Download
protecting the privacy and security of sensitive customer data in the cloud n.
Skip this Video
Loading SlideShow in 5 Seconds..
Protecting the Privacy and Security of Sensitive customer Data in the Cloud PowerPoint Presentation
Download Presentation
Protecting the Privacy and Security of Sensitive customer Data in the Cloud

Protecting the Privacy and Security of Sensitive customer Data in the Cloud

180 Vues Download Presentation
Télécharger la présentation

Protecting the Privacy and Security of Sensitive customer Data in the Cloud

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Protecting the Privacy and Security of Sensitive customer Data in the Cloud 8/29/12

  2. Information Privacy and Security • Providing for information security and privacy of customer data is a necessary part of the cloud management paradigm. • Some privacy and security risks are: • Shared resources between subscribers that do not know each other. Insider exploits. • Increased system complexity can provide a large attack surface through known system vulnerabilities.

  3. Information Privacy and Security • Delivery of services over the network exposes the information to network based attacks. • These attacks would normally be prevented by firewalls and DMZs. • Potential for cloud providers to mismanage their external security responsibilities and open the customer to unknown threats.

  4. Aspects of Cloud Could Enhance Security • Cloud providers could provide specialized staff dedicated to security, where the customer may not be able to afford it. • Cloud platforms may be more resilient to potential attacks, because they may be audited more frequently, and may have pen testing run on them. • Cloud providers may have more resources to meet standards for operational and security compliance, especially in financial or health domains. • Cloud providers will certainly have more scalability to meet the demands of their customers, thus eliminating the possibility of space limitation vulnerabilities.

  5. Aspects of Cloud Could Enhance Security • Cloud services may include superior backup and recovery policies. • Cloud providers are probably able to better make data accessible through alternate platforms, such as mobile devices. • Security vulnerabilities in the cloud may be better addressed at the device level. Mobile devices for instance probably provide more security features at the OS level than normal platforms.

  6. What is sensitive data? • Personal Data • Personally identifiable data: name, DOB, SSN, CC numbers, Bank acct numbers, etc. • Depends on location, but special categories of data can include: racial origins, political opinions, religious beliefs, health data, sexual preferences or criminal records. • Other sensitive data could be location of users of mobile devices.

  7. How the U.S. Regulates Privacy and Security in the Cloud • Currently no laws addressing cloud security in particular. • Other laws include: • HIPAA • FERMA • ECPA