Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security of Cloud Computing Applications in Smart Cities


Published on

BSI Information & Coud Security Seminar 2014

Published in: Technology
  • Be the first to comment

Security of Cloud Computing Applications in Smart Cities

  1. 1. Charles Mok Legislative Councillor (Information Technology)
  2. 2. An evolution of Smart Cities Making cities more efficient but also more vulnerable
  3. 3. 3 New economic and social opportunities from the Internet of Things
  4. 4. Smart Services: Interconnected data, infrastructures and services, enabled by ICT 4
  5. 5. SMART CITY ARCHITECTURE Applications satellite imagery, aerial mapping, GPS, building management system, CCTV, GIS Information user, document, industry, business, revenue, circulation Management Integration of communication protocols Wireless, Bluetooth, Wi-Fi, 3/4/5G, M2M, embedded network 5
  6. 6. EXAMPLES • Smart grids and smart metering • Intelligence transportation • Smart and connected healthcare • Public safety and emergency services • Wireless connection • Intelligent buildings 6
  7. 7. SENSITIVE DATA IN THE CLOUD Personally Identifiable Information examples • Geolocation data • Medical records • Banking and insurance records • Emails and other instant communication Any serious breach will cause financial, data, credibility and reputational loss or damage
  9. 9. CONCERNS IN SMART CITY Data collector/owner •Outsourcing: How to select a cloud vendor? •How to maintain direct control to safeguard data integrity? Cloud service providers •How to satisfy data residency and privacy requirements •How to remain flexible and provide cost-effective service? Regulator •Formulation of relevant standards and practices •How to ensure adoption and compliance? •Would sensitive data end up overseas? End-users •Are my data safe in the cloud? •Would I know if there is security or privacy breach?
  10. 10. 3 KEY ISSUES Security Is the data protected from theft, leakage, spying or attacks? What is the level of control and protection? Residency Where is the data stored? geographically disbursed? What to do with data in transit & outside territory? Privacy Who can see personally identifiable information (PII)? Storing, transferring, locating and protecting PII
  11. 11. Challenges of smart city services Maintaining ownership and control of data Info on 3rd party service and distributed infrastructure Deliver resiliency, availability and flexibility of smart services
  12. 12. MAIN CAUSES OF DATA BREACHES System glitches Malicious attacks Human factor 12 29% 36% 35% Source: 2013 Cost of Data Breach Study: Global Analysis“ by Symantec and the Ponemon Institute.
  13. 13. Source: Techcrunch 13
  15. 15. PLANNING AHEAD: STRATEGIC APPROACH • Multiple layers: Physical security (facilities) Network security (infrastructure) System security (IT systems) Application and data security
  16. 16. HOW? SECURITY BY DESIGN • Educate people, improve governance and compliance • Identify critical data • Disaster Recovery and Continuity • Breach notification and data residency • Data management at rest • Data protection in motion • Encryption key management • Identification and Access controls • Long-term resiliency of the encryption system 16
  17. 17. 17