The Risks of Cloud Computing - bcs. Risks of Cloud Computing: Understanding the inherent risks form cloud computing and cloud technologies KATIE ... 24 months was 'cloud security;

  • View
    221

  • Download
    3

Embed Size (px)

Transcript

  • TheRisksofCloud Computing:

    Understandingtheinherentrisksformcloud

    computingandcloudtechnologies

    KATIEWOODLECTUREINFORMATICSDEPARTMENTUNIVERSITYOFWOLVERHAMPTON

    FEB2013

  • Areasto

    consider

    Security Privacy userrights Roleoftheprovider ControlIssues Regulatorycompliance Datalocationandgeoredundancy HowtodoAnalyseyourRisk?

  • CurrentStage Stillevolvingandchallengesremaininregardstosecurity,

    availability,reliability,pricingmodels,legal,jurisdictionand

    formsofCSP

  • CurrentSituation

    MajorSecurityIssueswithCloud

    ComputingBeingIgnored(Jan

    2013)http://www.ibtimes.co.uk

    76%ofbusinesseshadtodealwith

    distributeddenialofservice

    (DDoS)attacksontheircustomers

    43%hadpartialortotal

    infrastructureoutagesdueto

    DDoS(Jan2013)

    en.chinasourcing.org

    83%oflargeenterprises

    acknowledgeproblemswith

    unauthorizedcloud

    deployments.(Feb172013)

    www.bsiness2community.com

    Internetaccessisdown;what's

    yourbackup?

    (16Feb2013)

    www.rgi.com

    SQLinjectionattackonYahoo

    (Dec2012)

    http://www.ibtimes.co.uk/http://www.bsiness2community.com/

  • ReportssuggestoneofthetopfiveITsecurityspendingprioritiesoverthenext12to

    24monthswas'cloudsecurity;'

    CurrentStage

  • ComponentsofInformationSecurity

    ManagementofInformationSecurity,3rdEdition Source:CourseTechnology/CengageLearning

    Security:Security:

  • ServiceLevelAgreement(SLAs)

    Monitoring/backups

    Trackrecordaswellaslongtermviabilityoftheserviceprovider

    (forexamplehowlongdotheykeepcopyofyourdataafter

    contractends)

    Cloudsdisappear

    whathappens?

    CloudMigration

    Policies/Standards

    RoleofCSP

  • Regulatorycompliance:CurrentConcerns

    EUfavoursverystrictprotectionofprivacy,whileinUStheretendtobea

    morerelaxedapproachtoprivacylegislation.

    EUdeemingtheUSasunsafeandlacksthenecessaryprivacyprotection

    standardtheyexpect

    SomecountrieswithintheMiddleEastregionhaveestablishedlegislation

    ondataprotectionandprivacywhichisnowenforcedastheyhavestarted

    toacknowledgetheneedforprivacyanddataprotectionlegislation butis

    notatthelevel

    wehaveintheEU

    Asia,PacificandAfricanismoreproblematicduetodifferences

    within

    economiesandcultures

  • CloudComputingStrategyEU

    Newguidelines:PCIDataSecurityStandard(Feb2013)supportto

    regulatedbusinesses

    The

    IdahoHouseRevenueandTaxationCommittee

    hasagreedtointroduce

    legislationtoclarifythatcloudcomputingservicesdeliveredoverthe

    Internetaren'ttangiblegoodssubjecttosales

    tax."Thistaxhascausedalot

    ofpeopletoconsidermovingtheiroperationsoutofthestatesotheywould

    nothavetopaythattax,"

    ContinueChange,ContinueIssues

  • 69%ofrespondentsbelievedthattherisksofusingthecloud

    outweighthebenefits.(http://www.forbes.com)Why?Canitbe

    measured?

    HowtodoAnalyzeyourRisk?

    http://www.forbes.com/

  • Extentofknowledge:

    Levelofunderstandingofcloudcomputing?

    Perceptionofrisks:

    Howwouldyourankrisk?

    Perceptionofbenefits:

    Howwouldyouranktheimportance/the

    benefits?

    Actualexperience:

    whatexperience?

    Any?

    HowtodoAnalyzeyourRisk?

  • IncreasingAwareness

    Increasingawarenessofprivacyrisksinusingcloudsystemswill

    provideuserswithabetterinsightintotheenvironmenttheyare

    consideringusingtostoretheirpersonalandsensitivedatebefore

    afinaldecisionismade.

    Doresearchershavearoleinthis?

    Providerswillonlytellyouwhatyouwanttohear

    unlessyouask

    them

    ImportanttoreadthecontractwithaCPSandcomparewith

    others

  • IncreaseAwareness Thereisthepossibilitythatincreaseriskofprivacyandsecurityattacks

    willunderminethesuccessofcloud

    Willthereeverbearegulatoryframeworkbedeveloped?

    European

    CloudPartnership

    Datasafety,encryptionandsegregationbeenforced

    Regentneedforclarifyacrossbroaderoverlegalaspects

  • CyberConference

    June252013 WolverhamptonSciencePark

    Freetoattend (Weblinkcomingsoon)

    MoreinformationK.Wood@wlv.ac.uk

    mailto:K.Wood@wlv.ac.uk

    The Risks of Cloud Computing: Understanding the inherent risks form cloud computing and cloud technologiesAreas to considerCurrent Stage Current Situation Current Stage Slide Number 6Role of CSPRegulatory compliance :Current Concerns Continue Change, Continue Issues How to do Analyze your Risk?How to do Analyze your Risk?Increasing Awareness Increase Awareness Cyber Conference