sensitive data in the cloud - you can't do that
TRANSCRIPT
Sensitive data in the cloud?You can’t do that!
https://stocksnap.io/photo/BT3AB7N2RZ
Rune Andreas GrimstadHemit
[email protected]@runegri
Actually, you can!… you just have to know what you are doing
https://upload.wikimedia.org/wikipedia/commons/f/f5/Free-ride.jpg
So what is the problem?
https://upload.wikimedia.org/wikipedia/commons/d/de/Suricate,_Namibia_(2813287155).jpg
The insecure cloud is a myth
https://commons.wikimedia.org/wiki/File:Hercules_and_Cerberus_LACMA_65.37.151.jpg
Sensitive data isinformation you don’t want to share
http://www.strategiesonline.net/wp-content/uploads/2015/07/combination-locks.jpg
Levels of sensitivity
https://upload.wikimedia.org/wikipedia/commons/5/5e/Felis_-_cats,_Plate_CXCI,_A._Bell.jpg
• Directly identifiable• Indirectly identifiable• Anonymous• Not sensitive
Traditional thinkingProtecting your data in your local datacenter
http://www.intuitiveaccountant.com/downloads/2552/download/messy.jpg
How is the cloud different?
https://www.flickr.com/photos/httpwwwflickrcomphotostopend/2254825592
Protecting your data in the cloud
https://upload.wikimedia.org/wikipedia/commons/3/3a/General_Emilio_Campa_and_his_bodyguards,_Mexican_War,_1912.jpg
• At rest• In transit• In use
• Confidentiality• Integrity
Data in use
https://upload.wikimedia.org/wikipedia/commons/d/d5/Sabu_with_his_Tandy_1000_Computer.jpg
Data in transit
https://upload.wikimedia.org/wikipedia/commons/4/4c/Gepardjagt1_(Acinonyx_jubatus).jpg
Data at rest
http://www.publicdomainpictures.net/pictures/160000/velka/chaton-en-train-de-dormir.jpg
The government
https://upload.wikimedia.org/wikipedia/commons/f/f3/Uncle_Sam_(pointing_finger).jpg
The cloud is safer than running locally
https://c2.staticflickr.com/4/3688/11314617665_ab5f32763f_b.jpg
What does the law say?(in Norway)
https://www.flickr.com/photos/60588258@N00/3293465641
If you are still uncertainUse hybrid solutions!
https://www.flickr.com/photos/torek/4444673930
My applicationMRS Resultat
https://upload.wikimedia.org/wikipedia/commons/5/5e/Felis_-_cats,_Plate_CXCI,_A._Bell.jpg
Another exampleReal-time analysis of medical sensors
https://customers.microsoft.com/Pages/CustomerStory.aspx?recid=23444
Securing your applicationIn Azure
https://upload.wikimedia.org/wikipedia/commons/3/35/Tank_convoy_141018-A-JI163-170.jpg
If you’re not on AzureAWS and Google
https://upload.wikimedia.org/wikipedia/commons/4/43/Pair_of_mandarin_ducks.jpg
In summaryIf you know what you are doing then the cloud is safe
https://upload.wikimedia.org/wikipedia/commons/5/5e/Felis_-_cats,_Plate_CXCI,_A._Bell.jpg
Some references
• Analysis of the NYC taxi data sethttp://bit.ly/1XVsny0
• An article about the danish railways and azurehttp://bit.ly/24n7Kum
• The Norwegian Data Protection Authority’s guide for cloud services (in Norwegian)http://bit.ly/25oybFM
• The Norwegian government’s national strategy for cloud services (in Norwegian)http://bit.ly/25kQRmq
• The Owasp Cheat Sheets on Authentication and Access Control• https://www.owasp.org/index.php/Authentication_Cheat_Sheet • https://www.owasp.org/index.php/Access_Control_Cheat_Sheet
More references
• Identity management in Azure sample apphttps://github.com/Azure-Samples/guidance-identity-management-for-multitenant-apps
• Azure Key Vaulthttps://azure.microsoft.com/en-us/documentation/articles/guidance-multitenant-identity-keyvault/
• Client-side encryption with Azure and Key Vaulthttps://azure.microsoft.com/en-us/documentation/articles/storage-client-side-encryption/
• Azure Storage Service Encryption• https://azure.microsoft.com/en-us/documentation/articles/storage-
service-encryption/