View
298
Download
2
Category
Preview:
Citation preview
How Privacy in the Cloud Affects End-Users
Cloud services and privacy, what are they?
Why Cloud services are so much popular?
Why do they collect personal information?
How do they collect personal information?
Why should we be concerned?
How can we protect ourselves?
Cloud ServicesA cloud service is any resource that is provided over the Internet. These can be email services, maps, source control services, storage services, diagramming tools, social sites or any other service you can imagine of that is served via the internet.
Privacy
- International Association of Privacy Professionals (IAPP)
Cloud services and privacy, what are they?
● Work from anywhere○ just having an internet connection is sufficient○ sometimes just having a mobile device is enough○ doesn’t require carrying data in USBs and laptops to different places○ promotes work-life balance
■ One study reported that “42% of workers would swap a portion of their pay for the ability to telecommute. On average they’d be willing to take a 6% pay cut”
● Maintains Productivity and improves sharing○ allows several people to work on the same document in real time○ eliminates the need for back-and-forth exchange of documents
Why Cloud services are so much popular?
● Ensures Security○ Data in local computers can get lost or infected/corrupted due to
viruses etc.○ Not practical to backup data on a regular basis○ Local computer security might be lower when compared to strong
authentication policies of cloud
● Saves Money○ No need to buy expensive desktop applications when a similar
service is provided by a cloud provider○ No need to buy hardware storage devices to keep backups
Source: “Cloud Adoption & Risk Report 2015 Q4” by Skyhigh
Why do they collect personal information?
● To personalize user experience
● To show relevant advertisements○ Ads are the revenue generator for free services
Source: http://www.whoishostingthis.com/blog/2013/05/29/internet-privacy-infographic/
Via Data Collection Mechanisms
● Various data collection forms● What you click on the site● What you click on a partner/subsidiary site● Apps you access● Data collection agencies
Via User Tracking Mechanisms
● Cookies● Click Redirects● Pixel Tags (aka web bugs)
How do they collect personal information?
Via UX Dark Patterns
Why should we be concerned?Ordering Pizza in the Future ;)
Source: https://www.skyhighnetworks.com/cloud-security-blog/only-9-4-of-cloud-providers-are-encrypting-data-at-rest/
www.propublica.org/article/google-has-quietly-dropped-ban-on-personally-identifiable-web-tracking
“
Source: http://www.observeit.com/blog/importance-data-misuse-prevention-and-detection
Understand the Cloud Service● Don’t sign up for new cloud services without researching it.
○ Do they have encryption at rest?○ Do they give your data to governments? ○ Do they give your data to other 3rd parties?
■ E.g. other service and advertising companies○ Do they control their own servers, or do they rent out servers from other
companies? ■ E.g. Dropbox and Apple use Amazon’s servers for a portion of online
services.)● Read the user agreement and privacy policy - yeah you heard it right! :)
How can we protect ourselves?
Avoid/minimize storing sensitive information● There’s no 100% privacy in cloud and identity theft is increasing● Keep only the files that require frequent access● Avoid storing passwords, Personally Identifiable Information (PII): credit card
numbers, national id, home address etc.
Use a “Zero Knowledge Privacy” service● Service takes care of encrypting the files on the local computer and storing them
safely on the cloud● Not even service providers or server administrators can gain access● E.g. Spideroak, tresorit
Encrypt sensitive information before uploading● Use encryption software - e.g. TrueCrypt● Can create a password protected archive - e.g. B1 Free Archiver
Use strong passwords and multi-factor authentication● - infosecurity-magazine● Don’t reuse passwords● Change it frequently● Opt for multi-factor authentication - e.g. sms verification
Be cautious of your online activities● Don’t save your password, and ensure that you logged out● Don’t use open and unsecured Wi-Fi hotspots in public places
Be alert to security news related to your Cloud Service● Be informed about breaches● Be ready to take actions - e.g. password reset upon a breach
Be balanced about convenience vs. level of protection● how valuable is that information? and to what extent it is reasonable to
protect it? ● Higher protection == high cost (and could be higher time and effort too)● convenience usually wins out. But be aware of the trade off.
Example Privacy Guidelines: Facebook
See what your profile looks like to a stranger:
In Facebook profile page, click the three dots next to "View Activity Log" and then select "View As..."
Other Privacy Stuff ...
Adjust Apps Setting ...
Adjust Ads Setting ...
Data Protection Laws?
Thank You!
Recommended