15 non-IT
execs
10 (n=264)
5
0
t
y
ks
s
se
se
s
lit
rit
es
ie
se
ris
ca
bi
cu
lic
en
ill
es
ra
sk
ry
po
se
ar
pe
oc
s
to
ne
g
aw
g
pr
ro
la
in
in
si
gu
te
ild
ss
st
of
bu
in
bu
ju
re
ne
ck
ad
si
la
bu
4
4
WHAT IS PRIVACY?
solicited marketing
ntity theft
vealing personal information friends, family members
: Behavioral advertising
vernment surveillance
bpoena of information stored “in
in the cloud
cloud”
HP Confidential
IVACY CHALLENGES
Businesses
ta breaches
an be costly (on average $204 per record, according to 2010 Ponemon
stitute study)
HP Confidential
IVACY ISSUES FOR CLOUD COMPUTING
mplex information environment
Data flows tend to be global and dynamic
Data proliferation
Dynamic provisioning
Security and
rivacy relates to
confidentiality can relate
ersonal information
to all information
Context
C t t is
i iimportant:
t t different
diff t information
i f ti can
have different privacy, security and confidentiality
requirements
HP Confidential
HE CLOUD SECURITY ALLIANCE
ECURITY HIERARCHY
Data Flows
cation matters
ficult to comply with legislation
specially transborder data flow requirements
Cloud Cloud
S i
Service Service
Provider Consumer
u own and manage all of the IT assets You don’t need software, hardware,
u assume the specific costs and risks technical knowledge.
e service components Two very different You don’t own the assets.
roles You don’t
don t assume the specific costs
and risks of the service components
c persistent
protocols, well-known
Context-based info, practices
g relating
e.g. g to
software state, underlying security infrastructure
location, time, policy
right 2010 Hewlett-Packard Development Company, L.P. certified hardware
UST ISSUES FOR CLOUD COMPUTING
e different
diff t approaches
h
right 2010 Hewlett-Packard Development Company, L.P.
PORTANCE OF CONTEXT
vacy need be taken into account only if the cloud service handles
rsonal information,, in the sense of collecting,
g, transferring,
g, processing,
p g,
aring or storing it
vacy threats differ according to the type of cloud scenario, e.g.
low privacy threat if the cloud service is to process information that is (or is very shortly to
be) public, cf. NY Times
high privacy threat for cloud services that are dynamically personalized – based on
people’s location, preferences, calendar and social networks, etc.
ntext is central to requirements
The same information collected in a different context by a different entity might have
completely different data protection requirements.
Multiple requirements may need to be met by the same provider.
− e.g. cloud-based services marketplace customer engaged in international health study would have to comply with EU
and US privacy laws, and as the data controller, would need a way to obtain assurances that any potential service
suppliers are employing proper data privacy protection practice
anizations
Is Is Not
ta security mitigation
ncryption
llutions
ti need
d tto address
dd a combination
bi ti off iissues above
b => new
echanisms
right 2010 Hewlett-Packard Development Company, L.P.
RRENT RESEARCH
fuscation
sign patterns
countability in the cloud
turall language
l policies
li i iin contract associated
i d with
i h llower-level
l l
chine-readable policies that
efine usage constraints of the associated PII
ansmitted through the cloud associated with PII
ted upon automatically within the cloud without the need for human
ervention
vacyy p
protecting
g controls built into different aspects
p of the business
cess
going process of review throughout the contractual chain
k5 January,
assessment & decision support to assess harm
right 2010 Hewlett-Packard Development Company, L.P.
2011
COUNTABILITY
R l
Regulator D S bj
Data Subject
Data Controller
PIA Process
Penalises failure
Acceptable Risk Reactive provisions
Proactive provisions
Cloud Service Provider
Cloud Service Provider
Technical solutions
Internal compliance
Contracts