Data classification for cloud readiness

Transcription

1 Data classificatin fr clud readiness Micrsft Trustwrthy Cmputing Trustwrthy Cmputing Data classificatin fr clud readiness

2 Legal disclaimer This dcument is fr infrmatinal purpses nly. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This dcument is prvided as-is. Infrmatin and views expressed in this dcument, including URL and ther Internet website references, may change withut ntice. Yu bear the risk f using it. Micrsft and Windws Azure are either registered trademarks r trademarks f Micrsft Crpratin in the United States and/r ther cuntries. Cpyright 2014 Micrsft Crpratin. All rights reserved. The names f actual cmpanies and prducts mentined herein may be the trademarks f their respective wners. Acknwledgments Authrs Frank Simrjay Cntributrs and Reviewers Kellie Ann Chainier Kurt Dillard Chris Hale (LCA) Carlene Heath Greg Lenti Michael Mattmiller Jim Pinter Shnt Miller (LCA) Sian Suthers Tim Rains Steve Wacker Trustwrthy Cmputing Data classificatin fr clud readiness

3 Intrductin Data classificatin prvides ne f the mst basic ways fr rganizatins t determine and assign relative values t the data they pssess. The prcess f data classificatin allws rganizatins t categrize their stred data by sensitivity and business impact in rder t determine the risks assciated with the data. After the prcess is cmpleted, rganizatins can manage their data in ways that reflect its value t them instead f treating all data the same way. Data classificatin is a cnscius, thughtful apprach that enables rganizatins t realize ptimizatins that might nt be pssible when all data is assigned the same value. Data classificatin has been used fr decades t help large rganizatins such as Micrsft, gvernments, and military entities manage the integrity f their data. This paper prvides readers with an intrductin t the fundamentals f data classificatin and highlights its value, specifically in the cntext f clud cmputing. Organizatins that are assessing clud cmputing fr future use r rganizatins that are currently using clud services and seeking ways t ptimize data management will benefit mst frm this paper. Althugh risk assessments are smetimes used by rganizatins as a starting pint fr data classificatin effrts, this paper des nt discuss a prcess fr a frmal risk assessment. Organizatins are strngly encuraged t cnsider identified risks that are specific t their business when develping a data classificatin prcess. Wh shuld read this paper This paper is primarily intended fr cnsultants, security specialists, systems architects, and IT prfessinals wh are respnsible fr planning applicatin r infrastructure develpment and deplyment fr their rganizatins. These rles include the fllwing cmmn jb descriptins: Senir executives, business analysts, and business decisin makers (BDMs) wh have critical business bjectives and requirements that need IT supprt Architects and planners wh are respnsible fr driving the architecture effrts fr their rganizatins Cnsultants and partner rganizatins wh need knwledge transfer tls fr their custmers and partners Trustwrthy Cmputing Data classificatin fr clud readiness 1

4 Data classificatin fundamentals Successful data classificatin in an rganizatin requires brad awareness f the rganizatin s needs and a thrugh understanding f where the rganizatin s data assets reside. Data exists in ne f three basic states: at rest, in prcess, and in transit. All three states require unique technical slutins fr data classificatin, but the applied principles f data classificatin shuld be the same fr each. Data that is classified as cnfidential needs t stay cnfidential when at rest, in prcess, and in transit. Data can als be either structured r unstructured. Typical classificatin prcesses fr the structured data fund in databases and spreadsheets are less cmplex and time-cnsuming t manage than thse fr unstructured data such as dcuments, surce cde, and . Generally, rganizatins will have mre unstructured data than structured data. Regardless f whether data is structured r unstructured, it is imprtant fr rganizatins t manage data sensitivity. When prperly implemented, data classificatin helps ensure that sensitive r cnfidential data assets are managed with greater versight than data assets that are cnsidered public r free t distribute. Cntrlling access t data Authenticatin and authrizatin are ften cnfused with each ther and their rles misunderstd. In reality they are quite different, as shwn in the fllwing figure. Authenticatin Authenticatin typically cnsists f at least tw parts: a username r user ID t identify a user and a tken, such as a passwrd, t cnfirm that the username credential is valid. The prcess des nt prvide the authenticated user with access t any items r services; it verifies that the user is wh they say they are. Trustwrthy Cmputing Data classificatin fr clud readiness 2

5 Authrizatin Authrizatin is the prcess f prviding an authenticated user the ability t access an applicatin, data set, data file, r sme ther bject. Assigning authenticated users the rights t use, mdify, r delete items that they can access requires attentin t data classificatin. Successful authrizatin requires implementatin f a mechanism t validate individual users needs t access files and infrmatin based n a cmbinatin f rle, security plicy, and risk plicy cnsideratins. Fr example, data frm specific line-f-business (LOB) applicatins might nt need t be accessed by all emplyees, and nly a small subset f emplyees will likely need access t human resurces (HR) files. But fr rganizatins t cntrl wh can access data, as well as when and hw, an effective system fr authenticating users must be in place. Rles and respnsibilities in clud cmputing Authrizatin requires an essential understanding f the rles and respnsibilities f rganizatins, clud prviders, and custmers. Clud prviders must have peratinal practices in place t prevent unauthrized access t custmer data; it s als imprtant t nte that any cmpliance requirements a custmer rganizatin has must als be supprted by the prvider. Althugh clud prviders can help manage risks, custmers need t ensure that data classificatin management and enfrcement is prperly implemented t prvide the apprpriate level f data management services. Data classificatin respnsibilities will vary based n which clud service mdel is in place, as shwn in the fllwing figure. The three primary clud service mdels are infrastructure as a service (IaaS), platfrm as a service (PaaS), and sftware as a service (SaaS). Implementatin f data classificatin mechanisms will als vary based n the reliance n and expectatins f the clud prvider. Trustwrthy Cmputing Data classificatin fr clud readiness 3

6 Althugh custmers are respnsible fr classifying their data, clud prviders shuld make written cmmitments t custmers abut hw they will secure and maintain the privacy f the custmer data stred within their clud. These cmmitments shuld include infrmatin abut privacy and security practices, data use limitatins, and regulatry cmpliance. In additin, clud prviders shuld make certificatins and audit reprts that demnstrate cmpliance with standards such as the Internatinal Organizatin fr Standardizatin (ISO) and cntrls such as the American Institute f CPAs Service Organizatin Cntrls (SOC1 and SOC2) available s custmers can verify the effectiveness f their clud prvider s practices. Having this infrmatin will help custmers understand whether the clud prvider supprts the data prtectin requirements mandated by their data classificatin. Custmers shuld nt migrate data t a clud prvider that cannt address their data prtectin needs. IaaS prviders. Frm a data classificatin perspective, IaaS prvider requirements are limited t ensuring that the virtual envirnment can accmmdate data classificatin capabilities and custmer cmpliance requirements. IaaS prviders have a smaller rle in data classificatin because they nly need t ensure that custmer data addresses cmpliance requirements. Trustwrthy Cmputing Data classificatin fr clud readiness 4

7 Hwever, prviders must still ensure that their virtual envirnments address data classificatin requirements in additin t securing their data centers. PaaS prviders. Respnsibilities may be mixed, because the platfrm culd be used in a layered apprach t prvide security fr a classificatin tl. PaaS prviders may be respnsible fr authenticatin and pssibly sme authrizatin rules, and must prvide security and data classificatin capabilities t their applicatin layer. Much like IaaS prviders, PaaS prviders need t ensure that their platfrm cmplies with any relevant data classificatin requirements. SaaS prviders will frequently be cnsidered as part f an authrizatin chain, and will need t ensure that the data stred in the SaaS applicatin can be cntrlled by classificatin type. SaaS applicatins can be used fr LOB applicatins, and by their very nature need t prvide the means t authenticate and authrize data that is used and stred. Cmpliance cnsideratins In additin, rganizatins that are cnsidering clud slutins and need t cmply with regulatry requirements can benefit by wrking with clud prviders that cmply with regulatins such as FedRAMP, U.S. HIPAA, EU Data Prtectin Directive, and thers listed in Appendix 1. Hwever, t achieve cmpliance, such rganizatins need t remain aware f their classificatin bligatins and be able t manage the classificatin f data that they stre in the clud. Fr example, the Clud Security Alliance identifies the fllwing data classificatin cntrl requirement in its Clud Cntrl Matrix: The Clud Security Alliance s Clud Cntrl Matrix questin n Data Gvernance Classificatin (CCM DG-02 CCM DSI-03) Data Gvernance Classificatin (cntrl) frm the CCM states that: Data, and bjects cntaining data, need t be assigned a classificatin based n data type, jurisdictin f rigin, jurisdictin dmiciled, cntext, legal cnstraints, cntractual cnstraints, value, sensitivity, criticality t the rganizatin and third party bligatin fr retentin and preventin f unauthrized disclsure r misuse. Trustwrthy Cmputing Data classificatin fr clud readiness 5

8 Classificatin prcess Many rganizatins that understand the need fr data classificatin and want t implement it face a basic challenge: where t begin? One effective and simple way t implement data classificatin is t use the PLAN, DO, CHECK, ACT mdel frm MOF. The fllwing figure charts the tasks that are required t successfully implement data classificatin in this mdel. 1. PLAN. Identify data assets, a data custdian t deply the classificatin prgram, and develp prtectin prfiles. 2. DO. After data classificatin plicies are agreed upn, deply the prgram and implement enfrcement technlgies as needed fr cnfidential data. 3. CHECK. Check and validate reprts t ensure that the tls and methds being used are effectively addressing the classificatin plicies. 4. ACT. Review the status f data access and review files and data that require revisin using a reclassificatin and revisin methdlgy t adpt changes and t address new risks. Trustwrthy Cmputing Data classificatin fr clud readiness 6

9 Select a terminlgy mdel that addresses yur needs Several types f prcesses exist fr classifying data, including manual prcesses, lcatin-based prcesses that classify data based n a user s r system s lcatin, applicatin-based prcesses such as database-specific classificatin, and autmated prcesses used by varius technlgies, sme f which are described in the Prtecting cnfidential data sectin later in this paper. This paper intrduces tw generalized terminlgy mdels that are based n well-used and industry-respected mdels. These terminlgy mdels, bth f which prvide three levels f classificatin sensitivity, are shwn in the fllwing table. Nte: When classifying a file r resurce that cmbines data that wuld typically be classified at differing levels, the highest level f classificatin present shuld establish the verall classificatin. Fr example, a file cntaining sensitive and restricted data shuld be classified as restricted. Sensitivity Terminlgy mdel 1 Terminlgy mdel 2 High Cnfidential Restricted Medium Fr internal use nly Sensitive Lw Public Unrestricted Cnfidential (restricted). Infrmatin that is classified as cnfidential r restricted includes data that can be catastrphic t ne r mre individuals and/r rganizatins if cmprmised r lst. Such infrmatin is frequently prvided n a need t knw basis and might include: Persnal data, including persnally identifiable infrmatin such as Scial Security r natinal identificatin numbers, passprt numbers, credit card numbers, driver's license numbers, medical recrds, and health insurance plicy ID numbers. Financial recrds, including financial accunt numbers such as checking r investment accunt numbers. Business material, such as dcuments r data that is unique r specific intellectual prperty. Legal data, including ptential attrney-privileged material. Authenticatin data, including private cryptgraphy keys, username passwrd pairs, r ther identificatin sequences such as private bimetric key files. Data that is classified as cnfidential frequently has regulatry and cmpliance requirements fr data handling. Specifics f sme f these requirements are listed in Appendix 1. Fr internal use nly (sensitive). Infrmatin that is classified as being f medium sensitivity includes files and data that wuld nt have a severe impact n an individual and/r rganizatin if lst r destryed. Such infrmatin might include: Trustwrthy Cmputing Data classificatin fr clud readiness 7

10 , mst f which can be deleted r distributed withut causing a crisis (excluding mailbxes r frm individuals wh are identified in the cnfidential classificatin). Dcuments and files that d nt include cnfidential data. Generally, this classificatin includes anything that is nt cnfidential. This classificatin can include mst business data, because mst files that are managed r used day-t-day can be classified as sensitive. With the exceptin f data that is made public r is cnfidential, all data within a business rganizatin can be classified as sensitive by default. Public (unrestricted). Infrmatin that is classified as public includes data and files that are nt critical t business needs r peratins. This classificatin can als include data that has deliberately been released t the public fr their use, such as marketing material r press annuncements. In additin, this classificatin can include data such as spam messages stred by an service. Define data wnership It s imprtant t establish a clear custdial chain f wnership fr all data assets. The fllwing table identifies different data wnership rles in data classificatin effrts and their respective rights. Nte: This table des nt prvide an exhaustive list f rles and rights, but merely a representative sample. Rle Create Mdify/delete Delegate Read Archive/restre Owner X X X X X Custdian X Administratr User* X X X *Users may be granted additinal rights such as edit and delete by a custdian. The data asset wner is the riginal creatr f the data, wh can delegate wnership and assign a custdian. When a file is created, the wner shuld be able t assign a classificatin, which means that they have a respnsibility t understand what needs t be classified as cnfidential based n their rganizatin s plicies. All f a data asset wner s data can be aut-classified as fr internal use nly (sensitive) unless they are respnsible fr wning r creating cnfidential (restricted) data types. Frequently, the wner s rle will change after the data is classified. Fr example, the wner might create a database f classified infrmatin and relinquish their rights t the data custdian. Trustwrthy Cmputing Data classificatin fr clud readiness 8

11 Nte regarding persnal data: Data asset wners ften use a mixture f services, devices, and media, sme f which are persnal and sme f which belng t the rganizatin. A clear rganizatinal plicy can help ensure that usage f devices such as laptps and smart devices is in accrdance with data classificatin guidelines. The data asset custdian is assigned by the asset wner (r their delegate) t manage the asset accrding t agreements with the asset wner r in accrdance with applicable plicy requirements. Ideally, the custdian rle can be implemented in an autmated system. An asset custdian ensures that necessary access cntrls are prvided and is respnsible fr managing and prtecting assets delegated t their care. The respnsibilities f the asset custdian culd include: Prtecting the asset in accrdance with the asset wner s directin r in agreement with the asset wner Ensuring that classificatin plicies are cmplied with Infrming asset wners f any changes t agreed-upn cntrls and/r prtectin prcedures prir t thse changes taking effect Reprting t the asset wner abut changes t r remval f the asset custdian s respnsibilities An administratr represents a user wh is respnsible fr ensuring that integrity is maintained, but they are nt a data asset wner, custdian, r user. In fact, many administratr rles prvide data cntainer management services withut having access t the data. The administratr rle includes backup and restratin f the data, maintaining recrds f the assets, and chsing, acquiring, and perating the devices and strage that huse the assets. The asset user includes anyne wh is granted access t data r a file. Access assignment is ften delegated by the wner t the asset custdian. Implementatin Management cnsideratins apply t all classificatin methdlgies. These cnsideratins need t include details abut wh, what, where, when, and why a data asset wuld be used, accessed, changed, r deleted. All asset management must be dne with an understanding f hw an rganizatin views its risks, but a simple methdlgy can be applied as defined in the data classificatin prcess. Additinal cnsideratins fr data classificatin include the intrductin f new applicatins and tls, and managing change after a classificatin methd is implemented. Reclassificatin Reclassifying r changing the classificatin state f a data asset needs t be dne when a user r system determines that the data asset s imprtance r risk prfile has changed. This effrt is imprtant fr ensuring that the classificatin status cntinues t be current and valid. Mst Trustwrthy Cmputing Data classificatin fr clud readiness 9

12 cntent that is nt classified manually can be classified autmatically r based n usage by a data custdian r data wner. Manual data reclassificatin. Ideally, this effrt wuld ensure that the details f a change are captured and audited. The mst likely reasn fr manual reclassificatin wuld be fr reasns f sensitivity, r fr recrds kept in paper frmat, r a requirement t review data that was riginally misclassified. Because this paper cnsiders data classificatin and mving data t the clud, manual reclassificatin effrts wuld require attentin n a case-by-case basis and a risk management review wuld be ideal t address classificatin requirements. Generally, such an effrt wuld cnsider the rganizatin s plicy abut what needs t be classified, the default classificatin state (all data and files being sensitive but nt cnfidential), and take exceptins fr high-risk data. Autmatic data reclassificatin uses the same general rule as manual classificatin. The exceptin is that autmated slutins can ensure that rules are fllwed and applied as needed. Data classificatin can be dne as part f a data classificatin enfrcement plicy, which can be enfrced when data is stred, in use, and in transit using authrizatin technlgy. Applicatin-based. Using certain applicatins by default sets a classificatin level. Fr example, data frm custmer relatinship management (CRM) sftware, HR, and health recrd management tls is cnfidential by default. Lcatin-based. Data lcatin can help identify data sensitivity. Fr example, data that is stred by an HR r financial department is mre likely t be cnfidential in nature. Data retentin, recvery, and dispsal Data recvery and dispsal, like data reclassificatin, is an essential aspect f managing data assets. The principles fr data recvery and dispsal wuld be defined by a data retentin plicy and enfrced in the same manner as data reclassificatin; such an effrt wuld be perfrmed by the custdian and administratr rles as a cllabrative task. Failure t have a data retentin plicy culd mean data lss r failure t cmply with regulatry and legal discvery requirements. Mst rganizatins that d nt have a clearly defined data retentin plicy tend t use a default keep everything retentin plicy. Hwever, such a retentin plicy has additinal risks in clud services scenaris. Fr example, a data retentin plicy fr clud service prviders can be cnsidered as fr the duratin f the subscriptin (as lng as the service is paid fr, the data is retained). Such a pay-fr-retentin agreement may nt address crprate r regulatry retentin plicies. Defining a plicy fr cnfidential data can ensure that data is stred and remved based n best practices. In additin, an archival plicy can be created t frmalize an understanding abut what data shuld be dispsed f and when. Trustwrthy Cmputing Data classificatin fr clud readiness 10

13 Data retentin plicy shuld address the required regulatry and cmpliance requirements, as well as crprate legal retentin requirements. Classified data might prvke questins abut retentin duratin and exceptins fr data that has been stred with a prvider; such questins are mre likely fr data that has nt been classified crrectly. Trustwrthy Cmputing Data classificatin fr clud readiness 11

14 Prtecting cnfidential data After data is classified, finding and implementing ways t prtect cnfidential data becmes an integral part f any data prtectin deplyment strategy. Prtecting cnfidential data requires additinal attentin t hw data is stred and transmitted in cnventinal architectures as well as in the clud. This sectin prvides basic infrmatin abut sme technlgies that can autmate enfrcement effrts t help prtect data that has been classified as cnfidential. As the fllwing figure shws, these technlgies can be deplyed as n-premises r cludbased slutins r in a hybrid fashin, with sme f them deplyed n-premises and sme in the clud. (Sme technlgies, such as encryptin and rights management, als extend t user devices.) Rights management sftware One slutin fr preventing data lss is rights management sftware. Unlike appraches that attempt t interrupt the flw f infrmatin at exit pints in an rganizatin, rights management sftware wrks at deep levels within data strage technlgies. Dcuments are Trustwrthy Cmputing Data classificatin fr clud readiness 12

15 encrypted, and cntrl ver wh can decrypt them uses access cntrls that are defined in an authenticatin cntrl slutin such as a directry service. Sme f the benefits f rights management sftware include: Safeguarded sensitive infrmatin. Users can prtect their data directly using rights management-enabled applicatins. N additinal steps are required authring dcuments, sending , and publishing data ffer a cnsistent data prtectin experience. Prtectin travels with the data. Custmers remain in cntrl f wh has access t their data, whether in the clud, existing IT infrastructure, r at the user s desktp. Organizatins can chse t encrypt their data and restrict access accrding t their business requirements. Default infrmatin prtectin plicies. Administratrs and users can use standard plicies fr many cmmn business scenaris, such as "Cmpany Cnfidential Read Only" and "D Nt Frward." A rich set f usage rights are supprted such as read, cpy, print, save, edit, and frward t allw flexibility in defining custm usage rights. Mre infrmatin abut using rights management slutins in Micrsft envirnments is available in the fllwing links: The Desktp Files Data Lss Preventin with Enterprise Rights Management in TechNet magazine The Infrmatin Rights Management page n TechNet This Windws Azure Active Directry Rights blg pst This Micrsft Rights Management blg pst Encryptin gateways Encryptin gateways perate in their wn layers t prvide encryptin services by reruting all access t clud-based data. This apprach shuld nt be cnfused with that f a virtual private netwrk (VPN); encryptin gateways are designed t prvide a transparent layer t clud-based slutins. Encryptin gateways can prvide a means t manage and secure data that has been classified as cnfidential by encrypting the data in transit as well as data at rest. Encryptin gateways are placed int the data flw between user devices and applicatin data centers t prvide encryptin/decryptin services. These slutins, like VPNs, are predminantly n-premises slutins. They are designed t prvide a third party with cntrl ver encryptin keys, which helps reduce the risk f placing bth the data and key management with ne prvider. Such slutins are designed, much like encryptin, t wrk seamlessly and transparently between users and the service. Trustwrthy Cmputing Data classificatin fr clud readiness 13

16 Data lss preventin Data lss (smetimes referred t as data leakage) is an imprtant cnsideratin, and the preventin f external data lss via malicius and accidental insiders is paramunt fr many rganizatins. Data lss preventin (DLP) technlgies can help ensure that slutins such as services d nt transmit data that has been classified as cnfidential. Organizatins can take advantage f DLP features in existing prducts t help prevent data lss. Such features use plicies that can be easily created frm scratch r by using a template supplied by the sftware prvider. DLP technlgies can perfrm deep cntent analysis thrugh keywrd matches, dictinary matches, regular expressin evaluatin, and ther cntent examinatin t detect cntent that vilates rganizatinal DLP plicies. Fr example, DLP can help prevent the lss f the fllwing types f data: Scial Security and natinal identificatin numbers Banking infrmatin Credit card numbers IP addresses Sme DLP technlgies als prvide the ability t verride the DLP cnfiguratin (fr example, if an rganizatin needs t transmit Scial Security number infrmatin t a payrll prcessr). In additin, it s pssible t cnfigure DLP s that users are ntified befre they even attempt t send sensitive infrmatin that shuld nt be transmitted. A technical verview f the DLP features in Micrsft Exchange Server 2013 and Exchange Online is available n the Data Lss Preventin page n Micrsft TechNet. Cnclusin Generally, the tpic f data classificatin des nt generate as much interest as ther, mre exciting technlgy tpics. Hwever, data classificatin can yield significant benefits, such as cmpliance efficiencies, imprved ways t manage the rganizatin s resurces, and facilitatin f migratin t the clud. Althugh data classificatin effrts can be cmplex undertakings and require risk assessment fr successful implementatin, quicker and simpler effrts can als yield benefits. Any data classificatin effrt shuld endeavr t understand the needs f the rganizatin and be aware hw data is stred, prcessing capabilities, and hw data is transmitted thrughut the rganizatin. Trustwrthy Cmputing Data classificatin fr clud readiness 14

17 It s imprtant fr management t supprt data classificatin effrts, and fr IT t be invlved as well. The cncept f classificatin may seem primarily t be an auditing functin, but many technlgy slutins are available that can reduce the amunt f effrt that is required t successfully implement a data classificatin mdel. It s als wrth nting that data classificatin rules that pertain t data retentin must be addressed when mving t the clud, and that clud slutins can help mitigate risk. Sme data prtectin technlgies such as encryptin, rights management, and data lss preventin slutins have mved t the clud and can help mitigate clud risks. Althugh this paper did nt specifically discuss hybrid envirnments, a mixture f n-premises and clud-based data classificatin technlgies can help effectively reduce risk fr rganizatins f any size by prviding mre cntrl abut where data is stred, which gives custmers the ptin t keep highly sensitive data n-premises and under a different set f cntrls than data stred in the clud. Indeed, hybrid envirnments are likely t be the way f the future, and the key t effective data management may well depend n effective data classificatin. Trustwrthy Cmputing Data classificatin fr clud readiness 15

18 Appendix 1: Data classificatin regulatins, cmpliance requirements, and standards The fllwing table identifies sample cntrl bjective definitins. This list is nt cmplete r authritative, and shuld nly be used as a discussin pint t cnsider when mving services t a clud slutin. US regulatin, requirement, r standard NIST SP R3 Natinal Institute f Standards and Technlgy PCI DSS v2.0 Payment Card Industry Data Security Standard NERC CIP Nrth American Electric Reliability Crpratin Critical Infrastructure Prtectin FedRAMP Federal Risk and Authrizatin Management Prgram AICPA SOC2 American Institute f CPAs Service Organizatin Cntrls Cntrl details RA-2 Security Categrizatin AC-4 Infrmatin Flw Enfrcement Classify media s the sensitivity f the data can be determined Destry media when it is n lnger needed fr business r legal reasns Develp usage plicies fr critical technlgies (fr example, remte-access technlgies, wireless technlgies, remvable electrnic media, laptps, tablets, persnal data/digital assistants (PDAs), usage and Internet usage) and define prper use f these technlgies. CIP R4 - R5 - Respnsible Entities have minimum security management cntrls in place t prtect Critical Cyber Assets. RA-2 Security Categrizatin AC-4 Infrmatin Flw Enfrcement (S3.8.0) Prcedures exist t classify data in accrdance with classificatin plicies and peridically mnitr and update such classificatins as necessary. (C3.14.0) Prcedures exist t prvide that system data are classified in accrdance with the defined cnfidentiality and related security plicies. Trustwrthy Cmputing Data classificatin fr clud readiness 16

19 Internatinal regulatin, requirement, r standard ENISA IAF Eurpean Unin Agency fr Netwrk and Infrmatin Security Infrmatin Assurance Framewrk ISO/IEC Internatinal Organizatin fr Standardizatin / Internatinal Electrtechnical Cmmissin Cntrl details 6.05.(c) Asset management - classificatin, segmentatin Emplyees bliged t adhere t regulatins n infrmatin security, data prtectin, adequate handling f custmer data A Classificatin guidelines Trustwrthy Cmputing Data classificatin fr clud readiness 17

20 Appendix 2: Glssary f terms Archive and recvery. As discussed in this paper, the lng-term strage f data and its retrieval when it needs t be returned t service. Archival and recvery methds must cnfrm t the retentin mdel that is used. Authenticatin. A prcess that cnfirms that a user (identified by a username r user ID) is valid thrugh use f a tken r passwrd. This prcess verifies that the user is wh they say they are. Authrizatin. A prcess that prvides an authenticated user with the ability t access an applicatin, data set, data file, r sme ther bject. Clud. The NIST Definitin f Clud Cmputing (PDF) states: Clud cmputing is a mdel fr enabling ubiquitus, cnvenient, n-demand netwrk access t a shared pl f cnfigurable cmputing resurces (e.g., netwrks, servers, strage, applicatins, and services) that can be rapidly prvisined and released with minimal management effrt r service prvider interactin. This clud mdel is cmpsed f five essential characteristics, three service mdels, and fur deplyment mdels. Clud Security Alliance. The Clud Security Alliance (CSA) is a nt-fr-prfit rganizatin with a missin t prmte the use f best practices fr prviding security assurance within clud cmputing, and t prvide educatin n the uses f clud cmputing t help secure all ther frms f cmputing. The Clud Security Alliance is led by a brad calitin f industry practitiners, crpratins, assciatins, and ther key stakehlders. Clud Cntrl Matrix. The Clud Security Alliance Clud Cntrls Matrix (CCM) is specifically designed t prvide fundamental security principles t guide clud vendrs and t assist prspective clud custmers in assessing the verall security risk f a clud prvider. As a framewrk, the CSA CCM prvides rganizatins with essential structure, detail, and clarity with regard t infrmatin security as it relates t the clud industry. Data dispsal. As discussed in this paper, the plicies, timeframes, and methds fr secure dispsal f data. Dispsal plicy may require the destructin f data using strng deletin methds r shredding f disks. Data dispsal plicies require the same care as data retentin plicies. Mre infrmatin is available at Trustwrthy Cmputing Data classificatin fr clud readiness 18

21 Data retentin. As discussed in this paper, the plicies, timeframes, and methds fr string, archiving, and retrieving data. Data retentin plicy shuld reflect the data classificatin mdel and data retentin rules that apply t the data that is being retained. Fr example, highly sensitive data may be retained fr a lnger perids than data that is less sensitive. Mre infrmatin is available at Separatin f duty. As discussed in this paper, the divisin f respnsibilities in an IT envirnment that helps ensure that n ne persn can use IT resurces fr their persnal benefit r cause IT-related utcmes that are detrimental t the rganizatin. One f the mst cmmn ways t achieve separatin f duty is t use a rle-based access cntrl system fr authrizatin. Mre infrmatin is available at Spam. Any kind f unwanted nline cmmunicatin. The mst cmmn frm f spam is unwanted , but text message spam, instant message spam (smetimes knwn as spam), and scial netwrking spam als exist. Sme spam is annying but harmless, but smetimes spam is used in identity theft r ther types f fraud. Structured data. Data that is typically human readable and able t be indexed by machine. This data type incudes databases and spreadsheets. Mre infrmatin is available at Tken. An item that is used t authenticate a username r user ID. A tken can be smething a user pssesses, such as a card key, smething that is bimetrics-based, such as a fingerprint, retinal scan, r vice print, r smething that is knwn, such as a passwrd. Mre infrmatin is available at Unstructured data. Data that is nt human readable and is difficult t index. This data type includes surce cde, binaries, and dcuments, and can include such things as because the data is typically randmly managed. Trustwrthy Cmputing Data classificatin fr clud readiness 19

22 Trustwrthy Cmputing Data classificatin fr clud readiness