Cloud Security Alliance Report Highlights Data Privacy Opportunities Across Big Data, Cloud and IoT

By on 23/05/2015

The experience gained by the company alongside the users of the enterprise and cloud service providers of cloud computing adds an important perspective on the challenges of security in cloud, big data and Internet of Things (IoT) environments.

The non-profit Cloud Security Alliance (CSA) that aims to promote the use of best practices to ensure security in cloud computing released a new survey that found growing and strong interest in harmonizing privacy laws towards a universal set of principles. Responses indicated the right to access data through country-specific laws if the needs arises, i.e. data needs to be made available for a cybercrime investigation.

The report, Data Protection Heat Index Survey, found there is a growing number of support among global consumers on bill of rights, global themes regarding data sovereignty. When it comes to user consent, 73 percent of respondents call for global consumer bill of rights around data privacy. Many organizations surveyed said that personal data and Personally Identifiable Information (PII) should remain resident in most countries. This is important given the harmonization taking place in Europe, with a single EU Data Privacy Directive for 28 member states, as well as with the renewed calls for a U.S. Consumer Bill of Privacy Rights in the United States, and cross-border privacy arrangements in Australia and Asia.

The report further says data privacy considerations are often overlooked in the development phase of cloud, IoT and big data solutions, and instead are viewed through a maze of complicated regulations and guidance. These findings highlight the very significant opportunity for global co-operation between CISOs and InfoSec professionals, privacy leaders, developers and architects, to build privacy principles into new and emerging solutions.

Organizations show keen interest in the Organization for Economic Co-operation and Development (OECD) principles as facilitating the trends of the IoT, cloud and big data. The OECD privacy principles catalyzed the creation of privacy frameworks and subsequent legislation globally. The privacy principles provide a common language for these concepts to be built into data privacy legislation. Now, what people care about has evolved: untraceability, unlinkability, minimization, anonymity have become additional key points of focus. The data quality principle has really become data minimization and data quality, and it is going to be a vital driver for big data and IoT.

The experience gained by the company alongside the users of the enterprise and cloud service providers of cloud computing adds an important perspective on the challenges of security in cloud environments. This alternative point of view will be valuable to continue to develop and adapt these guidelines.

In another report by the research firm Gartner, software-defined security, big data security analytics, intelligent/context-aware security analytics, application isolation, endpoint threat detection & response, website protection, adaptive access, people-centric security and securing the IoT are the top ten security trends.