Page 182 - Big data - Concept and application for telecommunications
P. 182
4 Big data - Concept and application for telecommunications
i) CSPs should provide effective virtual machine image file loading protection methods to prevent
unauthorized users running their own computing resources from the hard disk, even if it is stolen.
7.4 Security controls in use stage
Guidelines for security controls in the use stage include the following:
a) CSPs should authorize and verify the utilization of data.
b) Utilization of sensitive data should be audited, with audit logs generated.
c) CSPs should apply malicious activity monitoring and enforcement mechanisms according to their
responsibility and rights to discover threats and control data usage.
7.5 Security controls in migrate stage
Guidelines for security controls in the migrate stage include the following:
a) Network connectivity should be assessed prior to data migration to ensure the safety of the
migration process.
b) CSPs should ensure that data integrity and confidentiality is not affected during a migration.
c) CSPs should ensure that data migration does not affect the continuity of services and applications.
d) CSPs should conduct data backup and recovery-related work appropriately during data migration.
e) CSPs should establish a migration scheme, assess its feasibility and associated risks, then develop
risk control measures accordingly as preparations for data migration.
7.6 Security controls in destroy stage
Guidelines for security controls in the destroy stage include the following:
a) CSPs should be able to erase all key material related to encrypted data.
b) CSPs should utilize physical destruction, such as degaussing of physical media when
decommissioning storage hardware.
c) CSPs should utilize data recovery techniques to confirm destruction processes.
d) CSPs should be able to provide means to help clear legacy data caused by the migration of data
among different cloud platforms, the termination of service and contract, and natural disasters.
e) CSPs should provide means to remove all copies of the data.
f) CSPs should ensure that the storage space for user authentication information, such as the user
account and password, are not released or reallocated to other users until that information is fully
cleared.
g) CSPs should ensure that the storage space for resources, such as files, directories and database
records, are not released or reallocated to other users until those resources are fully cleared.
h) CSPs should provide means to prevent the recovery of destroyed data.
7.7 Security controls in backup and restore stage
Guidelines for security controls in the backup and restore stage include the following:
a) CSPs should utilize content recovery mechanisms, like those for data loss prevention, to assist in
identifying and auditing data that needs to be backed up.
b) CSPs should support an appropriate encryption algorithm for long-term (archival) storage media
backup, such as the use of long encryption keys and planning for replacement with an improved
encryption algorithm.
c) CSPs should provide local data backup and recovery functions. Complete data backup should be
conducted at least once a week and the incremental backup at least once a day.
174 Security, privacy and data protection
