Reference no: EM132989848
Case Study #1 - Digital Signatures
With DSTECHGOV's client portfolio expanding to include public-sector organizations, many of its cloud computing policies have become unsuitable and require modification. Considering that public-sector organizations frequently handle strategic information, security safeguards need to be established to protect data manipulation and to establish a means of auditing activities that may impact government operations.
DSTECHGOV proceeds to implement the digital signature mechanism specifically to protect its Web-based management environment . Virtual server self-provisioning inside the IaaS environment and the tracking functionality of real-time SLA and billing are all performed via Web portals. As a result, user error or malicious actions could result in legal and financial consequences.
Whenever a cloud consumer performs a management action that is related to IT resources provisioned by DSTECHGOV, the cloud service consumer program must include a digital signature in the message request to prove the legitimacy of its user. Digital signatures provide DSTECHGOV with the guarantee that every action performed is linked to its legitimate originator. Unauthorized access is expected to become highly improbable, since digital signatures are only accepted if the encryption key is identical to the secret key held by the rightful owner. Users will not have grounds to deny attempts at message adulteration because the digital signatures will confirm message integrity.
Answer the following questions in the Answer Box below:
1. Do you agree that digital signatures are the best way to protect the data in question?
2. Do you agree with the author's statement that digital signatures provide a guarantee that every action performed is linked to its legitimate originator?
3. DSTECHGOV appears to be Canadian based. Does PIPEDA have any rulings on digital signatures?