Share
Best Business Podcast (Gold), British Podcast Awards 2023 How do you build a fully electric motorcycle with no compromises on performance? How can we truly experience what the virtual world feels like? What does it take to design the first commercially available flying car? And how do you build a lightsaber? These are some of the questions this podcast answers as we share the moments where digital transforms physical, and meet the brilliant minds behind some of the most innovative products a ...
…
continue reading
Manage episode 374922570 series 3407760
Content provided by Debra J. Farber (Shifting Privacy Left). All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Debra J. Farber (Shifting Privacy Left) or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.
This week’s guest is Elias Grünewald, Privacy Engineering Research Associate at Technical University, Berlin, where he focuses on cloud-native privacy engineering, transparency, accountability, distributed systems, & privacy regulation.
In this conversation, we discuss the challenge of designing privacy into modern cloud architectures; how shifting left into DevPrivOps can embed privacy within agile development methods; how to blend privacy engineering & cloud engineering; the Hawk DevOps Framework; and what the Shared Responsibilities Model for cloud lacks.
Topics Covered:
- Elias's courses at TU Berlin: "Programming Practical Privacy: Web-based Application Engineering & Data Management" & "Advanced Distributed Systems Prototyping: Cloud-native Privacy Engineering"
- Elias' 2022 paper, "Cloud Native Privacy Engineering through DevPrivOps" - his approach, findings, and framework
- The Shared Responsibilities Model for cloud and how to improve it to account for privacy goals
- Defining DevPrivOps & how it works with agile development
- How DevPrivOps can enable formal privacy-by-design (PbD) & default strategies
- Elias' June 2023 paper, "Hawk: DevOps-Driven Transparency & Accountability in Cloud Native Systems," which helps data controllers align cloud-native DevOps with regulatory requirements for transparency & accountability
- Engineering challenges when trying to determine the details of personal data processing when responding to access & deletion requests
- A deep-dive into the Hawk 3-phase approach for implementing privacy into each DevOps phase: Hawk Release; Hawk Operate; & Hawk Monitor
- How open sourced project, TOUCAN, is documenting conceptual best practices for corresponding phases in the SDLC, and a call for collaboration
- How privacy engineers can convince their management to adopt a DevPrivOps approach
Read Elias' papers, talks, & projects:
- Cloud Native Privacy Engineering through DevPrivOps
- Hawk: DevOps-driven Transparency and Accountability in Cloud Native Systems
- CPDP Talk: Privacy Engineering for Transparency & Accountability
- TILT: A GDPR-Aligned Transparency Information Language & Toolkit for Practical Privacy Engineering
- TOUCAN
Guest Info:
Privado.ai
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.
Shifting Privacy Left Media
Where privacy engineers gather, share, & learn
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Copyright © 2022 - 2024 Principled LLC. All rights reserved.
Chapters
1. S2E24: "Cloud-Native Privacy Engineering via DevPrivOps" with Elias Grünewald (TU Berlin) (00:00:00)
2. Introducing Elias Grünewald (00:02:15)
3. Elias discusses the courses that he teaches at TU Berlin: "Programming Practical Privacy: Web-based Application Engineering & Data Management" and "Advanced Distributed Systems Prototyping: Cloud-native Privacy Engineering" (00:05:33)
4. Discussion of Elias' 2022 paper, "Cloud Native Privacy Engineering through DevPrivOps" - his approach, findings, and framework (00:11:42)
5. Discussion of the Shared Responsibilities Model for cloud and how it can be improved to better account for privacy goals (00:18:58)
6. Defining DevPrivOps and how it works with agile development (00:21:50)
7. How DevPrivOps can enable formal privacy-by-design (PbD) & default strategies (00:28:17)
8. Discussion of Elias' June 2023 paper, "Hawk: DevOps-Driven Transparency & Accountability in Cloud Native Systems," which helps data controllers align cloud-native DevOps with regulatory requirements for transparency & accountability (00:31:01)
9. The challenges that engineers run into when they try to determine the details of personal data processing, as they're respond to access requests or deletion requests (00:36:08)
10. Elias describes his approach to integrating privacy into 3 phases of DevOps: 1) Hawk Release; 2) Hawk Operate; & 3) Hawk Monitor (00:39:39)
11. Elias describes how the Hawk framework can benefit regulators as well as data controllers (00:52:12)
12. Elias discusses open source project: TOUCAN (which is funded by the German Federal Ministry of Education & Research). TOUCAN is creating conceptual best practices for corresponding phases in the SDLC (00:57:12)
13. How privacy engineers can convince their Head of Engineering and management to adopt a DevPrivOps approach (01:00:44)
63 episodes
))
