Sensitive data in the cloud? You can’t do that!
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 96 | |
| Author | ||
| License | CC Attribution - NonCommercial - ShareAlike 3.0 Unported: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this | |
| Identifiers | 10.5446/51841 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
NDC Oslo 201621 / 96
2
7
8
9
12
14
19
20
26
28
31
33
38
40
43
45
48
50
51
61
63
65
76
79
80
83
87
88
90
93
94
96
00:00
Point cloudInformationSoftware developerCloud computingWritingInformation privacyInformationInternetworkingPoint cloudSoftwareCartesian coordinate systemGame controllerInsertion lossCodeMathematicsInternet service providerInformation securityService (economics)Focus (optics)GoogolMultiplication signComputing platform1 (number)Data centerSensitivity analysisRight anglePosition operatorLocal ringBitSelf-organizationCovering spacePhysical lawIntegrated development environmentInstance (computer science)ScalabilityLevel (video gaming)AuthorizationOffice suiteGoodness of fitArithmetic meanComputer animation
08:31
Level (video gaming)Sensitivity analysisLocal ringMoment of inertiaSource codeServer (computing)FacebookAddress spaceInformationPoint cloudCloud computingHard disk driveCartesian coordinate systemGoodness of fitFitness functionInformation privacyPublic key certificateLevel (video gaming)SoftwareFirewall (computing)Information securityIntegrated development environmentGame controllerDirection (geometry)Flow separationAuthorizationMereologyData storage deviceDifferent (Kate Ryan album)Data centerGroup actionAuthenticationService (economics)Rule of inferenceSensitivity analysisThumbnailInternetworkingSoftware testingVirtual machineMultiplication signNumberLocal ringDatabase normalizationProxy serverPlastikkarteLimit (category theory)Factory (trading post)QuicksortTape driveBarrelled spaceInstance (computer science)Core dumpContent (media)Associative propertyPersonal identification number (Denmark)Right angleWeightElectronic mailing listCASE <Informatik>GenderInternet service providerMoment (mathematics)Shared memoryDatabaseAcoustic shadowComputer animation
16:58
Point cloudData integrityGame controllerSoftwareMultiplication signInformation securityService (economics)InternetworkingIdentity managementLocal ringSelf-organizationIdeal (ethics)Flow separationMereologyDivisorCloud computingPoint cloudIP addressWebsiteWave packetLocal area networkUser interfaceFirewall (computing)Group actionStrategy gameInstance (computer science)Kolmogorov complexityAuthenticationLine (geometry)InformationCartesian coordinate systemCASE <Informatik>Channel capacityVirtuelles privates NetzwerkRule of inferenceData centerServer (computing)Acoustic shadowNeuroinformatikState of matterProper mapWater vaporDatabaseDenial-of-service attackSystem administratorIntegrated development environmentSet (mathematics)Hacker (term)Goodness of fitComputer animation
25:24
Data storage deviceService (economics)Computing platformNeuroinformatikMultiplication signInformation securitySoftware testingEncryptionServer (computing)InternetworkingSoftwareCommunications protocolTransmissionskoeffizientRevision controlMetropolitan area networkIdeal (ethics)AuthenticationTheoryFocus (optics)Pattern languagePersonal identification number (Denmark)Different (Kate Ryan album)Local ringGroup actionINTEGRALRoutingPoint cloudWordPhysical systemClosed setFlow separationDatabasePublic key certificatePasswordHypermediaIntegrated development environmentInstance (computer science)Forcing (mathematics)Computer hardwareHacker (term)CASE <Informatik>Self-organizationFamilyFirewall (computing)Key (cryptography)Rule of inferenceSet (mathematics)Cartesian coordinate systemEntire functionLogic gateArithmetic meanSequelOpen setData centerInformationGame controllerMereologyAreaMathematicsSensitivity analysisLink (knot theory)Gateway (telecommunications)System administratorReading (process)Mechanism designRootControl flowComputer animation
33:51
Point cloudServer (computing)Sensitivity analysisService (economics)Point cloudData centerCartesian coordinate systemIntegrated development environmentDatabaseSet (mathematics)Computer configurationGroup actionInformationInternet service providerSoftwareKey (cryptography)CASE <Informatik>Physical lawData storage deviceMultiplication signCloud computingInformation securityLocal ringSelf-organizationInstance (computer science)Information privacyBackupMoment (mathematics)Operator (mathematics)BitHybrid computerComputer clusterFile archiverInsertion lossEndliche ModelltheorieVirtual machineOffice suiteGame controllerForcing (mathematics)Deutscher FilmpreisComputer programmingExpert systemComputer animation
42:18
ResultantMathematical analysisGoogolPoint cloudService (economics)Strategy gameAuthenticationZugriffskontrolleCheat <Computerspiel>Price indexMobile appEncryptionData storage deviceIdentity managementSample (statistics)Web pageClient (computing)ArmEncryptionMultiplication signBlogPoint cloudMathematical analysisCivil engineeringInternet service providerLocal ringDatabasePhysical lawStandard deviationInformationPlastikkarteInstance (computer science)Source codePasswordConnected spaceRing (mathematics)Data centerWordState of matterCASE <Informatik>Service (economics)Insertion lossData storage deviceClient (computing)Cartesian coordinate systemLengthInterrupt <Informatik>Link (knot theory)Real-time operating systemLevel (video gaming)Computer configurationSoftwareInformation securitySampling (statistics)Different (Kate Ryan album)Reading (process)AreaTwitterVirtual machineMetropolitan area networkInformation privacyHybrid computerCovering spaceSlide ruleAuthorizationTraffic reportingPower (physics)Exception handlingSensitivity analysisWebsiteCheat <Computerspiel>Key (cryptography)Replication (computing)Server (computing)Cloud computingComputer hardwareGoodness of fitComputer animation
50:45
Computer animation
Transcript: English(auto-generated)
00:05
Okay, hi everybody, my name is Runingen Starr, I'm here today to talk about sensitive data in the cloud and the fact that you can't do that, or at least that's the general opinion.
00:24
I'll be talking today about writing custom software, not software as a service, Google Docs, Office 365, because that's boring, I'm a developer, and writing code, that's what I like to do, and that's what I like to talk about.
00:43
So while much of what I'm going to say today applies to software as a service as well, that's not going to be my focus, but before I start I want to say this is my opinion, not my employers, I've got some colleagues here, because this is a kind of controversial
01:02
topic actually. So this is based on my experience, my opinions, and actually the idea for my talk came around when I started working with sensitive data in our organization, we write software for
01:24
the Norwegian hospitals, we're focused in the middle region of Norway, but we support all hospitals in Norway, even some foreign ones, and the software we write handles your medical information, so it needs to be secure.
01:43
At the same time we see that the cloud offers a really nice feature, it's scalability, economy, availability, there's lots of good stuff here. So while we really want to go there, the general opinion has been that we can't do
02:01
that. So that's what I'm going to talk about today. But before I start, I want to know who's here. How many of you are software developers, write code? Yeah, almost all of you, cool. How many of you are Norwegians? Yeah, because at least one of the things, I'm more or less trying to skip it, the boring
02:25
stuff, the law, but I only know Norwegian law after all, so I won't spend too much time on it. How many of you handle sensitive data? Yeah, anyone doing it in the cloud already?
02:43
Almost nobody, exactly. Yeah, that's how it used to be. So my topic today, sensitive data in the cloud, can you do it? From the discussion we had with you at work, and what I see on the internets, this is
03:03
a really hot topic. I see lots of you here today, so I suppose you agree. And at least, in my organization, the consensus is you can't do that, the cloud, it's not safe. What I'm going to say today is that you can.
03:21
So for those of you who want to go to one of our other talks, that's a short version, you can do this. So hurry up, there's lots of interesting stuff going on. So that's my opinion, and I try to argue for that. But you have to know what you're doing, and this is my opinion, it's also, it's not just
03:46
me. For instance, in the Norwegian Data Protection Authority, they're called DART that is in Norway, they actually say that the cloud, it's not only safe, but it's probably safer than running on premises. The Norwegian government, they're working on changing the law now, because they want
04:04
us to use the cloud. They see the benefits of cost flexibility and safety, so this should be quite easy. It's not that easy after all. So if the authorities say you can do that, what is the problem?
04:28
I think you all have an opinion on that. In essence, hosting an application in the cloud or on premises, you need to do the same thing, you need to secure it.
04:42
And you have the same problem, there is a risk that somebody can access your data that you don't want them to, that you don't want them to. They shouldn't be able to access your data because it's secret, it's private. And what's the problem with the cloud? It's got the same problem at home in your local data center.
05:03
But the cloud, it's a shared platform, you're not hosting your data locally, and you don't control the environment, and it's very hard to have full control of what's going on. So you have to trust somebody, an external part, your cloud provider.
05:22
And also, data from the cloud is transferred over the internet, that may or may not be what you do today, but at least for my applications, handling medical data, we're running a more or less secure network, a closed network. So if I want to move my application to the cloud, then I have to transfer it over the
05:47
internet. And that's scary, very dangerous. Also in the cloud, you don't know exactly where your data is stored. You absolutely do not know which hard drive is stored on. You don't know which server, not which server room, maybe not even which country it's in.
06:07
Most providers let you select the data center. But where is that data center? You've never been there. So there is a perceived loss of control here. I'm not saying that you lose it, but the perception is that you don't control the world the same
06:28
way as you do when you run locally. But the greatest problem, at least the way I see it, is that the cloud is new. It's been there for years, but still, this is new stuff. We're not comfortable with it yet.
06:42
And that's what I see as the main problem, because there is a myth that the cloud isn't secure. I call it a myth because it's not true, but we all believe it, at least many of you. So when I say it's a myth, that's when I focus on the big cloud providers.
07:02
I talk about Amazon, Google, Microsoft, so the big ones. If you're looking at, there are hordes of small providers calling them some cloud providers. Honestly, I don't have at least very little experience with them.
07:21
And if you're handling sensitive stuff, you should be careful. Go for the big ones. And from what I've seen, the security is really nice. So I'm going to go back to that. But first, let's talk about sensitive data. I just need a drink.
07:42
Treni, you go to the shrimp cruise last night, by the way? Yeah, it was a bit too much fun, so my voice isn't exactly where it should be today. Hope you forget that. So sensitive data. It's information you don't want to share.
08:02
It's your secrets. It's private. It could be economical information, health, of course. It can be a private discussion in your position, your company's economy, anything that you don't want others to see. And it doesn't mean that we have something to hide.
08:21
It's not that, but it's private. As long as it's private, then it's sensitive. But there are various levels of sensitivity. Not all sensitivity, not all sensitive data are equal. So we need a background here.
08:41
There are several levels of sensitivity. Usually we talk about three or four. First, you have the directly identifiable data. This is the most sensitive data, the way I see it. It's when, for instance, in your database, you store up a personal ID, say a social security number, together with a diagnosis.
09:03
So you say, this person has this medical condition. Combine them two. Not necessarily in the same database, but if the data are available and easy to combine, then it's directly identifiable. You know who the person is. You know who the company is. You can point to someone directly.
09:24
Then you have what is called indirectly identifiable data. This is information that it can look anonymous. But as soon as you start to combine it with other data sources, then you can get more
09:40
information out of it than you intend to. For instance, if you have a diagnosis and you don't store a social security number, you don't store a phone number, you don't store a name with that data, but maybe you have a person's age, a weight, gender, maybe even which part of the country that
10:06
person lives, and without that information, and if it's, say for medical, it's a rare diagnosis, then you may start to find out who that person is. And then you're exposing sensitive information without meaning to.
10:24
There are several examples of people doing this, but you have anonymous data. That can be the same data source, but it's aggregated over a group of people. Usually we have a rule of thumb. If you have more than five people in an aggregated, then it's anonymous.
10:41
You can't find out who the person is. It depends on what you're doing, depends on your data, but that's a simple rule that you can use. So even aggregated data can be sensitive if you have a small enough group. Finally, you've got information that isn't sensitive, say for instance,
11:04
public information. Your name, your phone number, where you live, that's not sensitive information because it's probably in the public data sources. It's easy to find on the internet. Also test data and all that kind of stuff, it's not sensitive. So the more sensitive your data is, the more important it is to protect it properly,
11:24
and you need to think of that. I'll give you an example. It's a fun story. In 2013, there was released a data source that contained all taxi rides in New York for a whole year.
11:42
And it contained no personal information, they thought. So they had the taxi cab's ID. There was a date and time when the ride was done. It was where the ride was from, where it was to, how much was paid,
12:04
did a passenger tip. But there was no information, there was no name, no number. It didn't say who the person was. So the smart people on the internet, they took this data and started googling pictures of celebrities on taxi drives in New York.
12:22
And they found pictures. And they found pictures of celebrities taking a ride at a certain moment, and they were able to find the data in the data source, the same place, same time. Then they knew who it was. So you can see that this celebrity went from there to that and didn't tip.
12:42
But they could do even more with that data. They started aggregating it. And so they found frequent trips between addresses. For instance, trip bars to private addresses. And when they looked at those private addresses,
13:01
some of them, they weren't that many people living there. And your address is public information, so they were able to find out who that person was, several of them. And they were on Facebook. Suddenly, this anonymous data source identified very private information
13:21
about people. So while your data may not look sensitive, it may well be, after all, so you have to think. Now, how do we secure our data center? I love this picture. That's how it looks at home.
13:44
So we have this myth about the insecure cloud. So how do we secure? But first, locally, how do we secure a local data center? There are many people talking about this, so I won't get into the details.
14:00
But normally, you will build a secure data center. Probably underground, it's in a secure bunker. It's got limited access. Only this and that, you two have access. The rest of you can't even access the room. So it's physically protected. All of your servers are redundant. You probably have two data centers. So even if this data center stops, this one was still working.
14:22
So you got redundancy, you got physical security. Then you set up your network. You use reverse proxies. You use heavy-duty firewalls. So you make sure that only there is no inbound traffic. Everything goes out. You make sure that you have full control of what's going on.
14:42
And then you set up your application. You follow all the best practices and guidelines, doing proper authentication. Probably two-factor, maybe even better. You have full control of authorization. And you secure your data. You encrypt your storage. You use HTTPS, TLS, all the good stuff.
15:04
You follow all the OWASP recommendations. So you secure your application. And you're happy. You're secure. But how is the cloud different? Can't you do that in cloud as well? And you can. But there are some differences.
15:21
So let's talk about the bad stuff first. The cloud, it's a shared environment. You don't own the servers. You don't own the environment. You share it with other tenants. So you don't control the data center. You don't control who can access your data center. You actually don't know who can go look at your servers.
15:43
So you have to trust. And you don't control where your data is stored. As I said, you don't control the machine. You don't control the hard drives. You don't control anything. And your application, it is not running locally. And if you're offering a service on internet, that's business as usual.
16:01
But if you're running in a closed network or a limited network, then this can be a challenge. And you must, I can't repeat this enough, you must trust your cloud provider. You need to trust them. You need to be sure, or be sure, I can be sure. You need to trust that they won't do anything wrong.
16:23
You need to trust that they're good. You need to trust the certifications. You need to be sure that they know what they're doing. And on top of that, this if you have an existing application, it probably doesn't fit in the cloud. That's a different talk.
16:40
I won't get into it. But in some cases, this can be terribly expensive, actually reviting your application to work well in the cloud. But there are lots of good stuff at the cloud. First of all, it's a shared environment. It's not just bad. It's great. Because you have proper separation between tenants.
17:01
It's built so you can't access your neighbor's data. It's impossible. But this shared environment gives you flexibility. So it can be a problem, but it's also great. And this data center is run by huge corporations. Instead of your local data center,
17:20
you're running 10, 100, maybe 1,000 servers. You're big. These guys run millions. I heard that in Azure, Microsoft, I believe that there is one administrator per 15,000 servers. And they're running millions of servers.
17:40
But they don't really spend too much money administrating it. But they spend lots of money, lots of resources on securing this. That's where I live from. In the cloud, you can usually control which region your data is stored. Like Azure, they have the data center in West Europe, Northern Europe,
18:01
several places in US, Asia, all around the world. And you can say, I want my data to be stored there and only there if that's what you need. Also, the challenge with network traffic, your data being on the internet, there are ways to secure network traffic now, actually.
18:23
Now, there have been lots of problems with traffic on the internet, encrypted traffic being hacked. But as long as you're up to date on the latest standards, then you're good. And also, the cloud, it's a rapidly moving target.
18:40
You get the new security features all the time. For instance, again, Microsoft, they just launched SQL Server 2016. It's been running in Azure for a long time. And the new features there in Azure, you've had them. But you just got them locally. So they're updating the cloud much more often.
19:00
So you get the new features much earlier. So there are lots of good stuff. And all the flexibility, it's really useful as well. There's another example. In 2010, Stone Ages, there was, in Denmark, a company called Barner Donmark.
19:20
You probably haven't heard of them unless you're Danish. They moved all their services from a local data center into the cloud. I still read some articles about that. There was lots of discussion, is that smart? Isn't that a risk? But they moved to the cloud. Then that winter, the day before Christmas, there was a huge snowfall.
19:41
All the trains stopped. And people wanted to know, what's going on? So they started hammering the websites of the train companies. So it's really a DDoS attack. And all the websites went down. And that's this one. They were running in Azure. So when the traffic went from 50,000 visitors per day
20:00
to five million, they pushed a button. They got enough capacity to keep it on. So all the services kept running. The customers were, I won't say happy. Nothing worked, but at least they got their information. And then after a few days, they could scale down again. And serving those five million visitors a day
20:20
cost them, I think there was 180 Danish kroner. That's like $30, is nothing. So they could scale up, have the capacity when they needed it, and then scale down again. So the flexibility here is incredible.
20:43
So in most cases, I believe actually the cloud is more secure. The Norwegian government has written a strategy on cloud services, and they actually conclude that they want people to use the cloud because of security. That's interesting, that's new.
21:03
So how do we protect our data in the cloud? In general, you follow the same rules, exactly as you would locally. It sounds so easy, and it really is. But we need to consider our data and how to secure it.
21:24
We have your data, it's a living thing. It's at several places. We talk about data at rest, so when it's stored in your database. Then we're talking about data in transit. That's when it's moving across the network, either between your servers or on the way to the user.
21:42
And finally, we're talking data in use. That's when your user is actually viewing your data and using it. All those three places pose risks. You need to think of security of all of them. Then we talk about confidentiality. That's how secure are we? What's the risk of someone who shouldn't be able
22:00
to look at our data, actually able to get access to it? And finally, we have data integrity. Then we're talking about what's the risk of your data not being complete, either have it been changed by someone in transit.
22:22
So those are the factors we have to look at. So data at use. Excuse, cut cut, huh? Well, your data is at use. Your user is looking at it. So we're talking about the user interface. It's often the first thing we think of.
22:41
We need a set of proper access control. You probably want, for sensitive data, at least two-factor authentication. Ideally, you don't want to do authentication yourself at all. You want to rely on a third party that has proper infrastructure. Here in Norway, we do what is called e-depoten.
23:03
They're a national service that handles personal identities in a secure way. So not only can they give you an identity, they can tell you how sure they are about that identity. And we can trust them to have the proper infrastructure.
23:22
And then we don't have to handle that complexity. The less we have to do, the better. So proper access control, that's important. You will, of course, set up your firewalls. If you need your application only to be available
23:40
in a limited network, in the cloud, you can use firewall rules, limited to a certain IP range. If that isn't enough, you can set up a virtual private network, or even a dedicated line between the cloud and your local network. So there are ways to limit access to your cloud services,
24:05
even though they're running in a shared environment. Of course, if you want to limit access, then it means that you trust your home network. And here in Norway, all the hospitals, they're running in what is called the health network.
24:24
It's a network combining all the hospitals and other companies handling medical data. It's actually a quite large, a large meaning, internet between the hospitals. But the challenge there is that the data,
24:40
it's not, or the network, the computers that can access that network also can access the internet. And there is no real governance. Who can access the health network? It depends on the various organizations. So is that really a secure network? So why do we trust so much, this network,
25:03
and not the one run by professionals? I'm not saying that, I'm sorry, I'm sorry. I'm not saying that we're not professionals at home. We have the best people available. But it's a big network.
25:22
You can't really, you can't really control it unless you have proper governance and you know exactly who has access to it. You need to, and as long as the computers accessing your safe network also have access to the internet, you have an open gateway. So what's the difference?
25:42
So secure applications, set of firewalls, access rules, all that stuff, and follow all the best practices. OWASP, you know them? They're an organization, their focus is security for applications on the internet, really. They have some really nice cheat sheets,
26:02
for example, on authentication and access control. I post links to them later. If you follow those guidelines, I'm not saying they're easy, but they're easy to read. So they're clear. And they're quite good. And here, if you're running on-premises
26:20
or you're running in the cloud, it doesn't really matter too much. You need to secure your application after all. In the cloud, you get some security features that can be nice. In Azure, you have Azure AD. And it makes these things quite simple.
26:40
But the biggest risk is the user. We are the risk, not the network, not our authentication mechanisms. All research shows that the easiest way to hack a system is to fool the users. If someone calls to a user of your system,
27:02
saying, hi, I'm from the IT department, what's your password? There is a real chance that they will say, oh, it's ABC123, thanks. And you have access. It's much easier, much quicker than hacking into a system, brute forcing password protection
27:22
or whatever. So the challenge usually is the user, not the platform you're running on. So data in transit. Here we have the third man in the middle. It's scary. Potentially, someone can look at your data
27:41
while in transit. So while your data is on the way from your local data center to your user, they can pick it up, maybe even modify it, read it, and pass it on. In theory. And there have been some, actually several attacks
28:02
on the SSL and the TLS protocols, the encryption that we do over the network. So you need to stay up to date on the latest versions on the protocols and the software you're running. But as long as you encrypt your traffic,
28:20
use the latest version, use HTTP strict transport, so you're always encrypting your traffic, then in reality, it's very hard for someone to break into that traffic. Of course, if your user has a computer with a bad root certificate, then you have a problem.
28:42
I got a Dell. And these computers, they were sold with a root certificate where the password was easily to hack, so it was quite easy to fake the traffic.
29:00
So again, the user can be a challenge. But you need to set up your network properly, and then you're quite secure, actually. So man-in-the-middle attacks. That can affect both confidentiality and integrity,
29:22
since not only can they look at the information being transmitted, but they can also change it. The difference here between running locally and in the cloud is that your cloud provider, they have lots and lots and lots of resources on securing the platform.
29:46
Usually, at least where I work, the guys running our network, they're overloaded with work. They have way too much to do. They're brilliant people, really good. But they don't have enough time.
30:02
So securing our network, keeping everything up to date, that's gonna be a challenge. And as the network grows, the challenge is gonna grow. In the cloud, when you have one administrator per 15,000 servers or whatever,
30:24
you can spend more money on securing the network. They do penetration testing. They look for problems all the time, and they have large teams doing that. So again, most probably, the cloud is a more secure
30:42
platform than your home network. Finally, data at rest. This is when your data is stored at your server. It can be in a database, it can be in a file, whatever. And this, I believe, this is the main challenge
31:01
when running in a cloud. So we need to ensure that whoever runs our servers can't look at our data. Encryption is a friend here as well. You probably want to encrypt your storage, whatever you do. So in SQL Server, you can encrypt
31:20
the entire database, for instance. In Azure, the blob storage now supports encryption in preview. So you want to encrypt it. Then you want to make sure that your sensitive data, they're encrypted again. So not only do you encrypt your database,
31:40
but you encrypt the data as well, so layers of security. And of course, you don't use the same encryption keys. Ideally, you don't even have access to those keys. Keep them away from your data. Further, you probably don't want to mix
32:01
your sensitive data with your other data. Usually, a part of your data is more sensitive than the rest of it. For instance, in the systems I work on, we usually keep the person ID, the social security number, in a separate database with separate encryption keys, and we keep it encrypted. But it is physically separated from the other data.
32:23
So even if someone gets access to my database, my data, it's in worst case, it's not directly identifiable. So it's still sensitive data, but it's much less sensitive than if we throw it all in one big pile.
32:42
So separate your data. You got, in the cloud, you often get hardware encryption, so you can get another layer of security. It costs money in Azure, for instance, but well worth it. And finally, you need to control
33:01
who can access your environment. In the cloud, it's very easy to say, hey, you need to set up a server. I'll give you the, give your account access, and you can access everything. It's terribly easy, and you need to limit the access. So keep a few persons that can administer your data,
33:22
because this is your server room, in the traditional sense. So lock it down and encrypt it. Keep your keys safe. There is one problem that I haven't discussed yet, and that's the government, the big brother.
33:45
The, and especially the US government. There are cases that the US government, they want insight into data store in the cloud. And this is a potential huge problem.
34:04
All the big cloud providers, they're American companies, they have to follow American law. And even though the data is, for instance, stored here in Europe, it's still an American company handling it.
34:22
This can be a huge problem. Of course, encryption, keep your keys safe somewhere else. And it's just garbage if they should access it. But it depends. Software as a service is a bigger problem here, I think. Also, Microsoft, they have a nice solution to this problem.
34:43
They're setting up a new data center in Germany. It's Azure, it's got all the features, all that. But they don't own it. I believe it's Deutsche Telekom who owns the data center. So that means that even though it's Azure, then Microsoft don't have access to your data.
35:02
And so it's not following American law anymore. It's following European law. And this is a topic for discussion, but I believe European privacy laws are better, at least easier to have control of
35:20
than the American laws. We can discuss this for days, but let's just say that for now. European law, it's easier to follow, and it's better. So, you're laughing. It's a big topic, so it's way outside the scope for today.
35:42
So the cloud is safer than running locally. You're almost guaranteed a safer environment. You're almost guaranteed that the organization running the data center in the cloud has much more resources than your local company. And they probably spend much more resources
36:03
on securing both the data center, the network, the service, everything, than what you can do in your local data center. You got more security features, faster updates, and really anything you can do locally,
36:22
you probably can do in the cloud. So it's the same with more. Also, you get better physical protection. Like my company, we have two data centers. They're physically separated. We've got several networks connecting to that. So it's not that it's gonna stop,
36:42
but should my hometown, Tronheim, a disaster happen there? Then we have a problem. In the cloud, the data center are physically separated. So you can set up, for instance, services to be replicated between Western and Northern Europe.
37:03
So even if something bad should happen in Ireland, you're still up and running. So the physical security is better. Also, the protection of the data center themselves, it's insane. I recommend you look it up. Crazy guys.
37:22
So, but still, there are reasons not to use the cloud. If you, for instance, have your existing infrastructure, moving to the cloud can be expensive. There are hybrid solutions. I get back to them. But also you have the problem that once you move to the cloud,
37:41
going back, it's not easy. Azure isn't compatible with Amazon in any way other than the most superficial. They offer virtual machines, they offer storage, they offer databases. They're not the same. So it's not easy to move between the environments. So once you have chosen a provider, you're stuck.
38:03
And this is a real concern. I believe many, they're afraid of lock-in. And also, the cloud is new. It's a new model. It's a new way of hosting your applications.
38:22
And as I said, you need to trust your provider. And I see it as a natural next step. We started typically with a local data center where your local people were running your servers. Then you found that it's terribly expensive.
38:42
So you started hiring people to run it instead, pay for what they do. So then you didn't control the people anymore. Then you probably saw that why should I be running these servers? And then you move your service to a hosting provider. So then you don't control the environment.
39:02
You have to trust your provider. But you still can probably know who they are. You still know where the data center is. And the cloud, it's the next step after that. You still have to have a provider that you must trust. But now you don't know where it is. You don't know where the servers are or anything.
39:22
So what does the law say? This is probably only interesting for the Norwegians here because I didn't have time to look up the laws in all the countries in the world. But Norwegian law, it's quite strict. So I believe as long as stuff that's legal here, it's probably legal in your country as well.
39:42
And I'm not a lawyer, I'm a programmer. So I'm no expert, but I've been reading and checking out. And you can't store classified military information in the cloud or outside Norway. But apart from that, there really aren't any,
40:03
the law doesn't stop you. There are some old laws, say for instance that you need an archive, can't be moved out of Norway. But as long as you keep a backup in Norway, you're probably good. And you can ask for dispensation for that law. The government, they're actively working
40:21
on modernizing the law because they want us to use this. And for those of you who are interested in this, I've got some resources on it so I can help you to look it up, but won't dig into it now. So the short summary here is that the law doesn't stop you.
40:42
You can use the cloud for sensitive data. Really? Yeah, it's true. You can do it, but the same requirements apply as for if you're hosting them in Norway or locally. Of course, in your country, there may be restrictions,
41:02
there may be other laws, so make sure to look up this because if you don't check it out, then there's no guarantee. So talk to a lawyer before you move your data into the cloud. So if you're still uncertain, you can use hybrid solutions
41:23
and this is quite nice actually. You don't have to move everything into the cloud at once. There are several ways to take one step at a time, move gradually. For instance, you can store your data in your local data center while you're running
41:41
your service in the cloud. You can set up a VPN so you can access your servers. And there are other technologies. So you can run your service in the cloud and keep your sensitive data at home. So then you've got partially a cloud solution, partially the old way.
42:02
And it can be a nice way to start a transition. Also, you have a hybrid cloud options. Microsoft offers the Azure pack, so you can actually set up your own cloud, your own Azure in your data center. And you can combine this with the public cloud, the real Azure, so you can set up some services locally,
42:22
some in the cloud, depending on what you're comfortable with and you can move them over time. And you can of course run your own private cloud if you want the cloud features, but you're not comfortable, but I don't see that as a really nice solution.
42:41
But the hybrid options, they open up many new doors, I think. So anyone doing this now? We're working on an application. I won't get into the details. We're not done yet, but we're gonna handle sensitive medical information and do analysis and reporting on those data in the cloud.
43:05
We're actually gonna use Microsoft Power BI to do analysis. It's gonna be great. And I believe we're the first in our way to do this, but we're not done yet, but I have to tell you guys, because I think this is quite cool. We're probably going for both the hybrid
43:21
and not hybrid solution, depending on we're supporting many customers. So we're probably gonna recommend that they use the replicator data into the cloud, move a copy there, but we're also gonna support connections to the local data center.
43:42
And another example, this is from Microsoft, the Dartmouth-Hitchcock Medical Center in the US. They're gathering medical sensor data from patients. So this is real-time information. They're pushing it up into the cloud, into Azure, where they use machine learning to monitor the data.
44:03
If there is a problem, they can actually notify the nurse, the doctor, and the patient can get help before they even notice that there is a problem. It's fantastic. And setting up a service like that in the cloud
44:20
is doable, but setting up in your local data center, that would be a challenge in so many ways. So the cloud is opening many new possibilities there. How do you secure your application in Azure? I just wanted to go through a few details.
44:40
I'll give you some references later. Encrypting your storage. SQL servers offer TD. That's really, they encrypt the entire database. It's just a click of a button and it works. So do that. If you use Blob Storage in Azure,
45:02
there is a preview now of encryption as well. So your blobs are encrypted. So they're gonna roll it out this autumn sometime. I don't know exactly. But it's in preview now. And also you have the client-side encryption
45:22
if you need that. So you can encrypt the data even before it arrives in your service. Microsoft, they offer Key Vault as a nice way to handle all your secrets, your connection strings, your password, your encryption keys.
45:40
Key Vault offers a nice API to access those data, but only for when you're not allowed to do it. So it's quite easy to use. It's secure, secure. And you can even use hardware encryption. So it's safe. And if someone somehow should be able
46:01
to access your encryption keys, you know. Also you have actual virtual networks if you need to connect to your on-premises services or you want to limit your, only expose your cloud services to your local data center. And Azure AD offers some really nice
46:21
security features as well. I got some, I give you some links and I publish my slides later. So watch the NDC Twitter feed because you need to read up on this if you want to do it. But there are some really nice features in Azure.
46:40
If you're not on Azure, Amazon or Google, it's the same but different. You can do more or less exactly the same things. I don't really, it's been a while since I used Amazon and Google. So I don't know so much about the details. But for instance, Amazon, they offer what is called Amazon Direct Connect.
47:01
So it allows you to set up a channel to your local data center. So it's like a VPN. And they also offer exactly the same features for encryption of data as Azure does. And also Google, they got the Google Cloud interconnects. It's the same encrypted channel back to a home data center.
47:21
And they also offer the same standard security features, encryption, all that. So I'm used to using Azure and so that's what I talked to most about. But Amazon, Google, they offer the same thing more or less.
47:40
And I'm good on time as well. So let's summarize. If you know what you're doing, then I believe the cloud is quite safe for sensitive data. There are no technical reasons why you can't do it. You get the same security features. You get a safer data center. So as long as you trust your cloud provider.
48:00
And they're certified in all levels. So I believe you can trust them. But make sure, talk to them. And as long as you trust them, then there are no technical reasons why you can't use the cloud for sensitive data. According to Norwegian law, you can use the cloud. And there are some laws that can make things troublesome.
48:26
You have to ask for dispensation or cheats. But the government is working on those laws as well. Depends on what you're doing. But you want to keep your data in Europe. I believe that's for all EU countries. You want to keep your data in Europe.
48:40
Because of how the, then you're under European law and it's much easier. You want to secure services exactly the same way as you do when you're running your local data center. But in the cloud you can do more if you need to. And from what I know, the only exception here is classified military information.
49:04
If you're working with that, then don't go for the cloud yet. Boring. So the challenge is the skeptics and convincing them. And I hope what I said today maybe can help.
49:22
So, let's end with some references. I will publish the slides. The first one, it's an analysis of the taxi data. It's a really interesting blog. It's a fantastic story. Also a story about the Danish railways. There are some Norwegian links there
49:40
to what the government says. The Norwegian Data Protection Authority. And the cheat sheets from OWASP. Actually OWASP, they have a tremendous amount of resources covering all aspects of security. So, visitor site and read. It's a brilliant source, fantastic. Also on the technical side,
50:01
there are some references to Microsoft. Those are huge links, but I'm gonna publish this. So don't worry about it. So Microsoft, they have some sample apps up on GitHub. But there are no applications covering end to end all the security features. So you have to mix and match.
50:22
I recommend them that they build a proper example that covers everything. So I hope they do that soon. And also there's some documentation on Key Vault, client-side encryption, and storage encryption. The storage encryption, as I said, is in preview. But it's gonna be available quite soon.
50:44
So, I have time for a few questions if you want to. If you want to kick me down from here, from what I said, then you're free to do so. And I can't see a thing. So, the light is terribly bright.
51:01
And if not, I'm here for the rest of the conference. So come and let's have a talk if you want to. Yeah, thank you.
Recommendations
Series of 6 media