The Risks of Cloud Computing: Understanding the inherent risks form cloud computing and cloud technologies KATIE WOOD LECTURE INFORMATICS DEPARTMENT UNIVERSITY OF WOLVERHAMPTON FEB 2013
Areas to consider Security Privacy user rights Role of the provider Control Issues Regulatory compliance Data location and geo redundancy How to do Analyse your Risk?
Current Stage Still evolving and challenges remain in regards to security, availability, reliability, pricing models, legal, jurisdiction and forms of CSP
Current Situation Major Security Issues with Cloud Computing Being Ignored (Jan 2013) http://www.ibtimes.co.uk 76% of businesses had to deal with distributed denial of service (DDoS) attacks on their customers 43% had partial or total infrastructure outages due to DDoS (Jan 2013) en.chinasourcing.org 83% of large enterprises acknowledge problems with unauthorized cloud deployments.(feb 17 2013) www.bsiness2community.com Internet access is down; what's your backup? (16 Feb 2013) www.rgi.com SQL injection attack on Yahoo (Dec 2012)
Current Stage Reports suggest one of the top five IT security spending priorities over the next 12 to 24 months was 'cloud security;'
Security : Components of Information Security Management of Information Security, 3rd Edition Source: Course Technology/Cengage Learning
Role of CSP Service Level Agreement (SLAs) Monitoring/ backups Track record as well as long term viability of the service provider (for example how long do they keep copy of your data after contract ends) Clouds disappear what happens? Cloud Migration Policies/Standards
Regulatory compliance :Current Concerns EU favours very strict protection of privacy, while in US there tend to be a more relaxed approach to privacy legislation. EU deeming the US as unsafe and lacks the necessary privacy protection standard they expect Some countries within the Middle East region have established legislation on data protection and privacy which is now enforced as they have started to acknowledge the need for privacy and data protection legislation but is not at the level we have in the EU Asia, Pacific and African is more problematic due to differences within economies and cultures
Continue Change, Continue Issues Cloud Computing Strategy EU New guidelines: PCI Data Security Standard (Feb 2013) support to regulated businesses The Idaho House Revenue and Taxation Committee has agreed to introduce legislation to clarify that cloud computing services delivered over the Internet aren't tangible goods subject to sales tax. "This tax has caused a lot of people to consider moving their operations out of the state so they would not have to pay that tax,"
How to do Analyze your Risk? 69% of respondents believed that the risks of using the cloud outweigh the benefits. (http://www.forbes.com) Why? Can it be measured?
How to do Analyze your Risk? Extent of knowledge: Level of understanding of cloud computing? Perception of risks: How would you rank risk? Perception of benefits: How would you rank the importance/ the benefits? Actual experience: what experience? Any?
Increasing Awareness Increasing awareness of privacy risks in using cloud systems will provide users with a better insight into the environment they are considering using to store their personal and sensitive date before a final decision is made. Do researchers have a role in this? Providers will only tell you what you want to hear unless you ask them Important to read the contract with a CPS and compare with others
Increase Awareness There is the possibility that increase risk of privacy and security attacks will undermine the success of cloud Will there ever be a regulatory framework be developed? European Cloud Partnership Data safety, encryption and segregation be enforced Regent need for clarify across broader over legal aspects
Cyber Conference June 25 2013 Wolverhampton Science Park Free to attend (Web link coming soon) More information K.Wood@wlv.ac.uk