IC4 Cloud Security WorkshopThis week, Dr Dimitar Shterionov, Machine Translation Researcher at KantanMT, presented at the Cloud Security workshop conducted by Irish Centre for Cloud Computing and Commerce (IC4). The information-packed workshop, which was a huge success, aimed to draw back the curtain on cloud security and help companies make more informed choices regarding cloud security within their organisation.

In this post we will highlight some of the issues discussed during the workshop as well as the best practices, tools and guidelines that will help decision making for businesses making the move to the cloud.

The event was kicked off by Dr Brian Lee, Cloud Security Theme Lead at IC4 and Valerie Lyons, Researcher at DCU.  Valerie’s talk on Information Risk Management delved into important issues that businesses should watch out for. She pointed out that risk should be understood in relation to overall business opportunity and the appetite risk.

Valerie spoke about the European Union Agency for Network Information Security (ENIA) and pointed out that risk assessment is often about mapping the data systems.

When you go to the cloud, you are actually going to dramatically change processes.

So, it is good housekeeping practice for businesses to keep extensive diagram of dataflow as well as networking, in order to understand businesses vulnerability.

Some of the topics discussed by Valerie during the presentation:

Dr Brian Lee went on to present on cloud control issues with examples from Amazon Web Services and Azure.

Brian’s talk was followed by an informative presentation from Elizabeth Dunne, Barrister and Data Protection Practitioner at Espion Group. Elizabeth informed the audience about the Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in European Union. The PLA (V1) was released in February 2013 as a self-regulatory harmonization tool, which offers a structured way to communicate the level of personal data protection offered by a cloud service provider (CSP), to customers and potential customers.

However, after the release of PLA (V1), the working group found out that CSPs cloud customers and potential customers still struggle to identify the necessary baseline for personal data protection compliance across EU. Therefore, the working group on PLA have decided to develop a second version of the PLA – PLA (V2). This is based only on EU personal data protection mandatory legal requirements.

The company case studies were presented by Mr Ken Bagnall from The Email Laundry, Dr Philip Healy from Rendicity and  Dr Dimitar Shterionov from KantanMT.

KantanMT Presentation:

Dimitar’s presentation highlighted the security measures that have been implemented by KantanMT. Using  Amazon Web Services (AWS), KantanMT provides top-notch security through triple-encryption and data protection (SSL 3.0/TLS 1.0) using high-grade 128 bit certificates.

  • All data is backed up on a rotating schedule of incremental and full backups
  • Each customer data is fully encrypted
  • Passwords are stored only using hash algorithms
  • Individual user sessions are protected by unique session tokens and re-verification of each transaction

There are special cloud security measures in place for eCommerce Translations, Drimitar pointed out in the workshop.

Our eCommerce service is hosted by certified and compliant industry leaders. These maintain:

  • Full PCI DSS Level 1 certification
  • SAS70 type II, SSAE 16, CAN-SPAM and EU Safe Harbor compliance
  • Traffic encryption through state-of-the art encryption layers
  • Multiple segregated networks; highly restrictive configured firewalls and routers
  • Regular audits by external security firms
  • Intrusion Detection System monitors network and system-related parameters
  • Security experts and system administrators on call 24/7

You can view the complete slide deck below: