Cloud computing security and privacy christian goire

  • Published on

  • View

  • Download

Embed Size (px)


  • Cloud ComputingSecurity and Privacy to gain TrustSMARTEVENT 2010September 23Sophia Antipolis

    Christian GOIRE


  • Cloud Computing Definition(s)**

  • **The NIST Cloud Definition FrameworkDeploymentModels

    ServiceModelsEssentialCharacter-isticsCommon Character-istics

    HomogeneityMassive ScaleResilient ComputingGeographic Distribution

  • **3 main ServicesModels

  • **Cloud Providers A Birds Eye View

    Infrastructure as a ServicePlatform as a ServiceSoftware as a Service

  • Main aspects forming a cloud system**

  • Expert group report (Excerpts)Non- functional aspects



    Quality of Service

    Agility and adaptability



  • Continued (2)Economic aspects

    Cost reduction

    Pay per use

    Improved time to market

    Return of investment

    Turning CAPEX into OPEX

    Going Green


  • Continued (3)Technological Aspects


    Multi- tenancy

    Security, Privacy and compliance

    Data Management

    APIs and / or Programming Enhancements




  • Research time line (in year) of the individual topics **

  • Security and Privacy ChallengesThe massive concentrations of resources and data present a more attractive target to attackers

    The challenges are not new but Cloud computing intensifies them


  • Technical risksResource exhaustionIsolation failureCloud provider malicious insider, abuse of high privilegeManagement interface compromiseIntercepting data in transitData leakage on up /download, intra- cloudInsecure or ineffective deletion of data Distributed Denial of service DDoSEconomic denial of service EDOSLoss of encryption keysUndertaking malicious probes and scansCompromise service engineConflicts between customer procedures and cloud


  • Policy and organizational risksLock -inLoss of governanceCompliance challengesLoss of business reputation due to co -tenant activitiesCloud service termination or failureCloud provider acquisitionSupply chain failure


  • Legal riskSubpoena and e- discoveryRisk from change of jurisdictionData protection riskLicensing risks


  • Research recommendationsCertification processes and standards for the Cloud


  • Research recommendationsMetrics for security in cloud computingReturn on security investmentsEffects of different forms reporting breaches on securityTechniques for increasing transparency /level of securityLocation tagging, data type tagging, policy taggingPrivacy (data provenance) tracing data end to endEnd to end data confidentiality in the cloud and beyond:Encrypted search (long term)Encrypted processing schemes (long term)Encryption and confidentiality tools for social applications in the cloudTrusted computing in clouds, trusted boot sequence for virtual machine stackStandardization etc.


  • Legal recommendationsLegal issues to be resolved during the evaluation of the contracts (ULA User Licensing Agreement, SLA Service Level Agreement)Data protectionData securityData TransferLaw enforcement accessConfidentiality and non disclosureIntellectual propertyRisk allocation and limitation of liabilityChange of control


  • ConclusionTechnology solutions ; privacy by designCompliance with transparency provisions vis--vis individualsEnsure that customers know about the location of their dataEnsure that they properly understand the risks so that they make informed choicesCurrent review process of the existing Data Protection Directive




View more >