Ensuring Data Confidentiality in Cloud Services

Slide Note
Embed
Share

Organizations adopting cloud services must prioritize maintaining the confidentiality of sensitive information. Key considerations include data residency, secondary use risks, regulatory frameworks, and contractual agreements with cloud providers. Understanding the implications of data location and legal obligations is crucial to protecting privacy and complying with laws such as GDPR.

moira
moira Follow

Uploaded on Aug 04, 2024 | 2 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Dr. Liang Zhao

  2. Road Map Mobile Security Security Auditing & Risk Analysis WLAN Security Introduction Mobile Network Overview (optional) Evolution of Wireless Network WLAN Overview Evolution of Cloud Cellular Network Security (optional) Infor. Security Essentials WLAN Threats & Vulnerabilities Confidentiality and Integrity of Cloud Mobile Security Threats WLAN Security Cloud Threats & Vulnerabilities WLAN Security Tools Mobile Devices Security (optional) Cloud Security 2

  3. Outline Confidentiality Data Residency Contract for Confidentiality Ensuring Integrity 3

  4. Role of Confidentiality Organisations adopting cloud services need to understand the implications for maintaining the confidentiality of personal or other sensitive business information. The key considerations are how the physical or legal location of data affects its use and ensuring only specified users and devices can view data. Buyers need to understand the regulatory frameworks under which they operate, assess potential providers and draw up suitable contracts to reflect regulatory obligations. 4

  5. Data Residency When considering public cloud services, rather than private or community clouds, an organization needs to understand the potential risk and impact of the secondary use of information. Secondary use of certain information by the provider may violate the laws or terms under which that information was collected. Ex. GDPR Given the variance in privacy legislation across different jurisdictions, the location where information is stored can have significant effects on the protection of privacy and confidentiality as well as on the obligations of those who process or store the information. 5

  6. Data Residency The real horror story for cloud users would be seeing other people s data --Tony Mather, CIO, Clear Channel International business reasons for doing so, it is important to consider whether a provider has: Documented procedures for co-operation with local law enforcement agencies, in order that organisations understand exactly what action would be taken in the event of a data-access request A contractual agreement that prohibits exposure of data without approval, so customers have notice of any proposed hand-over of data to authorities The ability to specify that data reside in particular legal jurisdictions when delivering cloud services to customers in particular countries (to comply with data protection regulations that require data to be stored in given regions). 6

  7. Contract for Confidentiality Where data residency is an important issue, organizations must make sure that this is reflected in the contractual arrangements with their providers. It is important to look for clear policies and practices in order to make an informed decision about the privacy and confidentiality risks. Access control The challenge of multiple logins Granular data control A question of context Caution: evolving architectures Monitor, control, log Cloud can be safer 7

  8. Ensuring Integrity An organisation moving sensitive business data to a cloud environment must take steps to ensure that its data is safe, genuine and accurate. Failing to do so can have both legal and operational consequences. It is therefore important to take data integrity into account as part of the due diligence process when selecting cloud providers. Protecting the integrity of data in a cloud environment is vital. Organizations must: Ensure that data stored using cloud services has not been tampered with Thoroughly address all compliance-related issues Ensure their reputations are protected by working with trusted providers. 8

  9. Ensuring Integrity It is important to ensure providers comply with any regulatory, corporate, industry or other standards relating to cloud services. They must also be able to provide the information their customers require in order to meet their own obligations. To this end, they should be able to demonstrate that: Their systems are secure (e.g. through certification) They can provide an adequate data-audit trail Their terms of use do not jeopardise customers own legislative requirements or ethical codes. 9

  10. Understanding Certification and Standards There are a number of common certifications and standards that providers use to bolster their claims of security and data integrity. The most frequently used are: ISO 27001 the current standard certification for the operation, monitoring, maintenance and improvement of information security management systems ISO 27002 recommendations for information security management (not currently certifiable) ISO/IEC 20000 specifies the minimum process requirements an organization must establish to be able to provide and manage IT services to a defined quality ISO 9001 the most common of a number of quality management certifications. Being certified demonstrates a provider is driven to continually improve its internal, customer-facing and regulatory systems and processes. 10

  11. Auditing and compliance Although cloud computing is a relatively new development, data center management is not. There are already proven tools and formal processes for auditing and testing the security aspects of data centres. For example: Field tests for fail-safety Regular security exercises Formal frameworks for security testing (such as penetration tests) Independent security audits Reports to customers on past service levels. 11

  12. Acknowledgement This course is developed in non-textbook mode. We acknowledge the idea, content, and structure from: The white book of cloud Adoption The white book of cloud Security Mobile security for the rest of us Mobile Security for Dummies https://www.sfh-tr.nhs.uk/media/4866/information-security-mobile-security-for- dummies-ebook.pdf 12

  13. 13

Related


Cloud-Optimized HDF5 Files Overview

Cloud-Optimized HDF5 Files Overview

gianni
Importance of Confidentiality in Shelter Monitoring Committee Training

Importance of Confidentiality in Shelter Monitoring Committee Training

teal
Safeguarding Focal Point Training: Person-Centered Approach and Confidentiality

Safeguarding Focal Point Training: Person-Centered Approach and Confidentiality

simone
Understanding Cloud Federation and Identity Management

Understanding Cloud Federation and Identity Management

islarose
Understanding Cloud Computing: Benefits and Risks

Understanding Cloud Computing: Benefits and Risks

tiggy
Understanding Health Records Confidentiality and Legal Protections

Understanding Health Records Confidentiality and Legal Protections

macint
Exploring Cloud Cryptography for Secure Data Processing

Exploring Cloud Cryptography for Secure Data Processing

vespera
Understanding Cloud Computing Cost Comparison

Understanding Cloud Computing Cost Comparison

thea
Ensuring Client Privacy and Confidentiality in Antiretroviral Therapy Distribution

Ensuring Client Privacy and Confidentiality in Antiretroviral Therapy Distribution

issac
Exploring Data Lakes and Cloud Analytics in Research

Exploring Data Lakes and Cloud Analytics in Research

pavel
Cloud VR Network Requirements and Development Strategy in July 2022

Cloud VR Network Requirements and Development Strategy in July 2022

gunther
Atholton Elementary - Parent Volunteers and Confidentiality Training

Atholton Elementary - Parent Volunteers and Confidentiality Training

valley
Ensuring Cloud Security: Strategies for a Safe Transition

Ensuring Cloud Security: Strategies for a Safe Transition

verena
Leveraging Data Warehouse and Cloud Computing for Informed Decision-Making

Leveraging Data Warehouse and Cloud Computing for Informed Decision-Making

carolyn
Ensuring Confidentiality and Compliance in Handling Information

Ensuring Confidentiality and Compliance in Handling Information

malik
Explore Microsoft Azure Cloud Services

Explore Microsoft Azure Cloud Services

kurtis
Understanding Cloud-Optimized HDF5 Files for Efficient Data Access

Understanding Cloud-Optimized HDF5 Files for Efficient Data Access

elissa
Cloud Migration

Cloud Migration

hiba
Understanding Cloud Computing Architecture and Services

Understanding Cloud Computing Architecture and Services

soren
Orchestrating and Adapting Cloud Services for Dynamic Deployment

Orchestrating and Adapting Cloud Services for Dynamic Deployment

ore_sta
Exploring Emerging Technologies in Cloud Computing

Exploring Emerging Technologies in Cloud Computing

emilis
Understanding Data Centers and Cloud Computing Technologies

Understanding Data Centers and Cloud Computing Technologies

edmund
Understanding Information Security Policies for Effective Cybersecurity

Understanding Information Security Policies for Effective Cybersecurity

ritenour_s
Oracle Cloud Migration Methods Overview

Oracle Cloud Migration Methods Overview

samir

More Related Content

Understanding Ethics in Research: Principles and Major Issues
Understanding Ethics in Research: Principles and Major Issues
Consent and Confidentiality Issues Regarding Minors in Rhode Island Legal Landscape
Consent and Confidentiality Issues Regarding Minors in Rhode Island Legal Landscape
Overview of Egypt's 2017 Population, Housing & Establishments E-Census
Overview of Egypt's 2017 Population, Housing & Establishments E-Census
Modernizing Backup and Archival for the Multi-Cloud World by FalconStor
Modernizing Backup and Archival for the Multi-Cloud World by FalconStor
Advantages and Disadvantages of Cloud Computing Explained
Advantages and Disadvantages of Cloud Computing Explained
Overview of Basic Security Properties and Cryptography Fundamentals
Overview of Basic Security Properties and Cryptography Fundamentals
Transitioning to Cloud Storage Strategy
Transitioning to Cloud Storage Strategy
Symbolic Representation of Azure Cloud Enterprise Services
Symbolic Representation of Azure Cloud Enterprise Services
DataSecurity Plus - Unified Data Visibility and Security Platform
DataSecurity Plus - Unified Data Visibility and Security Platform
Estimation of Surface Solar Radiation in Malang Using Satellite Data Regression
Estimation of Surface Solar Radiation in Malang Using Satellite Data Regression
Conjunctive Searchable Symmetric Encryption From Hard Lattices
Conjunctive Searchable Symmetric Encryption From Hard Lattices
Understanding Cloud Computing, Edge Computing, and Their Applications
Understanding Cloud Computing, Edge Computing, and Their Applications
The European Open Science Cloud: An Opportunity for the Astro Community
The European Open Science Cloud: An Opportunity for the Astro Community
Understanding Amazon EC2: Elastic Compute Cloud Fundamentals
Understanding Amazon EC2: Elastic Compute Cloud Fundamentals
Equal Opportunity and Title IX Hearing Panel Training
Equal Opportunity and Title IX Hearing Panel Training
TEAP Program Overview and Confidentiality in Job Corps
TEAP Program Overview and Confidentiality in Job Corps
Understanding Transparency and Confidentiality in the Local Government Act 2020
Understanding Transparency and Confidentiality in the Local Government Act 2020
New York State Address Confidentiality Program: Application Assistance Provider Tutorial
New York State Address Confidentiality Program: Application Assistance Provider Tutorial
Medical Ethics and Confidentiality Guidelines in Emergency Medicine
Medical Ethics and Confidentiality Guidelines in Emergency Medicine
Understanding Ethics, Confidentiality, and HIPAA in Drug Treatment Courts
Understanding Ethics, Confidentiality, and HIPAA in Drug Treatment Courts
NCVHS Subcommittee on Privacy Comments on HIPAA Privacy Rule for Reproductive Health Care
NCVHS Subcommittee on Privacy Comments on HIPAA Privacy Rule for Reproductive Health Care
Nursing Documentation and Informatics Overview
Nursing Documentation and Informatics Overview
Direct Routing with Teams: Opportunity or Threat?
Direct Routing with Teams: Opportunity or Threat?
NCI Data Collections BARPA & BARRA2 Overview
NCI Data Collections BARPA & BARRA2 Overview