Online/Cloud Services Trust challenges & eidentity-aspects



Similar documents
Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

IT Forum UW-Madison Records Management Program. UW Archives and Records Management

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

Cloud Computing Security Considerations

John Essner, CISO Office of Information Technology State of New Jersey

HIPAA 203: Security. An Introduction to the Draft HIPAA Security Regulations

LEGAL ISSUES IN CLOUD COMPUTING

Adopting Cloud Computing with a RISK Mitigation Strategy

Retention & Disposition in the Cloud Do you really have control?

Cloud Computing: Legal Risks and Best Practices

Is Cloud Backup good insurance for your brokerage?

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

Cybersecurity in the States 2012: Priorities, Issues and Trends

On Premise Vs Cloud: Selection Approach & Implementation Strategies

SOUTHWEST VIRGINIA COMMUNITY COLLEGE RECORDS MANAGEMENT POLICY

1. Understanding Big Data

Third Party Security: Are your vendors compromising the security of your Agency?

Understanding changes to the Trust Services Principles for SOC 2 reporting

The Imperative for High Assurance Credentials: State Identity Credential and Access Management (SICAM) Guidance and Roadmap

Clinical Trials in the Cloud: A New Paradigm?

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM

Key Considerations of Regulatory Compliance in the Public Cloud

Cloud Computing and Records Management

How To Manage Cloud Data Safely

Biometrics and National Strategy for Trusted Identities in Cyberspace Improving the Security of the Identity Ecosystem September 19

NSW Government. Cloud Services Policy and Guidelines

Information governance strategy

Real-World Strategies for Effective Document Management

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Cloud Service Contracts: An Issue of Trust

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

Security and Privacy in Cloud Computing

Security Issues in Cloud Computing

Addressing Cloud Computing Security Considerations

Whitepaper: 7 Steps to Developing a Cloud Security Plan

Cloud Computing. Making legal aspects less cloudy. Erik Luysterborg Partner Cyber Security & Privacy Belgium EMEA Data Protection & Privacy Leader

RECORD AND INFORMATION MANAGEMENT FRAMEWORK FOR ONTARIO SCHOOL BOARDS/AUTHORITIES

Solving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools

Medicaid Enterprise Data Governance Approach. MESConference August 21, 2012 Rashmi Menon, Deloitte Consulting LLP

Position Paper Ecommerce Europe. E-Payments 2012

Virginia Government Finance Officers Association Spring Conference May 28, Cloud Security 101

Data In The Cloud: Who Owns It, and How Do You Get it Back?

Information Shield Solution Matrix for CIP Security Standards

Overview. What are operational policies? Development, adoption, implementation

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire

How cloud computing can transform your business landscape.

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:

Security from a customer s perspective. Halogen s approach to security

TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL

Draft Information Technology Policy

How To Evaluate Saas And Cloud Solutions

Domain 1 The Process of Auditing Information Systems

Electronic Records Storage Options and Overview

Securing The Cloud With Confidence. Opinion Piece

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

How cloud computing can transform your business landscape

Cloud Computing. Mike Bourgeois Platform as a Service Point of View September 17, 2015

Cloud Computing Security Issues

Cloud Computing. What is Cloud Computing?

The Risks of Cloud Storage

penelope athena software SOFTWARE AS A SERVICE INFORMATION PACKAGE case management software

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

Compliance and the Cloud: What You Can and What You Can t Outsource

SENIOR SYSTEMS ANALYST

Service Definition Document

SSAE 16 for Transportation & Logistics Companies. Chris Kradjan Kim Koch

Keyfort Cloud Services (KCS)

HIPAA/HITECH Compliance Using VMware vcloud Air

Transcription:

Online/Cloud Services Trust challenges & eidentity-aspects Erik R. van Zuuren, Director Deloitte AERS Belgium Global Forum Brussels Nov 07/08, 2011 Member of Deloitte Touche Tohmatsu

Agenda Weather Forecast Trust & Sustainability eidentity & eauthentication Reliability & Certainty 1

Online & Cloud Services - Weather Forecast Key operational and governance issues to consider as online & cloud services are deployed Data controls and ownership Backup, retention, and disposal Availability and reliability Business Continuity & Disaster recovery Legal compliance Assurance Scalability Security and encryption User management & Access Controls Auditing and monitoring Who will own the data when subscribing to a cloud computing service.? Is the data you create, use, and store within a cloud yours? Could your data be viewed, accessed, or used without your knowledge; sold to third parties; used for unknown purposes? Is data retention meeting your policy requirements? Is deleted data "really" gone or still preserved somewhere within the cloud? How are data backups and restores handled? How is reliability, access, and availability "guaranteed" by cloud services providers? Is it through service level agreements? Is your data protected in the event of a disaster? What are the recovery time objectives and service level agreements? Is your cloud provider adhering to laws/regulations for your industry and in every jurisdiction which applies? How will you provide your customers with a level of comfort and assurance on the protection and controls in the cloud environment, especially when involving third parties? Can your service provider support growing demand from all clients and provide reliable services at high scalability? Are there vendors with mature offerings? Is data secure within the cloud environment? How is security enforced and confirmed? What level of encryption is required to enhance security, and how will this impact operational service levels? How can the user (corporate users, partners, clients) gaining access to the platform be uniquely identified. How should an organization s IAM-system integrate /federate with that of one or more service providers? Are you ready to apply enterprise risk management and controls, and auditing and monitoring practices to applications and data residing in cloud environments? 2

Online & Cloud Services - Trust & Sustainability Online & Cloud Services need to be sustainable and can / will only be accepted if they can be fully trusted by all parties: Sustainability / Reliable for all parties involved: o Information Service Providers (Government, Private Sector, ) o Trust Service Providers (Government, Private Sector, ) o Relying Parties (Enterprizes, Citizens,.) Sustainability: o Truly Value Adding Services Clear Benefits (Time, Quality, ) o User Friendliness Usability anywhere / anytime / any device o Reliability / Solidity Trust / Governance / Architecture & Standards / Operations Trust: o Perception of Security? o Some sort of Privacy? o Presence of Quality Seals? o Existence of Assurance Levels? o Presence of Legal Certainty? 3

Online & Cloud Services - eidentity & eauthentication Any access should be subject to the principles of need-to-know, need-tohave in combination with a sufficiently strong proof of identity and relevant characteristics or mandate. What is a Trusted Identity? What is a validated Quality? Characteristic? What are the requirements wrt Mandates? What determines the strength of a Credential? Is a Credential linked to virtual/digital identity or to identity + quality or.? Identity What about cross-border recognition of identities / characteristics / mandates? Conte xt Virtual Virtual Identity Identity Organizational Membership Organizational Membership What about (secured) usability of a credential anytime / anywhere? Virtual / Mobile digital identities acceptable? Organiz ation Role / Mandate /. Permission 4

Online & Cloud Services - Reliability & Certainty Relying Parties must have sufficient guarantees that the information they rely on is trustworthy and can be used for further processing. Which is the authentic or an authoritive source of information? How to ensure (cross-border) interoperability / certainty of information? What are the trust / quality / security requirements for any source? Need for quality seals & accreditation schemes? Legal certainty (incl privacy guarantees) with regard to the information given/shared? What about incident management & continuity? Liability-settlement in case of incidents? Interoperability levels (source: EIF) 5

Erik R. van Zuuren evanzuuren@deloitte.com Deloitte Enterprise Risk Services Direct: + 32 2 800 22 99 Main: + 32 2 800 22 57 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information