Sensitive data in the cloud - you can't do that
Transcript of Sensitive data in the cloud - you can't do that
![Page 1: Sensitive data in the cloud - you can't do that](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6db1797f8b9aec418b5e33/html5/thumbnails/1.jpg)
Sensitive data in the cloud?You can’t do that!
https://stocksnap.io/photo/BT3AB7N2RZ
Rune Andreas GrimstadHemit
[email protected]@runegri
![Page 2: Sensitive data in the cloud - you can't do that](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6db1797f8b9aec418b5e33/html5/thumbnails/2.jpg)
Actually, you can!… you just have to know what you are doing
https://upload.wikimedia.org/wikipedia/commons/f/f5/Free-ride.jpg
![Page 3: Sensitive data in the cloud - you can't do that](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6db1797f8b9aec418b5e33/html5/thumbnails/3.jpg)
So what is the problem?
https://upload.wikimedia.org/wikipedia/commons/d/de/Suricate,_Namibia_(2813287155).jpg
![Page 4: Sensitive data in the cloud - you can't do that](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6db1797f8b9aec418b5e33/html5/thumbnails/4.jpg)
The insecure cloud is a myth
https://commons.wikimedia.org/wiki/File:Hercules_and_Cerberus_LACMA_65.37.151.jpg
![Page 5: Sensitive data in the cloud - you can't do that](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6db1797f8b9aec418b5e33/html5/thumbnails/5.jpg)
Sensitive data isinformation you don’t want to share
http://www.strategiesonline.net/wp-content/uploads/2015/07/combination-locks.jpg
![Page 6: Sensitive data in the cloud - you can't do that](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6db1797f8b9aec418b5e33/html5/thumbnails/6.jpg)
Levels of sensitivity
https://upload.wikimedia.org/wikipedia/commons/5/5e/Felis_-_cats,_Plate_CXCI,_A._Bell.jpg
• Directly identifiable• Indirectly identifiable• Anonymous• Not sensitive
![Page 7: Sensitive data in the cloud - you can't do that](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6db1797f8b9aec418b5e33/html5/thumbnails/7.jpg)
Traditional thinkingProtecting your data in your local datacenter
http://www.intuitiveaccountant.com/downloads/2552/download/messy.jpg
![Page 8: Sensitive data in the cloud - you can't do that](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6db1797f8b9aec418b5e33/html5/thumbnails/8.jpg)
How is the cloud different?
https://www.flickr.com/photos/httpwwwflickrcomphotostopend/2254825592
![Page 9: Sensitive data in the cloud - you can't do that](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6db1797f8b9aec418b5e33/html5/thumbnails/9.jpg)
Protecting your data in the cloud
https://upload.wikimedia.org/wikipedia/commons/3/3a/General_Emilio_Campa_and_his_bodyguards,_Mexican_War,_1912.jpg
• At rest• In transit• In use
• Confidentiality• Integrity
![Page 10: Sensitive data in the cloud - you can't do that](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6db1797f8b9aec418b5e33/html5/thumbnails/10.jpg)
Data in use
https://upload.wikimedia.org/wikipedia/commons/d/d5/Sabu_with_his_Tandy_1000_Computer.jpg
![Page 11: Sensitive data in the cloud - you can't do that](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6db1797f8b9aec418b5e33/html5/thumbnails/11.jpg)
Data in transit
https://upload.wikimedia.org/wikipedia/commons/4/4c/Gepardjagt1_(Acinonyx_jubatus).jpg
![Page 12: Sensitive data in the cloud - you can't do that](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6db1797f8b9aec418b5e33/html5/thumbnails/12.jpg)
Data at rest
http://www.publicdomainpictures.net/pictures/160000/velka/chaton-en-train-de-dormir.jpg
![Page 13: Sensitive data in the cloud - you can't do that](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6db1797f8b9aec418b5e33/html5/thumbnails/13.jpg)
The government
https://upload.wikimedia.org/wikipedia/commons/f/f3/Uncle_Sam_(pointing_finger).jpg
![Page 14: Sensitive data in the cloud - you can't do that](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6db1797f8b9aec418b5e33/html5/thumbnails/14.jpg)
The cloud is safer than running locally
https://c2.staticflickr.com/4/3688/11314617665_ab5f32763f_b.jpg
![Page 15: Sensitive data in the cloud - you can't do that](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6db1797f8b9aec418b5e33/html5/thumbnails/15.jpg)
What does the law say?(in Norway)
https://www.flickr.com/photos/60588258@N00/3293465641
![Page 16: Sensitive data in the cloud - you can't do that](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6db1797f8b9aec418b5e33/html5/thumbnails/16.jpg)
If you are still uncertainUse hybrid solutions!
https://www.flickr.com/photos/torek/4444673930
![Page 17: Sensitive data in the cloud - you can't do that](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6db1797f8b9aec418b5e33/html5/thumbnails/17.jpg)
My applicationMRS Resultat
https://upload.wikimedia.org/wikipedia/commons/5/5e/Felis_-_cats,_Plate_CXCI,_A._Bell.jpg
![Page 18: Sensitive data in the cloud - you can't do that](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6db1797f8b9aec418b5e33/html5/thumbnails/18.jpg)
Another exampleReal-time analysis of medical sensors
https://customers.microsoft.com/Pages/CustomerStory.aspx?recid=23444
![Page 19: Sensitive data in the cloud - you can't do that](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6db1797f8b9aec418b5e33/html5/thumbnails/19.jpg)
Securing your applicationIn Azure
https://upload.wikimedia.org/wikipedia/commons/3/35/Tank_convoy_141018-A-JI163-170.jpg
![Page 20: Sensitive data in the cloud - you can't do that](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6db1797f8b9aec418b5e33/html5/thumbnails/20.jpg)
If you’re not on AzureAWS and Google
https://upload.wikimedia.org/wikipedia/commons/4/43/Pair_of_mandarin_ducks.jpg
![Page 21: Sensitive data in the cloud - you can't do that](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6db1797f8b9aec418b5e33/html5/thumbnails/21.jpg)
In summaryIf you know what you are doing then the cloud is safe
https://upload.wikimedia.org/wikipedia/commons/5/5e/Felis_-_cats,_Plate_CXCI,_A._Bell.jpg
![Page 22: Sensitive data in the cloud - you can't do that](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6db1797f8b9aec418b5e33/html5/thumbnails/22.jpg)
Some references
• Analysis of the NYC taxi data sethttp://bit.ly/1XVsny0
• An article about the danish railways and azurehttp://bit.ly/24n7Kum
• The Norwegian Data Protection Authority’s guide for cloud services (in Norwegian)http://bit.ly/25oybFM
• The Norwegian government’s national strategy for cloud services (in Norwegian)http://bit.ly/25kQRmq
• The Owasp Cheat Sheets on Authentication and Access Control• https://www.owasp.org/index.php/Authentication_Cheat_Sheet • https://www.owasp.org/index.php/Access_Control_Cheat_Sheet
![Page 23: Sensitive data in the cloud - you can't do that](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6db1797f8b9aec418b5e33/html5/thumbnails/23.jpg)
More references
• Identity management in Azure sample apphttps://github.com/Azure-Samples/guidance-identity-management-for-multitenant-apps
• Azure Key Vaulthttps://azure.microsoft.com/en-us/documentation/articles/guidance-multitenant-identity-keyvault/
• Client-side encryption with Azure and Key Vaulthttps://azure.microsoft.com/en-us/documentation/articles/storage-client-side-encryption/
• Azure Storage Service Encryption• https://azure.microsoft.com/en-us/documentation/articles/storage-
service-encryption/