SlideShare a Scribd company logo
1 of 34
Download to read offline
Implications for Cloud Computing & Data Privacy


Diane Mueller
Cloud Evangelist, ActiveState
dianem@activestate.com
http://www.activestate.com/stackato
Founded 1997
2 million developers, 97% of Fortune 1000
Development, management, distribution & cloud
deployment for dynamic languages
Cloud Solution: Stackato – Private PaaS
Some of Our Customers
Drivers for Cloud Computing
US Patriot Act & Data Privacy
Implications for Cloud Computing
OSCON 2012 US Patriot Act Implications for Cloud Computing - Diane Mueller, ActiveState
Savings of physical IT costs
Faster Deployment Times
Higher Levels of Application Availability
Reliability & Fault Tolerance
Access Anywhere
Capacity scales as needs change
Improved Time to Market
Maintain privacy & confidentiality
Preserve intellectual property rights
Potential for intervention by foreign governments
Manage operational & commercial risks
Comply with industry & jurisdictional regulatory
requirements
Information is
 no longer in your direct custody or control.
 handed over to a third party to manage
 resident in a different jurisdiction or multiple jurisdictions
Mass-market cloud services are subject to “take it
or leave it” service agreements
Information and data may not be “portable” – you
can’t take it with you
Signed into law in October 2001
Extended in May 2011
 grants privileges to access private data in case of
 suspected terrorist threats
 significantly increased the surveillance and investigative
 powers of law enforcement agencies in the United States
http://www.google.com/transparencyreport/governmentrequests/userdata/
https://www.dropbox.com/privacy
OSCON 2012 US Patriot Act Implications for Cloud Computing - Diane Mueller, ActiveState
New powers of surveillance and search/seizure
extend to records of anyone (including Foreign
Nationals) in the US.

Extends to records in the custody of
 US companies in Foreign Countries
 Foreign-based subsidiaries of US companies
 Foreign-based companies with presence in US
Cloud Computing is premised
  on the concept of infrastructure pooling
  regardless of geographic location.




Users may not
  have visibility in relation to the ultimate location of data.
Data may not
  in fact be pooled in one place
  could be spread across a cloud service provider's network.
Data that is housed or passes through the United States is
          vulnerable to interception by authorities

 applies to:

   Everyone living and visiting the country, including any foreign
   national who spends time on U.S. soil as part of a visa
   arrangement.
   Companies based in the U.S., whether they are
   headquartered there or not
BBC Worldwide HQ in London
also has studios and offices in the U.S
making these U.S.-based offices vulnerable to the Act.
National Security Letters
 can involve a gag order
 prevents the organization from ever disclosing
 receipt of a letter requiring the handover of
 records.
Vendors cannot provide a guarantee that their
customers would be informed
This contravenes the EU Data Protection Directive
which requires organisations to inform users when
personal information is disclosed.
Regulators                   Examples:
 may restrict the             Australia
 international transfer of    Canada
 certain kinds of data,       EU
 even require certain         HIPA
 kinds of data to be kept
 separate and not be
 intermixed with other
 data.
MSFT could not guarantee the sovereignty of European
customers’ data in its data centers

If the US Patriot Act was invoked,
 MSFT would be compelled to hand data over to US authorities
 and would keep the data transfer secret

This contravenes the new EU Data Protection Directive
which requires organizations to inform users when
personal information is disclosed

Extremely difficult for US HQ companies to refuse to
comply with the Patriot’s Act in deference to the EU
Directive
CEO, Reinhard Clemens

"The Americans say that no matter what happens I'll release the data to the government if I'm forced to do so, from anywhere
in the world, certain German companies don't want others to access their systems. That's why we're well-positioned if we can
                 say we're a European provider in a European legal sphere and no American can get to them."
Remains responsible for protecting and
safeguarding information
Needs to make informed choices

Take be a risk-based approach
 What is the sensitivity of the information?
 What is the risk to the data?
 What role does the jurisdiction play in that risk?
If the risk is high and the safeguards cannot be
assured, then don’t use the service provider
OSCON 2012 US Patriot Act Implications for Cloud Computing - Diane Mueller, ActiveState
Own the infrastructure
Run your own cloud in
your data center
Host your own services
Minimize the number of
layers between you and
the NSL
       Minimizes
     US Patriot Act
         effect
Keep all your data within your own firewalls
 Avoids the Gag Issue
 If the US Gov’t wants information – they have to ask you, not
 some cloud provider
Keep all your data within secure containers
 Multi-tenancy Security by Isolation
 Ensure Privacy within your organization
Encrypt your data when you transmit it beyond your
firewalls
Control & Manage your own resources
OSCON 2012 US Patriot Act Implications for Cloud Computing - Diane Mueller, ActiveState
Greater oversight & control
Maintaining security of data
Greater control over computational resources
Exclusive to an organization
Managed either by the organization or a third party
Hosted in the organization’s data center or outside
Applications (SaaS)

Application Middleware/Platform
             (PaaS)

      Infrastructure (IaaS)
IaaS Layer:
  Gives you an Elastic Playground
   Pooled Resourcing
   Shared Operating System
   Shared Services

 Security by
   Unix User Separation
PaaS Layer:
 gives your applications individual Playgrounds
   Everyone gets their own Operating system
   No Shared Services
   Security by Isolation
   Secure Multi-tenancy
Applications need more than just infrastructure!
 Applications Need Secure Environments
 Applications need middleware components:
 languages, modules, databases, web servers
 Apps don’t deploy themselves
 A PaaS automatically configures and deploys the
 middleware,
   so your SaaS apps practically deploy themselves
OSCON 2012 US Patriot Act Implications for Cloud Computing - Diane Mueller, ActiveState
Maintain accountability and ensure security
Keep your & your clients’ data private & secure
Ensure that you are notified requests for
information based US Patriot Act
Still get all the benefits of cloud (elasticity, pooling
resources within your organization, with faster
time-to-market) on a private cloud
Make migration and deployment with private cloud
easier with a private PaaS
Hybrid Clouds
                                 Public Clouds
Private Clouds

                   Your App
OSCON 2012 US Patriot Act Implications for Cloud Computing - Diane Mueller, ActiveState
www.activestate.com/cloud
    Twitter: @activestate (#stackato)
     Blog: www.activestate.com/blog
    Email: webinars@activestate.com

   #stackato IRC channel on Freenode

More Related Content

What's hot

Securing Remote Workforce | Seclore
Securing Remote Workforce | SecloreSecuring Remote Workforce | Seclore
Securing Remote Workforce | SecloreSeclore
 
Inbound Data Protection
Inbound Data ProtectionInbound Data Protection
Inbound Data ProtectionSeclore
 
Data Security For Pharmaceutical Industry
Data Security For Pharmaceutical IndustryData Security For Pharmaceutical Industry
Data Security For Pharmaceutical IndustrySeclore
 
Compliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreCompliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreSeclore
 
IRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreIRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreSeclore
 
Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Seclore
 
Gdpr questions for compliance difficulties
Gdpr questions for compliance difficultiesGdpr questions for compliance difficulties
Gdpr questions for compliance difficultiesSteven Meister
 
Seclore for Titus
Seclore for TitusSeclore for Titus
Seclore for TitusSeclore
 
Data Classification Protection | Seclore
Data Classification Protection | SecloreData Classification Protection | Seclore
Data Classification Protection | SecloreSeclore
 
Email encryption plus | Seclore
Email encryption plus | SecloreEmail encryption plus | Seclore
Email encryption plus | SecloreSeclore
 
Seclore for Forcepoint DLP
Seclore for Forcepoint DLPSeclore for Forcepoint DLP
Seclore for Forcepoint DLPSeclore
 
Data-Centric Security | Seclore
Data-Centric Security | Seclore Data-Centric Security | Seclore
Data-Centric Security | Seclore Seclore
 
GDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | SecloreGDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | SecloreSeclore
 
Data Governance Solutions With Seclore and Stash
Data Governance Solutions With Seclore and StashData Governance Solutions With Seclore and Stash
Data Governance Solutions With Seclore and StashSeclore
 
Data Loss Prevention with WatchGuard XCS Solutions
Data Loss Prevention with WatchGuard XCS SolutionsData Loss Prevention with WatchGuard XCS Solutions
Data Loss Prevention with WatchGuard XCS SolutionsJone Smith
 
Application Data Security | Seclore
Application Data Security | SecloreApplication Data Security | Seclore
Application Data Security | SecloreSeclore
 
Customer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreCustomer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreSeclore
 

What's hot (20)

Securing Remote Workforce | Seclore
Securing Remote Workforce | SecloreSecuring Remote Workforce | Seclore
Securing Remote Workforce | Seclore
 
Inbound Data Protection
Inbound Data ProtectionInbound Data Protection
Inbound Data Protection
 
Data Security
Data SecurityData Security
Data Security
 
Data Security For Pharmaceutical Industry
Data Security For Pharmaceutical IndustryData Security For Pharmaceutical Industry
Data Security For Pharmaceutical Industry
 
Data Security
Data SecurityData Security
Data Security
 
Compliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreCompliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | Seclore
 
IRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreIRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | Seclore
 
Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions
 
Gdpr questions for compliance difficulties
Gdpr questions for compliance difficultiesGdpr questions for compliance difficulties
Gdpr questions for compliance difficulties
 
Seclore for Titus
Seclore for TitusSeclore for Titus
Seclore for Titus
 
Data Classification Protection | Seclore
Data Classification Protection | SecloreData Classification Protection | Seclore
Data Classification Protection | Seclore
 
Email encryption plus | Seclore
Email encryption plus | SecloreEmail encryption plus | Seclore
Email encryption plus | Seclore
 
Seclore for Forcepoint DLP
Seclore for Forcepoint DLPSeclore for Forcepoint DLP
Seclore for Forcepoint DLP
 
Data-Centric Security | Seclore
Data-Centric Security | Seclore Data-Centric Security | Seclore
Data-Centric Security | Seclore
 
GDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | SecloreGDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | Seclore
 
Data Governance Solutions With Seclore and Stash
Data Governance Solutions With Seclore and StashData Governance Solutions With Seclore and Stash
Data Governance Solutions With Seclore and Stash
 
Data Loss Prevention with WatchGuard XCS Solutions
Data Loss Prevention with WatchGuard XCS SolutionsData Loss Prevention with WatchGuard XCS Solutions
Data Loss Prevention with WatchGuard XCS Solutions
 
Application Data Security | Seclore
Application Data Security | SecloreApplication Data Security | Seclore
Application Data Security | Seclore
 
Customer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreCustomer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | Seclore
 
Secure Islands Case Study - Financial Firm Implements Enhanced DLP
Secure Islands Case Study - Financial Firm Implements Enhanced DLPSecure Islands Case Study - Financial Firm Implements Enhanced DLP
Secure Islands Case Study - Financial Firm Implements Enhanced DLP
 

Viewers also liked

Tahseen Consulting’s Work on Knowledge-based Economies in the Arab Word is Ci...
Tahseen Consulting’s Work on Knowledge-based Economies in the Arab Word is Ci...Tahseen Consulting’s Work on Knowledge-based Economies in the Arab Word is Ci...
Tahseen Consulting’s Work on Knowledge-based Economies in the Arab Word is Ci...Wesley Schwalje
 
Code curiosity rubyconfindia 2016 talk
Code curiosity rubyconfindia 2016 talkCode curiosity rubyconfindia 2016 talk
Code curiosity rubyconfindia 2016 talkSethupathi Asokan
 
Gestion des déchets intercommunalité Priula (Province de Trévise, Vénétie, IT)
Gestion des déchets intercommunalité Priula (Province de Trévise, Vénétie, IT)Gestion des déchets intercommunalité Priula (Province de Trévise, Vénétie, IT)
Gestion des déchets intercommunalité Priula (Province de Trévise, Vénétie, IT)Zero Waste France, Cniid
 
Giving Organisations new Capabilities to ask the Right Business Questions
Giving Organisations new Capabilities to ask the Right Business QuestionsGiving Organisations new Capabilities to ask the Right Business Questions
Giving Organisations new Capabilities to ask the Right Business QuestionsOReillyStrata
 
Mobilité partagée, un enjeu d'innovation dans un système global de transport
Mobilité partagée, un enjeu d'innovation dans un système global de transportMobilité partagée, un enjeu d'innovation dans un système global de transport
Mobilité partagée, un enjeu d'innovation dans un système global de transportPierre-Olivier Desmurs
 
Hadoop and Beyond
Hadoop and BeyondHadoop and Beyond
Hadoop and BeyondPaco Nathan
 
Deploying a #CRM solution in Latin America (Or the Rest of the World). #sugarcon
Deploying a #CRM solution in Latin America (Or the Rest of the World). #sugarconDeploying a #CRM solution in Latin America (Or the Rest of the World). #sugarcon
Deploying a #CRM solution in Latin America (Or the Rest of the World). #sugarconJesus Hoyos
 
Yusuf mapping the creative industries in jordan 15 11 2012
Yusuf mapping the creative industries in jordan 15 11 2012Yusuf mapping the creative industries in jordan 15 11 2012
Yusuf mapping the creative industries in jordan 15 11 2012Yusuf Mansur
 
How we built our community using Github - Uri Cohen
How we built our community using Github - Uri CohenHow we built our community using Github - Uri Cohen
How we built our community using Github - Uri CohenOSCON Byrum
 
Innovation sociale et politiques publiques : l'expérience de la Grande Bretagne
Innovation sociale et politiques publiques : l'expérience de la Grande BretagneInnovation sociale et politiques publiques : l'expérience de la Grande Bretagne
Innovation sociale et politiques publiques : l'expérience de la Grande BretagneLoïc Haÿ
 
Augury and Omens Aside, Part 1:
 The Business Case for Apache Mesos
Augury and Omens Aside, Part 1:
 The Business Case for Apache MesosAugury and Omens Aside, Part 1:
 The Business Case for Apache Mesos
Augury and Omens Aside, Part 1:
 The Business Case for Apache MesosPaco Nathan
 
Oscon 2013 Jesse Anderson
Oscon 2013 Jesse AndersonOscon 2013 Jesse Anderson
Oscon 2013 Jesse AndersonOSCON Byrum
 
Seattle Data Geeks: Hadoop and Beyond
Seattle Data Geeks: Hadoop and BeyondSeattle Data Geeks: Hadoop and Beyond
Seattle Data Geeks: Hadoop and BeyondPaco Nathan
 
L'identité numérique à l'APEC
L'identité numérique à l'APECL'identité numérique à l'APEC
L'identité numérique à l'APECEmilie Marquois
 
Ermes, internet veloce per la regione Friuli Venezia Giulia
Ermes, internet veloce per la regione Friuli Venezia GiuliaErmes, internet veloce per la regione Friuli Venezia Giulia
Ermes, internet veloce per la regione Friuli Venezia GiuliaSimone Puksic
 
Intro to Cascading (SpringOne2GX)
Intro to Cascading (SpringOne2GX)Intro to Cascading (SpringOne2GX)
Intro to Cascading (SpringOne2GX)Paco Nathan
 
Ficod 2011 pdf (with notes)
Ficod 2011 pdf (with notes)Ficod 2011 pdf (with notes)
Ficod 2011 pdf (with notes)Tim O'Reilly
 
Hardware innovation (keynote file)
Hardware innovation (keynote file)Hardware innovation (keynote file)
Hardware innovation (keynote file)Tim O'Reilly
 
Awakening India - Jago Party
Awakening India - Jago PartyAwakening India - Jago Party
Awakening India - Jago PartyKapil Mohan
 

Viewers also liked (20)

Tahseen Consulting’s Work on Knowledge-based Economies in the Arab Word is Ci...
Tahseen Consulting’s Work on Knowledge-based Economies in the Arab Word is Ci...Tahseen Consulting’s Work on Knowledge-based Economies in the Arab Word is Ci...
Tahseen Consulting’s Work on Knowledge-based Economies in the Arab Word is Ci...
 
Code curiosity rubyconfindia 2016 talk
Code curiosity rubyconfindia 2016 talkCode curiosity rubyconfindia 2016 talk
Code curiosity rubyconfindia 2016 talk
 
Gestion des déchets intercommunalité Priula (Province de Trévise, Vénétie, IT)
Gestion des déchets intercommunalité Priula (Province de Trévise, Vénétie, IT)Gestion des déchets intercommunalité Priula (Province de Trévise, Vénétie, IT)
Gestion des déchets intercommunalité Priula (Province de Trévise, Vénétie, IT)
 
Giving Organisations new Capabilities to ask the Right Business Questions
Giving Organisations new Capabilities to ask the Right Business QuestionsGiving Organisations new Capabilities to ask the Right Business Questions
Giving Organisations new Capabilities to ask the Right Business Questions
 
Mobilité partagée, un enjeu d'innovation dans un système global de transport
Mobilité partagée, un enjeu d'innovation dans un système global de transportMobilité partagée, un enjeu d'innovation dans un système global de transport
Mobilité partagée, un enjeu d'innovation dans un système global de transport
 
Hadoop and Beyond
Hadoop and BeyondHadoop and Beyond
Hadoop and Beyond
 
Bilan de mobilité
Bilan de mobilitéBilan de mobilité
Bilan de mobilité
 
Deploying a #CRM solution in Latin America (Or the Rest of the World). #sugarcon
Deploying a #CRM solution in Latin America (Or the Rest of the World). #sugarconDeploying a #CRM solution in Latin America (Or the Rest of the World). #sugarcon
Deploying a #CRM solution in Latin America (Or the Rest of the World). #sugarcon
 
Yusuf mapping the creative industries in jordan 15 11 2012
Yusuf mapping the creative industries in jordan 15 11 2012Yusuf mapping the creative industries in jordan 15 11 2012
Yusuf mapping the creative industries in jordan 15 11 2012
 
How we built our community using Github - Uri Cohen
How we built our community using Github - Uri CohenHow we built our community using Github - Uri Cohen
How we built our community using Github - Uri Cohen
 
Innovation sociale et politiques publiques : l'expérience de la Grande Bretagne
Innovation sociale et politiques publiques : l'expérience de la Grande BretagneInnovation sociale et politiques publiques : l'expérience de la Grande Bretagne
Innovation sociale et politiques publiques : l'expérience de la Grande Bretagne
 
Augury and Omens Aside, Part 1:
 The Business Case for Apache Mesos
Augury and Omens Aside, Part 1:
 The Business Case for Apache MesosAugury and Omens Aside, Part 1:
 The Business Case for Apache Mesos
Augury and Omens Aside, Part 1:
 The Business Case for Apache Mesos
 
Oscon 2013 Jesse Anderson
Oscon 2013 Jesse AndersonOscon 2013 Jesse Anderson
Oscon 2013 Jesse Anderson
 
Seattle Data Geeks: Hadoop and Beyond
Seattle Data Geeks: Hadoop and BeyondSeattle Data Geeks: Hadoop and Beyond
Seattle Data Geeks: Hadoop and Beyond
 
L'identité numérique à l'APEC
L'identité numérique à l'APECL'identité numérique à l'APEC
L'identité numérique à l'APEC
 
Ermes, internet veloce per la regione Friuli Venezia Giulia
Ermes, internet veloce per la regione Friuli Venezia GiuliaErmes, internet veloce per la regione Friuli Venezia Giulia
Ermes, internet veloce per la regione Friuli Venezia Giulia
 
Intro to Cascading (SpringOne2GX)
Intro to Cascading (SpringOne2GX)Intro to Cascading (SpringOne2GX)
Intro to Cascading (SpringOne2GX)
 
Ficod 2011 pdf (with notes)
Ficod 2011 pdf (with notes)Ficod 2011 pdf (with notes)
Ficod 2011 pdf (with notes)
 
Hardware innovation (keynote file)
Hardware innovation (keynote file)Hardware innovation (keynote file)
Hardware innovation (keynote file)
 
Awakening India - Jago Party
Awakening India - Jago PartyAwakening India - Jago Party
Awakening India - Jago Party
 

Similar to OSCON 2012 US Patriot Act Implications for Cloud Computing - Diane Mueller, ActiveState

Ahearn Cloud Presentation
Ahearn Cloud PresentationAhearn Cloud Presentation
Ahearn Cloud Presentationjohnjamesahearn
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for GovernmentsCloudMask inc.
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston  - Practical data privacy and de-identification techniquesISACA Houston  - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesUlf Mattsson
 
Achieving Data Privacy in the Enterprise
Achieving Data Privacy in the EnterpriseAchieving Data Privacy in the Enterprise
Achieving Data Privacy in the EnterpriseSafeNet
 
GDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpGDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpJason Lackey
 
Securing sensitive data for the health care industry
Securing sensitive data for the health care industrySecuring sensitive data for the health care industry
Securing sensitive data for the health care industryCloudMask inc.
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gapxband
 
Frukostseminarium om molntjänster
Frukostseminarium om molntjänsterFrukostseminarium om molntjänster
Frukostseminarium om molntjänsterTranscendent Group
 
Data Protection and Privacy laws class 11
Data Protection and Privacy laws class 11Data Protection and Privacy laws class 11
Data Protection and Privacy laws class 11mufalegend
 
Is data sovereignty the answer to cloud computing risks
Is data sovereignty the answer to cloud computing risksIs data sovereignty the answer to cloud computing risks
Is data sovereignty the answer to cloud computing risksCloudMask inc.
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesKresimir Popovic
 
Keep Student information protected while improving services
Keep Student information protected while improving servicesKeep Student information protected while improving services
Keep Student information protected while improving servicesCloudMask inc.
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskCloudMask inc.
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...Ulf Mattsson
 
Lofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and EncryptionLofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and EncryptionSean Whalen
 
Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarUnderstanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarCipherCloud
 

Similar to OSCON 2012 US Patriot Act Implications for Cloud Computing - Diane Mueller, ActiveState (20)

Data Sovereignty and the Cloud
Data Sovereignty and the CloudData Sovereignty and the Cloud
Data Sovereignty and the Cloud
 
Ahearn Cloud Presentation
Ahearn Cloud PresentationAhearn Cloud Presentation
Ahearn Cloud Presentation
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for Governments
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston  - Practical data privacy and de-identification techniquesISACA Houston  - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniques
 
Achieving Data Privacy in the Enterprise
Achieving Data Privacy in the EnterpriseAchieving Data Privacy in the Enterprise
Achieving Data Privacy in the Enterprise
 
GDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpGDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can Help
 
Secure your Space: The Internet of Things
Secure your Space: The Internet of ThingsSecure your Space: The Internet of Things
Secure your Space: The Internet of Things
 
Securing sensitive data for the health care industry
Securing sensitive data for the health care industrySecuring sensitive data for the health care industry
Securing sensitive data for the health care industry
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gap
 
Encrypt-Everything-eB.pdf
Encrypt-Everything-eB.pdfEncrypt-Everything-eB.pdf
Encrypt-Everything-eB.pdf
 
Frukostseminarium om molntjänster
Frukostseminarium om molntjänsterFrukostseminarium om molntjänster
Frukostseminarium om molntjänster
 
Data Protection and Privacy laws class 11
Data Protection and Privacy laws class 11Data Protection and Privacy laws class 11
Data Protection and Privacy laws class 11
 
Is data sovereignty the answer to cloud computing risks
Is data sovereignty the answer to cloud computing risksIs data sovereignty the answer to cloud computing risks
Is data sovereignty the answer to cloud computing risks
 
Cloud
CloudCloud
Cloud
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Keep Student information protected while improving services
Keep Student information protected while improving servicesKeep Student information protected while improving services
Keep Student information protected while improving services
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMask
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...
 
Lofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and EncryptionLofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and Encryption
 
Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarUnderstanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: Webinar
 

More from OSCON Byrum

OSCON 2013 - Planning an OpenStack Cloud - Tom Fifield
OSCON 2013 - Planning an OpenStack Cloud - Tom FifieldOSCON 2013 - Planning an OpenStack Cloud - Tom Fifield
OSCON 2013 - Planning an OpenStack Cloud - Tom FifieldOSCON Byrum
 
Protecting Open Innovation with the Defensive Patent License
Protecting Open Innovation with the Defensive Patent LicenseProtecting Open Innovation with the Defensive Patent License
Protecting Open Innovation with the Defensive Patent LicenseOSCON Byrum
 
Using Cascalog to build an app with City of Palo Alto Open Data
Using Cascalog to build an app with City of Palo Alto Open DataUsing Cascalog to build an app with City of Palo Alto Open Data
Using Cascalog to build an app with City of Palo Alto Open DataOSCON Byrum
 
Finite State Machines - Why the fear?
Finite State Machines - Why the fear?Finite State Machines - Why the fear?
Finite State Machines - Why the fear?OSCON Byrum
 
Open Source Automotive Development
Open Source Automotive DevelopmentOpen Source Automotive Development
Open Source Automotive DevelopmentOSCON Byrum
 
The Vanishing Pattern: from iterators to generators in Python
The Vanishing Pattern: from iterators to generators in PythonThe Vanishing Pattern: from iterators to generators in Python
The Vanishing Pattern: from iterators to generators in PythonOSCON Byrum
 
Distributed Coordination with Python
Distributed Coordination with PythonDistributed Coordination with Python
Distributed Coordination with PythonOSCON Byrum
 
An overview of open source in East Asia (China, Japan, Korea)
An overview of open source in East Asia (China, Japan, Korea)An overview of open source in East Asia (China, Japan, Korea)
An overview of open source in East Asia (China, Japan, Korea)OSCON Byrum
 
US Patriot Act OSCON2012 David Mertz
US Patriot Act OSCON2012 David MertzUS Patriot Act OSCON2012 David Mertz
US Patriot Act OSCON2012 David MertzOSCON Byrum
 
Big Data for each one of us
Big Data for each one of usBig Data for each one of us
Big Data for each one of usOSCON Byrum
 
BodyTrack: Open Source Tools for Health Empowerment through Self-Tracking
BodyTrack: Open Source Tools for Health Empowerment through Self-Tracking BodyTrack: Open Source Tools for Health Empowerment through Self-Tracking
BodyTrack: Open Source Tools for Health Empowerment through Self-Tracking OSCON Byrum
 
Declarative web data visualization using ClojureScript
Declarative web data visualization using ClojureScriptDeclarative web data visualization using ClojureScript
Declarative web data visualization using ClojureScriptOSCON Byrum
 
Using and Building Open Source in Google Corporate Engineering - Justin McWil...
Using and Building Open Source in Google Corporate Engineering - Justin McWil...Using and Building Open Source in Google Corporate Engineering - Justin McWil...
Using and Building Open Source in Google Corporate Engineering - Justin McWil...OSCON Byrum
 
A Look at the Network: Searching for Truth in Distributed Applications
A Look at the Network: Searching for Truth in Distributed ApplicationsA Look at the Network: Searching for Truth in Distributed Applications
A Look at the Network: Searching for Truth in Distributed ApplicationsOSCON Byrum
 
Life After Sharding: Monitoring and Management of a Complex Data Cloud
Life After Sharding: Monitoring and Management of a Complex Data CloudLife After Sharding: Monitoring and Management of a Complex Data Cloud
Life After Sharding: Monitoring and Management of a Complex Data CloudOSCON Byrum
 
Faster! Faster! Accelerate your business with blazing prototypes
Faster! Faster! Accelerate your business with blazing prototypesFaster! Faster! Accelerate your business with blazing prototypes
Faster! Faster! Accelerate your business with blazing prototypesOSCON Byrum
 
Comparing open source private cloud platforms
Comparing open source private cloud platformsComparing open source private cloud platforms
Comparing open source private cloud platformsOSCON Byrum
 
State of the Art Web Mapping with Open Source
State of the Art Web Mapping with Open SourceState of the Art Web Mapping with Open Source
State of the Art Web Mapping with Open SourceOSCON Byrum
 
Building an Ecosystem of FLOSS to Educate Students with Disabilities
Building an Ecosystem of FLOSS to Educate Students with DisabilitiesBuilding an Ecosystem of FLOSS to Educate Students with Disabilities
Building an Ecosystem of FLOSS to Educate Students with DisabilitiesOSCON Byrum
 
Android Security Essentials
Android Security EssentialsAndroid Security Essentials
Android Security EssentialsOSCON Byrum
 

More from OSCON Byrum (20)

OSCON 2013 - Planning an OpenStack Cloud - Tom Fifield
OSCON 2013 - Planning an OpenStack Cloud - Tom FifieldOSCON 2013 - Planning an OpenStack Cloud - Tom Fifield
OSCON 2013 - Planning an OpenStack Cloud - Tom Fifield
 
Protecting Open Innovation with the Defensive Patent License
Protecting Open Innovation with the Defensive Patent LicenseProtecting Open Innovation with the Defensive Patent License
Protecting Open Innovation with the Defensive Patent License
 
Using Cascalog to build an app with City of Palo Alto Open Data
Using Cascalog to build an app with City of Palo Alto Open DataUsing Cascalog to build an app with City of Palo Alto Open Data
Using Cascalog to build an app with City of Palo Alto Open Data
 
Finite State Machines - Why the fear?
Finite State Machines - Why the fear?Finite State Machines - Why the fear?
Finite State Machines - Why the fear?
 
Open Source Automotive Development
Open Source Automotive DevelopmentOpen Source Automotive Development
Open Source Automotive Development
 
The Vanishing Pattern: from iterators to generators in Python
The Vanishing Pattern: from iterators to generators in PythonThe Vanishing Pattern: from iterators to generators in Python
The Vanishing Pattern: from iterators to generators in Python
 
Distributed Coordination with Python
Distributed Coordination with PythonDistributed Coordination with Python
Distributed Coordination with Python
 
An overview of open source in East Asia (China, Japan, Korea)
An overview of open source in East Asia (China, Japan, Korea)An overview of open source in East Asia (China, Japan, Korea)
An overview of open source in East Asia (China, Japan, Korea)
 
US Patriot Act OSCON2012 David Mertz
US Patriot Act OSCON2012 David MertzUS Patriot Act OSCON2012 David Mertz
US Patriot Act OSCON2012 David Mertz
 
Big Data for each one of us
Big Data for each one of usBig Data for each one of us
Big Data for each one of us
 
BodyTrack: Open Source Tools for Health Empowerment through Self-Tracking
BodyTrack: Open Source Tools for Health Empowerment through Self-Tracking BodyTrack: Open Source Tools for Health Empowerment through Self-Tracking
BodyTrack: Open Source Tools for Health Empowerment through Self-Tracking
 
Declarative web data visualization using ClojureScript
Declarative web data visualization using ClojureScriptDeclarative web data visualization using ClojureScript
Declarative web data visualization using ClojureScript
 
Using and Building Open Source in Google Corporate Engineering - Justin McWil...
Using and Building Open Source in Google Corporate Engineering - Justin McWil...Using and Building Open Source in Google Corporate Engineering - Justin McWil...
Using and Building Open Source in Google Corporate Engineering - Justin McWil...
 
A Look at the Network: Searching for Truth in Distributed Applications
A Look at the Network: Searching for Truth in Distributed ApplicationsA Look at the Network: Searching for Truth in Distributed Applications
A Look at the Network: Searching for Truth in Distributed Applications
 
Life After Sharding: Monitoring and Management of a Complex Data Cloud
Life After Sharding: Monitoring and Management of a Complex Data CloudLife After Sharding: Monitoring and Management of a Complex Data Cloud
Life After Sharding: Monitoring and Management of a Complex Data Cloud
 
Faster! Faster! Accelerate your business with blazing prototypes
Faster! Faster! Accelerate your business with blazing prototypesFaster! Faster! Accelerate your business with blazing prototypes
Faster! Faster! Accelerate your business with blazing prototypes
 
Comparing open source private cloud platforms
Comparing open source private cloud platformsComparing open source private cloud platforms
Comparing open source private cloud platforms
 
State of the Art Web Mapping with Open Source
State of the Art Web Mapping with Open SourceState of the Art Web Mapping with Open Source
State of the Art Web Mapping with Open Source
 
Building an Ecosystem of FLOSS to Educate Students with Disabilities
Building an Ecosystem of FLOSS to Educate Students with DisabilitiesBuilding an Ecosystem of FLOSS to Educate Students with Disabilities
Building an Ecosystem of FLOSS to Educate Students with Disabilities
 
Android Security Essentials
Android Security EssentialsAndroid Security Essentials
Android Security Essentials
 

Recently uploaded

UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 

Recently uploaded (20)

UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 

OSCON 2012 US Patriot Act Implications for Cloud Computing - Diane Mueller, ActiveState

  • 1. Implications for Cloud Computing & Data Privacy Diane Mueller Cloud Evangelist, ActiveState dianem@activestate.com http://www.activestate.com/stackato
  • 2. Founded 1997 2 million developers, 97% of Fortune 1000 Development, management, distribution & cloud deployment for dynamic languages Cloud Solution: Stackato – Private PaaS Some of Our Customers
  • 3. Drivers for Cloud Computing US Patriot Act & Data Privacy Implications for Cloud Computing
  • 5. Savings of physical IT costs Faster Deployment Times Higher Levels of Application Availability Reliability & Fault Tolerance Access Anywhere Capacity scales as needs change Improved Time to Market
  • 6. Maintain privacy & confidentiality Preserve intellectual property rights Potential for intervention by foreign governments Manage operational & commercial risks Comply with industry & jurisdictional regulatory requirements
  • 7. Information is no longer in your direct custody or control. handed over to a third party to manage resident in a different jurisdiction or multiple jurisdictions Mass-market cloud services are subject to “take it or leave it” service agreements Information and data may not be “portable” – you can’t take it with you
  • 8. Signed into law in October 2001 Extended in May 2011 grants privileges to access private data in case of suspected terrorist threats significantly increased the surveillance and investigative powers of law enforcement agencies in the United States
  • 12. New powers of surveillance and search/seizure extend to records of anyone (including Foreign Nationals) in the US. Extends to records in the custody of US companies in Foreign Countries Foreign-based subsidiaries of US companies Foreign-based companies with presence in US
  • 13. Cloud Computing is premised on the concept of infrastructure pooling regardless of geographic location. Users may not have visibility in relation to the ultimate location of data. Data may not in fact be pooled in one place could be spread across a cloud service provider's network.
  • 14. Data that is housed or passes through the United States is vulnerable to interception by authorities applies to: Everyone living and visiting the country, including any foreign national who spends time on U.S. soil as part of a visa arrangement. Companies based in the U.S., whether they are headquartered there or not
  • 15. BBC Worldwide HQ in London also has studios and offices in the U.S making these U.S.-based offices vulnerable to the Act.
  • 16. National Security Letters can involve a gag order prevents the organization from ever disclosing receipt of a letter requiring the handover of records. Vendors cannot provide a guarantee that their customers would be informed This contravenes the EU Data Protection Directive which requires organisations to inform users when personal information is disclosed.
  • 17. Regulators Examples: may restrict the Australia international transfer of Canada certain kinds of data, EU even require certain HIPA kinds of data to be kept separate and not be intermixed with other data.
  • 18. MSFT could not guarantee the sovereignty of European customers’ data in its data centers If the US Patriot Act was invoked, MSFT would be compelled to hand data over to US authorities and would keep the data transfer secret This contravenes the new EU Data Protection Directive which requires organizations to inform users when personal information is disclosed Extremely difficult for US HQ companies to refuse to comply with the Patriot’s Act in deference to the EU Directive
  • 19. CEO, Reinhard Clemens "The Americans say that no matter what happens I'll release the data to the government if I'm forced to do so, from anywhere in the world, certain German companies don't want others to access their systems. That's why we're well-positioned if we can say we're a European provider in a European legal sphere and no American can get to them."
  • 20. Remains responsible for protecting and safeguarding information Needs to make informed choices Take be a risk-based approach What is the sensitivity of the information? What is the risk to the data? What role does the jurisdiction play in that risk? If the risk is high and the safeguards cannot be assured, then don’t use the service provider
  • 22. Own the infrastructure Run your own cloud in your data center Host your own services Minimize the number of layers between you and the NSL Minimizes US Patriot Act effect
  • 23. Keep all your data within your own firewalls Avoids the Gag Issue If the US Gov’t wants information – they have to ask you, not some cloud provider Keep all your data within secure containers Multi-tenancy Security by Isolation Ensure Privacy within your organization Encrypt your data when you transmit it beyond your firewalls Control & Manage your own resources
  • 25. Greater oversight & control Maintaining security of data Greater control over computational resources Exclusive to an organization Managed either by the organization or a third party Hosted in the organization’s data center or outside
  • 27. IaaS Layer: Gives you an Elastic Playground Pooled Resourcing Shared Operating System Shared Services Security by Unix User Separation
  • 28. PaaS Layer: gives your applications individual Playgrounds Everyone gets their own Operating system No Shared Services Security by Isolation Secure Multi-tenancy
  • 29. Applications need more than just infrastructure! Applications Need Secure Environments Applications need middleware components: languages, modules, databases, web servers Apps don’t deploy themselves A PaaS automatically configures and deploys the middleware, so your SaaS apps practically deploy themselves
  • 31. Maintain accountability and ensure security Keep your & your clients’ data private & secure Ensure that you are notified requests for information based US Patriot Act Still get all the benefits of cloud (elasticity, pooling resources within your organization, with faster time-to-market) on a private cloud Make migration and deployment with private cloud easier with a private PaaS
  • 32. Hybrid Clouds Public Clouds Private Clouds Your App
  • 34. www.activestate.com/cloud Twitter: @activestate (#stackato) Blog: www.activestate.com/blog Email: webinars@activestate.com #stackato IRC channel on Freenode

Editor's Notes

  1. Diane Mueller is Director, Enterprise Product Management at ActiveState, the dynamic language experts. She has been designing & implementing financial applications at Fortune 500 corporations for over 20 years. Diane has been actively involved in development efforts of XBRL Open Standard (http://www.xbrl.org) since 1999 and served on the XBRL Board of Directors, Best Practice Committee and chaired the XBRL-INT Technical working groups on Rendering and Global Ledger. Why is this important? XBRL is the semantic XML tagging standard for financial data both here in the US and around the globe; and is used around the globe by financial regulator (such as Federal Reserve Board, FDIC, SEC…) who are notoriously fanatical about data privacy and sovereignty issues.
  2. Is the US Patriot Act & Data Privacy issues causing you to hesitate on leveraging the cloud in your enterprise? Do you want to leverage the power of cloud computing but unsure what the security and privacy implications are for sensitive corporate data?
  3. What is cloud computing? Distributed computing architecture in which data and applications reside on servers separate from the user and are accessed via the Internet. Applications and data are generally accessible from anywhere, provided you have a net connection.Cloud computingis premised on the concept of infrastructure and resource pooling And with Enterprises today very focused on minimising their capital investments, there are real economic drivers to looking at the cloud. Cloud computing offers flexibility in infrastructure planning while improving time to market. Capacity can be scaled as needs change, leaving companies to pay only for what they need. Another driver is the demand for access anywhere, meaning more and more people with the need to access business files and data from remote locations. It’s also not uncommon for companies to deal with external and internal users – external users may include customers or business partners, while internal users are regular or temporary employees or contractors.
  4. http://blog.privacylawyer.ca/#uds-search-results
  5. The Patriot Act has been signed into law in October 2001 as a response to 9/11 and it was extended in May 2011. The Act grants the US government sweeping privileges to access private data in case of suspected terrorist threats. http://www.luborp.com/2011/08/cloud-and-asymmetric-patriot-act.htmlU.S. — In the United States, the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001, allows the FBI to seize and review data stored in or transmitted within the United States. The FBI, CIA or the U.S. Department of Defense can issue National Security Letters to an organization, requiring that they provide data records pertaining to an individual. This can involve a gag order, which prevents the organization from ever disclosing receipt of a letter requiring the handover of records.The clumsily-titled Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act, or USAPA) introduced a plethora of legislative changes which significantly increased the surveillance and investigative powers of law enforcement agencies in the United States. The Act did not, however, provide for the system of checks and balances that traditionally safeguards civil liberties in the face of such legislation.Legislative proposals in response to the terrorist attacks of September 11, 2001 were introduced less than a week after the attacks. President Bush signed the final bill, the USA PATRIOT Act, into law on October 26, 2001. Though the Act made significant amendments to over 15 important statutes, it was introduced with great haste and passed with little debate, and without a House, Senate, or conference report. As a result, it lacks background legislative history that often retrospectively provides necessary statutory interpretation.The Act was a compromise version of the Anti-Terrorism Act of 2001 (ATA), a far-reaching legislative package intended to strengthen the nation's defense against terrorism. The ATA contained several provisions vastly expanding the authority of law enforcement and intelligence agencies to monitor private communications and access personal information. The final legislation included a few beneficial additions from the Administration's initial proposal: most notably, a so-called sunset provision (which provides that several sections of the act automatically expire after a certain period of time, unless they are explicitly renewed by Congress) on some of the electronic surveillance provisions, and an amendment providing judicial oversight of law enforcement's use of the FBI's Carnivore system.However, the USA PATRIOT Act retains provisions appreciably expanding government investigative authority, especially with respect to the Internet. Those provisions address issues that are complex and implicate fundamental constitutional protections of individual liberty, including the appropriate procedures for interception of information transmitted over the Internet and other rapidly evolving technologies.http://www.govtrack.us/congress/billtext.xpd?bill=h112-67
  6. Requests for information about Google users from U.S. government authorities jumped 29 percent in the first six months of the year, according to a recent report issued by the online search company.The report showed that 5,950 requests for information were made by U.S. government authorities during the first six months of this year, compared with 4,601 requests during the last six months of last year -- an increase of 29 percent."The number of requests we receive for user account information as part of criminal investigations has increased year after year," the report explained. "The increase isn't surprising, since each year we offer more products and services, and we have a larger number of users."Of the near 6,000 requests for user information, which affected 11,057 accounts, Google fully or partially complied with 93 percent of them.There can be many reasons why Google will or will not comply with a request for information from a government, according to the company. Google said it complies with valid legal requests. Generally, requests must be in writing, signed by an authorized official of the requesting agency and issued under an appropriate law. Google's "Transparency Report" is prepared every six months and details requests by countries around the world made to the company to take down information from its websites, including YouTube, or to obtain information about user accounts.
  7. Dropbox™ is a proprietary data backup and sharing service that uses servers in the ‘cloud’ to enable users to share data between devices, be they computers in an office or a smartphone anywhere in the world. The US law enforcement agencies can get your private data by requesting access to Dropbox servers because suspected terrorists might be allegedly using Dropbox to plan their activities.Dropbox™ uses Amazon’s S3 data centers, which are scattered throughout the US and world. Anyone with physical or remote access to those buildings has access to data stored with Dropbox™. Under the Stored Communications Act of 1986 as well as the Patriot Act, Dropbox™ is required to turn over your data when asked by law enforcement.Encryptionhelps..to a pointOf Course, Dropbox™ uses AES-256 encryption when they “store” your data, which is the same as the government uses for information designated as “top secret.”Dropbox™ manages these keys to your data on your behalf. The system only allows access to the keys once you’ve put in your password, but from a technical sense there’s nothing stopping Dropbox™ from decrypting your data except their internal company policies against doing so, which have wide exceptions for they need to comply with federal law.So you could encrypt all your data BEFORE you upload it to Dropbox..And then Dropbox™ employees would only have access to the encrypted data, and that would be all they could turn over to the government.BUT how many of you (or your employees are actually doing this today)?This is why it’s so important for data to be encrypted when living in the cloud. http://drmtlaw.com/areas-of-practice/general-practice/dropbox/
  8. The think to remember…The cloud is not an abstract concept; rather it’s a collection of physical data centers. It was previously widely assumed that the location of the data centerwas crucial in determining national sovereignty of data. in the past corporations compliance officersfocused on data location, but now they moving on to consider broader multinational implications about data protection.
  9. http://blog.privacylawyer.ca/#uds-search-resultsI, for example, am an American living in Canada, working for a Canadian company, I spend significant time in the US and other countries, I use a whole host of cloud services from the afore mentioned dropbox to salesforce to google docs to linkedin to evernote – much to the chagrin of our IT manager I’m sure. Data about me, my company is scattered across the globe as Corporate emails fly from my iphone to my office on a daily basis residing temporarily on different “clouds” It’s not where you live that matters, it’s where your data lives.
  10. As a U.S. law, the Patriot Act applies to everyone living and visiting the country, including any foreign national who spends time on U.S. soil as part of a visa arrangement. The Act also applies to companies based in the U.S., whether they are headquartered there — such as Apple, Google or Microsoft — or are a subsidiary of a larger non-US company.For example, although the BBC has its headquarters in London, it also has studios and offices in the U.S., making these U.S.-based offices vulnerable to the Act.
  11. As a U.S. law, the Patriot Act applies to everyone living and visiting the country, including any foreign national who spends time on U.S. soil as part of a visa arrangement. The Act also applies to companies based in the U.S., whether they are headquartered there — such as Apple, Google or Microsoft — or are a subsidiary of a larger non-US company.For example, although the BBC has its headquarters in London, it also has studios and offices in the U.S., making these U.S.-based offices vulnerable to the Act.http://www.bbcworldwide.com/media/19346/bbc%20worldwide%20annual%20review%202009-10.pdf
  12. The FBI, CIA or the U.S. Department of Defense can issue National Security Letters to an organization, requiring that they provide data records pertaining to an individual. This can involve a gag order, which prevents the organization from ever disclosing receipt of a letter requiring the handover of records.Remember: Any data which is housed, stored or processed by a company, which is a U.S. based company or is wholly owned by a U.S. parent company, is vulnerable to interception and inspection by U.S. authorities. 
  13. Taking this one step further, industry regulators in many international jurisdictions may restrict the international transfer of certain kinds of data, and in some cases even require certain kinds of data to be kept separate and not be intermixed with other data. Examples of existing regulation that may impact on cloud service providers include:Australia — the National Privacy Principles contained in the Privacy Act 1988 (Cth), regulate collection, use and disclosure of personally identifiable information pertaining to individuals, and impose conditions on the transfer of personal information to foreign jurisdictions. In addition, Australian Financial Institutions are further subject to Australian Prudential Regulatory Authority standards. These include APRA 231, which regulates the way in which Australian Financial Institutions outsource material business activities and focus on risk management, including risks relating to the transfer of data. Recent discussion papers suggest further reform, including in the area of cross-border transfer of data;EU — the Stored Communications Act in the European Union (EU) places strict limits on the way data relating to EU citizens is collected and stored; U.S. — In the United States, the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001, allows the FBI to seize and review data stored in or transmitted within the United States. Australiathe National Privacy Principles contained in the Privacy Act 1988 (Cth), regulate collection, use and disclosure of personally identifiable information pertaining to individuals, and impose conditions on the transfer of personal information to foreign jurisdictions. In addition, Australian Financial Institutions are further subject to Australian Prudential Regulatory Authority standards. These include APRA 231, which regulates the way in which Australian Financial Institutions outsource material business activities and focus on risk management, including risks relating to the transfer of data. Recent discussion papers suggest further reform, including in the area of cross-border transfer of data;EU— the Stored Communications Act in the European Union (EU) places strict limits on the way data relating to EU citizens is collected and stored;
  14. In principle the best way to think about data privacy and liability for maintaining that privacy is ask yourself who is the original custodian?The original custodianRemains responsible for protecting and safeguarding the personal informationNeeds to make informed choices about how to handle the data, including what services and service providers to use for its processingTake be a risk-based approachWhat is the sensitivity of the information?What is the risk to the data?What role does the jurisdiction play in that risk?If the risk is high and the safeguards cannot be assured, then don’t use the cloud service provider
  15. http://www.aidanfinn.com/?p=11187A private cloud is one in which the computing environment is operated exclusively for an organization. It may be managed either by the organization or a third party, and may be hosted within the organization’s data center or outside of it. A private cloud gives the organization greater control over the infrastructure and computational resources than does a public cloud.customizable cloud of computing and storage resources that can be configured and re-configured when and as you wishGet all the benefits of cloud (elasticity, pooling resources within your organization, with faster time-to-market) on a private cloud
  16. http://resource.onlinetech.com/benefits-of-private-cloud-computing-compliant-cost-effective/Think about what 12% would mean to your bottom lineAccording to a 2011 study by the Aberdeen Group, the private cloud saves a total of 12% combined annual cost savings over public clouds on a per-application basis. When it comes to computing costs, everything adds up fast – including personnel and training, process and technology, hardware, software, services and support.Companies that implemented private clouds also incurred 38 percent fewer costs related to security and compliance events in the past year compared to public cloud users. Public cloud users suffered from an overall 25 percent of incidents related to audit deficiencies, data loss or data exposure, and unauthorized access.
  17. all the benefits of cloud (elasticity, pooling resources within your organization, with faster time-to-market) on a private cloudA private cloud computing platform is a stack of network, server and storage hardware dedicated to you for the purpose of cloud computing on which you deploy an cloud computing infrastructure platforms such as OpenStack, CloudStack, vCloud, or Hyper-VWhen a cloud computing infrastructure platform is utilized, the stack of hardware becomes a customizable cloud of computing and storage resources that can be configured and re-configured when and as you wish. Giving you the ability to elasticallyconfigure and re-configure your server resources with a  private cloud computing platformIn the old school of computing, what you needed to do is watch the server, storage and network resources. When one application or service appeared to be causing a bottleneck, provide it more resources. You also hadto remember to reduce the number of resources allocated to a server that doesn’t need it. If you don’t, it sits idle and unavailable for another server that might demand it.With cloud computing resources are automatically allocated to change the cloud configuration in real-time so resources are where they need to be when they need to be there! In the blink of an eye and automatically, it needs to turn cloud servers off that aren’t being used and turn them back on when they are needed. This means that a small, extremely smart piece of software constantly monitors your server, storage, memory and network resources and compare that to work-loads. It estimates and forecast which servers need more resources. After estimating, it then needs to automatically, in real-time, re-allocate resources so that you are always using your cloud computing resources in the most efficient manner. Costthe ultimate savings of idle capacity can be passed on to you instead of some 3rd party cloud provider.The cost for a well designed private cloud computing platform is less than a dedicated server on a per server basis. So, not only is it more flexible and can deliver a lower total cost of ownership, a managed Private Cloud can be outright cheaper. That’s the benefit of private cloud computing.
  18. From Gartner: PaaS is a common reference to the layer of cloud technology architecture that contains all application infrastructure services, which are also known as "middleware" in other contexts. PaaS is the middle layer of the software stack "in the cloud."