Don't forget the security goals outside the CIA triad

Confidentiality, Integrity and Availability are usually considered as security goals but with the emergence of regulations such as GDPR and PCI-DSS goals as Accountability and Auditability becomes really important. This talk will show a few reference architectures compliant with GDPR and PCI-DSS.

Confidentiality, Integrity and Availability (the “CIA triad”) are usually considered in cloud architecture and deployments as basic information security objectives. But there are Accountability, Auditability, Authenticity/Trustworthiness, Non-repudiation and Privacy as additional security goals that may in many cases be left out of consideration. With the emergence of standards such as GDPR and PCI-DSS, these goals become extremely important. I will show a few reference architectures on cloud deployments that have been certified against the standards. I will highlight some important things to consider and common pitfalls when designing a compliant cloud architecture.

This is intended to educate Cloud admins and Cloud Ops on the demands from regulatory compliance and showing examples on handling them rationally.