Weitere ähnliche Inhalte
Ähnlich wie CSA Concepts of Sovereignty & Cloud User Rights (20)
Kürzlich hochgeladen (20)
CSA Concepts of Sovereignty & Cloud User Rights
- 2. www.cloudsecurityalliance.orgCopyright © 2012 New Zealand Cloud Security AllianceCopyright © 2014 Cloud Security Alliance New Zealand Chapter
Global, not-for-profit organization
Members
Over 49,000 individual members
200 corporate members
70 chapters worldwide
Established with the aim of bringing trust to
the cloud
30 research groups with 25 research
projects
- 3. www.cloudsecurityalliance.orgCopyright © 2012 New Zealand Cloud Security AllianceCopyright © 2014 Cloud Security Alliance New Zealand Chapter
Over 300 hundred members
Main focus is research in
Data governance
Privacy
Cloud Assurance
Cloud Auditing
- 5. www.cloudsecurityalliance.orgCopyright © 2012 New Zealand Cloud Security AllianceCopyright © 2014 Cloud Security Alliance New Zealand Chapter
Preservation of sovereignty is a Noble
cause
Enshrined in constitutions, Legislation and
Patriotism
To preserve peace
To protect territory against the hostile elements
To protect its citizens
To guarantee freedom
- 6. www.cloudsecurityalliance.orgCopyright © 2012 New Zealand Cloud Security AllianceCopyright © 2014 Cloud Security Alliance New Zealand Chapter
Countries take various steps to preserve
sovereignty of the state without infringing
the rights of his/her own citizens through
Proactive actions
Reactive actions
- 7. www.cloudsecurityalliance.orgCopyright © 2012 New Zealand Cloud Security AllianceCopyright © 2014 Cloud Security Alliance New Zealand Chapter
Legal or not Legal?
Sovereignty of State
Reactive
Police Military
Proactive
Intelligence
Agencies
Counter Operational
- 8. www.cloudsecurityalliance.orgCopyright © 2012 New Zealand Cloud Security AllianceCopyright © 2014 Cloud Security Alliance New Zealand Chapter
Government develops legislative measures
to enhance these agencies by National
security laws meant to protect citizen’s
Fundamental rights
Freedom
Democracy
Country
- 10. www.cloudsecurityalliance.orgCopyright © 2012 New Zealand Cloud Security AllianceCopyright © 2014 Cloud Security Alliance New Zealand Chapter
Various covert and overt operations are
under fire
These operations reflect national security
but overrides fundamental rights
(Globalization)
Operations take strength from legislation
- 12. www.cloudsecurityalliance.orgCopyright © 2012 New Zealand Cloud Security AllianceCopyright © 2014 Cloud Security Alliance New Zealand Chapter
Country National Security Laws Tolerance
USA Foreign Intelligence Security Act (FISA)
PATRIOT ACT
Justifies PRISM
Zero tolerance for Foreigners
US Citizens safe
UK Regulation of Investigatory Powers Act
2000 section 22(2)
Telecommunications Act 1984 section 94
Tempora Program targets Citizens and
Non Citizens
Sweden Act 2008:717 on signals intelligence
within defence intelligence operations
Act 2009:966 on the Intelligence Court
Decree 2009:968
Gathering information
Has some weakness
France Code de la Sécurité Intérieure Book 2,
Title IV of this Code.
Anti-Terror Act 2006
CNCIS
Targeted surveillance
Extends powers to gather telecom
data directly from providers
- 13. www.cloudsecurityalliance.orgCopyright © 2012 New Zealand Cloud Security AllianceCopyright © 2014 Cloud Security Alliance New Zealand Chapter
Country National Security Laws Tolerance
Germany G-10 Law Warrantless automated wiretaps of
domestic and international
Communications
Netherlands Dutch Intelligence and Security Act 2002 Does not permit wiretap
European
Union
Directive 95/46/EC, Article 13 Exemption to data protection
European
Union
Convention for the Protection of
Individuals with regard to Automatic
Processing of Personal Data
Exemption in Article 9 and Article
16
International Convention on Cybercrime Article 27 and 30
- 14. www.cloudsecurityalliance.orgCopyright © 2012 New Zealand Cloud Security AllianceCopyright © 2014 Cloud Security Alliance New Zealand Chapter
Country User Data
Requests
Percentage of
requests where
some data
produced
Users/Accounts
Specified
Total > 27477 64% > 42648
United States 10,574 83% 18,254
France 2,750 51% 3,378
Germany 2,660 40% 3,255
India 2,513 66% 4,401
United Kingdom 1,397 69% 3,142
Brazil 1,085 49% 1,471
Italy 896 42% 1,084
Australia 780 70% 944
Singapore 755 68% 847
Spain 545 53% 761
Poland 502 23% 740
- 19. www.cloudsecurityalliance.orgCopyright © 2012 New Zealand Cloud Security AllianceCopyright © 2014 Cloud Security Alliance New Zealand Chapter
41%
46%
13%
Survey Results 423 responses
Patriot Act Repealed
Patriot Act Modified
Patriot Act is Fine
- 21. www.cloudsecurityalliance.orgCopyright © 2012 New Zealand Cloud Security AllianceCopyright © 2014 Cloud Security Alliance New Zealand Chapter
User rights are aggravated by
Lack of transparency manifested by the cloud
service providers and governments
Inadequate cloud security standards
Evolving nature of cloud computing
Risks
Jurisdictional laws and conflicts
- 23. www.cloudsecurityalliance.orgCopyright © 2012 New Zealand Cloud Security AllianceCopyright © 2014 Cloud Security Alliance New Zealand Chapter
Article II 3(b), (c), (d) and (e) United Nations
Guidelines for Consumer Protection
(b) The promotion and protection of the economic
interests of consumers;
(c) Access of consumers to adequate information to
enable them to make informed choices according to
individual wishes and needs;
(d) Consumer education, including education on the
environmental, social and economic impacts of
consumer choice
(e) Availability of effective consumer redress.
- 24. www.cloudsecurityalliance.orgCopyright © 2012 New Zealand Cloud Security AllianceCopyright © 2014 Cloud Security Alliance New Zealand Chapter
Transparency
• What information is
disclosed by CSP
Legal Protection
• What legal protection
is offered?
Compliance
• What standards and
laws?
Accountability
• How grievance is
addressed?
Cloud
Governance
- 25. www.cloudsecurityalliance.orgCopyright © 2012 New Zealand Cloud Security AllianceCopyright © 2014 Cloud Security Alliance New Zealand Chapter
Right to know reforms…..
Disclosure of information to inform cloud
user that impact his data rights related to
Jurisdiction
Legal issues
Data protection laws
Compliance to relevant policies, law enforcement
Redress, complains
- 26. www.cloudsecurityalliance.orgCopyright © 2012 New Zealand Cloud Security AllianceCopyright © 2014 Cloud Security Alliance New Zealand Chapter
Assess legal and jurisdictional risks
Contracts must be enforceable
Flexible contracts to allow cloud user
requirements
Choice of court
Arbitration
Ensure data protection under cloud user
laws
- 27. www.cloudsecurityalliance.orgCopyright © 2012 New Zealand Cloud Security AllianceCopyright © 2014 Cloud Security Alliance New Zealand Chapter
Cloud Service provider displays compliance
to
Relevant provisions of laws
Security standards, best practices
Legal protection not to show data to third party
Transparency, legal protection and compliance to
standards show accountability
- 28. www.cloudsecurityalliance.orgCopyright © 2012 New Zealand Cloud Security AllianceCopyright © 2014 Cloud Security Alliance New Zealand Chapter
Cloud service provider displays information
to show
Accountability processes
Breach of security
Electronic dispute resolution
Liability
Choice of court
- 29. www.cloudsecurityalliance.orgCopyright © 2012 New Zealand Cloud Security AllianceCopyright © 2014 Cloud Security Alliance New Zealand Chapter
Four Elements
Transparency
ISO 27001 CCM
SSAE 16 SOC2 Type 2/ ISAE 3402
STAR Registry (CAIQ, CCM)
Disclosure of laws
Breach notification
Legal
Protection
Choice of court
Flexible contracts
Enforceable contracts
Compliance
Standards
Contracts
User laws
Accountability
Liability
Dispute resolution
- 30. www.cloudsecurityalliance.orgCopyright © 2012 New Zealand Cloud Security AllianceCopyright © 2014 Cloud Security Alliance New Zealand Chapter
Foundation for data governance
Need your cooperation to build strong
research
Presenting a proposal for new standards
on data sovereignity
- 31. www.cloudsecurityalliance.orgCopyright © 2012 New Zealand Cloud Security AllianceCopyright © 2014 Cloud Security Alliance New Zealand Chapter
r.ahmad@cloudsecurityalliance.org.nz
Join Hands for Cloud and
Cyber Security to Secure
Community