SECURITY

OF CLO

UD

COMPUTI

NG

APPLIC

ATIO

NS IN S

MART

CITIE

S

BS

I I NF

OR

MA

TI O

N &

CL

OU

D S

EC

UR

I TY

SE

MI N

AR

20

14

Charles MokLegislative Councillor

(Information Technology)

An evolution of Smart Cities

Making cities more efficient but also

more vulnerable

3

New economic and social opportunities from the Internet of Things

Smart Services:Interconnected data, infrastructures and services, enabled by ICT

4

SMART CITY ARCHITECTURE

Applicationssatellite imagery, aerial mapping, GPS, building management system, CCTV, GIS

Informationuser, document, industry, business, revenue, circulation

Management

Integration of communication protocolsWireless, Bluetooth, Wi-Fi, 3/4/5G, M2M, embedded network

5

EXAMPLES

• Smart grids and smart metering• Intelligence transportation• Smart and connected healthcare• Public safety and emergency services• Wireless connection• Intelligent buildings

6

SENSITIVE DATA IN THE CLOUD

Personally Identifiable Information examples

• Geolocation data

• Medical records

• Banking and insurance records

• Emails and other instant communication

Any serious breach will cause financial, data, credibility and reputational loss or damage

CHALLENGES

8

SECURITY PRIVACY

RESILIENCE RELIABILIT

YINTEGRITY

CONCERNS IN SMART CITY

Data collector/own

er• Outsourcing:

How to select a cloud vendor?

• How to maintain direct control to safeguard data integrity?

Cloud service providers

• How to satisfy data residency and privacy requirements

• How to remain flexible and provide cost-effective service?

Regulator

• Formulation of relevant standards and practices

• How to ensure adoption and compliance?

• Would sensitive data end up overseas?

End-users

• Are my data safe in the cloud?

• Would I know if there is security or privacy breach?

3 KEY ISSUES

Security

Is the data protected from theft, leakage, spying or attacks?

What is the level of control

and protection?

Residency

Where is the data stored?

geographically disbursed?

What to do with data in

transit & outside

territory?

Privacy

Who can see personally identifiable information

(PII)?

Storing, transferring, locating and protecting PII

Challenges of smart city

services

Maintaining ownership and control

of data

Info on 3rd party service

and distributed

infrastructure Deliver

resiliency, availability

and flexibility of smart services

MAIN CAUSES OF DATA BREACHES

12

System glitches

Malicious attacks

Human factor

29%

36%

35%

Source: 2013 Cost of Data Breach Study: Global Analysis“by Symantec and the Ponemon Institute.

13

Source: Techcrunch

14

NO PRIVACY FOR DIGITAL

CITIZENS?

DATA IS EVERYWHERE

PLANNING AHEAD: STRATEGIC APPROACH• Multiple layers:

Physical security (facilities)Network security (infrastructure)System security (IT systems)Application and data security

HOW? SECURITY BY DESIGN

• Educate people, improve governance and compliance

• Identify critical data

• Disaster Recovery and Continuity

• Breach notification and data residency

• Data management at rest

• Data protection in motion

• Encryption key management

• Identification and Access controls

• Long-term resiliency of the encryption system

16

THANK YO

U

17