1 / 7

Protecting the Privacy and Security of Sensitive customer Data in the Cloud

Protecting the Privacy and Security of Sensitive customer Data in the Cloud. 8/29/12. Information Privacy and Security. Providing for information security and privacy of customer data is a necessary part of the cloud management paradigm. Some privacy and security risks are:

eavan
Download Presentation

Protecting the Privacy and Security of Sensitive customer Data in the Cloud

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Protecting the Privacy and Security of Sensitive customer Data in the Cloud 8/29/12

  2. Information Privacy and Security • Providing for information security and privacy of customer data is a necessary part of the cloud management paradigm. • Some privacy and security risks are: • Shared resources between subscribers that do not know each other. Insider exploits. • Increased system complexity can provide a large attack surface through known system vulnerabilities.

  3. Information Privacy and Security • Delivery of services over the network exposes the information to network based attacks. • These attacks would normally be prevented by firewalls and DMZs. • Potential for cloud providers to mismanage their external security responsibilities and open the customer to unknown threats.

  4. Aspects of Cloud Could Enhance Security • Cloud providers could provide specialized staff dedicated to security, where the customer may not be able to afford it. • Cloud platforms may be more resilient to potential attacks, because they may be audited more frequently, and may have pen testing run on them. • Cloud providers may have more resources to meet standards for operational and security compliance, especially in financial or health domains. • Cloud providers will certainly have more scalability to meet the demands of their customers, thus eliminating the possibility of space limitation vulnerabilities.

  5. Aspects of Cloud Could Enhance Security • Cloud services may include superior backup and recovery policies. • Cloud providers are probably able to better make data accessible through alternate platforms, such as mobile devices. • Security vulnerabilities in the cloud may be better addressed at the device level. Mobile devices for instance probably provide more security features at the OS level than normal platforms.

  6. What is sensitive data? • Personal Data • Personally identifiable data: name, DOB, SSN, CC numbers, Bank acct numbers, etc. • Depends on location, but special categories of data can include: racial origins, political opinions, religious beliefs, health data, sexual preferences or criminal records. • Other sensitive data could be location of users of mobile devices.

  7. How the U.S. Regulates Privacy and Security in the Cloud • Currently no laws addressing cloud security in particular. • Other laws include: • HIPAA • FERMA • ECPA

More Related