Trust in the Cloud
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Trust in the Cloud

on

  • 1,112 views

Presented at the Dutch government's cyber dialogue, 17 Jan 2014

Presented at the Dutch government's cyber dialogue, 17 Jan 2014

Statistics

Views

Total Views
1,112
Views on SlideShare
1,103
Embed Views
9

Actions

Likes
0
Downloads
4
Comments
0

2 Embeds 9

https://twitter.com 8
https://mail.google.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

CC Attribution-ShareAlike LicenseCC Attribution-ShareAlike License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • EC quote: p8 of CC strategy
  • (1)  An individual located in country A with control over cloud data. Access may be obtained either because (i) the individual consents; or (ii) authorities make use of an existing live connection from the individual’s device. (2)  An individual located in country B with control over cloud data. Access may be obtained due to the consent of the individual. (3)  The cloud service provider in country B. Access may be obtained either because (i) the cloud service provider consents; or (ii) data access credentials have been obtained by law enforcement. (4)  The cloud service provider’s offices in country A. Access may be obtained through local informal arrangements between law enforcement and the cloud service provider.
  • http://gigaom.com/2013/11/18/a-guide-to-the-french-national-clouds/
  • http://perscon.net/docs/talks/pdf/2011-03-23-percom-personal.pdf

Trust in the Cloud Presentation Transcript

  • 1. TRUST IN THE CLOUD Ian Brown Oxford University
  • 2. WHAT IS THE CLOUD?  “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, ser vers, storage, applications, and ser vices) that can be rapidly provisioned and released with minimal management ef for t or ser vice provider interaction ” US National Institute of Standards and Technology, 2011  Public, community, hybrid, private clouds Estimated value of different categories of cloud services across the EU Source: Pierre Audoin Consultants, PAC's Cloud Computing Worldwide by countries datamart 2012
  • 3. T YPES OF CLOUD SERVICES  Storage as a Ser vice: Dropbox, Box.net, Amazon Scalable Storage Service (S3), Iron Mountain, EMC Atmos Online, Google Cloud Storage, and Microsoft‟s SQL Azure  Sof tware as a Ser vice ( SaaS): Google Docs, Calendar and Gmail, Zimbra, Spotify, Salesforce.com, Microsoft Of fice 365, and SAP Business by Design  Platform as a Ser vice ( PaaS): IBM Websphere, Force.com, Springsource, Morphlabs, Google App Engine, Microsoft Windows Azure, and Amazon Elastic Beanstalk  Infrastructure as a Ser vice ( IaaS): Amazon‟s Elastic Compute Cloud, Zimory, Elastichosts, and VMWare‟s vCloud Express
  • 4. OPPORTUNITIES AND RISKS Motivations for business to use cloud computing ENISA, Catteddu, D. & Hogben, G. (eds.), An SME perspective on cloud computing - Survey, 2009, Drivers - Question 3  EU Commission predicts strategy impact of €45bn direct spend and cumulative impact on GDP of €957bn, and 3.8m jobs, by 2020  UK expects to save £200m in 2014-15
  • 5. WHAT TO DO  EU Commission: “Given that data protection concerns were identified as one of the most serious barriers to cloud computing takeup, it is all the more important that Council and Parliament work swiftly towards the adoption of the proposed regulation as soon as possible in 2013.”
  • 6. JURISDICTION  In many countries, provisions reflect the idea that the „whole‟ of fence need not take place within the country in order to assert territorial jurisdiction. Territorial linkages can be made with reference to elements or ef fects of the act, or the location of computer systems or data utilized for the of fence  Where they arise, jurisdictional conflicts are typically resolved through formal and informal consultations between countries  UNODC study found no need for additional forms of jurisdiction over a putative „cyberspace‟ dimension. Rather, forms of territoriality -based and nationality -based jurisdiction are almost always able to ensure a suf ficient connection between cybercrime acts and at least one State
  • 7. ACCESSING CLOUD DATA CoE CC §32: “A Party may, without the authorisation of another Party…access or receive, through a computer system in its territory, stored computer data located in another Party, if the Party obtains the lawful and voluntary consent of the person who has the lawful authority to disclose the data to the Party through that computer system.”
  • 8. FRANCE‟S “SOVEREIGN CLOUD”  Numergy and Cloudwatt each received €75 million from French government, for a 33% stake. SFR owns 47% and Bull 20% of Numergy. Orange owns 44.5% of Cloudwatt, Thales 22.5%  Numergy using SFR‟s cloud infrastructure based on VMware , Cisco and HP, moving to OpenStack . Cloudwatt building new system based on OpenStack  Numergy is developing “compliance -focused partnerships”, aiming for 20-25 partner “Cloud Team Alliance” in 2014  “A full industrial policy for development of an autonomous European Cloud computing capacity based on free/open -source software should be supported. Such a policy would reduce US control over the high end of the Cloud e -commerce value chain and EU online advertising markets. Currently European data is exposed to commercial manipulation, foreign intelligence surveillance and industrial espionage. Investments in a European Cloud will bring economic benefits as well as providing the foundation for durable data sovereignty.” (Bowden 2013)
  • 9. PERSONAL/TRUSTED CLOUDS Source: Derek McAuley, Percom 2011 Source: Fig 12.1, Tclouds D2.1.2, 2011
  • 10. FURTHER INFORMATION  C. Bowden, The US sur veillance programmes and their impact on EU citizens' fundamental rights , European Parliament PE 474.405, 2013  D. Catteddu & G. Hogben (eds.), Cloud Computing: Benefits, risks and recommendations for information security , ENISA, 2009  European Commission, Unleashing the Potential of Cloud Computing in Europe, COM(2012) 529 final, 27.9.2012  A. Fielder and I. Brown, Cloud Computing, European Parliament IP/A/IMCO/ST/2011 -18, May 2012  TClouds consortium, Technical Requirements and Architecture for Privacy -enhanced and Resilient Trusted Clouds, D2.1 .1 , 3.10.2011  UN Office on Drugs and Crime, Comprehensive Study on Cybercrime, March 2013