Presentation is loading. Please wait.

Presentation is loading. Please wait.

Exploring the Good and Evil in the Internet Cloud! John L. Baines, AD IT Policy & Compliance, OIT CSAM 2012 - U R Cyber Security Monday, October 29, 2012.

Similar presentations


Presentation on theme: "Exploring the Good and Evil in the Internet Cloud! John L. Baines, AD IT Policy & Compliance, OIT CSAM 2012 - U R Cyber Security Monday, October 29, 2012."— Presentation transcript:

1 Exploring the Good and Evil in the Internet Cloud! John L. Baines, AD IT Policy & Compliance, OIT CSAM U R Cyber Security Monday, October 29, :00 PM Scott Hall 216 go.ncsu.edu/csam2012go.ncsu.edu/csam2012.

2 Agenda Good and bad on the Internet Big data and Cloud maturity Sensitive data factors at NC State The Data Sensitivity Framework Some practical advice 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 2

3 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 3 licensed under a Creative Commons License.Creative Commons License

4 The Good Collaborative research Public information availability Access to experts Free speech information exchange Connected communications Banking and shopping convenience Entertainment Save energy Cure diseases Predict trends Promotes involved discussion rather than violence or apathy 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 4

5 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 5 by Hamad Subani / Techtangerine.com licensed under aHamad Subani / Techtangerine.com Creative Commons Attribution-NoDerivs 3.0 Unported License

6 The Bad Pornography explosion Inappropriate access Fraud Piracy Personal data on mobile devices –Stolen – identity theft –Used real-time GPS – you cant hide Stalking Government No privacy – All you do is on Google Plagiarism Free speech excesses Data lacks verification Mis-information Hypochondria Security infections Cybernetic warfare 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 6

7 The good 53% –improve social, political, and economic intelligence nowcasting inferential software algorithms for advanced correlations move from measure twice, cut once to place small bets fast. –greater research, and world knowledge The bad 39% – data aggregation – loss of all privacy – false confidence in predictions - hurtful mistakes – manipulate findings - make selfish cases – abused by powerful people, government and/or organizations 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 7 Big Data Scenarios – by 2020? The Pew Research Centers Internet & American Life Project with Elon University surveyed 1,021 Internet experts and users recruited by .

8 The Internet Cloud From Wikipedia, the free encyclopedia 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 8 Software-as-a-Service (SaaS)

9 CSA/ISACA 2012 Cloud Computing Market Maturity Study 252 participants representing cloud users, providers, consultants and integrators 85% self-identified cloud users Positions from C-level executives to staff 15 different industry segments 48 countries, most America or Europe 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 9

10 Overall findings on maturity Cloud needs to transition from technology solution to business resource Infrastructure and Platform offerings –Infancy –About 3 years to reach established growth Software as a Service (SaaS) offerings –Early growth –2+ years to reach established growth 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 10

11 Cloud infancy 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 11

12 SaaS Black Box Simple interface Complexities o Hidden o Layers o Orders of magnitude more You have to be able to trust the implementation! 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 12

13 Positive Influence Factors 1.Agility 2.Time to market 3.Business unit demand 4.New technology 1. Cost management 2. Efficiency 3. Productivity 4. Resilience 10/29/2012Exploring the Good and Evil in the Internet Cloud Slide 13 CSA/ISACA 2012 Cloud Computing Market Maturity Study Survey Business Growth InfluenceProcess Enablement

14 Negative Influences on Cloud Adoption and Innovation 1.Information security 2.Data ownership/ custodian responsibilities 3.Regulatory compliance 4.Legal and contractual issues 5.Information assurance 6. Contract lock-in 7. Longevity of suppliers 8. Disaster recovery/ business continuity 9. Performance standards 10. Performance monitoring 11. Technology stability CSA/ISACA 2012 Cloud Computing Market Maturity Study Survey 10/29/2012Exploring the Good and Evil in the Internet Cloud14

15 Sensitive data factors at NC State Legislation Data Stewards assessment University revenues and expenses University image and reputation Confidentiality agreements / contracts Research (IP and Export Controls, etc.) Copyright and Intellectual Property Personal privacy 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 15

16 Legislation 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 16 –Family Educational Rights and Privacy Act (FERPA)Family Educational Rights and Privacy Act (FERPA) –Health Insurance Portability and Accountability Act of 1996 (HIPAA)Health Insurance Portability and Accountability Act of 1996 (HIPAA) –Gramm Leach Bliley Act (GLBA)Gramm Leach Bliley Act (GLBA) –Payment Card Industry (PCI) Data Security StandardPayment Card Industry (PCI) Data Security Standard –Red Flag RuleRed Flag Rule –North Carolina Identity Theft Protection Act of 2005North Carolina Identity Theft Protection Act of 2005 –North Carolina Public Records ActNorth Carolina Public Records Act –North Carolina State Personnel ActNorth Carolina State Personnel Act

17 Lots of sensitive data - examples Personally Identifiable Information (PII) Credit card information Research data Public safety information Financial donor information Security controls such as: –System access passwords –Information file encryption keys –Information security records

18 A few really Red-hot items Social Security Numbers Credit Card Numbers Banking account info PINS and passwords 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 18

19 FERPA data is pervasive Any record, with certain exceptions, maintained by an institution that is directly related to a student or students. This record can contain a students name(s) or information from which an individual student can be personally (individually) identified. These records include: files, documents, and materials in whatever medium (handwriting, print, tapes, disks, film, microfilm, microfiche) which contain information directly related to students and from which students can be personally (individually) identified. 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 19

20 FERPA conclusions FERPA data is held by most, if not all, academic and administrative offices of our institution –Do we need to protect the security of Education Records and Student Privacy? Absolutely –Can we afford to protect them at the same level as social security numbers and credit card data? Certainly not –Too expensive –Too intrusive for access FERPA at NC State from OGCFERPA at NC State

21 A framework for the availability and security of your data. Data classification statement Data sensitivity framework List of controls 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 21

22 Data Classification Statement Matrix 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 22 LevelRiskRegulationFinancialReputationBusinessOther Red-HotTwo ofMultipleSignificantSerious Litigation HighTwo ofViolationSignificantSerious ModerateOne ofViolationSome Adverse NormalNo major Access control Not sensitive None

23 Data sensitivity framework Data Management Procedures Regulation REG New draft includes: –Data Classification Statement –Links to: Data sensitivity framework List of controls 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 23

24 Controls for Securing Sensitive Information in University Applications Best Practices for: –Application owner (and developers) –Data steward Three types of IS controls: –Administrative and procedural design –Computer server technical controls and techniques –End-user devices technical controls and techniques. 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 24

25 Whos protecting your data & how? On your mobile device – you are Removable storage – you are On your desktop – you and your sys admin On University servers - OIT or college/ dept IT staff (or you!) In the cloud – the vendor 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 25

26 Google and sensitive information s/best-practices-data-security-google- apps-nc-statehttp://google.ncsu.edu/usinggoogleapp s/best-practices-data-security-google- apps-nc-state Google docs OK for FERPA data more of an issue 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 26

27 Precautions with cloud vendors From CSA/ISACA study either –Less than 100 staff or –Many thousands Be careful if you have sensitive data Look at Cloud Security Alliance STARSTAR Ask OIT S&C for security assessment of product and data being considered 10/29/2012ring the Good and Evil in the Internet CloudSlide 27

28 Where is it OK to store your data? LocationRed-hotRedYellowGreenUn-classified Removable storage NeverEncrypted…Yes… Yes Mobile device NeverNoYes Local PCNeverEncrypted…Yes…Yes University server Encrypted Restricted Yes…YesYes…Yes NeverEncryptedSome…Yes PrintRestricted Yes CloudEncrypted Restricted Restricted… Yes…Yes GoogleNeverNoYes…Yes 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 28

29 Questions 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 29 The golink: and the security code word Cloud for prizes that will be given away on Oct. 31


Download ppt "Exploring the Good and Evil in the Internet Cloud! John L. Baines, AD IT Policy & Compliance, OIT CSAM 2012 - U R Cyber Security Monday, October 29, 2012."

Similar presentations


Ads by Google