Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Trust in the Cloud


Published on

Presented at the Dutch government's cyber dialogue, 17 Jan 2014

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Trust in the Cloud

  1. 1. TRUST IN THE CLOUD Ian Brown Oxford University
  2. 2. WHAT IS THE CLOUD?  “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, ser vers, storage, applications, and ser vices) that can be rapidly provisioned and released with minimal management ef for t or ser vice provider interaction ” US National Institute of Standards and Technology, 2011  Public, community, hybrid, private clouds Estimated value of different categories of cloud services across the EU Source: Pierre Audoin Consultants, PAC's Cloud Computing Worldwide by countries datamart 2012
  3. 3. T YPES OF CLOUD SERVICES  Storage as a Ser vice: Dropbox,, Amazon Scalable Storage Service (S3), Iron Mountain, EMC Atmos Online, Google Cloud Storage, and Microsoft‟s SQL Azure  Sof tware as a Ser vice ( SaaS): Google Docs, Calendar and Gmail, Zimbra, Spotify,, Microsoft Of fice 365, and SAP Business by Design  Platform as a Ser vice ( PaaS): IBM Websphere,, Springsource, Morphlabs, Google App Engine, Microsoft Windows Azure, and Amazon Elastic Beanstalk  Infrastructure as a Ser vice ( IaaS): Amazon‟s Elastic Compute Cloud, Zimory, Elastichosts, and VMWare‟s vCloud Express
  4. 4. OPPORTUNITIES AND RISKS Motivations for business to use cloud computing ENISA, Catteddu, D. & Hogben, G. (eds.), An SME perspective on cloud computing - Survey, 2009, Drivers - Question 3  EU Commission predicts strategy impact of €45bn direct spend and cumulative impact on GDP of €957bn, and 3.8m jobs, by 2020  UK expects to save £200m in 2014-15
  5. 5. WHAT TO DO  EU Commission: “Given that data protection concerns were identified as one of the most serious barriers to cloud computing takeup, it is all the more important that Council and Parliament work swiftly towards the adoption of the proposed regulation as soon as possible in 2013.”
  6. 6. JURISDICTION  In many countries, provisions reflect the idea that the „whole‟ of fence need not take place within the country in order to assert territorial jurisdiction. Territorial linkages can be made with reference to elements or ef fects of the act, or the location of computer systems or data utilized for the of fence  Where they arise, jurisdictional conflicts are typically resolved through formal and informal consultations between countries  UNODC study found no need for additional forms of jurisdiction over a putative „cyberspace‟ dimension. Rather, forms of territoriality -based and nationality -based jurisdiction are almost always able to ensure a suf ficient connection between cybercrime acts and at least one State
  7. 7. ACCESSING CLOUD DATA CoE CC §32: “A Party may, without the authorisation of another Party…access or receive, through a computer system in its territory, stored computer data located in another Party, if the Party obtains the lawful and voluntary consent of the person who has the lawful authority to disclose the data to the Party through that computer system.”
  8. 8. FRANCE‟S “SOVEREIGN CLOUD”  Numergy and Cloudwatt each received €75 million from French government, for a 33% stake. SFR owns 47% and Bull 20% of Numergy. Orange owns 44.5% of Cloudwatt, Thales 22.5%  Numergy using SFR‟s cloud infrastructure based on VMware , Cisco and HP, moving to OpenStack . Cloudwatt building new system based on OpenStack  Numergy is developing “compliance -focused partnerships”, aiming for 20-25 partner “Cloud Team Alliance” in 2014  “A full industrial policy for development of an autonomous European Cloud computing capacity based on free/open -source software should be supported. Such a policy would reduce US control over the high end of the Cloud e -commerce value chain and EU online advertising markets. Currently European data is exposed to commercial manipulation, foreign intelligence surveillance and industrial espionage. Investments in a European Cloud will bring economic benefits as well as providing the foundation for durable data sovereignty.” (Bowden 2013)
  9. 9. PERSONAL/TRUSTED CLOUDS Source: Derek McAuley, Percom 2011 Source: Fig 12.1, Tclouds D2.1.2, 2011
  10. 10. FURTHER INFORMATION  C. Bowden, The US sur veillance programmes and their impact on EU citizens' fundamental rights , European Parliament PE 474.405, 2013  D. Catteddu & G. Hogben (eds.), Cloud Computing: Benefits, risks and recommendations for information security , ENISA, 2009  European Commission, Unleashing the Potential of Cloud Computing in Europe, COM(2012) 529 final, 27.9.2012  A. Fielder and I. Brown, Cloud Computing, European Parliament IP/A/IMCO/ST/2011 -18, May 2012  TClouds consortium, Technical Requirements and Architecture for Privacy -enhanced and Resilient Trusted Clouds, D2.1 .1 , 3.10.2011  UN Office on Drugs and Crime, Comprehensive Study on Cybercrime, March 2013