S2E24: "Cloud-Native Privacy Engineering via DevPrivOps" with Elias Grünewald (TU Berlin)
- Author
- Debra J Farber / Elias Grünewald
- Published
- Tue 22 Aug 2023
- Episode Link
- None
This week’s guest is Elias Grünewald, Privacy Engineering Research Associate at Technical University, Berlin, where he focuses on cloud-native privacy engineering, transparency, accountability, distributed systems, & privacy regulation.
In this conversation, we discuss the challenge of designing privacy into modern cloud architectures; how shifting left into DevPrivOps can embed privacy within agile development methods; how to blend privacy engineering & cloud engineering; the Hawk DevOps Framework; and what the Shared Responsibilities Model for cloud lacks.
Topics Covered:
- Elias's courses at TU Berlin: "Programming Practical Privacy: Web-based Application Engineering & Data Management" & "Advanced Distributed Systems Prototyping: Cloud-native Privacy Engineering"
- Elias' 2022 paper, "Cloud Native Privacy Engineering through DevPrivOps" - his approach, findings, and framework
- The Shared Responsibilities Model for cloud and how to improve it to account for privacy goals
- Defining DevPrivOps & how it works with agile development
- How DevPrivOps can enable formal privacy-by-design (PbD) & default strategies
- Elias' June 2023 paper, "Hawk: DevOps-Driven Transparency & Accountability in Cloud Native Systems," which helps data controllers align cloud-native DevOps with regulatory requirements for transparency & accountability
- Engineering challenges when trying to determine the details of personal data processing when responding to access & deletion requests
- A deep-dive into the Hawk 3-phase approach for implementing privacy into each DevOps phase: Hawk Release; Hawk Operate; & Hawk Monitor
- How open sourced project, TOUCAN, is documenting conceptual best practices for corresponding phases in the SDLC, and a call for collaboration
- How privacy engineers can convince their management to adopt a DevPrivOps approach
Read Elias' papers, talks, & projects:
- Cloud Native Privacy Engineering through DevPrivOps
- Hawk: DevOps-driven Transparency and Accountability in Cloud Native Systems
- CPDP Talk: Privacy Engineering for Transparency & Accountability
- TILT: A GDPR-Aligned Transparency Information Language & Toolkit for Practical Privacy Engineering
- TOUCAN
Guest Info:
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.
Shifting Privacy Left Media
Where privacy engineers gather, share, & learn
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Copyright © 2022 - 2024 Principled LLC. All rights reserved.
