IGF 2022 WS #260 Protecting Shared Computation (Cloud Security)

Time
Thursday, 1st December, 2022 (14:20 UTC) - Thursday, 1st December, 2022 (15:20 UTC)
Room
Press Briefing Room

Organizer 1: Nancy Njoki Wachira, INTERNET SOCIETY YOUTH@IGF
Organizer 2: Gabriel Karsan, INTERNET SOCIETY YOUTH@IGF
Organizer 3: Shadrach Ankrah, Ghana Youth IGF

Speaker 1: Gabriel Karsan, Civil Society, African Group
Speaker 2: Juliana Novaes, Civil Society, Latin American and Caribbean Group (GRULAC)
Speaker 3: Ihita Gangavarapu, Technical Community, Asia-Pacific Group
Speaker 4: Yawri Carr, Civil Society, Latin American and Caribbean Group (GRULAC)
Speaker 5: Innocent Adriko, Civil Society, African Group

Additional Speakers

Sarah Kiden -Technical community/Academia,Afrcan Group (https://www.intgovforum.org/resource/user/1562)

Moderator

Gabriel Karsan, Civil Society, African Group

Online Moderator

Shadrach Ankrah, Technical Community, African Group

Rapporteur

Nancy Njoki Wachira, Technical Community, African Group

Format

Birds of a Feather - Classroom - 60 Min

Policy Question(s)

1.How do we ensure openness of the Internet while taking into consideration privacy of cloud service users such as privacy standards in Africa are different from that of Europe or America because information flows across borders and there should be rules governing these issue. 2.Should there be shared global rules governing cloud services? 3.How can cloud and edge computing facilitate digital transformation and meaningful connectivity to innovation infrastructure and its security and accessibility especially in the African continent and the world at large?

Connection with previous Messages:

SDGs

17.1

Targets: SDG 9: Industry, Innovation and Infrastructure SDG 16: Peace, Justice and Strong Institutions SDG 17: Partnership for the goals Cloud security is the base security required to protect cloud applications. The infrastructure consists of hundreds of data centers across the world, thousands of miles of fiber optic cables as well as millions of servers running in these data centers. Cloud companies can pledge to be carbon negative by 2030 which includes a strong commitment to transforming supply chain with the goal of minimizing embodied carbon in the hardware operation, optimizing the efficiency of its physical infrastructure, and minimizing end of life e-waste. The SDGs have offered a blueprint for sustainable and equal humanity and the internet has come as a public savior tool to enhance the achievement of SDGs in it’s nature of being open , decentralized and boundless partnering all goals hence a great help to humanity.

Description:

Millions of smart devices and emerging technologies are being manufactured and connected to the cloud (Internet of Things). Businesses have to adapt to new technologies and their protection strategies must change to keep pace. These strategies must include stronger and more varied security mechanisms but they must also include ways to recover quickly should a breach or an incident occur. The session will look into the management of Cloud Infrastructure and security management. It will provide an easy crash course on the beginning and future of the cloud and its intersection in boosting shared infrastructure as service affordably and innovatively to meet industry needs and growing need of meaningful infrastructure for Africa. The role of each stakeholder in the cloud environment, the protocols, technology and best practices that protect cloud computing environment applications running in the cloud and data held in the cloud. Understanding what needs to be secured and the management aspect of it. The session will also look at the security of cloud environments in times of a disaster or crises. How data be recovered in case of a data loss, how cloud environments can prevent human errors causing data breach or leakage, protecting networks and storage against malicious attacks and how the impact of data or system compromise can be reduced.

Expected Outcomes

At the end of the session, the expected outcomes will be an informed audience on the importance of data localization for ownership, faster connectivity speeds and infrastructure upgrade. A recommendation report of adoption of cloud and edge computing across African communities from its technical aspect and data governance for improved access .These will be translated into policy of data management, cybersecurity and shared communication computation across the region.

Hybrid Format: Equal time slot allocation among online and onsite speakers will be granted and the online moderators will be responsible to ensure commentary from online participants are read and discussed in the room. Translation services and captions will be utilized to increase inclusion. We aim to optimize the platform and use accessibility friendly social media live platforms for reactions across multitudes of channels. Discussion Facilitation: (The flow or facilitation used in the session) The session will begin with a 5 minutes introduction done by the onsite moderator. The onsite moderator will introduce the speakers, title of the session, the policy questions, and what the session will try to achieve at the end (outcome). The online moderator will also ensure the zoom is set up and make a test request from the audience whether they can hear the audio and are able to comment and ask questions using the chat feature and raise hand option. After the introduction and tools testing, the onsite moderator will begin the panel by asking the speakers the questions. There will be two rounds of questions asked. First Round: Speaker 1: 5 mins (private Sector), Speaker 2: 5 mins (Technical Community), Speaker 3: 5 mins (Civil Society), Speaker 4: 5 mins (Government), Speaker 5: 5 mins (). At the end, there will be 10 minutes of Q&A from the audience (soliciting contributing from the online audience. The second round will follow the same format and time. Some challenges, policies/laws, Success stories, Achievements on the “...........” the (any stakeholder group) representative speaker will present their experiences/contributions on (sub issues) the moderator will allow the next to also present his/her interventions The onsite moderator and the rapporteur will be responsible for organizing the interventions and interacting with the speakers to ensure that the goals of the session are achieved, ensuring an equal and diverse input from the onsite and online speakers and audience. The rapporteur will make notes of important information and contributions onsite and online. The online moderator will collate contributions in the form of chat comments from the online audience to be added for the final by the rapporteur. To ensure a hybrid experience, the online room will be displayed in the physical room and onsite participants being encouraged to join online. Incase there will be an online speaker, the online moderator will be responding to ensure that the speakers will be given a minute each to say some last words. Online Participation; Usage of IGF Official Tool. Additional Tools proposed: With a member of the organizing team having experience as an IGF volunteer supporting the remote technical and organizational maintenance of virtual rooms, the organizing team will ensure active inclusion of online participation by promoting the session widely on social media, the IGF community and other platforms (including universities). Remote hubs will be given equal opportunity to participate in the season. The online moderator will interact with the online audience to give opportunity to those who want to ask questions and contribute to the discussion.

Online Participation

 

Usage of IGF Official Tool.

 

Key Takeaways (* deadline 2 hours after session)

Data is the lifeblood that guides the decisions of the most organizations but old ways of thinking about data protection are not fit for the era of digital transformation.

Cloud security /protection starts with complete visibility into the security and compliance posture of every resource you deploy into the cloud

Call to Action (* deadline 2 hours after session)

It's time to devise a strategic plan to protect data so that our spaces can reap the benefits of working in the cloud without increasing the risks of exposure

Session Report (* deadline 26 October) - click on the ? symbol for instructions

Organizations and the public face security concerns regarding cloud environment .Despite the fact that many organizations have decided to move sensitive data and important applications to the cloud, concerns about how they can protect it is abound .Therefore the technical community needs to help in  reducing risks of exposure of data while the  private sector  and civil society need to play key roles in educating and raising awareness to the public of security concerns.

Data sovereignty /residence control has created major concerns around data control with protection regulations such as the GDPR limiting where EU citizens data can be sent, the use of data centers outside of the approved areas cloud place organizations in a state of regulatory non-compliance .We need to have other region like the Africa region, America, Asia and Australia adopt different jurisdictions and laws regarding access to data for law enforcement and national security which can also impact the data privacy and security of nations.