Broad network access

Broad network access is one of the five essential characteristics of cloud computing defined by the U.S. National Institute of Standards and Technology (NIST). According to its Special Publication 800-145, it means "Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations)." This enables ubiquitous access from any device.

For Taiwan's high-tech and manufacturing supply chains, which rely on cloud services for collaboration, broad access introduces significant risks. Improper access controls can increase the risk of trade secret leakage or violate Taiwan's Personal Data Protection Act's requirements for access logs. The rise of remote work and BYOD exacerbates these risks, demanding robust controls to ensure only authorized personnel access sensitive data from secure devices and networks to prevent legal and financial damages.

This concept is directly related to several security standards. In ISO/IEC 27001:2022 Annex A, it relates to controls like A.5.15 Access control, A.8.3 Information access restriction, and A.8.23 Web filtering. For cloud services, ISO/IEC 27017:2015 is crucial, particularly clauses 6.3.1 (Segregation in virtual computing environments) and 12.1.5 (Administrator operational environment), which address network security in multi-tenant environments and secure remote access.

As Taiwan's first consultancy to integrate ERM, industrial engineering, and technology law, Winners Consulting offers a unique advantage. Guided by our founder's preventive law philosophy, we don't just implement ISO standards; we vertically integrate them with corporate governance and internal controls to create a seamless system. Our multidisciplinary team of tech lawyers, ISO lead auditors, and data scientists designs access strategies that balance convenience with robust trade secret protection for industries like semiconductors and finance, embedding legal compliance directly into your technical architecture.