Dr. S. Srinivasan is the Associate Dean for Academic Affairs and Research as well as the Distinguished Professor of Information Systems at the Jesse H. Jones (JHJ) School of Business at Texas Southern University (TSU) in Houston, Texas, USA. He is the Director of Graduate Programs at the JHJ School of Business http://www.tsu.edu/academics/colleges-and-schools/jesse-h-jones-school-of-business/jhj-graduate.php. Prior to coming to TSU, he was Chairman of the Division of International Business and Technology Studies at Texas A & M International University in Laredo. He spent 23 years at the University of Louisville (UofL) in Kentucky where he started the Information Security Program as a collaborative effort of multiple colleges. He was Director of the InfoSec program until 2010 when he left for Texas. The program was designated a National Center of Academic Excellence in Information Assurance Education by the US National Security Agency and the Department of Homeland Security. He successfully wrote several grant proposals in support of the InfoSec Program. His two books on Cloud Computing are “Security, Trust, and Regulatory Aspects of Cloud Computing in Business Environments” http://www.igi-global.com/book/security-trust-regulatory-aspects-cloud/94530 and “Cloud Computing Basics” http://www.springer.com/us/book/9781461476986. His area of research is Information Security. He has now completed the project: “Guide to Big Data Applications" with global participation. This is being published by Springer, NY in April 2017. He is the Editor-in-Chief for the Southwestern Business Administration Journal http://www.tsu.edu/academics/colleges-and-schools/jesse-h-jones-school-of-business/jhj-publications-sbaj.php. He has taught Management of Information Systems and Computer Science courses. He spent his sabbatical leaves from UofL at Siemens in their R & D facility in Munich, Germany; UPS Air Group in Louisville, KY; and GE Appliance Park in Louisville, KY. Besides these industry experiences, he has done consulting work for US Army, IBM and a major hospital company in Louisville, KY. He is currently a Cybersecurity Task Force member of the Greater Houston Partnership.
Topic: Cloud Computing Security - 09/02/2017
1-What are the major risks in Cloud Computing environment ?
Pr Srini: Cloud Computing is a truly global phenomenon that is widely used by businesses and individuals. Many individuals who use social media or email are users of cloud computing. Common concern with cloud storage is security. However, Cloud Service Providers have devoted significant resources to protect the data that they hold. Major service providers also comply with security standards established by HIPAA, SOX, FISMA, FERPA, PCI. These US laws and global standards protect both privacy and security of data. Common security protection tool is encryption and people who store data in the cloud have the option of selecting their encryption tool. Common myth is that if the data is not held by a business on a device under their control, then it is likely to be less secure. Personally, I do not think that is the case since the economies of scale allows the cloud service providers to offer a very high level of data security and protection that many businesses will not be able to afford on their own. Added to this is the high availability of such data for businesses. Basically, the three pillars of security: confidentiality, integrity and availability are afforded by cloud service providers.
Pr Srini: Cloud Computing is a truly global phenomenon that is widely used by businesses and individuals. Many individuals who use social media or email are users of cloud computing. Common concern with cloud storage is security. However, Cloud Service Providers have devoted significant resources to protect the data that they hold. Major service providers also comply with security standards established by HIPAA, SOX, FISMA, FERPA, PCI. These US laws and global standards protect both privacy and security of data. Common security protection tool is encryption and people who store data in the cloud have the option of selecting their encryption tool. Common myth is that if the data is not held by a business on a device under their control, then it is likely to be less secure. Personally, I do not think that is the case since the economies of scale allows the cloud service providers to offer a very high level of data security and protection that many businesses will not be able to afford on their own. Added to this is the high availability of such data for businesses. Basically, the three pillars of security: confidentiality, integrity and availability are afforded by cloud service providers.
2-How a Cloud Provider can ensure data Privacy ?
Pr Srini: People tend to share plenty of personal preferences data with the social networks. Often, such data are meant for the benefit of the users’ friends but when it is stored in a central server it gets shared by many people, intentionally or unintentionally. This violates the privacy of individuals. This is more acute when it comes to healthcare data of individuals. US law requires HIPAA and HITECH Act protection for such data. Globally, countries like England, Germany and Australia all have stringent laws that protect healthcare data.
Pr Srini: People tend to share plenty of personal preferences data with the social networks. Often, such data are meant for the benefit of the users’ friends but when it is stored in a central server it gets shared by many people, intentionally or unintentionally. This violates the privacy of individuals. This is more acute when it comes to healthcare data of individuals. US law requires HIPAA and HITECH Act protection for such data. Globally, countries like England, Germany and Australia all have stringent laws that protect healthcare data.
3-Is there some legislations to protect data in the Cloud ?
Pr Srini: With regard to specific laws that address cloud security and privacy, many countries, including US, lack direct laws that address this. There are a variety of existing other laws that afford some level of privacy protection. US and Europe had Safe Harbor Agreement for many years for data transfer between Europe and US. This Agreement was declared invalid for data protection two years ago by the European Court of Justice. Since then a new Agreement called Privacy Shield was enacted in 2016. Switzerland alone has a separate but similar agreement with US for privacy protection. A pair of recent court cases in US relate to cloud storage. In 2016, a US court ruled that Microsoft need not handover emails stored abroad to US law enforcement. This was considered a victory for privacy of individuals. In 2017, another US court ruled that Google must handover emails to law enforcement on data that they hold abroad.
UK had passed a Data Protection Act in 1998 that is very strong. We have to see how the Brexit negotiations will change the UK Data Protection aspects thereby having some impact on the privacy of people’s data.
Pr Srini: With regard to specific laws that address cloud security and privacy, many countries, including US, lack direct laws that address this. There are a variety of existing other laws that afford some level of privacy protection. US and Europe had Safe Harbor Agreement for many years for data transfer between Europe and US. This Agreement was declared invalid for data protection two years ago by the European Court of Justice. Since then a new Agreement called Privacy Shield was enacted in 2016. Switzerland alone has a separate but similar agreement with US for privacy protection. A pair of recent court cases in US relate to cloud storage. In 2016, a US court ruled that Microsoft need not handover emails stored abroad to US law enforcement. This was considered a victory for privacy of individuals. In 2017, another US court ruled that Google must handover emails to law enforcement on data that they hold abroad.
UK had passed a Data Protection Act in 1998 that is very strong. We have to see how the Brexit negotiations will change the UK Data Protection aspects thereby having some impact on the privacy of people’s data.