SlideShare a Scribd company logo

Cloud security - Publication

Bianca Mueller, LL.M.
Bianca Mueller, LL.M.

The term cloud is often used but widely misunderstood. The cloud comes in different shapes and sizes. The three most common cloud service models are Infrastructure as a Service (e.g. data storage), Platform as a Service (e.g. web servers, operating system) and Software as a Service (e.g. applications, software, web email). These three service structures can be deployed in four different ways: public cloud, private cloud, community cloud, or hybrid cloud.

Law
1 of 2
Download to read offline
22 | ISSUE 02 PRIVACY BY BIANCA MUELLER Bianca Mueller is a qualified judge from Germany, a German attorney (Rechtsanwältin), and an enrolled solicitor in New Zealand. Bianca routinely presents and publishes both nationally and internationally on a variety of topics, including criminal law, intellectual property, and international law. Bianca can be contacted at info@lawdownunder.com. Cloud-based IT services are touted as a big money saver. They offer flexibility and scalability, enabling users to pool and allocate IT resources as needed by using a minimum amount of physical IT infrastructure to service demand. Cloud- based IT services also offer the convenience of being able to work remotely and access data from anywhere in the world. Sometimes businesses move to the cloud too fast, and fail to conduct a rigorous risk analysis and evaluation of its return on investment. When planning a cloud deployment it pays to look past the hype and to compare the trade-offs between the different types of cloud environments. DIFFERENT SHADES OF CLOUD The term cloud is often used but widely misunderstood. The cloud comes in different shapes and sizes. The three most common cloud service models are Infrastructure as a Service (data storage), Platform as a Service (web servers, operating system) and Software as a Service (applications, software, web email). These three service structures can be deployed in four different ways: public cloud, private cloud, community cloud, or hybrid cloud. In the public cloud, users access services over the Internet. The infrastructure is shared and data can be located in different locations across the globe (virtualisation). Some of the most well-known public cloud providers are Google, Facebook, and Evernote. A private cloud supplies IT services to a restricted group of users within an organisation over a dedicated network link. The private infrastructure can be located onsite or managed through an external provider. A hybrid cloud is a mix of both public and private cloud elements. The privacy and security implications may vary substantially for each user depending on the type of cloud service environment, and the type of information being used. While the public cloud offers the highest potential for cost savings, it also poses the biggest risks in terms of control over data, regulatory compliance, service- level availability, and security. In some situations, the risks of using standard public cloud solutions may outweigh the cost saving benefits. CYBERSECURITY RISKS One problem with the cloud is that it is not secure. Common threats stem from criminal hacking attacks, spying by government agencies, employee negligence, or access through unsecured mobile devices. Over a month ago a flaw was found in the encryption standard used by the majority of web- based services. The Heartbleed bug compromised a swathe of cloud services enabling hackers to retrieve sensitive data, such as secret keys, ticket keys, passwords, etc. The Heartbleed bug is a significant security issue and even more so because it took two years for it to be discovered. REGULATORY COMPLIANCE IN THE PUBLIC CLOUD Most public cloud infrastructures that are available in New Zealand are hosted offshore which gives rise to privacy, security, and jurisdictional issues. The lack of public cloud providers with New Zealand hosting severely reduces the range of public clould services available to New Zealand- based organisations. All agencies that collect, transmit, or store personal information in New Zealand are bound by the privacy principles of the Privacy Act 1993. Organisations that deal with personal information have to comply with the privacy principles. In this regard there is no difference between using cloud services, fixed-server system, or good old paper. EVERYONE IS TALKING CLOUD – HOW SAFE IS YOUR DATA?
NEWLAW 13 JUNE 2014 | 23 PRIVACYREVIEW HOW TO BENEFIT FROM THE CLOUD’S FLEXIBILITY AND COST SAVINGS WHILE STILL PROTECTING YOUR DATA: Conduct an impact assessment to determine the most appropriate cloud environment. Do not buy into the hype – know your data and decide what can go into the public cloud and what cannot. Do not put all your eggs in one basket. Ensure that you fully understand the technical and contractual risks and how they might affect your particular business. Monitor the cloud provider’s activities, and plan for cloud outages. Back-up, encrypt, and bring your own key! The only exception is Principle 5 of the Privacy Act, which requires that reasonable security safeguards are taken against loss, misuse, unauthorised access, use, disclosure, or modification, and that if information is disclosed to another party (eg cloud service provider) everything reasonable is done to prevent unauthorised use or disclosure. Compliance with Principle 5 may be challenging in a public cloud environment because most public cloud providers are based overseas and some countries do not provide the same level of privacy protection as New Zealand. The recently announced overhaul of New Zealand’s privacy laws is likely to increase legal responsibilities for organisations. The revamp of the Privacy Act 1993 is overdue, and is needed to ensure that it reflects technological developments, and is in line with New Zealand’s major trading partners. Another regulatory compliance issue arises in the public cloud with regards to the retention of business records. As an example, financial records must be kept in New Zealand under the Tax Administration Act 1994 and the Goods and Services Tax Act 1985 for at least seven years. However, most public cloud providers are hosted and managed overseas which means New Zealanders cannot use them to process and store their business records. Tax payers and cloud service providers may apply for permission from the Commissioner of Inland Revenue to hold records offshore, Providing the storage of those records offshore does not impede the Commissioner’s compliance activities. So far only eight cloud service providers have received IRD approval to store and hold business records of New Zealand customers outside of New Zealand (Brookers, MYOB, Xero, Reckon New Zealand, Cargo Wise New Zealand, CCH New Zealand, Farm IQ Systems, and Technology One). Other statuary requirements to keep records in New Zealand are contained in the Companies Act 1993, Employment Relations Act 2000, Electronic Transactions Regulations 2003, and Public Records Act 2005. An individual or a business may have contractual or statutory obligations to keep particular information confidential. For instance, an employee or contractor who signed a confidentiality agreement may breach that very agreement by uploading confidential work information into their personal Dropbox account. On the other hand, accountants, lawyers, general practitioners, and other health professionals are by bound by law to confidentiality. For these professions it may not be advisable to use the public cloud to process data relating to their client or patient (ie to use icloud, Google Drive, Dropbox, Evernote). CONTRACTING ISSUES – SMALL CONTRACT, BIG LIABILITY? Users of cloud services should know that they bear the sole responsibility for adequate security, encryption, and back-up of any data, even though the data is hosted by the service provider. Many publicly available cloud services limit the liability of the hosting provider to a level that is not in line with the potential risks. Read the fine print on any contract and know where your risks and liabilities lie. It may surprise you. NL If you are expecting this one-day course to equip you against the sharpest of judicial tongues, or to pull off Denny Crane-style antics and annihilate your opposition, then Gary Gotlieb’s Courtroom Confidence workshop as part of the College of Law’s Advanced Business Skills series is not for you. However, if you would like to know the inner workings of correct court procedures so that your court appearances run smoothly then you are in luck. Ask any lawyer or barrister about success in court and they will most likely tell you it is all about being well-prepared. But it is not all about knowing your case inside out, it is also about familiarising yourself with how court processes operate, etiquette, knowing who is responsible for what, dealing with clients in stressful situations, being respectful to court staff, and even allowing yourself some extra time when arriving at court to allow for last-minute courtroom changes so that you do not arrive late and flustered. It all sounds like relatively low-level stuff, but even the more senior attendees at the workshop admitted to being unfamiliar with certain processes. With over 40 years of legal practice, Gary Gotlieb is arguably one of country’s most experienced barristers. He captivated the workshop attendees who were PDS, private practice, and in- house lawyers at varying levels of experience and practice areas. “The biggest thing you have is your reputation,” is one of the first things Gary says to us. We cover conduct in court and with clients – having empathy for all involved in learning the new Civil and Criminal Procedure Rules, never making an assumption about a how a judge works, using registrars to ensure you are doing admin correctly, always being mindful of saving the court time, always having a copy of the Lawyers and Conveyancers Act to hand, dealing with self-represented litigants, demonstrating good collegiality among counsel, not being afraid to request an adjournment if there is an unexpected change of tack. We then move on to procedures, where Gary had invited two senior court staff to join us to discuss the correct administrative procedures for filling out court forms and filing that will ultimately make the experience smoother for everyone involved. Everything to ensure that you do not end up on the naughty list of slack lawyers – there is one, you know! Courtroom Confidence is suitable for all types of lawyer, even the more experienced ones who may not have had much recent court time. The next Courtroom Confidence workshop is scheduled for 26 June 2014 and is eligible for seven CPD hours. Other Advanced Business Skills Series Workshops include: Investigative Interviewing, Practical Tax for Lawyers: GST and Land, Practical Tax for Lawyers: Tax Disputes and Dealing with the IRD, and Legal Project Management. For more information please visit www.collaw.ac.nz THE COLLEGE OF LAW: ADVANCED BUSINESS SKILLS SERIES – COURTROOM CONFIDENCE REVIEWED BY ANGELA JACOBSEN

Recommended

Legal ethics & cloud computing
Legal ethics & cloud computingLegal ethics & cloud computing
Legal ethics & cloud computing
Patrick Fowler
 
Cloud computing : legal , privacy and contract issues
Cloud computing : legal , privacy and contract issuesCloud computing : legal , privacy and contract issues
Cloud computing : legal , privacy and contract issues
Lilian Edwards
 
Cloud Computing: Legal Issues and Safety Risks by Brian Miller Solicitor
Cloud Computing: Legal Issues and Safety Risks by Brian Miller SolicitorCloud Computing: Legal Issues and Safety Risks by Brian Miller Solicitor
Cloud Computing: Legal Issues and Safety Risks by Brian Miller Solicitor
Brian Miller, Solicitor
 
Cloud computing legal issues
Cloud computing legal issuesCloud computing legal issues
Cloud computing legal issues
Adv Prashant Mali
 
Cloud Computing: legal issues
Cloud Computing: legal issuesCloud Computing: legal issues
Cloud Computing: legal issues
ISPABelgium
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0
David Spinks
 
Cloud computing: Legal and ethical issues in library and information services
Cloud computing: Legal and ethical issues in library and information servicesCloud computing: Legal and ethical issues in library and information services
Cloud computing: Legal and ethical issues in library and information services
e-Marefa
 
Partly Sunny With a Chance of Rain: Forecasting the Legal Issues in Cloud Com...
Partly Sunny With a Chance of Rain: Forecasting the Legal Issues in Cloud Com...Partly Sunny With a Chance of Rain: Forecasting the Legal Issues in Cloud Com...
Partly Sunny With a Chance of Rain: Forecasting the Legal Issues in Cloud Com...
Tom Kulik
 

Recommended

Legal ethics & cloud computing
Legal ethics & cloud computingLegal ethics & cloud computing
Legal ethics & cloud computing
Patrick Fowler
 
Cloud computing : legal , privacy and contract issues
Cloud computing : legal , privacy and contract issuesCloud computing : legal , privacy and contract issues
Cloud computing : legal , privacy and contract issues
Lilian Edwards
 
Cloud Computing: Legal Issues and Safety Risks by Brian Miller Solicitor
Cloud Computing: Legal Issues and Safety Risks by Brian Miller SolicitorCloud Computing: Legal Issues and Safety Risks by Brian Miller Solicitor
Cloud Computing: Legal Issues and Safety Risks by Brian Miller Solicitor
Brian Miller, Solicitor
 
Cloud computing legal issues
Cloud computing legal issuesCloud computing legal issues
Cloud computing legal issues
Adv Prashant Mali
 
Cloud Computing: legal issues
Cloud Computing: legal issuesCloud Computing: legal issues
Cloud Computing: legal issues
ISPABelgium
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0
David Spinks
 
Cloud computing: Legal and ethical issues in library and information services
Cloud computing: Legal and ethical issues in library and information servicesCloud computing: Legal and ethical issues in library and information services
Cloud computing: Legal and ethical issues in library and information services
e-Marefa
 
Partly Sunny With a Chance of Rain: Forecasting the Legal Issues in Cloud Com...
Partly Sunny With a Chance of Rain: Forecasting the Legal Issues in Cloud Com...Partly Sunny With a Chance of Rain: Forecasting the Legal Issues in Cloud Com...
Partly Sunny With a Chance of Rain: Forecasting the Legal Issues in Cloud Com...
Tom Kulik
 
Duty of Care Online
Duty of Care OnlineDuty of Care Online
Duty of Care Online
bwiredgroup
 
Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computing
movinghats
 
Risks and Benefits of Cloud Computing
Risks and Benefits of Cloud ComputingRisks and Benefits of Cloud Computing
Risks and Benefits of Cloud Computing
DLA Piper (Canada) LLP
 
Is There Sun Behind Those Clouds
Is There Sun Behind Those CloudsIs There Sun Behind Those Clouds
Is There Sun Behind Those Clouds
Janine Anthony Bowen, Esq.
 
Sookman law society_6_min_business_law
Sookman law society_6_min_business_lawSookman law society_6_min_business_law
Sookman law society_6_min_business_law
bsookman
 
Understanding Minimizing And Mitigating Risk In Cloud Computing
Understanding Minimizing And Mitigating Risk In Cloud ComputingUnderstanding Minimizing And Mitigating Risk In Cloud Computing
Understanding Minimizing And Mitigating Risk In Cloud Computing
Janine Anthony Bowen, Esq.
 
Andrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
Andrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs UtrechtAndrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
Andrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
Infosecurity2010
 
David Burg, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
David Burg, Infosecurity.nl, 3 november, Jaarbeurs UtrechtDavid Burg, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
David Burg, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
Infosecurity2010
 
Cutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers PerspectiveCutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers Perspective
Janine Anthony Bowen, Esq.
 
Contracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy BortzContracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy Bortz
itnewsafrica
 
Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computing
Ritambhara Agrawal
 
Security & Compliance in the Cloud - Proactively Managing Governance, Risk & ...
Security & Compliance in the Cloud - Proactively Managing Governance, Risk & ...Security & Compliance in the Cloud - Proactively Managing Governance, Risk & ...
Security & Compliance in the Cloud - Proactively Managing Governance, Risk & ...
Chad Lawler
 
Navigating through the cloud SPUSC 2011 -Rob Livingstone Keynote
Navigating through the cloud SPUSC 2011 -Rob Livingstone KeynoteNavigating through the cloud SPUSC 2011 -Rob Livingstone Keynote
Navigating through the cloud SPUSC 2011 -Rob Livingstone Keynote
Livingstone Advisory
 
Small and solo in the cloud
Small and solo in the cloudSmall and solo in the cloud
Small and solo in the cloud
Omar Ha-Redeye
 
Data Sovereignty and the Cloud
Data Sovereignty and the CloudData Sovereignty and the Cloud
Data Sovereignty and the Cloud
IESL - The Institution of Engineers, Sri Lanka
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
Ulf Mattsson
 
Security issues associated with big data in cloud
Security issues associated with big data in cloudSecurity issues associated with big data in cloud
Security issues associated with big data in cloud
sornalathaNatarajan
 
The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionThe Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention
Digital Guardian
 
Sible 09
Sible 09Sible 09
Sible 09
lilianedwards
 
Cloud computing contracts
Cloud computing contractsCloud computing contracts
Cloud computing contracts
Meera Kaul
 
T emprano yo_te_buscare
T emprano yo_te_buscareT emprano yo_te_buscare
T emprano yo_te_buscare
PABLO GOMEZ-LOBO RODRIGUEZ
 
Jake resume word
Jake resume wordJake resume word
Jake resume word
Jake Higgins
 

More Related Content

What's hot

Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computing
movinghats
 
Understanding Minimizing And Mitigating Risk In Cloud Computing
Understanding Minimizing And Mitigating Risk In Cloud ComputingUnderstanding Minimizing And Mitigating Risk In Cloud Computing
Understanding Minimizing And Mitigating Risk In Cloud Computing
Janine Anthony Bowen, Esq.
 
Contracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy BortzContracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy Bortz
itnewsafrica
 
The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionThe Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention
Digital Guardian
 

What's hot (20)

Duty of Care Online
Duty of Care OnlineDuty of Care Online
Duty of Care Online
 
Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computing
 
Risks and Benefits of Cloud Computing
Risks and Benefits of Cloud ComputingRisks and Benefits of Cloud Computing
Risks and Benefits of Cloud Computing
 
Is There Sun Behind Those Clouds
Is There Sun Behind Those CloudsIs There Sun Behind Those Clouds
Is There Sun Behind Those Clouds
 
Sookman law society_6_min_business_law
Sookman law society_6_min_business_lawSookman law society_6_min_business_law
Sookman law society_6_min_business_law
 
Understanding Minimizing And Mitigating Risk In Cloud Computing
Understanding Minimizing And Mitigating Risk In Cloud ComputingUnderstanding Minimizing And Mitigating Risk In Cloud Computing
Understanding Minimizing And Mitigating Risk In Cloud Computing
 
Andrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
Andrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs UtrechtAndrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
Andrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
 
David Burg, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
David Burg, Infosecurity.nl, 3 november, Jaarbeurs UtrechtDavid Burg, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
David Burg, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
 
Cutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers PerspectiveCutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers Perspective
 
Contracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy BortzContracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy Bortz
 
Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computing
 
Security & Compliance in the Cloud - Proactively Managing Governance, Risk & ...
Security & Compliance in the Cloud - Proactively Managing Governance, Risk & ...Security & Compliance in the Cloud - Proactively Managing Governance, Risk & ...
Security & Compliance in the Cloud - Proactively Managing Governance, Risk & ...
 
Navigating through the cloud SPUSC 2011 -Rob Livingstone Keynote
Navigating through the cloud SPUSC 2011 -Rob Livingstone KeynoteNavigating through the cloud SPUSC 2011 -Rob Livingstone Keynote
Navigating through the cloud SPUSC 2011 -Rob Livingstone Keynote
 
Small and solo in the cloud
Small and solo in the cloudSmall and solo in the cloud
Small and solo in the cloud
 
Data Sovereignty and the Cloud
Data Sovereignty and the CloudData Sovereignty and the Cloud
Data Sovereignty and the Cloud
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
 
Security issues associated with big data in cloud
Security issues associated with big data in cloudSecurity issues associated with big data in cloud
Security issues associated with big data in cloud
 
The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionThe Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention
 
Sible 09
Sible 09Sible 09
Sible 09
 
Cloud computing contracts
Cloud computing contractsCloud computing contracts
Cloud computing contracts
 

Viewers also liked

Ecuador en los juegos olímpicos londres 2012
Ecuador en los juegos olímpicos londres 2012Ecuador en los juegos olímpicos londres 2012
Ecuador en los juegos olímpicos londres 2012
selenalec
 
Informacion de hochey
Informacion de hocheyInformacion de hochey
Informacion de hochey
gaitan_pamela
 
Liste inscrits nocturne
Liste inscrits nocturneListe inscrits nocturne
Liste inscrits nocturne
tcvdl
 
Programa para la pag
Programa para la pagPrograma para la pag
Programa para la pag
ACILTRHA
 
Bitácoras de tecnología
Bitácoras de tecnologíaBitácoras de tecnología
Bitácoras de tecnología
Gabi Camacho
 

Viewers also liked (16)

T emprano yo_te_buscare
T emprano yo_te_buscareT emprano yo_te_buscare
T emprano yo_te_buscare
 
Jake resume word
Jake resume wordJake resume word
Jake resume word
 
Encuesta
EncuestaEncuesta
Encuesta
 
Location Camionnette Demenagement
Location Camionnette DemenagementLocation Camionnette Demenagement
Location Camionnette Demenagement
 
Recommendation Letter from TPL
Recommendation Letter from TPLRecommendation Letter from TPL
Recommendation Letter from TPL
 
防水工事 新倉技研
防水工事 新倉技研防水工事 新倉技研
防水工事 新倉技研
 
Ecuador en los juegos olímpicos londres 2012
Ecuador en los juegos olímpicos londres 2012Ecuador en los juegos olímpicos londres 2012
Ecuador en los juegos olímpicos londres 2012
 
Afiche cuecaton
Afiche cuecatonAfiche cuecaton
Afiche cuecaton
 
Mentefacto fidel
Mentefacto fidelMentefacto fidel
Mentefacto fidel
 
Informacion de hochey
Informacion de hocheyInformacion de hochey
Informacion de hochey
 
Liste inscrits nocturne
Liste inscrits nocturneListe inscrits nocturne
Liste inscrits nocturne
 
Presentation1
Presentation1Presentation1
Presentation1
 
happy_birthday
happy_birthdayhappy_birthday
happy_birthday
 
Programa para la pag
Programa para la pagPrograma para la pag
Programa para la pag
 
Dear irving
Dear irvingDear irving
Dear irving
 
Bitácoras de tecnología
Bitácoras de tecnologíaBitácoras de tecnología
Bitácoras de tecnología
 

Similar to Cloud security - Publication

Carla Pinheiro Presentation / CloudViews.Org - Cloud Computing Conference 2009
Carla Pinheiro Presentation / CloudViews.Org - Cloud Computing Conference 2009 Carla Pinheiro Presentation / CloudViews.Org - Cloud Computing Conference 2009
Carla Pinheiro Presentation / CloudViews.Org - Cloud Computing Conference 2009
EuroCloud
 
C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110
C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110
C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110
guestd7fc9c
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Hira Zahan
 
Perspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityPerspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_security
Accenture
 

Similar to Cloud security - Publication (20)

The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...
 
Securing data in the cloud: A challenge for UK Law Firms
Securing data in the cloud: A challenge for UK Law FirmsSecuring data in the cloud: A challenge for UK Law Firms
Securing data in the cloud: A challenge for UK Law Firms
 
Carla Pinheiro Presentation / CloudViews.Org - Cloud Computing Conference 2009
Carla Pinheiro Presentation / CloudViews.Org - Cloud Computing Conference 2009 Carla Pinheiro Presentation / CloudViews.Org - Cloud Computing Conference 2009
Carla Pinheiro Presentation / CloudViews.Org - Cloud Computing Conference 2009
 
Cloud
CloudCloud
Cloud
 
Clouds and Chains
Clouds and ChainsClouds and Chains
Clouds and Chains
 
C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110
C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110
C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110
 
Case Study - Global Collaboration Multidisciplinary Professional Services
Case Study - Global Collaboration Multidisciplinary Professional ServicesCase Study - Global Collaboration Multidisciplinary Professional Services
Case Study - Global Collaboration Multidisciplinary Professional Services
 
Get The Information Here For Mobile Phone Investigation Tools
Get The Information Here For Mobile Phone Investigation ToolsGet The Information Here For Mobile Phone Investigation Tools
Get The Information Here For Mobile Phone Investigation Tools
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Is your cloud GDPR compliant?
Is your cloud GDPR compliant?Is your cloud GDPR compliant?
Is your cloud GDPR compliant?
 
02 05 d_51_cc_efiles
02 05 d_51_cc_efiles02 05 d_51_cc_efiles
02 05 d_51_cc_efiles
 
The CypherWire - Encryption doesn't have to be cryptic
The CypherWire - Encryption doesn't have to be crypticThe CypherWire - Encryption doesn't have to be cryptic
The CypherWire - Encryption doesn't have to be cryptic
 
Cloud Types and Security- Which one is right for you?
Cloud Types and Security- Which one is right for you?Cloud Types and Security- Which one is right for you?
Cloud Types and Security- Which one is right for you?
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Data sovereignty issues: a 15 minute debrief for not-for-profits
Data sovereignty issues: a 15 minute debrief for not-for-profitsData sovereignty issues: a 15 minute debrief for not-for-profits
Data sovereignty issues: a 15 minute debrief for not-for-profits
 
The Myths of the Cloud are Holding Businesses Back
The Myths of the Cloud are Holding Businesses BackThe Myths of the Cloud are Holding Businesses Back
The Myths of the Cloud are Holding Businesses Back
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for Governments
 
Perspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityPerspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_security
 
Data Privacy And Security Issues In Cloud Computing.pdf
Data Privacy And Security Issues In Cloud Computing.pdfData Privacy And Security Issues In Cloud Computing.pdf
Data Privacy And Security Issues In Cloud Computing.pdf
 
Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data?
 

Recently uploaded

一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
Airst S
 
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
ShashankKumar441258
 
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
Airst S
 
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
RRR Chambers
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
bd2c5966a56d
 
Code_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptCode_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.ppt
JosephCanama
 
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxAudience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
MollyBrown86
 
The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...
James Watkins, III JD CFP®
 

Recently uploaded (20)

BPA GROUP 7 - DARIO VS. MISON REPORTING.pdf
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdfBPA GROUP 7 - DARIO VS. MISON REPORTING.pdf
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdf
 
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation StrategySmarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
 
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
 
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
 
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
 
Transferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptxTransferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptx
 
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
 
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptx
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptxMOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptx
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptx
 
Clarifying Land Donation Issues Memo for
Clarifying Land Donation Issues Memo forClarifying Land Donation Issues Memo for
Clarifying Land Donation Issues Memo for
 
Code_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptCode_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.ppt
 
$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...
$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...
$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...
 
Human Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxHuman Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptx
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
 
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURYA SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
 
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxAudience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
Jim Eiberger Redacted Copy Of Tenant Lease.pdf
Jim Eiberger Redacted Copy Of Tenant Lease.pdfJim Eiberger Redacted Copy Of Tenant Lease.pdf
Jim Eiberger Redacted Copy Of Tenant Lease.pdf
 
Police Misconduct Lawyers - Law Office of Jerry L. Steering
Police Misconduct Lawyers - Law Office of Jerry L. SteeringPolice Misconduct Lawyers - Law Office of Jerry L. Steering
Police Misconduct Lawyers - Law Office of Jerry L. Steering
 
The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...
 
LITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULELITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULE
 

Cloud security - Publication

  • 1. 22 | ISSUE 02 PRIVACY BY BIANCA MUELLER Bianca Mueller is a qualified judge from Germany, a German attorney (Rechtsanwältin), and an enrolled solicitor in New Zealand. Bianca routinely presents and publishes both nationally and internationally on a variety of topics, including criminal law, intellectual property, and international law. Bianca can be contacted at info@lawdownunder.com. Cloud-based IT services are touted as a big money saver. They offer flexibility and scalability, enabling users to pool and allocate IT resources as needed by using a minimum amount of physical IT infrastructure to service demand. Cloud- based IT services also offer the convenience of being able to work remotely and access data from anywhere in the world. Sometimes businesses move to the cloud too fast, and fail to conduct a rigorous risk analysis and evaluation of its return on investment. When planning a cloud deployment it pays to look past the hype and to compare the trade-offs between the different types of cloud environments. DIFFERENT SHADES OF CLOUD The term cloud is often used but widely misunderstood. The cloud comes in different shapes and sizes. The three most common cloud service models are Infrastructure as a Service (data storage), Platform as a Service (web servers, operating system) and Software as a Service (applications, software, web email). These three service structures can be deployed in four different ways: public cloud, private cloud, community cloud, or hybrid cloud. In the public cloud, users access services over the Internet. The infrastructure is shared and data can be located in different locations across the globe (virtualisation). Some of the most well-known public cloud providers are Google, Facebook, and Evernote. A private cloud supplies IT services to a restricted group of users within an organisation over a dedicated network link. The private infrastructure can be located onsite or managed through an external provider. A hybrid cloud is a mix of both public and private cloud elements. The privacy and security implications may vary substantially for each user depending on the type of cloud service environment, and the type of information being used. While the public cloud offers the highest potential for cost savings, it also poses the biggest risks in terms of control over data, regulatory compliance, service- level availability, and security. In some situations, the risks of using standard public cloud solutions may outweigh the cost saving benefits. CYBERSECURITY RISKS One problem with the cloud is that it is not secure. Common threats stem from criminal hacking attacks, spying by government agencies, employee negligence, or access through unsecured mobile devices. Over a month ago a flaw was found in the encryption standard used by the majority of web- based services. The Heartbleed bug compromised a swathe of cloud services enabling hackers to retrieve sensitive data, such as secret keys, ticket keys, passwords, etc. The Heartbleed bug is a significant security issue and even more so because it took two years for it to be discovered. REGULATORY COMPLIANCE IN THE PUBLIC CLOUD Most public cloud infrastructures that are available in New Zealand are hosted offshore which gives rise to privacy, security, and jurisdictional issues. The lack of public cloud providers with New Zealand hosting severely reduces the range of public clould services available to New Zealand- based organisations. All agencies that collect, transmit, or store personal information in New Zealand are bound by the privacy principles of the Privacy Act 1993. Organisations that deal with personal information have to comply with the privacy principles. In this regard there is no difference between using cloud services, fixed-server system, or good old paper. EVERYONE IS TALKING CLOUD – HOW SAFE IS YOUR DATA?
  • 2. NEWLAW 13 JUNE 2014 | 23 PRIVACYREVIEW HOW TO BENEFIT FROM THE CLOUD’S FLEXIBILITY AND COST SAVINGS WHILE STILL PROTECTING YOUR DATA: Conduct an impact assessment to determine the most appropriate cloud environment. Do not buy into the hype – know your data and decide what can go into the public cloud and what cannot. Do not put all your eggs in one basket. Ensure that you fully understand the technical and contractual risks and how they might affect your particular business. Monitor the cloud provider’s activities, and plan for cloud outages. Back-up, encrypt, and bring your own key! The only exception is Principle 5 of the Privacy Act, which requires that reasonable security safeguards are taken against loss, misuse, unauthorised access, use, disclosure, or modification, and that if information is disclosed to another party (eg cloud service provider) everything reasonable is done to prevent unauthorised use or disclosure. Compliance with Principle 5 may be challenging in a public cloud environment because most public cloud providers are based overseas and some countries do not provide the same level of privacy protection as New Zealand. The recently announced overhaul of New Zealand’s privacy laws is likely to increase legal responsibilities for organisations. The revamp of the Privacy Act 1993 is overdue, and is needed to ensure that it reflects technological developments, and is in line with New Zealand’s major trading partners. Another regulatory compliance issue arises in the public cloud with regards to the retention of business records. As an example, financial records must be kept in New Zealand under the Tax Administration Act 1994 and the Goods and Services Tax Act 1985 for at least seven years. However, most public cloud providers are hosted and managed overseas which means New Zealanders cannot use them to process and store their business records. Tax payers and cloud service providers may apply for permission from the Commissioner of Inland Revenue to hold records offshore, Providing the storage of those records offshore does not impede the Commissioner’s compliance activities. So far only eight cloud service providers have received IRD approval to store and hold business records of New Zealand customers outside of New Zealand (Brookers, MYOB, Xero, Reckon New Zealand, Cargo Wise New Zealand, CCH New Zealand, Farm IQ Systems, and Technology One). Other statuary requirements to keep records in New Zealand are contained in the Companies Act 1993, Employment Relations Act 2000, Electronic Transactions Regulations 2003, and Public Records Act 2005. An individual or a business may have contractual or statutory obligations to keep particular information confidential. For instance, an employee or contractor who signed a confidentiality agreement may breach that very agreement by uploading confidential work information into their personal Dropbox account. On the other hand, accountants, lawyers, general practitioners, and other health professionals are by bound by law to confidentiality. For these professions it may not be advisable to use the public cloud to process data relating to their client or patient (ie to use icloud, Google Drive, Dropbox, Evernote). CONTRACTING ISSUES – SMALL CONTRACT, BIG LIABILITY? Users of cloud services should know that they bear the sole responsibility for adequate security, encryption, and back-up of any data, even though the data is hosted by the service provider. Many publicly available cloud services limit the liability of the hosting provider to a level that is not in line with the potential risks. Read the fine print on any contract and know where your risks and liabilities lie. It may surprise you. NL If you are expecting this one-day course to equip you against the sharpest of judicial tongues, or to pull off Denny Crane-style antics and annihilate your opposition, then Gary Gotlieb’s Courtroom Confidence workshop as part of the College of Law’s Advanced Business Skills series is not for you. However, if you would like to know the inner workings of correct court procedures so that your court appearances run smoothly then you are in luck. Ask any lawyer or barrister about success in court and they will most likely tell you it is all about being well-prepared. But it is not all about knowing your case inside out, it is also about familiarising yourself with how court processes operate, etiquette, knowing who is responsible for what, dealing with clients in stressful situations, being respectful to court staff, and even allowing yourself some extra time when arriving at court to allow for last-minute courtroom changes so that you do not arrive late and flustered. It all sounds like relatively low-level stuff, but even the more senior attendees at the workshop admitted to being unfamiliar with certain processes. With over 40 years of legal practice, Gary Gotlieb is arguably one of country’s most experienced barristers. He captivated the workshop attendees who were PDS, private practice, and in- house lawyers at varying levels of experience and practice areas. “The biggest thing you have is your reputation,” is one of the first things Gary says to us. We cover conduct in court and with clients – having empathy for all involved in learning the new Civil and Criminal Procedure Rules, never making an assumption about a how a judge works, using registrars to ensure you are doing admin correctly, always being mindful of saving the court time, always having a copy of the Lawyers and Conveyancers Act to hand, dealing with self-represented litigants, demonstrating good collegiality among counsel, not being afraid to request an adjournment if there is an unexpected change of tack. We then move on to procedures, where Gary had invited two senior court staff to join us to discuss the correct administrative procedures for filling out court forms and filing that will ultimately make the experience smoother for everyone involved. Everything to ensure that you do not end up on the naughty list of slack lawyers – there is one, you know! Courtroom Confidence is suitable for all types of lawyer, even the more experienced ones who may not have had much recent court time. The next Courtroom Confidence workshop is scheduled for 26 June 2014 and is eligible for seven CPD hours. Other Advanced Business Skills Series Workshops include: Investigative Interviewing, Practical Tax for Lawyers: GST and Land, Practical Tax for Lawyers: Tax Disputes and Dealing with the IRD, and Legal Project Management. For more information please visit www.collaw.ac.nz THE COLLEGE OF LAW: ADVANCED BUSINESS SKILLS SERIES – COURTROOM CONFIDENCE REVIEWED BY ANGELA JACOBSEN