Cloud Computing Essentials · Cloud Computing Essentials ... gk3210
Security of Cloud Computing Applications in Smart Cities
16
Charles Mok Legislative Councillor (Information Technology)
-
Upload
charles-mok -
Category
Internet
-
view
291 -
download
0
Transcript of Security of Cloud Computing Applications in Smart Cities
Charles Mok
Legislative Councillor
(Information Technology)
An evolution of Smart Cities
Making cities more efficient
but also
more vulnerable
4
New economic and social
opportunities from the
Internet of Things
Smart Services:
Interconnected data,
infrastructures and services,
enabled by ICT
5
SMART CITY ARCHITECTURE
Applications satellite imagery, aerial mapping, GPS, building management
system, CCTV, GIS
Information user, document, industry, business, revenue, circulation
Management
Integration of communication protocols Wireless, Bluetooth, Wi-Fi, 3/4/5G, M2M, embedded network
6
7
Intelligent street lighting
Intelligent building
Intelligent transportation
Smart transit
8
SMART CITIES PRESENT
AND CONTAIN VALUABLE
INFORMATION
LARGE-SCALE HAVOC
THROUGH DISRUPTIONS
AND DAMAGE
SECURITY IN SMART CITIES
9
SECURITY
BREACH PRIVACY
CYBER-
ATTACKS HACKING
DATA THEFT
MAIN CAUSES OF DATA BREACHES
10
System glitches Malicious attacks Human factor
29% 36% 35%
Source: 2013 Cost of Data Breach Study: Global Analysis“
by Symantec and the Ponemon Institute.
11
Source: Techcrunch
3 KEY ISSUES
Security
Is the data protected from theft, leakage,
spying or attacks?
What is the level of control and
protection?
Residency
Where is the data stored?
geographically disbursed?
What to do with data in transit & outside territory?
Privacy
Who can see personally identifiable
information (PII)?
Storing, transferring, locating and protecting PII
13
GOOD SECURITY PRACTICE AND
CENTRALISED DATA COLLECTION
& MANAGEMENT
PLANNING AHEAD:
STRATEGIC APPROACH
Multiple layers:
Physical security (facilities)
Network security (infrastructure)
System security (IT systems)
Application and data security
SECURITY BY DESIGN
• Identify critical data and risk entry points
• Identification and Access controls
• Encryption key management
• Disaster Recovery and Continuity
• Breach notification and data residency
• Data management at rest
• Data protection in motion
• Long-term resiliency of the encryption system
• Educate people, improve governance and compliance
15
16
