Page 180 - Big data - Concept and application for telecommunications
P. 180
4 Big data - Concept and application for telecommunications
6.3 Existing requirements related to about data security
The security framework for cloud computing specified in [ITU-T X.1601] provides the requirements related
to data security, including data isolation, protection and confidentiality protection.
1) Data isolation
In a cloud computing context, a tenant is prevented from accessing data belonging to another
tenant, even when the data is encrypted, except when explicitly authorized. Data isolation may be
realized logically or physically, depending on the required isolation granularity and the specific
deployment of cloud computing software and hardware.
NOTE – In cloud computing, isolation occurs at the tenant level. A given CSC may have multiple
tenants in the cloud, for example, to separate different subsidiaries, divisions or business units.
2) Data protection
Data protection ensures that CSC data and cloud service derived data held in a cloud computing
environment is appropriately secured so that it can only be accessed or changed as authorized by
the CSC (or according to applicable law). This protection may include some combination of access
control lists, integrity verification, error correction/data recovery, encryption and other appropriate
mechanisms. When a CSP provides storage encryption for CSCs, this function can be client-side
encryption (e.g., within a CSP application) or server-side encryption.
3) Confidentiality protection
Private information can include personally identifiable information (PII) and confidential corporate
data. The collection, use, transfer, handling, storage and destruction of private information can be
subject to confidentiality regulations or laws. This restriction applies to both CSPs and their CSCs,
e.g., a CSC must be able to permanently delete a data table containing private information, even
though the CSP is not aware of the table contents. CSPs may also need to support information
handling, e.g., searching of CSC data in its transformed or encrypted form.
Confidentiality protection extends to private information that may be observed or derived from CSC
activities, such as business trends, relationships or communications with other parties, and activity
levels and patterns.
Confidentiality protection is also responsible for ensuring that all private information (including
observed or derived data) is used only for those purposes that have been agreed between a CSC and
a CSP.
A risk assessment of private information (called a "confidentiality risk assessment") can assist a CSP
in identifying the specific risks of confidentiality breaches involved in an envisaged operation. The
CSP should identify and implement capabilities to address the confidentiality risks identified by the
risk assessment and treatment of private information.
NOTE – In some jurisdictions, individual natural persons (i.e., human users) are treated separately
from their employers for confidentiality purposes. In such circumstances, confidentiality of the CSU
will be appropriately protected in addition to that of the CSC or tenant.
6.4 Data security lifecycle
Based on the actual situation of cloud service, the CSC data security lifecycle includes:
1) Creation: This is probably better named creation/update because it applies to creating or changing
a data/content element, not just a document or database. Creation is the generation of new digital
content, or the alteration/updating of existing content.
2) Transmission: This is the communication process of transferring data from one place to another.
3) Storage: Storage is the act of committing the digital data to some sort of repository, and typically
occurs nearly simultaneously with creation.
4) Use: Data is viewed, processed, shared or otherwise used in some sort of activity.
172 Security, privacy and data protection
