Visible to the public Risks Identification in the Exploitation of a Geographically Distributed Cloud Infrastructure for Storing Personal Data

TitleRisks Identification in the Exploitation of a Geographically Distributed Cloud Infrastructure for Storing Personal Data
Publication TypeConference Paper
Year of Publication2020
AuthorsMaklachkova, V. V., Dokuchaev, V. A., Statev, V. Y.
Conference Name2020 International Conference on Engineering Management of Communication and Technology (EMCTECH)
Date PublishedOct. 2020
ISBN Number978-0-7381-3074-3
Keywordsauditing storage, augumented reality, Big Data, cloud computing, cloud services, cloud storage administrators, Companies, confidential information leaks, controller, cyber incidents, data leak, data privacy, data protection, data storage subsystem, data subject GDPR, digital twin, Distributed databases, expert systems, geographically distributed cloud infrastructure, geographically distributed company, high-loaded infocommunications systems, human factors, information quality, Kaspersky Lab, Models, natural person, Object recognition, payment information records, personal data, personal data records, privacy, processing, pubcrawl, risk, risk Identification, risk management, Scalability, security, security of data, Servers, social engineering techniques, storage management, stored resources, storing personal data, system, Task Analysis, technical project, unsecured service

Throughout the life cycle of any technical project, the enterprise needs to assess the risks associated with its development, commissioning, operation and decommissioning. This article defines the task of researching risks in relation to the operation of a data storage subsystem in the cloud infrastructure of a geographically distributed company and the tools that are required for this. Analysts point out that, compared to 2018, in 2019 there were 3.5 times more cases of confidential information leaks from storages on unprotected (freely accessible due to incorrect configuration) servers in cloud services. The total number of compromised personal data and payment information records increased 5.4 times compared to 2018 and amounted to more than 8.35 billion records. Moreover, the share of leaks of payment information has decreased, but the percentage of leaks of personal data has grown and accounts for almost 90% of all leaks from cloud storage. On average, each unsecured service identified resulted in 33.7 million personal data records being leaked. Leaks are mainly related to misconfiguration of services and stored resources, as well as human factors. These impacts can be minimized by improving the skills of cloud storage administrators and regularly auditing storage. Despite its seeming insecurity, the cloud is a reliable way of storing data. At the same time, leaks are still occurring. According to Kaspersky Lab, every tenth (11%) data leak from the cloud became possible due to the actions of the provider, while a third of all cyber incidents in the cloud (31% in Russia and 33% in the world) were due to gullibility company employees caught up in social engineering techniques. Minimizing the risks associated with the storage of personal data is one of the main tasks when operating a company's cloud infrastructure.

Citation Keymaklachkova_risks_2020