Security of Cloud Computing Applications in Smart Cities
-
Upload
charles-mok -
Category
Technology
-
view
344 -
download
1
description
Transcript of Security of Cloud Computing Applications in Smart Cities
SECURITY
OF CLO
UD
COMPUTI
NG
APPLIC
ATIO
NS IN S
MART
CITIE
S
BS
I I NF
OR
MA
TI O
N &
CL
OU
D S
EC
UR
I TY
SE
MI N
AR
20
14
Charles MokLegislative Councillor
(Information Technology)
An evolution of Smart Cities
Making cities more efficient but also
more vulnerable
3
New economic and social opportunities from the Internet of Things
Smart Services:Interconnected data, infrastructures and services, enabled by ICT
4
SMART CITY ARCHITECTURE
Applicationssatellite imagery, aerial mapping, GPS, building management system, CCTV, GIS
Informationuser, document, industry, business, revenue, circulation
Management
Integration of communication protocolsWireless, Bluetooth, Wi-Fi, 3/4/5G, M2M, embedded network
5
EXAMPLES
• Smart grids and smart metering• Intelligence transportation• Smart and connected healthcare• Public safety and emergency services• Wireless connection• Intelligent buildings
6
SENSITIVE DATA IN THE CLOUD
Personally Identifiable Information examples
• Geolocation data
• Medical records
• Banking and insurance records
• Emails and other instant communication
Any serious breach will cause financial, data, credibility and reputational loss or damage
CHALLENGES
8
SECURITY PRIVACY
RESILIENCE RELIABILIT
YINTEGRITY
CONCERNS IN SMART CITY
Data collector/own
er• Outsourcing:
How to select a cloud vendor?
• How to maintain direct control to safeguard data integrity?
Cloud service providers
• How to satisfy data residency and privacy requirements
• How to remain flexible and provide cost-effective service?
Regulator
• Formulation of relevant standards and practices
• How to ensure adoption and compliance?
• Would sensitive data end up overseas?
End-users
• Are my data safe in the cloud?
• Would I know if there is security or privacy breach?
3 KEY ISSUES
Security
Is the data protected from theft, leakage, spying or attacks?
What is the level of control
and protection?
Residency
Where is the data stored?
geographically disbursed?
What to do with data in
transit & outside
territory?
Privacy
Who can see personally identifiable information
(PII)?
Storing, transferring, locating and protecting PII
Challenges of smart city
services
Maintaining ownership and control
of data
Info on 3rd party service
and distributed
infrastructure Deliver
resiliency, availability
and flexibility of smart services
MAIN CAUSES OF DATA BREACHES
12
System glitches
Malicious attacks
Human factor
29%
36%
35%
Source: 2013 Cost of Data Breach Study: Global Analysis“by Symantec and the Ponemon Institute.
13
Source: Techcrunch
14
NO PRIVACY FOR DIGITAL
CITIZENS?
DATA IS EVERYWHERE
PLANNING AHEAD: STRATEGIC APPROACH• Multiple layers:
Physical security (facilities)Network security (infrastructure)System security (IT systems)Application and data security
HOW? SECURITY BY DESIGN
• Educate people, improve governance and compliance
• Identify critical data
• Disaster Recovery and Continuity
• Breach notification and data residency
• Data management at rest
• Data protection in motion
• Encryption key management
• Identification and Access controls
• Long-term resiliency of the encryption system
16
THANK YO
U
17