMPU also focuses its strategies and directions on the infrastructure to provide shared services to government agencies. Projects that have been implemented include the consolidation of Government Data Center, the Government Cloud Computing implementation and also the Government Unified Communication and Tele-presence services .
MAMPU will implement the cloud technology as you can see from the Fig. 1 above to government with five (5) criteria [2,11,15]: a) Ease of Use – Easy to deploy the infrastructure whether with a mouse or API. b) Scalability – Of course ease of use, able to control the infrastructure with the application, nothing or less to purchase and instant. c) Less Risk - Nothing to buy, can cancel immediately, can change and rebuilt instantly even operating systems. d) Reliability - Based on enterprise grade hardware and automatically spin up replacement and use multiple clouds. e) Low Cost – Able to manage also can reduce the cost usage, pay only the usage, no need to buy in advance, zero capital, and no contracts.
CLOUD DEPLOYMENT MODEL
Basically, this technology is designed to be implemented in many ways. The US Nationals Institute of Standards and Technology (NIST) has defined that cloud computing is the technology that convenient to users, and can be implemented with the minimal management involvement and service provider . Generally know that cloud computing is a technology that focus on the sharing data and computations over a scalable network of nodes. There are four deployment models that proven can be deploy with the services in the current ICT environment . For MAMPU, they have implemented with the different way and you can see in Fig.2 below for the deployment structure and solution [3,11].
Fig 2: Multiple Delivery Models for Cloud Computing
a) Private Cloud Commercially Hosted: Publically available Cloud Computing services offered through commercial sources that are dedicated and separate from the Public both physically and logically and must to remain to support heighted data security and privacy requirements. Accesses to these services are provided through a dedicated Government Intranet and are not accessible from the Public Internet.
b) Private Government Cloud: The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise.
c) Public Cloud: The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.
d) Community Cloud: The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise.
e) Hybrid Cloud: The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting).
CLOUD SERVICE STACK
Cloud computing providers offer their services according to the several fundamental models such as IaaS(Infrastructure as a Service), PaaS(Platform as a Service), and SaaS(Software as a Service) and all the details as per below [1,8]. a) Cloud Infrastructure as a Service (IaaS): The capability that provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run the software which have include the software and applications like host firewalls and load balancing .
The advantages from this service are pay per use, instant scalability, security, reliability, and full control of environment and infrastructure  and the disadvantages are more premium price point and limited competition. b) Cloud Platform as a Service (PaaS): The capability provided to the consumer is to deploy onto the cloud infrastructure consumer created or acquired applications created using programming languages and tools supported by the provider . Of course, these services also have their own advantages.
The advantages are pay per use, instant scalability, and good for developers, reliability, more control that SaaS, and tightly configured . c) Cloud Software as a Service (SaaS) This is a common cloud and many providers have their own services and technical. The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as web browser and web based email. The advantages are very easy, pay per use, security, reliability, and API [8,11].
ISSUE: SECURITY & PRIVACY IN CLOUD COMPUTING
The cloud system is running in the internet over the world and the security problems in the internet also can be found in the cloud system. The cloud system is not different with the traditional system in the PC and it can meet other special and new security problems. And now, the biggest concerns about cloud computing are security and privacy . Many researchers have try to find the solution on this crucial situation where is the security and privacy is the main issue on this system. In ICT perspective, the security and privacy is very sensitive and need to give high priority for the solution.
The issue is how to define the security and privacy level now and I believe that all of these keep changing and moving around due to the increasing of the cloud environment and also the user capacity in the cloud. From the research, found that many of them concern about the security of the cloud itself instead of the outside cloud. They concern about the data transmission, data integrity, data privacy, data authentication due to nowadays everyone is open to attack or hack over the internet [7,10]. Besides that, this paper also focuses for the level of the storage security, software security,
audit and compliances, and the governance that monitor this system. This is very important because the implementation is for government and all the data and user are very confidential to public.
Cloud computing system has entered to the new stage and practical development era where is from the schema to the implementation and infrastructure. Most of the system and solution bring us advantages and disadvantages and cloud system is one of this. In order to make the cloud system is reliable and moving towards to the new globalisation and business, the security and privacy must be strong and need to give full commitment and priority on the solution. This paper will explore more on the security and privacy level that be implemented by MAMPU to government. This paper will investigate the ongoing security and privacy issues in IaaS, SaaS, and PaaS. Government and MAMPU need to work together to make sure that all the security and privacy issue can be manage properly and systematically.