CSF Forum 3: 1 August, 2018

July 10, 2018

Cloud Computing is the de facto standard for organizations to run their business. Through the cloud, employees and customer’s organizations access and store data, and services. This also means that more sensitive information is being outsourced to third-parties. There is a misconception in the market that together with the data and computing, also the responsibility of keeping the data secure is outsourced to the service provider. Nothing could be further from the truth! In this 3rd Cyber Security Foundry Forum, we will discuss with Robert Zaher the concerns an organization should raise with their service provider to make sure that its sensitive data is properly protected. Then Giovanni Russello will present some of the research conducted at the CSF to increase the protection of outsourced data.

Location: KPMG Centre, 18 Viaduct Harbour Avenue, Auckland.

Robert Zaher – Associate Director at KPMG

Cloud assurance: Good, OK, or they must be joking.

So your information is in the cloud now… What are the best questions to ask your service provider to make sure they are protecting your sensitive data? And how do you know you are getting the best answers? Robert Zaher, Associate Director at KPMG, shares tips on how to get the best information from your cloud service providers, and how to see through vague or misleading answers about the security of your information.

Speaker’s Bio: Robert Zaher is an Associate Director in KPMGs Advisory division. With over 23 years’ experience as a regulator, IT auditor, and investigator, Robert specialises in helping organisations protect their information, people, and property. His work covers all aspects of protecting information, including cyber security, information assurance, privacy, record-keeping and information risk management. Robert enjoys helping to explain information risks in plain English to boards, senior executives, and staff, and making practical suggestions on how to reduce risk. Since arriving in New Zealand in 2011, Robert has contributed to a number of New Zealand government-wide and sector initiatives to improve assurance and compliance, and he was seconded to GCIO for over a year. One of Robert’s focus areas is helping organisations find out how well their cloud service providers are protecting the sensitive information entrusted to them.

A/Prof Giovanni Russello – Director at Cyber Security Foundry

Outsource your data not its content: Supporting Confidentiality and Privacy in Cloud Computing

Despite its benefits, outsourcing data processing and storage to a third-party cloud provider introduces new challenges for protecting the confidentiality and privacy of the data. The naïve solution would be to encrypt sensitive data before it is stored in the cloud servers. However this would forfeit the benefits introduced by cloud computing because standard encryption techniques make processing on the encrypted data impossible. Homomorphic encryption promises to support (in theory) any computation while keeping the data encrypted. However, currently homomorphic schemes require very large key material and remain impractical. In this talk, I will present some of the approaches we are developing at the CSF for supporting practical crypto tools that guarantee data confidentiality while being able to perform operations on the encrypted data. This research is part of the STRATUS project, a six-year cyber security project, funded by Ministry of Business, Innovation, and Employment (MBIE).

Speaker’s Bio: Giovanni Russello is the Director of the Cyber Security Foundry and an Associate Professor with the Computer Science Department, at the University of Auckland. His research focuses on Android security, confidentiality and privacy solutions for the cloud, and access control models in general. He leads the SECRET Lab, where together with his group works on several security projects including MBIE STRATUS project. In the past, he was founding CEO of a startup developing secure solutions for Android.