SlideShare a Scribd company logo

How Privacy in the Cloud Affects Organizations

WSO2, profile picture
WSO2

The document discusses the implications of cloud privacy on organizations, emphasizing the reasons for cloud adoption, including business agility and cost efficiency. It details the challenges that arise, particularly in data protection, legal obligations, and the necessity of adhering to privacy principles while securing data at various stages. Solutions and compliance with established laws are also outlined to help organizations protect personal information in cloud environments.

Technology
Related topics:
Cloud Computing InsightsCloud Security Insights
1 of 25
Downloaded 35 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
How Privacy in the Cloud Affects Organizations Thilina Piyasundara Systems Engineer WSO2 Cloud Team
Agenda Why Organizations Moving to Cloud? Risks/Challenges in Cloud Top Privacy Challenges in Cloud Legal Obligations How to Protect Privacy in Cloud?
Cloud Services for Organizations Image source: https://blog.cloudsecurityalliance.org/wp-content/uploads/2014/07/top-20-enterprise-blog.jpeg
Why Organizations Moving to Cloud? ● Maintaining Focus on the Business ● Business Agility ● Reduced Capital Expenditures ● Scale ● Access from Anywhere ● Staffing Efficiency ● Security and Disaster Recovery ● API Driven Architectures and Collaboration Between Organizations
Statistics
How Privacy in the Cloud Affects Organizations
Risks/Challenges in Cloud
Data Breaches *Not directly related to cloud
Top Privacy Challenges in Cloud
Data Breaches http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Legal Obligations A business that stores information in the cloud must be able to control access to and use of the information as well as protect the legal rights of the individuals whose information has been sent to the cloud. Laws prohibit some data from being used for secondary reasons other than the purpose for which it was originally collected.
How to Protect Privacy in Cloud?
Privacy Principles ● Storage and security of personal information ● Access to personal information ● Correctness of personal information ● Limits on use of personal information ● Limits on disclosure of personal information
Shared Responsibility Model in Cloud
Data Protection
Securing data in creation ● How you collect or generate information? ○ Open forms ○ Insecure websites ○ Publically available data ○ Trust factors ● Solutions ○ Secure web applications with authorization like Google Forms
Securing data in rest ● How you protect data in rest (storage)? ○ Who can access data? ○ How you store data (raw files/binary/databases)? ○ What encryption algorithms use to encrypt data? ● Solutions ○ Manage user access to storages ○ Support multiple data centers in different geographical locations ○ Support full disk encryption and database encryption ○ Highly available data volumes for instances and object storages for files/objects
Securing data while processing ● Where you process data? ○ Is the data processes in a shared environment? ● Solutions
Securing data while transmission ● How you move data from one location to another? ○ Can someone intercept and get your data? ○ Can someone alter your data streams? ● Solutions ○ Use IPSec VPNs ○ Use TLS for web traffic ○ Use DNSSec for DNS
Securing data archives ● How you keep backups? ○ Backup frequency ○ Data retention ○ Backup storage security ○ Access to backup data ○ Validate integrity ● Solutions ○ Encrypt before storing ○ Manage user access to archives and encryption keys ○ Replication over geographical locations
Destroy data securely ● How you delete data? ○ Data retention ○ Can we make public? ○ Can we forget about backups? ○ What about data storage hardware? ● Solutions ○ Write arbitrary data to data blocks ○ Cloud provides use standard ways to destruct data
Policies and Compliance ● Policies ○ Have a proper security policy ○ Manage proper data classification ○ Properly manage access to data in all stages ○ Align processes with international standards ● Compliance ○ EU data protection act ○ Health Insurance Portability and Accountability Act (HIPAA) ○ Children Online Privacy Protection Act (COPPA) ○ Electronic Communications Privacy Act (ECPA) ○ Fair Credit Reporting Act (FCRA) ○ Fair and Accurate Credit Transaction Act (FACTA) ○ Gramm Leach Bliley Act and the related privacy rules
How Privacy in the Cloud Affects Organizations
The Debate on Personal Privacy and National Security
Thank You!

More Related Content

PDF
How Privacy in the Cloud Affects End-Users
WSO2
 
PDF
Dealing with Common Data Requirements in Your Enterprise
WSO2
 
PPTX
A Little Security For Big Data
Saurabh Kheni
 
PPTX
Your only as strong as your weakest link – Edward Ogden
owaspsuffolk
 
PDF
Realizing the Value of Social: Evolving from Social Media to Customer Experience
Tata Consultancy Services
 
PPTX
How can cas bs help
CipherCloud
 
PPTX
Big data security challenges and recommendations!
cisoplatform
 
PPTX
Security bigdata
Jitendra Chauhan
 
How Privacy in the Cloud Affects End-Users
WSO2
 
Dealing with Common Data Requirements in Your Enterprise
WSO2
 
A Little Security For Big Data
Saurabh Kheni
 
Your only as strong as your weakest link – Edward Ogden
owaspsuffolk
 
Realizing the Value of Social: Evolving from Social Media to Customer Experience
Tata Consultancy Services
 
How can cas bs help
CipherCloud
 
Big data security challenges and recommendations!
cisoplatform
 
Security bigdata
Jitendra Chauhan
 

What's hot (20)

PDF
SPUnite17 Microsoft Cloud Deutschland
NCCOMMS
 
PDF
Expanded top ten_big_data_security_and_privacy_challenges
Tom Kirby
 
PDF
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Financial Poise
 
PDF
C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood
DataStax Academy
 
PDF
Personal Data Privacy Semantics in Multi-Agent Systems Interactions
Jean-Paul Calbimonte
 
PDF
Cloud Types and Security- Which one is right for you?
Fuji Xerox Asia Pacific
 
ODP
Securing The Cloud
george.james
 
PPTX
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Ulf Mattsson
 
PPTX
Cas 4
Byju Antony
 
PDF
Audit Log Protection: Avoiding a False Sense of Security
Nbukhari
 
PDF
Kogni - A Data Security Product. Discovers, Secures, & Monitors Sensitive Ent...
Kogni
 
PDF
What Is "Secure"?
Peter Coffee
 
PDF
Serverless Security Checklist
Simform
 
PPTX
Customer Data Privacy & Protection | Seclore
Seclore
 
PDF
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Cláudia Alves
 
PPTX
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
Gene Kim
 
PDF
dev.privacy: GDPR in a nutshell - Evan Tedeschi - Codemotion Amsterdam 2018
Codemotion
 
PPTX
Seclore Advantage Channel Program
Seclore
 
PPTX
Cloud Data Security
Seclore
 
PDF
Prevoty Integri Datasheet
Prevoty
 
SPUnite17 Microsoft Cloud Deutschland
NCCOMMS
 
Expanded top ten_big_data_security_and_privacy_challenges
Tom Kirby
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Financial Poise
 
C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood
DataStax Academy
 
Personal Data Privacy Semantics in Multi-Agent Systems Interactions
Jean-Paul Calbimonte
 
Cloud Types and Security- Which one is right for you?
Fuji Xerox Asia Pacific
 
Securing The Cloud
george.james
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Ulf Mattsson
 
Cas 4
Byju Antony
 
Audit Log Protection: Avoiding a False Sense of Security
Nbukhari
 
Kogni - A Data Security Product. Discovers, Secures, & Monitors Sensitive Ent...
Kogni
 
What Is "Secure"?
Peter Coffee
 
Serverless Security Checklist
Simform
 
Customer Data Privacy & Protection | Seclore
Seclore
 
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Cláudia Alves
 
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
Gene Kim
 
dev.privacy: GDPR in a nutshell - Evan Tedeschi - Codemotion Amsterdam 2018
Codemotion
 
Seclore Advantage Channel Program
Seclore
 
Cloud Data Security
Seclore
 
Prevoty Integri Datasheet
Prevoty
 
Ad

Viewers also liked (20)

PDF
Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2
WSO2
 
PDF
Integração SAP com Plataformas 100% OpenSource
WSO2
 
PDF
WSO2 Guest Webinar: Securing SaaS Apps with Multi-factor Authentication with ...
WSO2
 
PDF
Webinar: Message Tracing and Debugging in WSO2 Enterprise Service Bus
WSO2
 
PDF
Enhanced Developer Experience with WSO2 Enterprise Service Bus Tooling
WSO2
 
PPTX
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0
WSO2
 
PDF
WSO2Con USA 2017: Identity Solution Patterns
WSO2
 
PDF
WSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2
 
PDF
Solution Architecture Patterns for Digital Transformation
WSO2
 
PPTX
Identity Management for Web Application Developers
WSO2
 
PDF
WSO2Con USA 2017: Implementing a Modern API Management Solution that Benefits...
WSO2
 
PPTX
WSO2Con USA 2017: Building a Secure Enterprise
WSO2
 
PDF
WSO2Con USA 2017: Positioning WSO2 for Quicker Uptake
WSO2
 
PDF
WSO2Con USA 2017: Building an Effective API Architecture
WSO2
 
PDF
WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...
WSO2
 
PDF
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2
 
PDF
WSO2Con USA 2017: Scalable Real-time Complex Event Processing at Uber
WSO2
 
PDF
Google Analytics 100% (not provided) - what does it mean?
Crafted
 
PPTX
Social Media and Privacy
Typeset
 
PPT
Privacy & social media
Prof. Jacques Folon (Ph.D)
 
Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2
WSO2
 
Integração SAP com Plataformas 100% OpenSource
WSO2
 
WSO2 Guest Webinar: Securing SaaS Apps with Multi-factor Authentication with ...
WSO2
 
Webinar: Message Tracing and Debugging in WSO2 Enterprise Service Bus
WSO2
 
Enhanced Developer Experience with WSO2 Enterprise Service Bus Tooling
WSO2
 
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0
WSO2
 
WSO2Con USA 2017: Identity Solution Patterns
WSO2
 
WSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2
 
Solution Architecture Patterns for Digital Transformation
WSO2
 
Identity Management for Web Application Developers
WSO2
 
WSO2Con USA 2017: Implementing a Modern API Management Solution that Benefits...
WSO2
 
WSO2Con USA 2017: Building a Secure Enterprise
WSO2
 
WSO2Con USA 2017: Positioning WSO2 for Quicker Uptake
WSO2
 
WSO2Con USA 2017: Building an Effective API Architecture
WSO2
 
WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...
WSO2
 
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2
 
WSO2Con USA 2017: Scalable Real-time Complex Event Processing at Uber
WSO2
 
Google Analytics 100% (not provided) - what does it mean?
Crafted
 
Social Media and Privacy
Typeset
 
Privacy & social media
Prof. Jacques Folon (Ph.D)
 
Ad

Similar to How Privacy in the Cloud Affects Organizations (20)

PDF
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
VMUG IT
 
PDF
Understanding the Future of Data Storage
A2 Cloud Hosting Services
 
PPT
Effective data protection for businesses with multiple locations
InTechnology Managed Services (part of Redcentric)
 
PDF
Efficient Cloud Storage & Data Management Solutions
DoxandBox
 
PDF
SureSkills GDPR - Discover the Smart Solution
Google
 
PDF
cloud computing related to communication.pdf
subscribeus100
 
PPTX
Group 4
liujiaxuan
 
PPTX
Group 4
liujiaxuan
 
PPTX
Webinar: How to Design Primary Storage for GDPR
Storage Switzerland
 
PDF
Cloud data governance, risk management and compliance ny metro joint cyber...
Ulf Mattsson
 
PDF
A proposed Solution: Data Availability and Error Correction in Cloud Computing
CSCJournals
 
PPTX
Make the Upgrade: Data protection in the cloud
Erik Von Schlehenried
 
PDF
Encryption Technique for a Trusted Cloud Computing Environment
IOSR Journals
 
PDF
H017155360
IOSR Journals
 
PDF
Encryption Technique for a Trusted Cloud Computing Environment
IOSR Journals
 
PDF
Encryption Technique for a Trusted Cloud Computing Environment
IOSR Journals
 
PDF
Safeguarding Sensitive Data with Encryption
Home
 
PDF
Cloud Auditing With Zero Knowledge Privacy
IJERA Editor
 
PPTX
Unit -3.pptx cloud Security unit -3 notes
Ramya Nellutla
 
PPTX
Microsoft Cloud GDPR Compliance Options (SUGUK)
Andy Talbot
 
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
VMUG IT
 
Understanding the Future of Data Storage
A2 Cloud Hosting Services
 
Effective data protection for businesses with multiple locations
InTechnology Managed Services (part of Redcentric)
 
Efficient Cloud Storage & Data Management Solutions
DoxandBox
 
SureSkills GDPR - Discover the Smart Solution
Google
 
cloud computing related to communication.pdf
subscribeus100
 
Group 4
liujiaxuan
 
Group 4
liujiaxuan
 
Webinar: How to Design Primary Storage for GDPR
Storage Switzerland
 
Cloud data governance, risk management and compliance ny metro joint cyber...
Ulf Mattsson
 
A proposed Solution: Data Availability and Error Correction in Cloud Computing
CSCJournals
 
Make the Upgrade: Data protection in the cloud
Erik Von Schlehenried
 
Encryption Technique for a Trusted Cloud Computing Environment
IOSR Journals
 
H017155360
IOSR Journals
 
Encryption Technique for a Trusted Cloud Computing Environment
IOSR Journals
 
Encryption Technique for a Trusted Cloud Computing Environment
IOSR Journals
 
Safeguarding Sensitive Data with Encryption
Home
 
Cloud Auditing With Zero Knowledge Privacy
IJERA Editor
 
Unit -3.pptx cloud Security unit -3 notes
Ramya Nellutla
 
Microsoft Cloud GDPR Compliance Options (SUGUK)
Andy Talbot
 

More from WSO2 (20)

PDF
Demystifying CMS-0057-F - Compliance Made Seamless with WSO2
WSO2
 
PDF
Quantum Threats Are Closer Than You Think – Act Now to Stay Secure
WSO2
 
PDF
Modern Platform Engineering with Choreo - The AI-Native Internal Developer Pl...
WSO2
 
PDF
Application Modernization with Choreo - The AI-Native Internal Developer Plat...
WSO2
 
PDF
Build Smarter, Deliver Faster with Choreo - An AI Native Internal Developer P...
WSO2
 
PDF
Platformless Modernization with Choreo.pdf
WSO2
 
PDF
Application Modernization with Choreo for the BFSI Sector
WSO2
 
PDF
Choreo - The AI-Native Internal Developer Platform as a Service: Overview
WSO2
 
PDF
[Roundtable] Choreo - The AI-Native Internal Developer Platform as a Service
WSO2
 
PPTX
WSO2Con 2025 - Building AI Applications in the Enterprise (Part 1)
WSO2
 
PPTX
WSO2Con 2025 - Building Secure Business Customer and Partner Experience (B2B)...
WSO2
 
PPTX
WSO2Con 2025 - Building Secure Customer Experience Apps
WSO2
 
PPTX
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
WSO2
 
PPTX
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
WSO2
 
PPTX
WSO2Con 2025 - Unified Management of Ingress and Egress Across Multiple API G...
WSO2
 
PPTX
WSO2Con 2025 - How an Internal Developer Platform Lets Developers Focus on Code
WSO2
 
PPTX
WSO2Con 2025 - Architecting Cloud-Native Applications
WSO2
 
PDF
Mastering Intelligent Digital Experiences with Platformless Modernization
WSO2
 
PDF
Accelerate Enterprise Software Engineering with Platformless
WSO2
 
PDF
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2
 
Demystifying CMS-0057-F - Compliance Made Seamless with WSO2
WSO2
 
Quantum Threats Are Closer Than You Think – Act Now to Stay Secure
WSO2
 
Modern Platform Engineering with Choreo - The AI-Native Internal Developer Pl...
WSO2
 
Application Modernization with Choreo - The AI-Native Internal Developer Plat...
WSO2
 
Build Smarter, Deliver Faster with Choreo - An AI Native Internal Developer P...
WSO2
 
Platformless Modernization with Choreo.pdf
WSO2
 
Application Modernization with Choreo for the BFSI Sector
WSO2
 
Choreo - The AI-Native Internal Developer Platform as a Service: Overview
WSO2
 
[Roundtable] Choreo - The AI-Native Internal Developer Platform as a Service
WSO2
 
WSO2Con 2025 - Building AI Applications in the Enterprise (Part 1)
WSO2
 
WSO2Con 2025 - Building Secure Business Customer and Partner Experience (B2B)...
WSO2
 
WSO2Con 2025 - Building Secure Customer Experience Apps
WSO2
 
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
WSO2
 
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
WSO2
 
WSO2Con 2025 - Unified Management of Ingress and Egress Across Multiple API G...
WSO2
 
WSO2Con 2025 - How an Internal Developer Platform Lets Developers Focus on Code
WSO2
 
WSO2Con 2025 - Architecting Cloud-Native Applications
WSO2
 
Mastering Intelligent Digital Experiences with Platformless Modernization
WSO2
 
Accelerate Enterprise Software Engineering with Platformless
WSO2
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2
 

Recently uploaded (20)

PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
A Presentation on Artificial Intelligence
memembruh336
 
Approach and Philosophy of On baking technology
30anthuong17
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 

How Privacy in the Cloud Affects Organizations

  • 1. How Privacy in the Cloud Affects Organizations Thilina Piyasundara Systems Engineer WSO2 Cloud Team
  • 2. Agenda Why Organizations Moving to Cloud? Risks/Challenges in Cloud Top Privacy Challenges in Cloud Legal Obligations How to Protect Privacy in Cloud?
  • 3. Cloud Services for Organizations Image source: https://blog.cloudsecurityalliance.org/wp-content/uploads/2014/07/top-20-enterprise-blog.jpeg
  • 4. Why Organizations Moving to Cloud? ● Maintaining Focus on the Business ● Business Agility ● Reduced Capital Expenditures ● Scale ● Access from Anywhere ● Staffing Efficiency ● Security and Disaster Recovery ● API Driven Architectures and Collaboration Between Organizations
  • 8. Data Breaches *Not directly related to cloud
  • 11. Legal Obligations A business that stores information in the cloud must be able to control access to and use of the information as well as protect the legal rights of the individuals whose information has been sent to the cloud. Laws prohibit some data from being used for secondary reasons other than the purpose for which it was originally collected.
  • 12. How to Protect Privacy in Cloud?
  • 13. Privacy Principles ● Storage and security of personal information ● Access to personal information ● Correctness of personal information ● Limits on use of personal information ● Limits on disclosure of personal information
  • 16. Securing data in creation ● How you collect or generate information? ○ Open forms ○ Insecure websites ○ Publically available data ○ Trust factors ● Solutions ○ Secure web applications with authorization like Google Forms
  • 17. Securing data in rest ● How you protect data in rest (storage)? ○ Who can access data? ○ How you store data (raw files/binary/databases)? ○ What encryption algorithms use to encrypt data? ● Solutions ○ Manage user access to storages ○ Support multiple data centers in different geographical locations ○ Support full disk encryption and database encryption ○ Highly available data volumes for instances and object storages for files/objects
  • 18. Securing data while processing ● Where you process data? ○ Is the data processes in a shared environment? ● Solutions
  • 19. Securing data while transmission ● How you move data from one location to another? ○ Can someone intercept and get your data? ○ Can someone alter your data streams? ● Solutions ○ Use IPSec VPNs ○ Use TLS for web traffic ○ Use DNSSec for DNS
  • 20. Securing data archives ● How you keep backups? ○ Backup frequency ○ Data retention ○ Backup storage security ○ Access to backup data ○ Validate integrity ● Solutions ○ Encrypt before storing ○ Manage user access to archives and encryption keys ○ Replication over geographical locations
  • 21. Destroy data securely ● How you delete data? ○ Data retention ○ Can we make public? ○ Can we forget about backups? ○ What about data storage hardware? ● Solutions ○ Write arbitrary data to data blocks ○ Cloud provides use standard ways to destruct data
  • 22. Policies and Compliance ● Policies ○ Have a proper security policy ○ Manage proper data classification ○ Properly manage access to data in all stages ○ Align processes with international standards ● Compliance ○ EU data protection act ○ Health Insurance Portability and Accountability Act (HIPAA) ○ Children Online Privacy Protection Act (COPPA) ○ Electronic Communications Privacy Act (ECPA) ○ Fair Credit Reporting Act (FCRA) ○ Fair and Accurate Credit Transaction Act (FACTA) ○ Gramm Leach Bliley Act and the related privacy rules
  • 24. The Debate on Personal Privacy and National Security