The accelerated pace of global digital transformation has ushered in broader adoption of cloud computing among defence organizations, along with the recognition that data and AI are national assets. In this new digital age, data has become an invaluable commodity that offers an enormous advantage when used to turn information into insight. As a fundamental building block for situational awareness, it can enable military and intelligence organizations to adjust to rapidly changing situations and act at speed.
As a result, discussions around the scope of national control over data have been brought to the forefront. Data residency – the concept of keeping data within the physical borders of a particular country – is frequently discussed alongside security and privacy protections and weighed against the benefits of international interoperability, which has the potential to not only bolster security but drive incredible innovation.
Establishing a framework
When discussing cloud computing and data, establishing the frame of reference is critical – one person’s cloud is another person’s fog – we need to clear the fog. Simply put, cloud computing is the delivery of computing services – including servers, storage, databases, networking, software, analytics and intelligence – over the Internet (“the cloud”) to offer faster innovation, flexible resources and economies of scale. The assumption that the cloud is just a bunch of computers knitted together, frankly, misses the point. The operations of hyperscale cloud services, which are comprised of millions of servers, are dramatically different than the traditional data centers of the past. The cloud has dramatically changed what’s possible to achieve with technology. If we consider the COVID-19 crisis, the scalability of cloud capabilities was fundamental in securely enabling remote work and the delivery of essential services – from virtual healthcare to critical government services, including education.
The rise in online activity over the past two decades has resulted in a meteoric growth of data. It is more important than ever that we embrace a new understanding of data and develop a framework around how we protect selected data of national importance. Canada has a long history of leadership in establishing data protection frameworks. From the early work on Canadian Trusted Computing Program Evaluation Program (CTCPEC), though to the leadership in the Common Criteria and the Guidance on the Security Categorization of Cloud-Based Services. A global leader in Privacy, the privacy principles Canada adopted with the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) have largely stood the test of time for more than 20 years. When the European Union passed the General Data Protection Regulation (GDPR) in 2018, much of PIPEDA remained relevant under the regulation with only few adjustments required for closer alignment. Now, the newest standards-making body, the CIO Strategy Council, has drafted and published the Canadian standard on the ethical design and use of AI systems. Frameworks like these mentioned, anchored with concrete mission requirements, will help guide the controls needed to support modern data intensive operations.
Canada has earned recognition as an international leader in privacy and security and we continue to have an important role to play in fostering global collaboration. Fundamentally, the international cloud is a cornerstone for national prosperity and it’s important that we recognize it as such and work together as a community to safeguard it. A Digital Geneva Convention will be important in these discussions and we’re making incredible strides with the Cybersecurity Tech Accord, which started off with 34 companies and now has over 100. The Paris Call for Cybersecurity, with thousands of signatories across the public and private sector, will also play an important role in establishing the rules of engagement to ensure advanced technologies are used in a responsible, sustainable, inclusive and ethical way.
As we address issues of data protection in the cloud era, information security is paramount to providing strong assurance and facilitating seamless collaboration with other countries and partners. For defence and intelligence organizations, the intelligent cloud (ubiquitous computing, enabled by the public cloud and artificial intelligence (AI) technology) and intelligent edge (a continually expanding set of connected systems and devices that gather and analyze data) offer the ability to harness the enormous amounts of national data, as well as data produced by today’s defence systems, platforms, networks and a vast array of connected sensors.
In such a high-stakes field, we understand the instinct of some to store sensitive data on-premises. However, there is a false assumption that on-premises computing is more secure than the cloud. Microsoft invests over $1B USD in Security R&D annually to deploy and build industry-leading security controls into Microsoft product and cloud services. Beyond the security features and controls, because we serve billions of customers globally, we are able to aggregate security data from a broad and diverse spectrum of companies, organizations, and consumers. Our unique position helps us generate a high-fidelity picture of the current state of cybersecurity, including indicators to help us predict what attackers will do next. This picture is informed by over 8 trillion security signals per day. To protect our customers, we spend significant resources not only to monitor, but also to disrupt nation state attacks attempted on our platform as well as our customers. We also provide our analysis of the intent behind nation state threats and how to defend against them.
Through our work with customers in this field, we’ve seen over the past year a dramatic shift in how military and intelligence teams work, collaborate and forge new skills. As a country, we can greatly benefit from this type of collaboration and multilateral partnerships – both internationally and within Canada between government, industry, and academia – to innovate and establish a working framework for data protection and cybersecurity.
For more information, please visit: aka.ms/DefenceInCanada
This article is been published as part of a sponsorship agreement with Microsoft Canada. Thank you for supporting what we do at the CDA Institute and for contributing to the analysis.
John Weigelt is the National Technology Officer for Microsoft Canada, where he is responsible for driving its strategic technology efforts. As part of his role, he helps business and governments innovate with technology. He has 25 years of experience in cybersecurity, pioneering work in protocols, practices, policies, programs, and partnerships to increase cyber assurance. He also leads Microsoft Canada’s Responsible AI program and was one of the authors of Canada’s National Standard on Ethics in the Design and Use of Automated Decision Systems.