SlideShare a Scribd company logo

Cloud Security (11-09-2012, (ISC)2 Secure Amsterdam)

Jaap van Ekris
Jaap van Ekris

This presentation shows, through illustration of a case, the issues of storing privacy-sensitive data in the cloud.

TechnologyBusiness
1 of 23
Click to edit Master title style One single cloud to rule them all? © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
Agenda • Introducing my view on the cloud • Introducing a case • One single cloud to rule them all? • Hybrid clouds Click to edit Master title style • Current challenges © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
Introducing myself • Jaap van Ekris • Consultant specialised in high risk and high secure environments • Employed by Delta Pi Click to edit Master title style • Lead architect for several privacy sensitive solutions © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
A trust paradox • From the relation: If you don’t trust them, don’t do business • From technology: Don’t trust them by design Click to edit Master title style © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
Cloud: an architects view • Technically: a cheaper, more public, standardized product that provides much flexibility • Legal: No difference from contract, but privacy laws do introduce pitfalls Click to edit Master title style • Contractmanagement: Much less grip, more hassle? © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
The cloud is no panacea Click to edit Master title style © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
On the other hand… • Our previous hosting provider was specialized/dedicated, but worthless • Cloud solutions are cheap and flexible • We can design the solution to minimize Click to edit and reliability issues trust, privacy Master title style • Separation of powers is a good thing… © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
PALGA foundation • Foundation founded in 1971 • An official medical registration, as described in Dutch Privacy laws • Helps pathologist connect to colleagues on a case-to-case basis, since medical relevancy for diagnosis is measured in decades • Enabler for statistical medical research from Universities that can be observed through pathology reports • Supports national policy development through: Dutch Cancer registration, Cervical and Breast Cancer Screening Programs, Health Care Evaluation and Epidemiological Research Survey • National coverage since 1990 Click to edit Master title style • Patients can opt-out through responsible pathology lab Everything is outsourced…. © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
Pathology as seen on TV... Click to edit Master title style © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
Our infrastructure Pathology Labs Lab (U-DPS) Rapporten (individueel) Aanmelden Patienten Opvragen BVO Historische Gegevens Rapporten Opvragen Patienhistorie Opvragen Patienthistorie ZorgTTP Rapporten (batches) Ruwe DataStore Bijwerken Bijwerken referentietabellen referentietabellen (RDS) LSP Transferium PZVDB Medewerker Referentiesysteem St. Palga Gegevens voor analyse Click to edit Master title style Rule Engine Bijwerken Business rules (ETL) Resultaten (dagelijks) Medewerker Tieto Wetenschappelijke Vraag Medewerker Datawarehouse St. Palga (SAS) Direct Patient care (Central) Scientific Reseach (Central) © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
Different types of data… • Medical data: highly classified, requires specialized hosting or strong encryption • Medical Statistical Queries: confidential, requires a specific SLA • Medical Statistical reports: Semi-public, falls within most SLA’s • E-mail etc.: Nearly public, falls within any Click to SLA Master title style decent edit © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
One mans trash is another's treasure… Click to edit Master title style © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
The power of combination • Data becomes much more valuable when combined with other data sources • You never know your opponent • You never know what his goal with Click to edit Master your data is title style • This might be the clouds biggest threat © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
One single cloud provider? • One single cloud is easy from management perspective • The highest class of privacy starts to dominate requirements quickly (also pushing the cost of public data) • There are very few providers specialized in medical data solutions Click to edit Master title style • Their costs are colossal, own hosting suddenly seems affordable  • Introduces the risk of data recombination © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
Could Amazon solve it? • Reliable platform provider • Privacy laws are an issue: No explicit medical focus and no absolute guarantees about geographic data location • Designing around this problem style Click to edit Master title is possible but comes at a cost: strong encryption is hampering performance of big queries © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
Hybrid cloud • Partially put data in the cloud, partially host your own data • It is one single solution, allowing seamless access to different hosting areas Click to edit Master title style © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
Could Microsoft Azure solve it? • Split data: – Put medical data and queries into own hosting – Put all semi-public and public data into the cloud • Doesn’t fit our philisophy of outsourcing Click to edit Master title style (i.e. hosting our own data) © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
Our final mixed cloud solution • Pseudonimisation: SaaS/SECaas • Critical medical data: PaaS • Secondary data: SaaS, designed as a “disposable” environment Click to edit Master title style • E-Mail, Desktops: DaaS © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
Current Serivceproviders Pathology Labs Lab (U-DPS) Rapporten (individueel) Opvragen BVO Historische Gegevens Rapporten ZorgTTP Rapporten (batches) Ruwe DataStore Bijwerken Bijwerken referentietabellen referentietabellen (RDS) Transferium PZVDB Medewerker Referentiesysteem St. Palga Gegevens voor analyse Click to edit Master title style Rule Engine Bijwerken Business rules (ETL) Resultaten (dagelijks) Medewerker Tieto Wetenschappelijke Vraag Medewerker Datawarehouse St. Palga (SAS) Direct Patient care (Central) Scientific Reseach (Central) © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
Current challenges • Single Sign-On Authentication across different clouds is difficult: – Limiting access to the highly critical environment from a shared DaaS environment is challenging – User management is a lot of work • Defining dataflows crossing the borders of Click to providers is extremely challenging service edit Master title style • Logging of user actions is challenging © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
Worries… • Our platform provider started to host a lot of medical data, Chinese walls are vital in order to comply with privacy laws • The power of combination and reidentification grows by the day, challenging the height of the chinese wall Click to edit Master title style © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
Conclusion • It doesn’t make sense to talk about one single cloud when you have different types of information • Hybrid solutions, or better multiple clouds, would be a more sensible approach Click to edit Master title style © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
Questions? Mail: J.vanEkris@Delta-Pi.nl Watch again: www.slideshare.net/Jaap_van_Ekris Click to edit Master title style © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,

Recommended

(ISC)2 CyberSecureGov 2015 - The Next APT: Advanced, Persistent Tracking
(ISC)2 CyberSecureGov 2015 - The Next APT: Advanced, Persistent Tracking(ISC)2 CyberSecureGov 2015 - The Next APT: Advanced, Persistent Tracking
(ISC)2 CyberSecureGov 2015 - The Next APT: Advanced, Persistent Tracking
G. S. McNamara
 
iTwin
iTwiniTwin
iTwin
Nelson Paulose
 
Introduction to iso 9001
Introduction to iso 9001 Introduction to iso 9001
Introduction to iso 9001
norsaidatul_akmar
 
ShoreTel in Healthcare
ShoreTel in HealthcareShoreTel in Healthcare
ShoreTel in Healthcare
Lanair
 
EGIforum-Amsterdam-15-Sep2010
EGIforum-Amsterdam-15-Sep2010EGIforum-Amsterdam-15-Sep2010
EGIforum-Amsterdam-15-Sep2010
Alex Hardisty
 
Towards a brokering framework for knowledge-based services: Learning from the...
Towards a brokering framework for knowledge-based services: Learning from the...Towards a brokering framework for knowledge-based services: Learning from the...
Towards a brokering framework for knowledge-based services: Learning from the...
Pistoia Alliance
 
Pistoia Alliance SESL pilot Bio IT World Hanover 12 Oct 2011
Pistoia Alliance SESL pilot Bio IT World Hanover 12 Oct 2011Pistoia Alliance SESL pilot Bio IT World Hanover 12 Oct 2011
Pistoia Alliance SESL pilot Bio IT World Hanover 12 Oct 2011
Ian Harrow
 
Aged Care in the Community - The Challenge
Aged Care in the Community - The ChallengeAged Care in the Community - The Challenge
Aged Care in the Community - The Challenge
Health Informatics New Zealand
 

Recommended

(ISC)2 CyberSecureGov 2015 - The Next APT: Advanced, Persistent Tracking
(ISC)2 CyberSecureGov 2015 - The Next APT: Advanced, Persistent Tracking(ISC)2 CyberSecureGov 2015 - The Next APT: Advanced, Persistent Tracking
(ISC)2 CyberSecureGov 2015 - The Next APT: Advanced, Persistent Tracking
G. S. McNamara
 
iTwin
iTwiniTwin
iTwin
Nelson Paulose
 
Introduction to iso 9001
Introduction to iso 9001 Introduction to iso 9001
Introduction to iso 9001
norsaidatul_akmar
 
ShoreTel in Healthcare
ShoreTel in HealthcareShoreTel in Healthcare
ShoreTel in Healthcare
Lanair
 
EGIforum-Amsterdam-15-Sep2010
EGIforum-Amsterdam-15-Sep2010EGIforum-Amsterdam-15-Sep2010
EGIforum-Amsterdam-15-Sep2010
Alex Hardisty
 
Towards a brokering framework for knowledge-based services: Learning from the...
Towards a brokering framework for knowledge-based services: Learning from the...Towards a brokering framework for knowledge-based services: Learning from the...
Towards a brokering framework for knowledge-based services: Learning from the...
Pistoia Alliance
 
Pistoia Alliance SESL pilot Bio IT World Hanover 12 Oct 2011
Pistoia Alliance SESL pilot Bio IT World Hanover 12 Oct 2011Pistoia Alliance SESL pilot Bio IT World Hanover 12 Oct 2011
Pistoia Alliance SESL pilot Bio IT World Hanover 12 Oct 2011
Ian Harrow
 
Aged Care in the Community - The Challenge
Aged Care in the Community - The ChallengeAged Care in the Community - The Challenge
Aged Care in the Community - The Challenge
Health Informatics New Zealand
 
Splunk at Expedia - Gartner Symposium
Splunk at Expedia - Gartner SymposiumSplunk at Expedia - Gartner Symposium
Splunk at Expedia - Gartner Symposium
Eddie Satterly
 
The Pistoia Alliance Information Ecosystem Workshop
The Pistoia Alliance Information Ecosystem WorkshopThe Pistoia Alliance Information Ecosystem Workshop
The Pistoia Alliance Information Ecosystem Workshop
Pistoia Alliance
 
Saiful hidayat 09112012 rancangan ina integrated e-health persixii 1.1
Saiful hidayat 09112012 rancangan ina integrated e-health persixii 1.1Saiful hidayat 09112012 rancangan ina integrated e-health persixii 1.1
Saiful hidayat 09112012 rancangan ina integrated e-health persixii 1.1
Saiful Hidayat
 
"Death Of The Dinosaurs". Presentation by Tony de Bree on the bleak future of...
"Death Of The Dinosaurs". Presentation by Tony de Bree on the bleak future of..."Death Of The Dinosaurs". Presentation by Tony de Bree on the bleak future of...
"Death Of The Dinosaurs". Presentation by Tony de Bree on the bleak future of...
tonydb
 
Physiotherapy at home
Physiotherapy at homePhysiotherapy at home
Physiotherapy at home
George Goh
 
Pistoia Alliance: SESL Pilot for a Biomedical Brokering Service
Pistoia Alliance: SESL Pilot for a Biomedical Brokering ServicePistoia Alliance: SESL Pilot for a Biomedical Brokering Service
Pistoia Alliance: SESL Pilot for a Biomedical Brokering Service
Ian Harrow
 
Pistoia Alliance: Emerging Life Sciences Collaboration on Common Service Spec...
Pistoia Alliance: Emerging Life Sciences Collaboration on Common Service Spec...Pistoia Alliance: Emerging Life Sciences Collaboration on Common Service Spec...
Pistoia Alliance: Emerging Life Sciences Collaboration on Common Service Spec...
Ian Harrow
 
Emerging Life Sciences Collaboration on Common Service Specification
Emerging Life Sciences Collaboration on Common Service SpecificationEmerging Life Sciences Collaboration on Common Service Specification
Emerging Life Sciences Collaboration on Common Service Specification
Pistoia Alliance
 
2021 08-28, QONFEST 2021 - Reliability cenetered maintenance for sleeping giants
2021 08-28, QONFEST 2021 - Reliability cenetered maintenance for sleeping giants2021 08-28, QONFEST 2021 - Reliability cenetered maintenance for sleeping giants
2021 08-28, QONFEST 2021 - Reliability cenetered maintenance for sleeping giants
Jaap van Ekris
 
2020 09-08 - sdn - waarom klanten een hekel aan software ontwikkelaars hebben
2020 09-08 - sdn - waarom klanten een hekel aan software ontwikkelaars hebben2020 09-08 - sdn - waarom klanten een hekel aan software ontwikkelaars hebben
2020 09-08 - sdn - waarom klanten een hekel aan software ontwikkelaars hebben
Jaap van Ekris
 
2018-11-08 risk and reslience festival
2018-11-08 risk and reslience festival2018-11-08 risk and reslience festival
2018-11-08 risk and reslience festival
Jaap van Ekris
 
2015 10-08 Uitwijken, het hoe, waarom en de consequenties
2015 10-08 Uitwijken, het hoe, waarom en de consequenties2015 10-08 Uitwijken, het hoe, waarom en de consequenties
2015 10-08 Uitwijken, het hoe, waarom en de consequenties
Jaap van Ekris
 
2017 03-10 - vu amsterdam - testing safety critical systems
2017 03-10 - vu amsterdam - testing safety critical systems2017 03-10 - vu amsterdam - testing safety critical systems
2017 03-10 - vu amsterdam - testing safety critical systems
Jaap van Ekris
 
2016 11-15 - nvrb - software betrouwbaarheid
2016 11-15 - nvrb - software betrouwbaarheid2016 11-15 - nvrb - software betrouwbaarheid
2016 11-15 - nvrb - software betrouwbaarheid
Jaap van Ekris
 
2016-05-30 risk driven design
2016-05-30 risk driven design2016-05-30 risk driven design
2016-05-30 risk driven design
Jaap van Ekris
 
2016-04-28 - VU Amsterdam - testing safety critical systems
2016-04-28 - VU Amsterdam - testing safety critical systems2016-04-28 - VU Amsterdam - testing safety critical systems
2016-04-28 - VU Amsterdam - testing safety critical systems
Jaap van Ekris
 
2016 02-15 - IASTED Innsbruck 2016 - the role and decompesition of delivery ...
2016 02-15 - IASTED Innsbruck 2016 - the role and decompesition of delivery ...2016 02-15 - IASTED Innsbruck 2016 - the role and decompesition of delivery ...
2016 02-15 - IASTED Innsbruck 2016 - the role and decompesition of delivery ...
Jaap van Ekris
 
2015 05-07 - vu amsterdam - testing safety critical systems
2015 05-07 - vu amsterdam - testing safety critical systems2015 05-07 - vu amsterdam - testing safety critical systems
2015 05-07 - vu amsterdam - testing safety critical systems
Jaap van Ekris
 
TOPAAS Versie 2.0, een praktische inleiding
TOPAAS Versie 2.0, een praktische inleidingTOPAAS Versie 2.0, een praktische inleiding
TOPAAS Versie 2.0, een praktische inleiding
Jaap van Ekris
 
Embedded Systems, Asset or Security Threat? (6 May 2014, (ICS)2 Secure Rotter...
Embedded Systems, Asset or Security Threat? (6 May 2014, (ICS)2 Secure Rotter...Embedded Systems, Asset or Security Threat? (6 May 2014, (ICS)2 Secure Rotter...
Embedded Systems, Asset or Security Threat? (6 May 2014, (ICS)2 Secure Rotter...
Jaap van Ekris
 
Testing Safety Critical Systems (10-02-2014, VU amsterdam)
Testing Safety Critical Systems (10-02-2014, VU amsterdam)Testing Safety Critical Systems (10-02-2014, VU amsterdam)
Testing Safety Critical Systems (10-02-2014, VU amsterdam)
Jaap van Ekris
 
Testing safety critical systems: Practice and Theory (14-05-2013, VU Amsterdam)
Testing safety critical systems: Practice and Theory (14-05-2013, VU Amsterdam)Testing safety critical systems: Practice and Theory (14-05-2013, VU Amsterdam)
Testing safety critical systems: Practice and Theory (14-05-2013, VU Amsterdam)
Jaap van Ekris
 

More Related Content

Similar to Cloud Security (11-09-2012, (ISC)2 Secure Amsterdam)

Splunk at Expedia - Gartner Symposium
Splunk at Expedia - Gartner SymposiumSplunk at Expedia - Gartner Symposium
Splunk at Expedia - Gartner Symposium
Eddie Satterly
 
Saiful hidayat 09112012 rancangan ina integrated e-health persixii 1.1
Saiful hidayat 09112012 rancangan ina integrated e-health persixii 1.1Saiful hidayat 09112012 rancangan ina integrated e-health persixii 1.1
Saiful hidayat 09112012 rancangan ina integrated e-health persixii 1.1
Saiful Hidayat
 

Similar to Cloud Security (11-09-2012, (ISC)2 Secure Amsterdam) (8)

Splunk at Expedia - Gartner Symposium
Splunk at Expedia - Gartner SymposiumSplunk at Expedia - Gartner Symposium
Splunk at Expedia - Gartner Symposium
 
The Pistoia Alliance Information Ecosystem Workshop
The Pistoia Alliance Information Ecosystem WorkshopThe Pistoia Alliance Information Ecosystem Workshop
The Pistoia Alliance Information Ecosystem Workshop
 
Saiful hidayat 09112012 rancangan ina integrated e-health persixii 1.1
Saiful hidayat 09112012 rancangan ina integrated e-health persixii 1.1Saiful hidayat 09112012 rancangan ina integrated e-health persixii 1.1
Saiful hidayat 09112012 rancangan ina integrated e-health persixii 1.1
 
"Death Of The Dinosaurs". Presentation by Tony de Bree on the bleak future of...
"Death Of The Dinosaurs". Presentation by Tony de Bree on the bleak future of..."Death Of The Dinosaurs". Presentation by Tony de Bree on the bleak future of...
"Death Of The Dinosaurs". Presentation by Tony de Bree on the bleak future of...
 
Physiotherapy at home
Physiotherapy at homePhysiotherapy at home
Physiotherapy at home
 
Pistoia Alliance: SESL Pilot for a Biomedical Brokering Service
Pistoia Alliance: SESL Pilot for a Biomedical Brokering ServicePistoia Alliance: SESL Pilot for a Biomedical Brokering Service
Pistoia Alliance: SESL Pilot for a Biomedical Brokering Service
 
Pistoia Alliance: Emerging Life Sciences Collaboration on Common Service Spec...
Pistoia Alliance: Emerging Life Sciences Collaboration on Common Service Spec...Pistoia Alliance: Emerging Life Sciences Collaboration on Common Service Spec...
Pistoia Alliance: Emerging Life Sciences Collaboration on Common Service Spec...
 
Emerging Life Sciences Collaboration on Common Service Specification
Emerging Life Sciences Collaboration on Common Service SpecificationEmerging Life Sciences Collaboration on Common Service Specification
Emerging Life Sciences Collaboration on Common Service Specification
 

More from Jaap van Ekris

2016 02-15 - IASTED Innsbruck 2016 - the role and decompesition of delivery ...
2016 02-15 - IASTED Innsbruck 2016 - the role and decompesition of delivery ...2016 02-15 - IASTED Innsbruck 2016 - the role and decompesition of delivery ...
2016 02-15 - IASTED Innsbruck 2016 - the role and decompesition of delivery ...
Jaap van Ekris
 

More from Jaap van Ekris (20)

2021 08-28, QONFEST 2021 - Reliability cenetered maintenance for sleeping giants
2021 08-28, QONFEST 2021 - Reliability cenetered maintenance for sleeping giants2021 08-28, QONFEST 2021 - Reliability cenetered maintenance for sleeping giants
2021 08-28, QONFEST 2021 - Reliability cenetered maintenance for sleeping giants
 
2020 09-08 - sdn - waarom klanten een hekel aan software ontwikkelaars hebben
2020 09-08 - sdn - waarom klanten een hekel aan software ontwikkelaars hebben2020 09-08 - sdn - waarom klanten een hekel aan software ontwikkelaars hebben
2020 09-08 - sdn - waarom klanten een hekel aan software ontwikkelaars hebben
 
2018-11-08 risk and reslience festival
2018-11-08 risk and reslience festival2018-11-08 risk and reslience festival
2018-11-08 risk and reslience festival
 
2015 10-08 Uitwijken, het hoe, waarom en de consequenties
2015 10-08 Uitwijken, het hoe, waarom en de consequenties2015 10-08 Uitwijken, het hoe, waarom en de consequenties
2015 10-08 Uitwijken, het hoe, waarom en de consequenties
 
2017 03-10 - vu amsterdam - testing safety critical systems
2017 03-10 - vu amsterdam - testing safety critical systems2017 03-10 - vu amsterdam - testing safety critical systems
2017 03-10 - vu amsterdam - testing safety critical systems
 
2016 11-15 - nvrb - software betrouwbaarheid
2016 11-15 - nvrb - software betrouwbaarheid2016 11-15 - nvrb - software betrouwbaarheid
2016 11-15 - nvrb - software betrouwbaarheid
 
2016-05-30 risk driven design
2016-05-30 risk driven design2016-05-30 risk driven design
2016-05-30 risk driven design
 
2016-04-28 - VU Amsterdam - testing safety critical systems
2016-04-28 - VU Amsterdam - testing safety critical systems2016-04-28 - VU Amsterdam - testing safety critical systems
2016-04-28 - VU Amsterdam - testing safety critical systems
 
2016 02-15 - IASTED Innsbruck 2016 - the role and decompesition of delivery ...
2016 02-15 - IASTED Innsbruck 2016 - the role and decompesition of delivery ...2016 02-15 - IASTED Innsbruck 2016 - the role and decompesition of delivery ...
2016 02-15 - IASTED Innsbruck 2016 - the role and decompesition of delivery ...
 
2015 05-07 - vu amsterdam - testing safety critical systems
2015 05-07 - vu amsterdam - testing safety critical systems2015 05-07 - vu amsterdam - testing safety critical systems
2015 05-07 - vu amsterdam - testing safety critical systems
 
TOPAAS Versie 2.0, een praktische inleiding
TOPAAS Versie 2.0, een praktische inleidingTOPAAS Versie 2.0, een praktische inleiding
TOPAAS Versie 2.0, een praktische inleiding
 
Embedded Systems, Asset or Security Threat? (6 May 2014, (ICS)2 Secure Rotter...
Embedded Systems, Asset or Security Threat? (6 May 2014, (ICS)2 Secure Rotter...Embedded Systems, Asset or Security Threat? (6 May 2014, (ICS)2 Secure Rotter...
Embedded Systems, Asset or Security Threat? (6 May 2014, (ICS)2 Secure Rotter...
 
Testing Safety Critical Systems (10-02-2014, VU amsterdam)
Testing Safety Critical Systems (10-02-2014, VU amsterdam)Testing Safety Critical Systems (10-02-2014, VU amsterdam)
Testing Safety Critical Systems (10-02-2014, VU amsterdam)
 
Testing safety critical systems: Practice and Theory (14-05-2013, VU Amsterdam)
Testing safety critical systems: Practice and Theory (14-05-2013, VU Amsterdam)Testing safety critical systems: Practice and Theory (14-05-2013, VU Amsterdam)
Testing safety critical systems: Practice and Theory (14-05-2013, VU Amsterdam)
 
What the hack happened to digi notar (28-10-2011)
What the hack happened to digi notar (28-10-2011)What the hack happened to digi notar (28-10-2011)
What the hack happened to digi notar (28-10-2011)
 
Windows Phone 7 and the cloud, the good, the bad and the ugly (17-06-2011, SDN)
Windows Phone 7 and the cloud, the good, the bad and the ugly (17-06-2011, SDN)Windows Phone 7 and the cloud, the good, the bad and the ugly (17-06-2011, SDN)
Windows Phone 7 and the cloud, the good, the bad and the ugly (17-06-2011, SDN)
 
2011-05-02 - VU Amsterdam - Testing safety critical systems
2011-05-02 - VU Amsterdam - Testing safety critical systems2011-05-02 - VU Amsterdam - Testing safety critical systems
2011-05-02 - VU Amsterdam - Testing safety critical systems
 
2011-04-29 - Risk management conference - Technische IT risico's in de praktijk
2011-04-29 - Risk management conference - Technische IT risico's in de praktijk2011-04-29 - Risk management conference - Technische IT risico's in de praktijk
2011-04-29 - Risk management conference - Technische IT risico's in de praktijk
 
2011-03-12 - PDAtotaal Usergroup meeting - Ervaringen met Windows Phone 7 in ...
2011-03-12 - PDAtotaal Usergroup meeting - Ervaringen met Windows Phone 7 in ...2011-03-12 - PDAtotaal Usergroup meeting - Ervaringen met Windows Phone 7 in ...
2011-03-12 - PDAtotaal Usergroup meeting - Ervaringen met Windows Phone 7 in ...
 
2010-09-21 - (ISC)2 - Protecting patient privacy while enabling medical re…
2010-09-21 - (ISC)2 - Protecting patient privacy while enabling medical re…2010-09-21 - (ISC)2 - Protecting patient privacy while enabling medical re…
2010-09-21 - (ISC)2 - Protecting patient privacy while enabling medical re…
 

Recently uploaded

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 

Recently uploaded (20)

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 

Cloud Security (11-09-2012, (ISC)2 Secure Amsterdam)

  • 1. Click to edit Master title style One single cloud to rule them all? © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
  • 2. Agenda • Introducing my view on the cloud • Introducing a case • One single cloud to rule them all? • Hybrid clouds Click to edit Master title style • Current challenges © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
  • 3. Introducing myself • Jaap van Ekris • Consultant specialised in high risk and high secure environments • Employed by Delta Pi Click to edit Master title style • Lead architect for several privacy sensitive solutions © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
  • 4. A trust paradox • From the relation: If you don’t trust them, don’t do business • From technology: Don’t trust them by design Click to edit Master title style © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
  • 5. Cloud: an architects view • Technically: a cheaper, more public, standardized product that provides much flexibility • Legal: No difference from contract, but privacy laws do introduce pitfalls Click to edit Master title style • Contractmanagement: Much less grip, more hassle? © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
  • 6. The cloud is no panacea Click to edit Master title style © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
  • 7. On the other hand… • Our previous hosting provider was specialized/dedicated, but worthless • Cloud solutions are cheap and flexible • We can design the solution to minimize Click to edit and reliability issues trust, privacy Master title style • Separation of powers is a good thing… © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
  • 8. PALGA foundation • Foundation founded in 1971 • An official medical registration, as described in Dutch Privacy laws • Helps pathologist connect to colleagues on a case-to-case basis, since medical relevancy for diagnosis is measured in decades • Enabler for statistical medical research from Universities that can be observed through pathology reports • Supports national policy development through: Dutch Cancer registration, Cervical and Breast Cancer Screening Programs, Health Care Evaluation and Epidemiological Research Survey • National coverage since 1990 Click to edit Master title style • Patients can opt-out through responsible pathology lab Everything is outsourced…. © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
  • 9. Pathology as seen on TV... Click to edit Master title style © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
  • 10. Our infrastructure Pathology Labs Lab (U-DPS) Rapporten (individueel) Aanmelden Patienten Opvragen BVO Historische Gegevens Rapporten Opvragen Patienhistorie Opvragen Patienthistorie ZorgTTP Rapporten (batches) Ruwe DataStore Bijwerken Bijwerken referentietabellen referentietabellen (RDS) LSP Transferium PZVDB Medewerker Referentiesysteem St. Palga Gegevens voor analyse Click to edit Master title style Rule Engine Bijwerken Business rules (ETL) Resultaten (dagelijks) Medewerker Tieto Wetenschappelijke Vraag Medewerker Datawarehouse St. Palga (SAS) Direct Patient care (Central) Scientific Reseach (Central) © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
  • 11. Different types of data… • Medical data: highly classified, requires specialized hosting or strong encryption • Medical Statistical Queries: confidential, requires a specific SLA • Medical Statistical reports: Semi-public, falls within most SLA’s • E-mail etc.: Nearly public, falls within any Click to SLA Master title style decent edit © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
  • 12. One mans trash is another's treasure… Click to edit Master title style © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
  • 13. The power of combination • Data becomes much more valuable when combined with other data sources • You never know your opponent • You never know what his goal with Click to edit Master your data is title style • This might be the clouds biggest threat © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
  • 14. One single cloud provider? • One single cloud is easy from management perspective • The highest class of privacy starts to dominate requirements quickly (also pushing the cost of public data) • There are very few providers specialized in medical data solutions Click to edit Master title style • Their costs are colossal, own hosting suddenly seems affordable  • Introduces the risk of data recombination © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
  • 15. Could Amazon solve it? • Reliable platform provider • Privacy laws are an issue: No explicit medical focus and no absolute guarantees about geographic data location • Designing around this problem style Click to edit Master title is possible but comes at a cost: strong encryption is hampering performance of big queries © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
  • 16. Hybrid cloud • Partially put data in the cloud, partially host your own data • It is one single solution, allowing seamless access to different hosting areas Click to edit Master title style © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
  • 17. Could Microsoft Azure solve it? • Split data: – Put medical data and queries into own hosting – Put all semi-public and public data into the cloud • Doesn’t fit our philisophy of outsourcing Click to edit Master title style (i.e. hosting our own data) © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
  • 18. Our final mixed cloud solution • Pseudonimisation: SaaS/SECaas • Critical medical data: PaaS • Secondary data: SaaS, designed as a “disposable” environment Click to edit Master title style • E-Mail, Desktops: DaaS © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
  • 19. Current Serivceproviders Pathology Labs Lab (U-DPS) Rapporten (individueel) Opvragen BVO Historische Gegevens Rapporten ZorgTTP Rapporten (batches) Ruwe DataStore Bijwerken Bijwerken referentietabellen referentietabellen (RDS) Transferium PZVDB Medewerker Referentiesysteem St. Palga Gegevens voor analyse Click to edit Master title style Rule Engine Bijwerken Business rules (ETL) Resultaten (dagelijks) Medewerker Tieto Wetenschappelijke Vraag Medewerker Datawarehouse St. Palga (SAS) Direct Patient care (Central) Scientific Reseach (Central) © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
  • 20. Current challenges • Single Sign-On Authentication across different clouds is difficult: – Limiting access to the highly critical environment from a shared DaaS environment is challenging – User management is a lot of work • Defining dataflows crossing the borders of Click to providers is extremely challenging service edit Master title style • Logging of user actions is challenging © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
  • 21. Worries… • Our platform provider started to host a lot of medical data, Chinese walls are vital in order to comply with privacy laws • The power of combination and reidentification grows by the day, challenging the height of the chinese wall Click to edit Master title style © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
  • 22. Conclusion • It doesn’t make sense to talk about one single cloud when you have different types of information • Hybrid solutions, or better multiple clouds, would be a more sensible approach Click to edit Master title style © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,
  • 23. Questions? Mail: J.vanEkris@Delta-Pi.nl Watch again: www.slideshare.net/Jaap_van_Ekris Click to edit Master title style © Copyright 1989 – 2010, (ISC)2 All Rights Reserved 2011,

Editor's Notes

  1. Withourprevious hosting provider, we spendmonths tracking down backups…
  2. Editor: Mat Honan
  3. Secundairy Data: anonymous sets