Embed Size (px)
Citation preview
1
Cloud and saas-based platforms:
Ensuring data privacy
May, 2011May, 2011
2
Today
5 Privacy and Data Governance Issues
TRUSTed Cloud Certification
Image courtesy of BlueMileCloudImage courtesy of BlueMileCloud
3
Application Software & Infrastructures
Services
Business ProcessServices
ContentManagement
Customer RelationshipManagement
E-Commerce Platform Fulfillment & Order Management
Marketing Services
Financial & Payment Services
Email ServiceProvider
Advertising Services
Other ServicesWeb Hosting, Performance & Analytics
TelecommunicationsSocial Media
Services
HR Services
Cloud Service Providers Perform Vital Services
4
Demonstrate responsible, trustworthy data management
Differentiate themselves from their competitors
Again and Again
Data Management Challenges
Image courtesy of technorati.comImage courtesy of technorati.com
Image courtesy of flightschool.acylt.comImage courtesy of flightschool.acylt.com
5
#1: Different Data Protection
Source: Forrester Research, Inc.Source: Forrester Research, Inc.
6
#2: Security
Platform/ system / product is protected against unauthorized access (both physical and logical)
Physical• Primary Data Center location• Disaster Recovery• Security “air lock”, cameras, access logs• Locked cages• Offsite backup storage
Logical• Data model level separation• Two-factor authentication• Passwords• Firewalls, Routers, IDS• Internet Security Director• Internal scanning tools
Courtesy of InformaticaCourtesy of Informatica
7
#3: Data and Policy Integration
Every access point – pcs, mobile, apps - must be integrated and protected
•Front door: Browser
•Back door: messaging, FTP, email etc.
•Everything-In-between: Privacy Policy and Terms of Service
Courtesy of InformaticaCourtesy of Informatica
8
Data handling procedures Employee Training - not
just those that touch the data
Data Breach Procedures
#4: Data Management Processes and Training
Image courtesy of dama.orgImage courtesy of dama.org
Image courtesy of Webroot.comImage courtesy of Webroot.com
Data Management
9
Trustworthy privacy and data governance polices
Security
Oversight
Do Service Providers to Service Providers Have:
#5: Service Provider Service Provider #5: Service Provider Service Provider (Downstream) Data Governance(Downstream) Data Governance
Image courtesy of InformaticaImage courtesy of Informatica
10
Trusted Cloud data privacy certification helps a service provider to close more business faster by demonstrating high standards for data management and privacy.
Certification applies to SaaS and Cloud-based platforms and apps and helps a service provider to:– Quickly assure partners & business customers of their data
management practices
– Differentiate their business as competitive on privacy
– Reduce their clients’ costs of verifying that proper data controls are in place
TRUSTe Trusted Cloud Certification?
11
Addresses Key Data Governance Concerns
1. Do you have appropriate security measures for storing the data collected through your online platform?
2. Are you using the collected data in a way that’s consistent with our agreement? How can I be sure?
3. Is sensitive information encrypted when it’s transmitted?
4. Is my data shared with other third parties, and if so, who is it shared with, and why? Similar protections in place?
5. Do you have a transparent statement describing your data management practices?
6. Do you have the same data management practices for your app as well as your platform?
12
Partial list of TRUSTed Cloud service providers
13
Thank You
Fran MaierPresident| [email protected] | Twitter: FranMaier
Learn MoreLearn More
http://www.truste.com/cloudhttp://www.truste.com/cloud
