the risks of cloud computing - bcs.org · the risks of cloud computing: understanding the inherent...

14
The Risks of Cloud Computing: Understanding the inherent risks form cloud computing and cloud technologies KATIE WOOD LECTURE INFORMATICS DEPARTMENT UNIVERSITY OF WOLVERHAMPTON FEB 2013

Upload: lycong

Post on 16-May-2018

237 views

Category:

Documents


4 download

TRANSCRIPT

Page 1: The Risks of Cloud Computing - bcs.org · The Risks of Cloud Computing: Understanding the inherent risks form cloud computing and cloud technologies KATIE ... 24 months was 'cloud

The Risks of Cloud  Computing: 

Understanding the inherent risks form cloud 

computing and cloud technologies

KATIE WOODLECTURE INFORMATICS DEPARTMENTUNIVERSITY OF WOLVERHAMPTON 

FEB 2013 

Page 2: The Risks of Cloud Computing - bcs.org · The Risks of Cloud Computing: Understanding the inherent risks form cloud computing and cloud technologies KATIE ... 24 months was 'cloud

Areas to 

consider

• Security • Privacy – user rights • Role of the provider • Control Issues• Regulatory compliance

• Data location and geo‐redundancy• How to  do Analyse your Risk?

Page 3: The Risks of Cloud Computing - bcs.org · The Risks of Cloud Computing: Understanding the inherent risks form cloud computing and cloud technologies KATIE ... 24 months was 'cloud

Current Stage  Still evolving and challenges remain in regards to security, 

availability, reliability, pricing models, legal, jurisdiction and 

forms of CSP 

Page 4: The Risks of Cloud Computing - bcs.org · The Risks of Cloud Computing: Understanding the inherent risks form cloud computing and cloud technologies KATIE ... 24 months was 'cloud

Current Situation 

• Major Security Issues with Cloud 

Computing Being Ignored (Jan 

2013) http://www.ibtimes.co.uk

• 76% of businesses had to deal with 

distributed denial‐of‐service 

(DDoS) attacks on their customers

• 43% had partial or total 

infrastructure outages due to 

DDoS (Jan 2013) 

en.chinasourcing.org

• 83% of large enterprises 

acknowledge problems with 

unauthorized cloud 

deployments.(Feb 17 2013) 

www.bsiness2community.com

• Internet access is down; what's 

your backup?

(16 Feb 2013) 

www.rgi.com

• SQL injection attack on Yahoo 

(Dec 2012) 

Page 5: The Risks of Cloud Computing - bcs.org · The Risks of Cloud Computing: Understanding the inherent risks form cloud computing and cloud technologies KATIE ... 24 months was 'cloud

• Reports suggest one of the top five IT security spending priorities over the next 12 to 

24 months was 'cloud security;'

Current Stage 

Page 6: The Risks of Cloud Computing - bcs.org · The Risks of Cloud Computing: Understanding the inherent risks form cloud computing and cloud technologies KATIE ... 24 months was 'cloud

Components of Information Security

Management of Information Security, 3rd Edition Source: Course Technology/Cengage Learning

Security :Security :

Page 7: The Risks of Cloud Computing - bcs.org · The Risks of Cloud Computing: Understanding the inherent risks form cloud computing and cloud technologies KATIE ... 24 months was 'cloud

• Service Level Agreement (SLAs)

• Monitoring/ backups

• Track record as well as long term viability of the service provider 

(for example how long do they keep copy of your data after 

contract ends)

• Clouds ‘disappear’

what happens?

• Cloud Migration 

• Policies/Standards    

Role of CSP

Page 8: The Risks of Cloud Computing - bcs.org · The Risks of Cloud Computing: Understanding the inherent risks form cloud computing and cloud technologies KATIE ... 24 months was 'cloud

Regulatory compliance :Current Concerns 

• EU favours very strict protection of privacy, while in US there tend to be a 

more relaxed approach to privacy legislation. 

• EU deeming the US as unsafe and lacks the necessary privacy protection 

standard they expect

• Some countries within the Middle East region have established legislation 

on data protection and privacy which is now enforced as they have started 

to acknowledge the need for privacy and data protection legislation – but is 

not at the ‘level’

we have in the EU

• Asia, Pacific and African is more problematic due to differences

within 

economies and cultures

Page 9: The Risks of Cloud Computing - bcs.org · The Risks of Cloud Computing: Understanding the inherent risks form cloud computing and cloud technologies KATIE ... 24 months was 'cloud

• Cloud Computing Strategy EU

• New guidelines:  PCI Data Security Standard (Feb 2013) support to 

regulated businesses

• The

Idaho House Revenue and Taxation Committee

has agreed to introduce 

legislation to clarify that cloud computing services delivered over the 

Internet aren't tangible goods subject to sales

tax. "This tax has caused a lot 

of people to consider moving their operations out of the state so they would 

not have to pay that tax,"

Continue Change, Continue Issues  

Page 10: The Risks of Cloud Computing - bcs.org · The Risks of Cloud Computing: Understanding the inherent risks form cloud computing and cloud technologies KATIE ... 24 months was 'cloud

• 69% of respondents believed that the risks of using the cloud 

outweigh the benefits. (http://www.forbes.com) –Why?  Can it be 

measured?

How to  do Analyze your Risk?

Page 11: The Risks of Cloud Computing - bcs.org · The Risks of Cloud Computing: Understanding the inherent risks form cloud computing and cloud technologies KATIE ... 24 months was 'cloud

• Extent of knowledge:

Level of understanding of cloud computing?

• Perception of risks:

How would you rank risk?

• Perception of benefits:

How would you rank the  importance/ the 

benefits?

• Actual experience:

what experience?

Any?

How to  do Analyze your Risk?

Page 12: The Risks of Cloud Computing - bcs.org · The Risks of Cloud Computing: Understanding the inherent risks form cloud computing and cloud technologies KATIE ... 24 months was 'cloud

Increasing Awareness 

• Increasing awareness of privacy risks in using cloud systems will 

provide users with a better insight into the environment they are 

considering using to store their personal and sensitive date before 

a final decision is made.

• Do researchers have a role in this?

• Providers will only tell you what you  ‘want to hear’

unless you ask 

them

• Important to read the contract with a CPS and compare with 

others 

Page 13: The Risks of Cloud Computing - bcs.org · The Risks of Cloud Computing: Understanding the inherent risks form cloud computing and cloud technologies KATIE ... 24 months was 'cloud

Increase Awareness • There is the possibility that increase risk of privacy and security attacks 

will undermine the success of cloud 

• Will there ever be a regulatory framework be developed? ‐

European 

Cloud Partnership

• Data safety, encryption and segregation be enforced 

• Regent need for clarify across broader over legal aspects 

Page 14: The Risks of Cloud Computing - bcs.org · The Risks of Cloud Computing: Understanding the inherent risks form cloud computing and cloud technologies KATIE ... 24 months was 'cloud

Cyber Conference 

• June 25 2013 • Wolverhampton Science Park 

• Free to attend • (Web link coming soon)

• More information [email protected]