The Risks of Cloud Computing:

Similar documents
Cyber Security in Smart Commercial Buildings 2017 to 2021

VERSION 1.3 MAY 1, 2018 SNOWFLY PRIVACY POLICY SNOWFLY PERFORMANCE INC. P.O. BOX 95254, SOUTH JORDAN, UT

Workday s Robust Privacy Program

Data Centers & Technology:

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Version 1/2018. GDPR Processor Security Controls

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise

Perspectives on Threat

Syed Ismail Shah, PhD Chairman, PTA,

General Data Protection Regulation

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

NetApp Private Storage for Cloud: Solving the issues of cloud data privacy and data sovereignty

VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

Protecting your data. EY s approach to data privacy and information security

1. Muscat & Co Mortgage Solutions Ltd - Privacy Notice

Building YOUR Privacy Program: One Size Does Not Fit All. IBM Security Services

Everyday Security: Simple Solutions to Complex Security Problems

GDPR COMPLIANCE REPORT

1- ASECAP participation

CLOUD COMPUTING READINESS CHECKLIST

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd

PCO Data Protection and Privacy Policy

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

IBM Compliance Offerings For Verse and S1 Cloud. 01 June 2017 Presented by: Chuck Stauber

GDPR: A QUICK OVERVIEW

Data Governance for Smart City Management

Cybersecurity and the Board of Directors

Cyber Attack: Is Your Business at Risk?

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

NIS Standardisation ENISA view

Twilio cloud communications SECURITY

CYBERCRIME & THE INTERNET OF THREATS 2017

UPS system failure. Cyber crime (DDoS ) Accidential/human error. Water, heat or CRAC failure. W eather related. Generator failure

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant

Cloud Computing: Technologies and Enterprise IT Strategies

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

MYTH vs. REALITY The Revised Cybersecurity Act of 2012, S. 3414

DATA PROCESSING AGREEMENT

Disaster Recovery Is A Business Strategy

Key Customer Issues to Consider Before Entering into a Cloud Services Arrangement

Smart Software Licensing tools and Smart Account Management Privacy DataSheet

Updated December 12, Chapter 10 Service Description IBM Cloud for Government

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

Title: Planning AWS Platform Security Assessment?

GDPR Compliant. Privacy Policy. Updated 24/05/2018

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

A company built on security

SDL Privacy Policy Cloud Services

Globally Networked Customs Context, Concept, Rationale and Benefits - Indian Customs Perspective

Data Processing Agreement

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Cloud Computing Lectures. Cloud Security

DATA PRIVACY & PROTECTION POLICY POLICY INFORMATION WE COLLECT AND RECEIVE. Quality Management System

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Endpoint Security for Wholesale Payments

Altitude Software. Data Protection Heading 2018

Lunch and Learn: How CA Technologies and Microsoft Help Drive Down Costs of z Systems Storage

Eco Web Hosting Security and Data Processing Agreement

Cloud Computing. Presentation to AGA April 20, Mike Teller Steve Wilson

Threat Control and Containment in Intelligent Networks. Philippe Roggeband - Product Manager, Security, Emerging Markets

Practical Guide to Hybrid Cloud Computing. Cloud-Computing.

Canada Life Cyber Security Statement 2018

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

Advisory Statement: Temporary Specification for gtld Registration Data

Managing the risks of cloud computing

BlackBerry WorkLife Persona. The Challenge. The Solution. Datasheet

AIRMIC ENTERPRISE RISK MANAGEMENT FORUM

Secure Product Design Lifecycle for Connected Vehicles

Go Cloud. VMware vcloud Datacenter Services by BIOS

Richard Curran :Security Officer EMEA. Mario Romao : Senior Manager Policy, Intel

Google Cloud & the General Data Protection Regulation (GDPR)

Managing SaaS risks for cloud customers

ARCHIVE ESSENTIALS: Key Considerations When Moving to Office 365 DISCUSSION PAPER

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Security Terminology Related to a SOC

2017 RIMS CYBER SURVEY

Department for Digital, Culture, Media and Sport Consultation Ensuring Tenants Access to Gigabit-Capable connections

Data Security and Privacy at Handshake

PPI Adhesive Products Ltd. PRIVACY NOTICE 1. WHAT IS A PRIVACY NOTICE & WHY IS IT IMPORTANT?

Business Technology Briefing: Fear of Flying, And How You Can Overcome It

Cloud for Government: A Transformative Digital Tool to Better Serve Communities

We also recommend reading the methods available to OPT OUT and control your data, such methods are listed in this policy.

Summary - Review of the legal conditions when using cloud computing in the municipal sector feasibility study

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Privacy and Cookies Policy

Florida Board of Governors General Office Legislative Budget Request

Agenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2

WHITE PAPER. Header Title. Side Bar Copy. Header Title 5 Reasons to Consider Disaster Recovery as a Service for IBM i WHITEPAPER

Data Processing Amendment to Google Apps Enterprise Agreement

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Certified Cyber Security Specialist

Response to Draft Guidelines of Good Practice on Electricity Grid Connection and Access (E08-ENM-09-03)

Actionable Standards Accelerate the adoption of sustainable WASH technologies

Offer Description : Cisco Webex

Document title: Privacy Notice Web Forms Table of contents

The West End Community Trust Privacy Policy

Transcription:

The Risks of Cloud Computing: Understanding the inherent risks form cloud computing and cloud technologies KATIE WOOD LECTURE INFORMATICS DEPARTMENT UNIVERSITY OF WOLVERHAMPTON FEB 2013

Areas to consider Security Privacy user rights Role of the provider Control Issues Regulatory compliance Data location and geo redundancy How to do Analyse your Risk?

Current Stage Still evolving and challenges remain in regards to security, availability, reliability, pricing models, legal, jurisdiction and forms of CSP

Current Situation Major Security Issues with Cloud Computing Being Ignored (Jan 2013) http://www.ibtimes.co.uk 76% of businesses had to deal with distributed denial of service (DDoS) attacks on their customers 43% had partial or total infrastructure outages due to DDoS (Jan 2013) en.chinasourcing.org 83% of large enterprises acknowledge problems with unauthorized cloud deployments.(feb 17 2013) www.bsiness2community.com Internet access is down; what's your backup? (16 Feb 2013) www.rgi.com SQL injection attack on Yahoo (Dec 2012)

Current Stage Reports suggest one of the top five IT security spending priorities over the next 12 to 24 months was 'cloud security;'

Security : Components of Information Security Management of Information Security, 3rd Edition Source: Course Technology/Cengage Learning

Role of CSP Service Level Agreement (SLAs) Monitoring/ backups Track record as well as long term viability of the service provider (for example how long do they keep copy of your data after contract ends) Clouds disappear what happens? Cloud Migration Policies/Standards

Regulatory compliance :Current Concerns EU favours very strict protection of privacy, while in US there tend to be a more relaxed approach to privacy legislation. EU deeming the US as unsafe and lacks the necessary privacy protection standard they expect Some countries within the Middle East region have established legislation on data protection and privacy which is now enforced as they have started to acknowledge the need for privacy and data protection legislation but is not at the level we have in the EU Asia, Pacific and African is more problematic due to differences within economies and cultures

Continue Change, Continue Issues Cloud Computing Strategy EU New guidelines: PCI Data Security Standard (Feb 2013) support to regulated businesses The Idaho House Revenue and Taxation Committee has agreed to introduce legislation to clarify that cloud computing services delivered over the Internet aren't tangible goods subject to sales tax. "This tax has caused a lot of people to consider moving their operations out of the state so they would not have to pay that tax,"

How to do Analyze your Risk? 69% of respondents believed that the risks of using the cloud outweigh the benefits. (http://www.forbes.com) Why? Can it be measured?

How to do Analyze your Risk? Extent of knowledge: Level of understanding of cloud computing? Perception of risks: How would you rank risk? Perception of benefits: How would you rank the importance/ the benefits? Actual experience: what experience? Any?

Increasing Awareness Increasing awareness of privacy risks in using cloud systems will provide users with a better insight into the environment they are considering using to store their personal and sensitive date before a final decision is made. Do researchers have a role in this? Providers will only tell you what you want to hear unless you ask them Important to read the contract with a CPS and compare with others

Increase Awareness There is the possibility that increase risk of privacy and security attacks will undermine the success of cloud Will there ever be a regulatory framework be developed? European Cloud Partnership Data safety, encryption and segregation be enforced Regent need for clarify across broader over legal aspects

Cyber Conference June 25 2013 Wolverhampton Science Park Free to attend (Web link coming soon) More information K.Wood@wlv.ac.uk

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback