• No results found

Implications for Cloud Computing & Data Privacy

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Implications for Cloud Computing & Data Privacy"

Copied!
34
0
0

Loading.... (view fulltext now)

Download now ( 34 Page )

Full text

(1)

Diane Mueller

Cloud Evangelist, ActiveState [email protected]

http://www.activestate.com/stackato

(2)

Founded 1997

2 million developers, 97% of Fortune 1000

Development, management, distribution & cloud deployment for dynamic languages

(3)

Drivers for Cloud Computing US Patriot Act & Data Privacy

(4)
(5)

Savings of physical IT costs Faster Deployment Times

Higher Levels of Application Availability Reliability & Fault Tolerance

Access Anywhere

(6)

Maintain privacy & confidentiality Preserve intellectual property rights

Potential for intervention by foreign governments Manage operational & commercial risks

(7)

Information is

no longer in your direct custody or control.

handed over to a third party to manage

resident in a different jurisdiction or multiple jurisdictions

Mass-market cloud services are subject to “take it or leave it” service agreements

(8)

Signed into law in October 2001

Extended in May 2011

grants privileges to access private data in case of suspected terrorist threats

(9)
(10)
(11)
(12)

New powers of surveillance and search/seizure extend to records of anyone (including Foreign Nationals) in the US.

Extends to records in the custody of

US companies in Foreign Countries

(13)

Cloud Computing is premised

on the concept of infrastructure pooling regardless of geographic location.

Users may not

have visibility in relation to the ultimate location of data.

Data may not

in fact be pooled in one place

(14)

Data that is housed or passes through the United States is vulnerable to interception by authorities

applies to:

Everyone living and visiting the country, including any foreign national who spends time on U.S. soil as part of a visa

arrangement.

(15)

BBC Worldwide HQ in London

also has studios and offices in the U.S

(16)

National Security Letters

can involve a gag order

prevents the organization from ever disclosing receipt of a letter requiring the handover of

records.

Vendors cannot provide a guarantee that their customers would be informed

(17)

Regulators

may restrict the

international transfer of certain kinds of data, even require certain

kinds of data to be kept separate and not be

(18)

MSFT could not guarantee the sovereignty of European customers’ data in its data centers

If the US Patriot Act was invoked,

MSFT would be compelled to hand data over to US authorities and would keep the data transfer secret

This contravenes the new EU Data Protection Directive which requires organizations to inform users when

personal information is disclosed

(19)

CEO, Reinhard Clemens

"The Americans say that no matter what happens I'll release the data to the government if I'm forced to do so, from anywhere in the world, certain German companies don't want others to access their systems. That's why we're well-positioned if we can

(20)

Remains responsible for protecting and safeguarding information

Needs to make informed choices

Take be a risk-based approach

What is the sensitivity of the information? What is the risk to the data?

What role does the jurisdiction play in that risk?

(21)
(22)

Own the infrastructure Run your own cloud in your data center

Host your own services Minimize the number of layers between you and the NSL

Minimizes US Patriot Act

(23)

Keep all your data within your own firewalls

Avoids the Gag Issue

If the US Gov’t wants information – they have to ask you, not some cloud provider

Keep all your data within secure containers

Multi-tenancy Security by Isolation

Ensure Privacy within your organization

Encrypt your data when you transmit it beyond your firewalls

(24)
(25)

Greater oversight & control Maintaining security of data

Greater control over computational resources Exclusive to an organization

(26)

Applications (SaaS)

Application Middleware/Platform (PaaS)

(27)

IaaS Layer:

Gives you an Elastic Playground Pooled Resourcing

Shared Operating System Shared Services

Security by

(28)

PaaS Layer:

gives your applications individual Playgrounds

Everyone gets their own Operating system No Shared Services

(29)

Applications need more than just infrastructure!

Applications Need Secure Environments

Applications need middleware components: languages, modules, databases, web servers Apps don’t deploy themselves

A PaaS automatically configures and deploys the middleware,

(30)
(31)

Maintain accountability and ensure security

Keep your & your clients’ data private & secure Ensure that you are notified requests for

information based US Patriot Act

Still get all the benefits of cloud (elasticity, pooling resources within your organization, with faster

time-to-market) on a private cloud

(32)

Hybrid Clouds Private Clouds

Your App

(33)
(34)

www.activestate.com/cloud

Twitter: @activestate (#stackato)

Blog: www.activestate.com/blog

Email: [email protected]

References

Download now ( PDF - 34 Page - 2.91 MB )

Related documents

Report No. CDOT Final Report LIFE CYCLE COST ANALYSIS AND DISCOUNT RATE ON PAVEMENTS FOR THE COLORADO DEPARTMENT OF TRANSPORTATION

Salvage value represents the value of an investment alternative at the end of the analysis period. One future expense that warrants further explanation is that of residual

Fagron BV Q Results

Fagron BV Q1 2016 Results Then the third question, regarding the AGM, as you know, we had an Extraordinary Shareholders Meeting planned for the 14th of April, which of

Comparing Security Self-Efficacy Amongst College Freshmen and Senior, Female and Male Cybersecurity Students

This study sought to determine if there was a difference in the self-efficacy of freshman and senior, female and male Cybersecurity students relating to threats associated with

Tribological Properties At The Interface Of The aluminum and aluminum oxide

The effect of passive oxide film prepared by different methods such as thermal oxidation, chemical oxidation and chemical oxidation followed by annealing on the

Does the current process to address labour rights violations of Migrant Domestic Workers in Hong Kong Provide an Effective Remedy?

It will: define the concept of an effective remedy; establish Hong Kong’s legal responsibility to provide an effective remedy for human rights violations as a party to International

FRAMESHIFT SUPPRESSION IN SACCHAROMYCES CEREVISIAE VI. COMPLETE GENETIC MAP OF TWENTY-FIVE SUPPRESSOR GENES

These results represent the completion of genetic mapping studies on all 25 of the known frameshift suppressor genes in yeast.-The approximate location of

A Wideband and High Gain Dual-Polarzied Antenna Design by a Frequency-Selective Surface for WLAN Application

Near its resonance frequency where the reflection coefficient of surface is about unity, the radiating source and FSS layer produce resonance condition in which the directivity of