Sensitive data in the cloud?You can’t do that!

https://stocksnap.io/photo/BT3AB7N2RZ

Rune Andreas GrimstadHemit

rag@rag.no@runegri

Actually, you can!… you just have to know what you are doing

https://upload.wikimedia.org/wikipedia/commons/f/f5/Free-ride.jpg

So what is the problem?

https://upload.wikimedia.org/wikipedia/commons/d/de/Suricate,_Namibia_(2813287155).jpg

The insecure cloud is a myth

https://commons.wikimedia.org/wiki/File:Hercules_and_Cerberus_LACMA_65.37.151.jpg

Sensitive data isinformation you don’t want to share

http://www.strategiesonline.net/wp-content/uploads/2015/07/combination-locks.jpg

Levels of sensitivity

https://upload.wikimedia.org/wikipedia/commons/5/5e/Felis_-_cats,_Plate_CXCI,_A._Bell.jpg

• Directly identifiable• Indirectly identifiable• Anonymous• Not sensitive

Traditional thinkingProtecting your data in your local datacenter

http://www.intuitiveaccountant.com/downloads/2552/download/messy.jpg

How is the cloud different?

https://www.flickr.com/photos/httpwwwflickrcomphotostopend/2254825592

Protecting your data in the cloud

https://upload.wikimedia.org/wikipedia/commons/3/3a/General_Emilio_Campa_and_his_bodyguards,_Mexican_War,_1912.jpg

• At rest• In transit• In use

• Confidentiality• Integrity

Data in use

https://upload.wikimedia.org/wikipedia/commons/d/d5/Sabu_with_his_Tandy_1000_Computer.jpg

Data in transit

https://upload.wikimedia.org/wikipedia/commons/4/4c/Gepardjagt1_(Acinonyx_jubatus).jpg

Data at rest

http://www.publicdomainpictures.net/pictures/160000/velka/chaton-en-train-de-dormir.jpg

The government

https://upload.wikimedia.org/wikipedia/commons/f/f3/Uncle_Sam_(pointing_finger).jpg

The cloud is safer than running locally

https://c2.staticflickr.com/4/3688/11314617665_ab5f32763f_b.jpg

What does the law say?(in Norway)

https://www.flickr.com/photos/60588258@N00/3293465641

If you are still uncertainUse hybrid solutions!

https://www.flickr.com/photos/torek/4444673930

My applicationMRS Resultat

https://upload.wikimedia.org/wikipedia/commons/5/5e/Felis_-_cats,_Plate_CXCI,_A._Bell.jpg

Another exampleReal-time analysis of medical sensors

https://customers.microsoft.com/Pages/CustomerStory.aspx?recid=23444

Securing your applicationIn Azure

https://upload.wikimedia.org/wikipedia/commons/3/35/Tank_convoy_141018-A-JI163-170.jpg

If you’re not on AzureAWS and Google

https://upload.wikimedia.org/wikipedia/commons/4/43/Pair_of_mandarin_ducks.jpg

In summaryIf you know what you are doing then the cloud is safe

https://upload.wikimedia.org/wikipedia/commons/5/5e/Felis_-_cats,_Plate_CXCI,_A._Bell.jpg

Some references

• Analysis of the NYC taxi data sethttp://bit.ly/1XVsny0

• An article about the danish railways and azurehttp://bit.ly/24n7Kum

• The Norwegian Data Protection Authority’s guide for cloud services (in Norwegian)http://bit.ly/25oybFM

• The Norwegian government’s national strategy for cloud services (in Norwegian)http://bit.ly/25kQRmq

• The Owasp Cheat Sheets on Authentication and Access Control• https://www.owasp.org/index.php/Authentication_Cheat_Sheet • https://www.owasp.org/index.php/Access_Control_Cheat_Sheet

More references

• Identity management in Azure sample apphttps://github.com/Azure-Samples/guidance-identity-management-for-multitenant-apps

• Azure Key Vaulthttps://azure.microsoft.com/en-us/documentation/articles/guidance-multitenant-identity-keyvault/

• Client-side encryption with Azure and Key Vaulthttps://azure.microsoft.com/en-us/documentation/articles/storage-client-side-encryption/

• Azure Storage Service Encryption• https://azure.microsoft.com/en-us/documentation/articles/storage-

service-encryption/