A team of academics and experts published a July 10 blueprint that acts as a template to help communities become “smart cities” by adopting a secure hybrid cloud architecture.
The paper, produced by the Smart City and Community Challenge cloud privacy security rights inclusive architecture (SC3-cpSriA) action cluster, provides cities a cloud architecture adoption roadmap that bolsters confidentiality, protects personally identifiable information (PII), and provides access control and cloud-based backup.
“With the common conceptual understanding of a smart city, community, or region as a cyberphysical system, mechanisms to better coordinate cloud services, including cloud backups for disaster recovery, and reduce costs by use of common templates and models are now something many should feel empowered to participate in the planning of for their community,” the blueprint said.
The blueprint provides security recommendations based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework, as well as steps to help cities create data models that “can be used to limit exposure to risks to the confidentiality, integrity and availability of data.”
The SC3-cpSRiA action cluster suggests a three-level data classification scheme that ranks data risk classification when constructing a hybrid cloud architecture, whether multi-cloud, inter-cloud, or federated cloud designs. The ranks include:
- Red, for highly sensitive data, like PII, which require the most control and restriction;
- Yellow, for data that can be shared more widely with controls and monitoring; and
- Green, for low sensitivity data that can be shared openly, such as smart city civic and open data.
Based on the data type, officials can determine the legal and regulatory requirements they will draw around their data, what security they require for it, and how data storage and collection could impact residents’ privacy and security.