Upload
lycong
View
238
Download
4
Embed Size (px)
Citation preview
The Risks of Cloud Computing:
Understanding the inherent risks form cloud
computing and cloud technologies
KATIE WOODLECTURE INFORMATICS DEPARTMENTUNIVERSITY OF WOLVERHAMPTON
FEB 2013
Areas to
consider
• Security • Privacy – user rights • Role of the provider • Control Issues• Regulatory compliance
• Data location and geo‐redundancy• How to do Analyse your Risk?
Current Stage Still evolving and challenges remain in regards to security,
availability, reliability, pricing models, legal, jurisdiction and
forms of CSP
Current Situation
• Major Security Issues with Cloud
Computing Being Ignored (Jan
2013) http://www.ibtimes.co.uk
• 76% of businesses had to deal with
distributed denial‐of‐service
(DDoS) attacks on their customers
• 43% had partial or total
infrastructure outages due to
DDoS (Jan 2013)
en.chinasourcing.org
• 83% of large enterprises
acknowledge problems with
unauthorized cloud
deployments.(Feb 17 2013)
www.bsiness2community.com
• Internet access is down; what's
your backup?
(16 Feb 2013)
www.rgi.com
• SQL injection attack on Yahoo
(Dec 2012)
• Reports suggest one of the top five IT security spending priorities over the next 12 to
24 months was 'cloud security;'
Current Stage
Components of Information Security
Management of Information Security, 3rd Edition Source: Course Technology/Cengage Learning
Security :Security :
• Service Level Agreement (SLAs)
• Monitoring/ backups
• Track record as well as long term viability of the service provider
(for example how long do they keep copy of your data after
contract ends)
• Clouds ‘disappear’
–
what happens?
• Cloud Migration
• Policies/Standards
Role of CSP
Regulatory compliance :Current Concerns
• EU favours very strict protection of privacy, while in US there tend to be a
more relaxed approach to privacy legislation.
• EU deeming the US as unsafe and lacks the necessary privacy protection
standard they expect
• Some countries within the Middle East region have established legislation
on data protection and privacy which is now enforced as they have started
to acknowledge the need for privacy and data protection legislation – but is
not at the ‘level’
we have in the EU
• Asia, Pacific and African is more problematic due to differences
within
economies and cultures
• Cloud Computing Strategy EU
• New guidelines: PCI Data Security Standard (Feb 2013) support to
regulated businesses
• The
Idaho House Revenue and Taxation Committee
has agreed to introduce
legislation to clarify that cloud computing services delivered over the
Internet aren't tangible goods subject to sales
tax. "This tax has caused a lot
of people to consider moving their operations out of the state so they would
not have to pay that tax,"
Continue Change, Continue Issues
• 69% of respondents believed that the risks of using the cloud
outweigh the benefits. (http://www.forbes.com) –Why? Can it be
measured?
How to do Analyze your Risk?
• Extent of knowledge:
Level of understanding of cloud computing?
• Perception of risks:
How would you rank risk?
• Perception of benefits:
How would you rank the importance/ the
benefits?
• Actual experience:
what experience?
Any?
How to do Analyze your Risk?
Increasing Awareness
• Increasing awareness of privacy risks in using cloud systems will
provide users with a better insight into the environment they are
considering using to store their personal and sensitive date before
a final decision is made.
• Do researchers have a role in this?
• Providers will only tell you what you ‘want to hear’
unless you ask
them
• Important to read the contract with a CPS and compare with
others
Increase Awareness • There is the possibility that increase risk of privacy and security attacks
will undermine the success of cloud
• Will there ever be a regulatory framework be developed? ‐
European
Cloud Partnership
• Data safety, encryption and segregation be enforced
• Regent need for clarify across broader over legal aspects
Cyber Conference
• June 25 2013 • Wolverhampton Science Park
• Free to attend • (Web link coming soon)
• More information [email protected]