Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cloud Computing and Standards - A Regulator’s View OASIS International Cloud Symposium 11 October 2011 Steven Johnston, CISSP Senior Security and Technology.

Published byDennis Arnold Modified over 9 years ago

Similar presentations

Presentation on theme: "Cloud Computing and Standards - A Regulator’s View OASIS International Cloud Symposium 11 October 2011 Steven Johnston, CISSP Senior Security and Technology."— Presentation transcript:

1 Cloud Computing and Standards - A Regulator’s View OASIS International Cloud Symposium 11 October 2011 Steven Johnston, CISSP Senior Security and Technology Advisor Office of the Privacy Commissioner of Canada www.oasis-open.org

2 Things We’ve Done Guidelines for Processing Personal Data Across Borders (January 2009) Cloud computing paper released early April 2010 Public consultations April – June 2010 Working on guidance for SMBs

3 Things We’ve Learned Privacy implications of cloud computing include: –Jurisdiction –Third party access –Security safeguards –Limitations on use and retention –Demonstrating/verifying compliance

4 How Standards Can Help To address new technology concerns (e.g. cloud computing) To address baseline issues such as limiting collection, data retention, safeguards, etc. Basis for Privacy Impact Assessments, Threat/Risk Assessments and Audits Basis for Systematic assessment of security requirements Basis for audit Basis for contractual agreements with cloud service providers

5 ISO Standards Development ISO/IEC JTC 1 SC7 (SSE) –Potential future work Cloud computing vocabulary Modeling cloud solutions Systems engineering of cloud-based solutions IT Service Management for Cloud Computing IS Governance Framework for Cloud Computing

6 ISO Standards Development ISO/IEC JTC 1 SC27 (IT Security) –Joint study period (WGs 1, 4, 5) –NWI proposal ISO 27017-2 (information security code of practice based on ISO 27002)(provisional) To be accompanied (eventually) by: –27017-1 (requirements) –27017-3 (legal and regulatory code of practice) –27017-4 (service code of practice) –27017-5 (audit guidelines)

7 ISO Standards Development ISO/IEC JTC 1 SC38 (DAPS) –WG 1 – Web Services –WG 2 – Service Oriented Architecture –Study Group on Cloud Computing Released a study report in June 2011

8 ISO Standards Development SGCC Report (June 2011) –Part 1: Concepts, Terms and Reference Model –Part 2: Standardization Requirements for Cloud Computing –Part 3: Standardization Initiatives for Cloud Computing –Part 4: Assessment of Areas for JTC1 Standardization

9 ISO Standards Development SGCC Report (June 2011) –Technical requirements Terms and definitions Interfaces Security technology Format and meaning of data –Management requirements Service provider qualification Service quality metrics, Service audit Service agreements

10 Other Efforts ITU-T Focus Group on Cloud Computing Open Grid Forum Cloud Computing Interoperability Forum Open Cloud Consortium Cloud Security Alliance ETSI OASIS …

11 Challenges for Regulators DPA mandate is enforcement/compliance Many DPAs are limited in resources Lack of appropriate expertise So many standards development activities underway –Where to focus our efforts? Difficulty in demonstrating ROI

12 Questions? Steven Johnston Senior Security and Technology Advisor Office of the Privacy Commissioner of Canada Steven.Johnston@priv.gc.ca www.oasis-open.org

Download ppt "Cloud Computing and Standards - A Regulator’s View OASIS International Cloud Symposium 11 October 2011 Steven Johnston, CISSP Senior Security and Technology."

Similar presentations

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
Geneva, Switzerland, 25-26 September 2012 m-Cloud for Homecare - Policy & Regulatory Challenges - Francesca Fontana, Associate at ICT Legal Consulting.

Geneva, Switzerland, September 2012 m-Cloud for Homecare - Policy & Regulatory Challenges - Francesca Fontana, Associate at ICT Legal Consulting.
Cloud computing security related works in ITU-T SG17

Cloud computing security related works in ITU-T SG17
International Standards for Software & Systems Documentation Ralph E. Robinson R 2 Innovations.

International Standards for Software & Systems Documentation Ralph E. Robinson R 2 Innovations.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All Recent Standardization Activities on Cloud Computing Kishik Park, Kangchan Lee, Seungyun Lee TTA.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All Recent Standardization Activities on Cloud Computing Kishik Park, Kangchan Lee, Seungyun Lee TTA.
JTC 1 Strategic Advisory Committee Key Areas of Priority February 2014.

JTC 1 Strategic Advisory Committee Key Areas of Priority February 2014.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.

Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.
Phone: (919) 573-6132 Fax: (919) 677-8470 21CFR Part 11 FDA Public Meeting Comments Presented by: M. Rita.

Phone: (919) Fax: (919) CFR Part 11 FDA Public Meeting Comments Presented by: M. Rita.
Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.
ISO/IEC JTC1 SC37 Overview

ISO/IEC JTC1 SC37 Overview
SC38 Liaison Report to SC32 at SC32 meeting, Oct 24-28, 2011 Crete Baba Piprani/Canada SC38  SC32 Liaison 1 ISO/IEC JTC1/SC32/WG2 N1599.

SC38 Liaison Report to SC32 at SC32 meeting, Oct 24-28, 2011 Crete Baba Piprani/Canada SC38  SC32 Liaison 1 ISO/IEC JTC1/SC32/WG2 N1599.
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
Request for Study Period on Potential Standard Issues for Cloud Computing ISO/IEC JTC 1/SC 32/WG 2 Interim Meeting, Crete, Greece, October 2011 Sungjoon.

Request for Study Period on Potential Standard Issues for Cloud Computing ISO/IEC JTC 1/SC 32/WG 2 Interim Meeting, Crete, Greece, October 2011 Sungjoon.
CS591 Troy Hutchison.  ISO 27000 series of standards have been specifically reserved by ISO for information security matters.  Health Insurance Portability.

CS591 Troy Hutchison.  ISO series of standards have been specifically reserved by ISO for information security matters.  Health Insurance Portability.
Geneva, Switzerland, 14 November 2014 Data Protection for Public Cloud (International Standard ISO 27018) Stéphane Guilloteau Engineer Expert, Orange Labs.

Geneva, Switzerland, 14 November 2014 Data Protection for Public Cloud (International Standard ISO 27018) Stéphane Guilloteau Engineer Expert, Orange Labs.
Access to Medicine Index 3 rd International Conference for Improving the Use of Medicines Poster 599 Tuesday 15 th November 2011.

Access to Medicine Index 3 rd International Conference for Improving the Use of Medicines Poster 599 Tuesday 15 th November 2011.
DOCUMENT #:GSC15-PLEN-64 FOR:Presentation or Information SOURCE:TTA AGENDA ITEM:Plenary 6.14 CONTACT(S):{kipark, chan, Kishik Park, Kangchan.

DOCUMENT #:GSC15-PLEN-64 FOR:Presentation or Information SOURCE:TTA AGENDA ITEM:Plenary 6.14 CONTACT(S):{kipark, chan, Kishik Park, Kangchan.
ITU Activities on Bridging the Standardization Gap (BSG) ITU Regional Standardization Forum for Africa (Kampala, Uganda, 23-25 June 2014) Vijay Mauree,

ITU Activities on Bridging the Standardization Gap (BSG) ITU Regional Standardization Forum for Africa (Kampala, Uganda, June 2014) Vijay Mauree,
Keeping on top of the Cloud - Compliance from a Regulator’s Perspective Henry Chang, IT Advisor Office of the Privacy Commissioner for Personal Data, Hong.

Keeping on top of the Cloud - Compliance from a Regulator’s Perspective Henry Chang, IT Advisor Office of the Privacy Commissioner for Personal Data, Hong.

Similar presentations

Ads by Google