The operative application of defined controls for the protection of PII is widely affected by the “cluster” of providers/sub-providers involved in the operation of a specific cloud service; therefore, any attempt to provide guidelines for this can be made only at a general level. Since the goal of applying data protection measures is to fulfill…
Category: compliance
Data Protection on the Cloud
Data protection policies should include guidelines for the different data lifecycle phases. In the cloud, the following three policies should receive proper adjustments and attention: Data retention Data deletion Data archiving Policies serve as the operational foundation for all aspects of data management and should be clearly reflected in data retention, deletion, and archival activities….
Data Classification for P&DP Purposes
The figure below provides a quick recap of the main input entities for data classification regarding P&DP. Data classification can be accomplished in different ways ranging from “tagging” the data by using other external information, to extrapolating the classification from the content of the data. The latter method, however, may raise some concerns because, according…
Classification of Discovered Sensitive Data
Classification of data for the purpose of compliance with the applicable privacy and data protection laws plays an essential role for the operative control of those elements that are the feeds of the P&DP compliance. This means that not only the “nature” of the data should be traced with classification but also its relationship with…
Data Classification
Data classification as a part of the information lifecycle management (ILM) process can be defined as a tool for categorization of data to help an organization to effectively answer the following questions: What data types are available? Where is certain data located? What access levels are implemented? What protection level is implemented, and does it…
Challenges with Data Discovery in the Cloud
As a cloud security professional, you need to be prepared to generate solutions to overcome these obstacles: Identifying where your data is: The idea of data in the cloud is at once both liberating and terrifying. The ability to have data available “on real-time demand,” across almost any platform and access mechanism, is an incredible…
Implementation of Data Discovery
The implementation of data discovery solutions provides an operative foundation for effective application and governance for any of the P&DP (Privacy and Data Protection) compliance. From the customer’s perspective: The customers, in the role of data controllers, have full responsibility for compliance with the P&DP laws’ obligations. The implementation of data discovery solutions and data…
Data Deletion and Media Sanitization
Data represents a very important enterprise asset. That makes the use of cloud-based services a significant risk. To mitigate that risk, organizations must consider options for removing their data from the cloud should the requirement arise. These environments host multiple types, structures, and components of data among various resources. For components within a multitenant environment,…
Key Management in Software Environments
Typically, cloud service providers protect keys using software-based solutions in order to avoid the additional cost and overhead of hardware-based security models. Note that software-based key management solutions do not meet the physical security requirements specified in the National Institute of Standards and Technology (NIST) Federal Information Processing Standards (FIPS) Publication 140-2 or 140-3 specifications….
Cloud Data Encryption Architecture and Options
Encryption architecture is very much dependent on the goals of the encryption solutions, along with the cloud delivery mechanism. Protecting data at rest from local compromise or unauthorized access differs significantly from protecting data in motion into the cloud. Adding additional controls to protect the integrity and availability of data can further complicate the process….