A School of Information Studies faculty member is heading to Washington, D.C. to discuss a new approach to cloud-stored data management architecture and to unveil a new structural template that can be adopted by entities of all types and sizes to strengthen the data privacy and security blanket across an entire region.
Lee McKnight, associate professor at the iSchool, is appearing on two panels at the Smart Cities and Communities Challenge Expo, occurring Wednesday through Friday. He joins more than a thousand technology innovators and municipal government representatives from around the world at the event, which is led by National Institute of Standards and Technology (a bureau of U.S. Department of Commerce), in partnership with the U.S. Department of Homeland Security Science and Technology Directorate, the National Telecommunications and Information Administration, the National Science Foundation, and the International Trade Administration. The Global City Teams Challenge (GCTC/SC3) program component is a collaborative platform for the development of smart cities and communities.
McKnight is on two panels on Thursday, July 11: “The Smart and Respectful City–How to Handle Issues of Privacy and Trust,” and the “Cybersecurity and Privacy Super Cluster,” a presentation of the work being done in a Syracuse University (iSchool) and City of Syracuse-led action cluster that also includes a number of corporate and industry experts.
A highlight of the Cybersecurity and Privacy Super Cluster panel is the debut of new architecture guidelines for categorizing and managing cloud-stored data called “SC3-cpSriA 'Secure Cloud Architecture Guidelines.” As developed by the action cluster, the template features a color-coded architectural plan for the classification of privacy and security levels for various types of data being stored in the cloud. As a simplified solution, it is more understandable and thus more adoptable by users of every type—such as small and large businesses, communities, and non-profit organizations—including those who are not accustomed to implementing complex data management systems.
Human Rights Concepts
The new guidelines uniquely offer considerations for how human rights protections can be built in to the data architecture, McKnight said. “Cloud services built for communities typically have privacy and security concerns built in, but what’s unique in this approach is the rights-inclusive aspects—the building in of data rights, property rights, and human rights protections—as opposed to just creating a secure system for the data and its functions,” he added.
A Meta Structure
“What’s also different is that we’re talking about an architecture created not just for city government and local businesses, but one that is intended to protect a whole community, an entire region. Having people in the private sector or city governments all being able to talk the same language can help increase the sharing of regional information and also increase security and privacy for the entire community. The typical scale for a cloud architecture is to provide a system that serves an individual government, organization or enterprise; here, we’re talking about a meta cloud architecture that would work across city government, local non-profits, technology businesses, community residents, and an entire region,” McKnight explained.
The system’s color-coding schema characterizes as “green” civic data that is open data and free to share; as “yellow” data that may include sensitive information but is permissible to transfer or share under certain conditions that must be followed; and as “red” data that includes personal identifiable information and sensitive information where only trusted practices and processes should be able to reach and retrieve the data.
“Having a systematic approach and a plan that can be realized and implemented for cities to organize themselves and provide backup for their data systems is a first, and it is a large step towards communities protecting against cyber threats, such as the ransomware attacks experienced recently by some cities,” added McKnight. If all the organizations, entities, and communities in a region were to adopt the same template, privacy and security protections of data would be significantly heightened, he said. “Rather than be at the whims of 100 different attackers or 1,000 different bad systems where intruders could get access, this addresses the situation systematically by providing a secure cloud backup system that helps solve the issue, and over time, could save money because you wouldn’t be working with the same bad implementations over and over.”
McKnight is one of the authors and editors of the guidelines, which features a number of individual researchers and experts as contributing authors and a range of companies as sponsors and supporters.
The secure cloud architecture blueprint is available as a handout at the Syracuse University booth at the Expo exhibitor hall area and is downloadable through the National Institute of Standards and Technology portal.