everyone is talking cloud - how secure is your data?
TRANSCRIPT
![Page 1: Everyone is talking Cloud - How secure is your data?](https://reader035.vdocuments.site/reader035/viewer/2022062711/55c39324bb61ebe42a8b45ac/html5/thumbnails/1.jpg)
Everyone is talking “Cloud”
How secure is your data?
Bianca Mueller, LL.M.
![Page 2: Everyone is talking Cloud - How secure is your data?](https://reader035.vdocuments.site/reader035/viewer/2022062711/55c39324bb61ebe42a8b45ac/html5/thumbnails/2.jpg)
Benefits of the cloud• Scalability• Access everywhere in the world• Improved backup/disaster recovery• Reduced infrastructure costs• Software is always up to date• May save cost in the IT department• Potentially more secure then your back office
server • Faster and higher quality servers
![Page 3: Everyone is talking Cloud - How secure is your data?](https://reader035.vdocuments.site/reader035/viewer/2022062711/55c39324bb61ebe42a8b45ac/html5/thumbnails/3.jpg)
![Page 4: Everyone is talking Cloud - How secure is your data?](https://reader035.vdocuments.site/reader035/viewer/2022062711/55c39324bb61ebe42a8b45ac/html5/thumbnails/4.jpg)
Due diligence and risk management • Trust and security• Type of cloud service• Type of business / industry• Risk adversity • Business objective and long term vision• Commercial value of data • Reliability of connectivity• Reliability and trustworthiness of the service
provider
![Page 5: Everyone is talking Cloud - How secure is your data?](https://reader035.vdocuments.site/reader035/viewer/2022062711/55c39324bb61ebe42a8b45ac/html5/thumbnails/5.jpg)
![Page 6: Everyone is talking Cloud - How secure is your data?](https://reader035.vdocuments.site/reader035/viewer/2022062711/55c39324bb61ebe42a8b45ac/html5/thumbnails/6.jpg)
Risks• Security and Trust• Jurisdictional issues • Cross border privacy concerns• Contractual Issues • Lock in and document retention• What happens if the cloud service provider goes
out of business? • Regulatory compliance • Service reliability and connectivity issues
![Page 7: Everyone is talking Cloud - How secure is your data?](https://reader035.vdocuments.site/reader035/viewer/2022062711/55c39324bb61ebe42a8b45ac/html5/thumbnails/7.jpg)
Cloud Computing Landscape
Applications
Storage
Computing
Development platform
![Page 8: Everyone is talking Cloud - How secure is your data?](https://reader035.vdocuments.site/reader035/viewer/2022062711/55c39324bb61ebe42a8b45ac/html5/thumbnails/8.jpg)
What happens if your Service Provider goes bust?
• Will you get your data back?• Can your data be easily transferred to another
provider? • Information may not be available to you anymore
(e.g. Mega)
Tip• Conduct proper due diligence and risk management
![Page 9: Everyone is talking Cloud - How secure is your data?](https://reader035.vdocuments.site/reader035/viewer/2022062711/55c39324bb61ebe42a8b45ac/html5/thumbnails/9.jpg)
The value of your data• Designs, plans, specifications, drafts, moulds • Research data• Operational and administrative data• Billing information, price lists etc. • Source code, financial statements, and business
plans • Everything that has actual or potential commercial
value to your business
![Page 10: Everyone is talking Cloud - How secure is your data?](https://reader035.vdocuments.site/reader035/viewer/2022062711/55c39324bb61ebe42a8b45ac/html5/thumbnails/10.jpg)
Lifecycle of your data• What business information does you business create
and keep • And what is happening with this information after it
has been created? • What’s its value (and are you leveraging it)? • What is your Return on Investment? Tip• Classification of data into categories will determine
the type and degree of risk and how you should manage it
![Page 11: Everyone is talking Cloud - How secure is your data?](https://reader035.vdocuments.site/reader035/viewer/2022062711/55c39324bb61ebe42a8b45ac/html5/thumbnails/11.jpg)
Risks to your data• Theft (external / internal threats)• Employee negligence • Unsecured mobile devices • Government access (e.g. NSA)• Technical and natural disastersTip• Prioritise the confidentiality, integrity, and privacy
of your information
![Page 12: Everyone is talking Cloud - How secure is your data?](https://reader035.vdocuments.site/reader035/viewer/2022062711/55c39324bb61ebe42a8b45ac/html5/thumbnails/12.jpg)
![Page 13: Everyone is talking Cloud - How secure is your data?](https://reader035.vdocuments.site/reader035/viewer/2022062711/55c39324bb61ebe42a8b45ac/html5/thumbnails/13.jpg)
Dealing with confidential information
• Contractual or statutory obligations to keep particular information confidential • Employees, contractors, business partners• Accountants, lawyers, GP’s or other health
professionals
TipUsing cloud services must not compromise your duty of confidentiality
![Page 14: Everyone is talking Cloud - How secure is your data?](https://reader035.vdocuments.site/reader035/viewer/2022062711/55c39324bb61ebe42a8b45ac/html5/thumbnails/14.jpg)
Privacy concerns• There is no “OOPS” clause in privacy legislation• Privacy breaches are always costly • Negative impact on your reputation • Loss of customer’s trust in your brand
Tip• Seek advice on your organisation’s privacy
obligations and ensure that your staff understands these obligations
![Page 15: Everyone is talking Cloud - How secure is your data?](https://reader035.vdocuments.site/reader035/viewer/2022062711/55c39324bb61ebe42a8b45ac/html5/thumbnails/15.jpg)
• In 2012, 5.4 million Australians were victims of cybercrime • Cost of cybercrime being as high as AUS $2 billion
per year
TipBecause of high risk and high cost, you should prioritise confidentiality, integrity, and privacy of your data
![Page 16: Everyone is talking Cloud - How secure is your data?](https://reader035.vdocuments.site/reader035/viewer/2022062711/55c39324bb61ebe42a8b45ac/html5/thumbnails/16.jpg)
Financial Records• Financial records must be kept in New Zealand for
at least 7 years • Cannot be stored in DropBox, Google Drive etc. • Exemptions: Brookers, MYOB, Xero, Reckon New
Zealand, Cargo Wise New Zealand, CCH New Zealand, Farm IQ Systems, and Technology One
![Page 17: Everyone is talking Cloud - How secure is your data?](https://reader035.vdocuments.site/reader035/viewer/2022062711/55c39324bb61ebe42a8b45ac/html5/thumbnails/17.jpg)
Small contract, big liability?
• You are responsible to ensure the security, encryption, and back-up of your data• It’s not the cloud provider’s responsibility
Tip • Ensure that you fully understand your contractual
liabilities and how they might affect your business• Read the fine print – It may surprise you!
![Page 18: Everyone is talking Cloud - How secure is your data?](https://reader035.vdocuments.site/reader035/viewer/2022062711/55c39324bb61ebe42a8b45ac/html5/thumbnails/18.jpg)
Mitigating risks in the cloud
• Be smart and involve people with the rights skills in making cloud decisions
• Conduct an impact assessment to determine the most appropriate cloud environment
• Know your data and decide what can go into the public cloud• Don’t put all your eggs in one basket• Ensure that you fully understand the technical, commercial and
legal risks• Monitor the cloud provider’s activities and plan for cloud outages• Back up, encrypt, and bring your own key!
![Page 19: Everyone is talking Cloud - How secure is your data?](https://reader035.vdocuments.site/reader035/viewer/2022062711/55c39324bb61ebe42a8b45ac/html5/thumbnails/19.jpg)
Bianca Mueller, LL.M.
Twitter: @LawDownUnder
Information technology law
Drafting and risk analysis of commercial IT contracts
Trademark and copyright law
Protection of ideas, trade secrets, and confidential information
Advice on information security and data protection
European privacy and technology law