Emerging Privacy Issues

Similar documents
Introduction To Cloud Computing

Cloud Computing and Service-Oriented Architectures

Cloud Computing and Service-Oriented Architectures

Architectural Implications of Cloud Computing

Building a Secure and Compliant Cloud Infrastructure. Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc.

Cloud Computing Introduction & Offerings from IBM

10 Considerations for a Cloud Procurement. March 2017

Cloud Computing, SaaS and Outsourcing

CLOUD COMPUTING. Lecture 4: Introductory lecture for cloud computing. By: Latifa ALrashed. Networks and Communication Department

Programowanie w chmurze na platformie Java EE Wykład 1 - dr inż. Piotr Zając

Introduction to Cloud Computing. [thoughtsoncloud.com] 1

Clouds in the Forecast. Factors to Consider for In-House vs. Cloud-Based Systems and Services

Leveraging the Cloud for Law Enforcement. Richard A. Falkenrath, PhD Principal, The Chertoff Group

Demystifying the Cloud With a Look at Hybrid Hosting and OpenStack

Cloud Computing: The Next Wave. Matt Jonson Connected Architectures Lead Cisco Systems US and Canada Partner Organization

Cloud Computing Briefing Presentation. DANU

Multi Packed Security Addressing Challenges in Cloud Computing

Introduction to Cloud Computing

Cloud Computing Overview. The Business and Technology Impact. October 2013

What is milcloud 2.0?

CLOUD COMPUTING. Rajesh Kumar. DevOps Architect.

Best Practices to Transition to the Cloud. Five ways to improve IT agility and speed development by adopting a Cloud DevOps approach

Transform Your Business To An Open Hybrid Cloud Architecture. Presenter Name Title Date

Future Shifts in Enterprise Architecture Evolution. IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013

THE FUTURE IS HYBRID. Patrick Harr. Global Vice President, Cloud Strategy and Solutions Hewlett-Packard Company

CLOUD COMPUTING PRIMER FOR EXECUTIVES

Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education

Cloud Computing. An introduction using MS Office 365, Google, Amazon, & Dropbox.

The Latest EMC s announcements

OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE HEALTH AFFAIRS SKYLINE FIVE, SUITE 810, 5111 LEESBURG PIKE FALLS CHURCH, VIRGINIA

CHEM-E Process Automation and Information Systems: Applications

Data Centers and Cloud Computing. Slides courtesy of Tim Wood

Protecting your Data in the Cloud. Cyber Security Awareness Month Seminar Series

Securing the Cloud Today: How do we get there?

Community Clouds And why you should care about them

Accelerate Your Enterprise Private Cloud Initiative

Accelerate Your Cloud Journey

Rijndael Encryption Technique for User Authentication in Cloud Computing

Data Centers and Cloud Computing. Data Centers

The Cloud and Big Data. Christopher L Poelker VP Enterprise Solutions FalconStor Software

Recovery Accountability and Transparency Board

DHS Cloud Strategy and Trade Nexus. May 2011

Cloud Computing. Presentation to AGA April 20, Mike Teller Steve Wilson

Cloud Computing and Its Impact on Software Licensing

A guide for IT professionals. implementing the hybrid cloud

Future of the Data Center

DISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing WHAT IS CLOUD COMPUTING? 2. Slide 3. Slide 1. Why is it called Cloud?

Cloud First Policy General Directorate of Governance and Operations Version April 2017

Auditing the Cloud. Paul Engle CISA, CIA

INFS 214: Introduction to Computing

Data Centers and Cloud Computing

Cloud-Security: Show-Stopper or Enabling Technology?

Mitigating Risks with Cloud Computing Dan Reis

Government IT Modernization and the Adoption of Hybrid Cloud

1-2-3 Webinar: Demystifying the Cloud

About the DISA Cloud Playbook

CLOUD COMPUTING. A public cloud sells services to anyone on the Internet. The cloud infrastructure is made available to

Business Technology Briefing: Fear of Flying, And How You Can Overcome It

Transforming IT: From Silos To Services

CLOUD COMPUTING-ISSUES AND CHALLENGES

Migrating Applications to the Cloud

1 The intersection of IAM and the cloud

Cloud Computing introduction

From Situational Awareness to Knowledge: Strategic Cyber Security Operations

Cloud Computing An IT Paradigm Changer

Cloud Infrastructure and Operations Chapter 2B/8 Page Main concept from which Cloud Computing developed

TRANSFORMING TO IT-AS-A- SERVICE

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

Analysis of Cloud Computing Delivery Architecture Models

ECE Enterprise Storage Architecture. Fall ~* CLOUD *~. Tyler Bletsch Duke University

Cisco Services: Towards Your Next Generation IT

Deploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP)

Privacy hacking & Data Theft

Managing your Cloud with Confidence

NIST Cloud Computing Security Working Group

Accelerate your Azure Hybrid Cloud Business with HPE. Ken Won, HPE Director, Cloud Product Marketing

THE DATA CENTER AS A COMPUTER

Cloud Essentials for Architects using OpenStack

I D C T E C H N O L O G Y S P O T L I G H T. V i r t u a l and Cloud D a t a Center Management

EMC Strategy Overview: Journey To The Private Cloud

Moving to computing are auditors ready for the security challenges? Albert Otete CPA CISA ISACA Uganda Workshop

MySQL CLOUD SERVICE. Propel Innovation and Time-to-Market

Cisco Unified Data Center Strategy

Dr. Eng. Antonio Mauro, PhD October 20th 2011

FAST TRACK YOUR AMAZON AWS CLOUD TECHNICAL SKILLS. Enterprise Website Hosting with AWS

ALI-ABA Topical Courses ESI Retention vs. Preservation, Privacy and the Cloud May 2, 2012 Video Webcast

Energy Management with AWS

PMINJ Chapter 01 May Symposium Cloud Computing and Big Data. What s the Big Deal?

2013 AWS Worldwide Public Sector Summit Washington, D.C.

Cloud Computing. Technologies and Types

Third Party Cloud Services Its Adoption in the New Age

CS 6393 Lecture 10. Cloud Computing. Prof. Ravi Sandhu Executive Director and Endowed Chair. April 12,

CASE STUDY: USING THE HYBRID CLOUD TO INCREASE CORPORATE VALUE AND ADAPT TO COMPETITIVE WORLD TRENDS

Government Privacy. Julie Smith McEwen, CIPP/G, CISSP Principal Information Systems Privacy and Security Engineer

Supporting the Cloud Transformation of Agencies across the Public Sector

DISA CLOUD CLOUD SYMPOSIUM

Copyright 2010 EMC Corporation. All rights reserved.

How to Keep UP Through Digital Transformation with Next-Generation App Development

Amazon Web Services. For Government, Education, and Nonprofit Organizations

White Paper: Cloud Computing Characteristics Are Key. Christopher Olive Chief Architect GP Strategies Corporation

Transcription:

Emerging Privacy Issues Privacy Considerations in Cloud Computing Lewis Oleinick, CIPP/G Chief Privacy and FOIA Officer Defense Logistics Agency

Disclaimer The views presented herein are my own and do not represent the views of DoD or the Defense Logistics Agency.

Agenda What is cloud computing? Are there different types of clouds? What are the economic benefits of cloud computing? What are the privacy issues of cloud computing? What are some examples?

What is cloud computing? Wikipedia defines cloud computing as: a paradigm of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet. [1][2] Users need not have knowledge of, expertise in, or control over the technology infrastructure in the "cloud" that supports them. [3]

What is Cloud Computing? Cloud computing is a model for enabling convenient, on-demand network access to a shared pool configurable computing of resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three delivery models, and four deployment models.

A Picture of Cloud Computing

3 Types of Cloud Computing Tim O Reilly s definitions: 1. Utility computing (Infrastructure as a Service - IaaS) provides virtual machine instances, storage, and computation at pay-as-you-go utility pricing, e.g., Amazon s AWS. developers, not end-users, are the target of this kind of cloud computing. 2. Platform as a Service - PaaS one step up from pure utility computing are platforms like Google AppEngine and Salesforce's force.com, which hide machine instances behind higher-level APIs. 3. Cloud-based end-user applications (Software as a Service SaaS) applications that were formerly delivered locally on a PC, like spreadsheets, word processing, databases, and even email that are now delivered over the web, e.g., gmail or Google docs and spreadsheets are "cloud computing applications." Google search or Google maps, while on the same servers, are not.

4 Cloud Deployment Models* Private cloud enterprise owned or leased may, or may not, exist on premise Community cloud shared infrastructure for specific community Public cloud Sold to the public, mega-scale infrastructure Hybrid cloud composition of two or more clouds * From Aug. 12, 2009 NIST presentation on Effectively and Securely Using the Cloud Computing Paradigm, by Peter Mell and Tim Grance on http://csrc.nist.gov/groups/sns/cloud-computing/cloud-computing-v25.ppt 8

Risks for Each Deployment Model

Cost/Benefit of Cloud Computing Models

Privacy Policy Issues in the Cloud Data Security Privacy Act E-Gov t Act (PIA) Breach Reporting International Privacy Law Federal Records Act

Some Technology Solutions for Security in the Cloud* Encrypted Swap / No Swap Encrypted File Systems Encrypted Data Transit (In/Out) Secured, Fit for Purpose Machine Image * Ideas From July 15, 2009 Nat l Def. Univ Presentation on Cloud Computing Architectures by Hal Stern, Vice President Global Systems Engineering, Sun Microsystems.

Tim O Reilly on Personal Information The prospect of my data disappearing or being unavailable is far more alarming than, for example, the disappearance of a service that merely hosts an aggregated view of data that is available elsewhere say Yahoo! search or Microsoft live maps.

Possible Structures of a Public Cloud or, Dude! Where is my Data? What you may actually be getting. What you think you are getting. Trans-border data flow of personal information? To India, Malaysia or China?

Cloud Computing Examples In Government OMB/GSA Cloud one-stop apps.gov site Dept of Energy Lab s use of Cloud Dept. of Interior National Business Center's Cloud strategy Army and Census use of SalesForce.com DoD DISA Cloud infrastructure. In the Private Sector Washington Post use of Amazon Elastic Compute Cloud. GE use of Google Apps By the Bad Guys

Apps.gov: OMB/GSA One-Stop Cloud Computing Store Announced 09/15/2009 CIO Vivek Kundra satisfying security and privacy concerns would be the biggest barrier to adoption of cloud solutions agencies that deal with less sensitive data should shift to the cloud first government would continue to own and operate systems that manage classified or sensitive data

DOE - STAR Experiment U.S. Department of Energy Argonne National Lab Cloud Computing project New computation intensive simulations needed fast for critical presentation. All DOE resources committed. Argonne Lab Team used Amazon s IaaS on a public cloud to do in minutes what would have required months.

Dept. of Interior Nat l Business Center NBC s Cloud Offerings include : Cloud Offering Description NBCGrid NBC s IaaS offering. Will allow end-user provisioning of a variety of types of servers and operating systems through a single website. NBCGrid will provide technology-agnostic server hosting, with a variety of pricing models, including metered and pre-paid, based on the customer s usage of RAM or CPU per hour. Gov t-wide PA SORN and PIA? NBCFiles NBC s Cloud storage offering. Allows variable storage capacity on a metered, pay-per-gigabyte price model. Multiple security tiers drive pricing. NBCApps NBC s Cloud-based application marketplace. Messaging, collaboration and Web 2.0 tools like wikis and blogs. AQD LoB SaaS: on-demand version of ESE. HR LoB SaaS: on-demand version of HR s Onboarding, LMS, Performance & Competency Management and Time and Attendance packages.

Army and Census use of SalesForce.com Agency / Application Use Time to Implement US Census Bureau Partnership mgmt. Replaces 3000 user legacy CRM system Tracks partner commitments Provides near real-time reporting for congressional inquiries 3 months US Army Recruiting Helps recruiters identify persons likely to join Army Coincided with launch of Army Experience Center Fosters communication Allows detailed statistical/ marketing analyses Future capabilities Google Maps integration Link to Facebook 3 months

DoD DISA Cloud infrastructure Rapid Access Computing Environment Agile and responsive computing Authorized customers order and gain access to a Server in less than 24 hours DoD Certification and Accreditation Provides flexible development platform for Web, application or database Windows, Red Hat, SUSE Servers in less than 30 minutes MIPR or government credit card User Self-service

Washington Post - PaaS A Senior Engineer at the Washington Post received 17,481 pages of data as nonsearchable PDF files of a former White House official s public schedule. Using Optical Character Recognition (OCR) tools to convert and reformat the PDF pages into machine-readable text would take about 30 minutes per page using a standard PC. Using Amazon EC2, he launched 200 server instances to process the images, at a speed of approximately 60 seconds per page, the project was completed within nine (9) hours. Project used 1,407 hours of virtual machine time and cost $144.62

GE use of Google Apps - SaaS GE moved 400,000 desktops from Microsoft Office to Google Apps. Due to privacy concerns, migrated from Google Apps to Zoho.com. N.B. -- Zoho.com Privacy Notice includes the following: Contents of your Account. We store and maintain files, documents, to-do lists, emails and other data stored in your Account at our facilities in the United States or any other country. Use of Zoho Services signifies your consent to such transfer of your data outside of your country. In order to prevent loss of data due to errors or system failures, we also keep backup copies of data including the contents of your Account. Hence your files and data may remain on our servers even after deletion or termination of your Account. We assure you that the contents of your Account will not be disclosed to anyone and will not be accessible to employees of Zoho in this capacity. We also do not process the contents of your Account for serving targeted advertisements.

Password Cracking in the Cloud. Researchers combined COTS Password Recovery software with Amazon's cloud computing services to show: # Characters in Password Cost to Crack Password in 1 Hour Eight-character password without special characters. Eight-character password with 1 special character. 10-character complex password with special characters $45 $100,000 $10 million The researchers rented multiple dual-core virtual machines for $0.30 an hour each. The total $45 cost is equivalent to running 150 machines for one hour. The report includes step-by-step instructions on how to configure Amazon's cloud services COTS Distributed Password Recovery software.

Where is this all going? Cloud Computing Web 2.0 Logistics Info Data Collection

Take-aways 1. Cloud Computing will have privacy implications in the Federal sector both intended and unintended. 2. Community Clouds, using IaaS, such as DISA s RACE and Ag s NBCgrid provide good opportunities to test the waters. 3. Use of commercial clouds present potential international privacy issues. 4. CIO and Privacy Officer s will need to work together to address privacy issues.

Questions Lew Oleinick, CIPP/G Chief Privacy and FOIA Officer Defense Logistics Agency lewis.oleinick@dla.mil

BACKGROUND SLIDES

Cloud Computing as Seen by OMB/GSA for the Cloud Line of Business Government Cloud Computing Framework Cloud User Tools Software as a Service (SaaS) / Applications User/ Citizen Engagement Wikis / Blogs Social Networking Agency Website Hosting Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Gov Productivity Gov Enterprise Apps Email / IM Virtual Desktop Office Automation Database Testing Tools DBMS CDN Directory Services Storage Web Servers Developer Tools Virtual Machines Server Hosting Business Svcs Apps Core Mission Apps Legacy Apps (Mainframes) Application Integration API s Workflow Engine EAI Mobile Device Integration Data Migration Tools ETL Admin Portal Customer / Account Mgmt User Profile Mgmt Order Mgmt Trouble Mgmt Billing / Invoice Tracking Product Catalog Reporting & Analytics Analytic Tools Data Mgmt Reporting Knowledge Mgmt Service Mgmt & Provisioning Service Provisioning SLA Mgmt Performance Monitoring DR / Backup Operation s Mgmt Security & Data Privacy Data/Network Security Data Privacy Certification & Compliance Authentication & Authorization Auditing & Accounting Data Center Facilities Routers / Firewalls LAN/WAN Internet Access Hosting Centers Cloud Service Delivery Capabilities Core Cloud Services

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback