ICC Presents on Cloud Storage at an OHCHR and UN Global Pulse Event in Geneva
A recent symposium on data governance, Artificial Intelligence (AI) and human rights brought together probing questions and participants, as international development communities explore data-driven insights, approaches and deliverables related to the achievement of the UN Sustainable Development Goals.
ICC participated and presented at the 13- 15 November event at the Palais Wilson in Geneva, co-hosted by the Office of the United Nations High Commissioner for Human Rights (OHCHR) and UN Global Pulse, including participants from WFP, IFC, ILO, UPU, IOM, UN Women, UNHCR, the MIT Media Lab and many others from the private sector.
Meetings focused on the development of a human rights-based approach to AI, with a particular emphasis on identifying practical solutions to address data transparency and access to information, accountability for harms caused by AI-supported decisions, equality and non-discrimination.
As digital technology’s capabilities to collect, store and analyse data evolve, so too must UN Agency approaches to data privacy and information protection, participants argue.
Cloud storage is just one aspect of this shifting conversation. Cloud storage is an efficient and convenient way to store large amounts of data and has become a part of daily operations for many organisations. Cloud storage, located across global locations with a varying levels of security are subject to different laws and not free of physical threats to data.
ICC’s Fabio Maggiore, Lead, Cyber Security Governance and Carlos Correia, Head, AWS Services presented on the second day of the event on public cloud storage options and how to best align data protection with governance in a rapidly changing technology environment.
The sessions were introduced and facilitated by Sachiko Hasumi, Corporate Information Security and Compliance Manager, UN Women, explored key considerations for setting up cloud storage, focusing on the needs of international organisations. They addressed technical and legal safeguards that may need to be taken into account before selecting a cloud storage provider, including issues such as storage lifecycles and data erasure.
Fabio and Carlos explained that the speed of adoption of the cloud across the UN family has peaked in the past few years. UN organisations today utilize some admixture of private, hybrid and public cloud solutions. While the efforts have often been Microsoft-centered (e.g. Azure, SharePoint online, OneDrive, etc.), there has also been use of ad-hoc storage solutions, like Box and Dropbox. Many Agencies have moved to Microsoft Office 365 and Microsoft Azure, while others have begun to implement applications including Amazon Web Services.
Fabio discussed how cloud security threats have raised concerns across the UN. There is apprehension about traditional threats which include state actors hacking the cloud, unintended and intentional disclosure of classified information and sabotage. Newer and less conventional cloud threats include misuse of information obtained as part of service delivery and government access through legal means.
Fabio also identified important safeguard solutions against those potential threats to cloud security. He highlighted encryption and appropriate identity and access management tools as some of the methods that UN Agencies are using, which have been effective for maintaining cloud security.
Some other key observations included:
- Contracts with Microsoft and AWS are reviewed to include clauses on UN Privileges and Immunities.
- UN Agencies are discussing with their Cloud Solution Providers any data residency requirements in regions that have stronger privacy regulations
- Two Agencies are currently implementing Azure Information Protection entailing data classification, rights management and data leak prevention features
- One Agency has already moved data and workloads onto AWS and is planning to move more applications to the cloud.
Stephen McDermid, Senior Solutions Architect, Security and Compliance at Amazon Web Services (AWS) followed in presenting security and compliance measures and issues in AWS, providing examples of customer feedback on how AWS has helped improved data governance.
Amazon Web Services, an ICC strategic partner, supports ICC’s delivery of AWS management services. These services provide value-added options for Clients who seek to host their applications, platforms and infrastructure in the Amazon Web Services cloud.