This document discusses security issues in cloud computing. It begins with an overview of cloud computing characteristics such as on-demand self-service, ubiquitous network access, and resource pooling. It then discusses some common security problems in cloud computing including loss of control, lack of trust, and multi-tenancy issues that stem from sharing resources with multiple tenants. Approaches proposed to address these issues include increasing monitoring and control for customers, utilizing multiple clouds to spread risk, developing standardized policy languages and certification processes to build trust, and enhancing isolation between tenants. The document provides references and concludes by emphasizing the need to consider security at both the cloud provider level and on local devices used to access cloud services.
Securing Apps & Data in the Cloud by Spyders & NetskopeAhmad Abdalla
Securing Apps & Data in the Cloud Presented by Spyders & Netskope - a discussion of shadow IT and the emergence of Cloud Access Security Brokers (CASBs) like Netskope, Spyders latest technology partner, have emerged to help solve the issue of shadow IT. Cloud Access Security Brokers were listed as the #1 technology in the Gartner 2014 Top 10 Technologies for Information Security. If your wondering about what cloud access security brokers are, Gartner defines CASBs as “on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. Essentially, CASBs consolidate multiple types of security policy enforcement.”
As organizations embrace cloud applications, new risks and complexities have arisen. Staying on top of the ever-changing policy, legal and tech landscapes is daunting and gives rise to complex legal and business challenges.
Privacy and security expert, Lisa Abe-Oldenburg, and Pranav Shah, a CIO advocate and security specialist, go over latest considerations facing Canadian organizations transitioning to cloud-based apps.
Lisa provides insight and guidance from a legal perspective, and Pranav addresses the business challenges related to architecture, technology, and human capital. Participants also gain insight into how organizations are successfully leveraging one of Gartner's newest categories, Cloud Access Security Brokers (CASB), as an integral component of their secure, SaaS business and security strategies.
Visit http://www.spyders.ca to learn more about Netskope and Cloud Access Security Brokers.
Securing Apps & Data in the Cloud by Spyders & NetskopeAhmad Abdalla
Securing Apps & Data in the Cloud Presented by Spyders & Netskope - a discussion of shadow IT and the emergence of Cloud Access Security Brokers (CASBs) like Netskope, Spyders latest technology partner, have emerged to help solve the issue of shadow IT. Cloud Access Security Brokers were listed as the #1 technology in the Gartner 2014 Top 10 Technologies for Information Security. If your wondering about what cloud access security brokers are, Gartner defines CASBs as “on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. Essentially, CASBs consolidate multiple types of security policy enforcement.”
As organizations embrace cloud applications, new risks and complexities have arisen. Staying on top of the ever-changing policy, legal and tech landscapes is daunting and gives rise to complex legal and business challenges.
Privacy and security expert, Lisa Abe-Oldenburg, and Pranav Shah, a CIO advocate and security specialist, go over latest considerations facing Canadian organizations transitioning to cloud-based apps.
Lisa provides insight and guidance from a legal perspective, and Pranav addresses the business challenges related to architecture, technology, and human capital. Participants also gain insight into how organizations are successfully leveraging one of Gartner's newest categories, Cloud Access Security Brokers (CASB), as an integral component of their secure, SaaS business and security strategies.
Visit http://www.spyders.ca to learn more about Netskope and Cloud Access Security Brokers.
Cloud computing security is the set of control-based technologies and policies designed to adhere to regulatory compliance rules and protect information, data applications and infrastructure associated with cloud computing use
A methodology I developed a while back, for more of a military application, that I'm not revamping to fit a consumer model. I thought I would share the presentation, in the hopes that it will spark some interest in conversations, and maybe educate the public, not only on cloud computing as a whole, but also that bursting as it is portrayed, is not only a public cloud resource.
Sections:
Introduction
Cloud Computing background
Securing the Cloud
Virtualization
Mobile Cloud Computing
User safety & energy consumption
Author’s proposal
Conclusion
In order to make cloud computing to be adopted by users and enterprises, security concerns of users should be rectified by making cloud environment trustworthy, discussed by Latif et al. in the assessment of cloud computing risks[2].
We address the questions related to:
security concerns and threats over general cloud computing,
(2) the solutions for these problems and
(3) mobile users safety in convergence with energy consumption.
Cloud computing security is the set of control-based technologies and policies designed to adhere to regulatory compliance rules and protect information, data applications and infrastructure associated with cloud computing use
A methodology I developed a while back, for more of a military application, that I'm not revamping to fit a consumer model. I thought I would share the presentation, in the hopes that it will spark some interest in conversations, and maybe educate the public, not only on cloud computing as a whole, but also that bursting as it is portrayed, is not only a public cloud resource.
Sections:
Introduction
Cloud Computing background
Securing the Cloud
Virtualization
Mobile Cloud Computing
User safety & energy consumption
Author’s proposal
Conclusion
In order to make cloud computing to be adopted by users and enterprises, security concerns of users should be rectified by making cloud environment trustworthy, discussed by Latif et al. in the assessment of cloud computing risks[2].
We address the questions related to:
security concerns and threats over general cloud computing,
(2) the solutions for these problems and
(3) mobile users safety in convergence with energy consumption.
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale
Businesses who want to stay ahead of the curve and achieve maximum efficiency and consistency are adopting cloud infrastructure. Keeping up with dynamic cloud environments, achieving scalable, automated, flexible, and secure cloud infrastructures means increased business agility. But how can you manage security as you migrate to cloud infrastructures?
Join Rishi Vaish, VP of Product at RightScale & Amrit Williams, CTO at CloudPassage as they discuss:
1. Recent findings from RightScale's State of the Cloud survey
2. Why hybrid cloud is the standard of choice
3. Three strategies for existing cloud server workloads
4. Benefits and security challenges of migrating to cloud infrastructures
5. Choosing a hybrid strategy - management and security practices to get the utmost resource flexibility
Businesses who want to stay ahead of the curve and achieve maximum efficiency and consistency are adopting cloud infrastructure. Keeping up with dynamic cloud environments, achieving scalable, automated, flexible, and secure cloud infrastructures means increased business agility. But how can you manage security as you migrate to cloud infrastructures?
Join Rishi Vaish, VP of Product at RightScale & Amrit Williams, CTO at CloudPassage as they discuss:
Recent findings from RightScale's State of the Cloud survey
Why hybrid cloud is the standard of choice
3 strategies for existing cloud server workloads
Benefits and security challenges of migrating to cloud infrastructures
Choosing a hybrid strategy - management and security practices to get the utmost resource flexibility
The most trusted, proven enterprise-class Cloud:Closer than you think Uni Systems S.M.S.A.
The Big Decision – What, when, and why?
Enterprises are aware that the Cloud is changing IT, but security and performance remain a concern. Each cloud model has potential risks: reliability, adaptability, application compatibility, efficiency, scaling, lock- in, security and compliance. Companies must select an enterprise cloud solution to suit a complex mix of applications; these decisions require great care. Uni Systems’ Uni|Cloud was built to be enterprise class. The essential reason that many businesses today are using Uni Systems Cloud for their enterprise IT, is because it offers the only enterprise-class cloud solution in the Greek market, designed for mission-critical applications, coupled with application performance SLAs and security built for the enterprise, combined with cloud efficiency and consumption-based pricing/chargeback.
This is a presentation by Dada Robert in a Your Skill Boost masterclass organised by the Excellence Foundation for South Sudan (EFSS) on Saturday, the 25th and Sunday, the 26th of May 2024.
He discussed the concept of quality improvement, emphasizing its applicability to various aspects of life, including personal, project, and program improvements. He defined quality as doing the right thing at the right time in the right way to achieve the best possible results and discussed the concept of the "gap" between what we know and what we do, and how this gap represents the areas we need to improve. He explained the scientific approach to quality improvement, which involves systematic performance analysis, testing and learning, and implementing change ideas. He also highlighted the importance of client focus and a team approach to quality improvement.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
How to Create Map Views in the Odoo 17 ERPCeline George
The map views are useful for providing a geographical representation of data. They allow users to visualize and analyze the data in a more intuitive manner.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Ethnobotany and Ethnopharmacology:
Ethnobotany in herbal drug evaluation,
Impact of Ethnobotany in traditional medicine,
New development in herbals,
Bio-prospecting tools for drug discovery,
Role of Ethnopharmacology in drug evaluation,
Reverse Pharmacology.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
Overview on Edible Vaccine: Pros & Cons with Mechanism
Secure Cloud Issues
1. Security Issues in Cloud Computin
g
Ms.Devyani Bharat Vaidya
Polytechnic student
2. Talk Objectives
• Present cloud issues/characteristics that cr
eate interesting security problems
• Identify a few security issues within this fra
mework
• Propose some approaches to addressing t
hese issues
– Preliminary ideas to think about
3. Cloud Computing Background
• Features
– Use of internet-based services to support business process
– Rent IT-services on a utility-like basis
• Attributes
– Rapid deployment
– Low startup costs/ capital investments
– Costs based on usage or subscription
– Multi-tenant sharing of services/ resources
• Essential characteristics
– On demand self-service
– Ubiquitous network access
– Location independent resource pooling
– Rapid elasticity
– Measured service
• “Cloud computing is a compilation of existing techniques and technologies,
packaged within a new infrastructure paradigm that offers improved scalabili
ty, elasticity, business agility, faster startup time, reduced management cost
s, and just-in-time availability of resources”
Source: NIST
4. Cloud Models
• Delivery Models
– SaaS
– PaaS
– IaaS
• Deployment Models
– Private cloud
– Community cloud
– Public cloud
– Hybrid cloud
• We propose one more Model: Management Models (trus
t and tenancy issues)
– Self-managed
– 3rd party managed (e.g. public clouds and VPC)
Source: NIST
5. Cloud Computing: A Massive
Concentration of Resources
• Also a massive concentration of risk
– expected loss from a single breach can be signific
antly larger
– concentration of “users” represents a concentratio
n of threats
• “Ultimately, you can outsource responsibility
but you can’t outsource accountability.”
From John McDermott, ACSAC 09
6. Cloud Computing: who should us
e it?
• Cloud computing definitely makes sense if your ow
n security is weak, missing features, or below avera
ge.
• Ultimately, if
– the cloud provider’s security people are “better” than your
s (and leveraged at least as efficiently),
– the web-services interfaces don’t introduce too many new
vulnerabilities, and
– the cloud provider aims at least as high as you do, at secu
rity goals,
then cloud computing has better security.
From John McDermott, ACSAC 09
7. Problems Associated with Cloud C
omputing
• Most security problems stem from:
– Loss of control
– Lack of trust (mechanisms)
– Multi-tenancy
• These problems exist mainly in 3rd party manage
ment models
– Self-managed clouds still have security issues, but no
t related to above
8. Loss of Control in the Cloud
• Consumer’s loss of control
– Data, applications, resources are located with provide
r
– User identity management is handled by the cloud
– User access control rules, security policies and enforc
ement are managed by the cloud provider
– Consumer relies on provider to ensure
• Data security and privacy
• Resource availability
• Monitoring and repairing of services/resources
9. Lack of Trust in the Cloud
• A brief deviation from the talk
– (But still related)
– Trusting a third party requires taking risks
• Defining trust and risk
– Opposite sides of the same coin (J. Camp)
– People only trust when it pays (Economist’s view)
– Need for trust arises only in risky situations
• Defunct third party management schemes
– Hard to balance trust and risk
– e.g. Key Escrow (Clipper chip)
– Is the cloud headed toward the same path?
10. Multi-tenancy Issues in the Cloud
• Conflict between tenants’ opposing goals
– Tenants share a pool of resources and have opposing
goals
• How does multi-tenancy deal with conflict of inter
est?
– Can tenants get along together and ‘play nicely’ ?
– If they can’t, can we isolate them?
• How to provide separation between tenants?
11. Security Issues in the Cloud
• In theory, minimizing any of the issues would help:
– Loss of Control
• Take back control
– Data and apps may still need to be on the cloud
– But can they be managed in some way by the consumer?
– Lack of trust
• Increase trust (mechanisms)
– Technology
– Policy, regulation
– Contracts (incentives): topic of a future talk
– Multi-tenancy
• Private cloud
– Takes away the reasons to use a cloud in the first place
• VPC: its still not a separate system
• Strong separation
12. Minimize Lack of Trust: Policy Lang
uage
• Consumers have specific security needs but don’t have a say-so in how th
ey are handled
– What the heck is the provider doing for me?
– Currently consumers cannot dictate their requirements to the provider (SLAs are
one-sided)
• Standard language to convey one’s policies and expectations
– Agreed upon and upheld by both parties
– Standard language for representing SLAs
– Can be used in a intra-cloud environment to realize overarching security posture
• Create policy language with the following characteristics:
– Machine-understandable (or at least processable),
– Easy to combine/merge and compare
– Examples of policy statements are, “requires isolation between VMs”, “requires g
eographical isolation between VMs”, “requires physical separation between other
communities/tenants that are in the same industry,” etc.
– Need a validation tool to check that the policy created in the standard language c
orrectly reflects the policy creator’s intentions (i.e. that the policy language is sem
antically equivalent to the user’s intentions).
13. Minimize Lack of Trust: Certificatio
n
• Certification
– Some form of reputable, independent, comparable as
sessment and description of security features and ass
urance
– Sarbanes-Oxley, DIACAP, DISTCAP, etc (are they su
fficient for a cloud environment?)
• Risk assessment
– Performed by certified third parties
– Provides consumers with additional assurance
14. Minimize Loss of Control in the Clo
ud
• Monitoring
• Utilizing different clouds
• Access control management
15. Minimize Loss of Control: Monitorin
g
• Cloud consumer needs situational awareness for critical applications
– When underlying components fail, what is the effect of the failure to the mission l
ogic
– What recovery measures can be taken (by provider and consumer)
• Requires an application-specific run-time monitoring and management tool f
or the consumer
– The cloud consumer and cloud provider have different views of the system
– Enable both the provider and tenants to monitor the the components in the cloud
that are under their control
– Provide mechanisms that enable the provider to act on attacks he can handle.
• infrastructure remapping (create new or move existing fault domains)
• shutting down offending components or targets (and assisting tenants with porting if nec
essary
• Repairs
– Provide mechanisms that enable the consumer to act on attacks that he can han
dle (application-level monitoring).
• RAdAC (Risk-adaptable Access Control)
• VM porting with remote attestation of target physical host
• Provide ability to move the user’s application to another cloud
16. Minimize Loss of Control: Utilize Dif
ferent Clouds
• The concept of ‘Don’t put all your eggs in one basket’
– Consumer may use services from different clouds through an intr
a-cloud or multi-cloud architecture
– Propose a multi-cloud or intra-cloud architecture in which consu
mers
• Spread the risk
• Increase redundancy (per-task or per-application)
• Increase chance of mission completion for critical applications
– Possible issues to consider:
• Policy incompatibility (combined, what is the overarching policy?)
• Data dependency between clouds
• Differing data semantics across clouds
• Knowing when to utilize the redundancy feature (monitoring technol
ogy)
• Is it worth it to spread your sensitive data across multiple clouds?
– Redundancy could increase risk of exposure
17. Minimize Loss of Control: Access C
ontrol
• Many possible layers of access control
– E.g. access to the cloud, access to servers, access to services, access to databases (direct
and queries via web services), access to VMs, and access to objects within a VM
– Depending on the deployment model used, some of these will be controlled by the provider a
nd others by the consumer
• Regardless of deployment model, provider needs to manage the user authentication
and access control procedures (to the cloud)
– Federated Identity Management: access control management burden still lies with the provid
er
– Requires user to place a large amount of trust on the provider in terms of security, managem
ent, and maintenance of access control policies. This can be burdensome when numerous u
sers from different organizations with different access control policies, are involved
• Consumer-managed access control
– Consumer retains decision-making process to retain some control, requiring less trust of the
provider (i.e. PDP is in consumer’s domain)
– Requires the client and provider to have a pre-existing trust relationship, as well as a pre-neg
otiated standard way of describing resources, users, and access decisions between the clou
d provider and consumer. It also needs to be able to guarantee that the provider will uphold t
he consumer-side’s access decisions.
– Should be at least as secure as the traditional access control model.
– Facebook and Google Apps do this to some degree, but not enough control
– Applicability to privacy of patient health records
18. PEP
(intercepts all
resource
access requests
from all client
domains)
PDP
for cloud
resource
on Domain A
Cloud Consumer in Domain B
ACM
(XACML
policies)
.
.
.
resources
Cloud Provider in Domain A
IDP
1. Authn request
2. SAML Assertion
3. Resource request (XACML Request) + SAML assertion
4. Redirect to domain of resource owner
7. Send signed and encrypted ticket
5. Retrieve policy
for specified resource
6. Determine whether user can access
specified resource
7. Create ticket for grant/deny
8. Decrypt and verify signature
9. Retrieve capability from ticket
10. Grant or deny access based on capability
Minimize Loss of Control: Access C
ontrol
19. Minimize Multi-tenancy in the Cloud
• Can’t really force the provider to accept less te
nants
– Can try to increase isolation between tenants
• Strong isolation techniques (VPC to some degree)
– C.f. VM Side channel attacks (T. Ristenpart et al.)
• QoS requirements need to be met
• Policy specification
– Can try to increase trust in the tenants
• Who’s the insider, where’s the security boundary? Who can I
trust?
• Use SLAs to enforce trusted behavior
20. Last Thoughts: Local Host Security
• Are local host machines part of the cloud infrastructure?
– Outside the security perimeter
– While cloud consumers worry about the security on the cloud provider’s site, they may easily
forget to harden their own machines
• The lack of security of local devices can
– Provide a way for malicious services on the cloud to attack local networks through these term
inal devices
– Compromise the cloud and its resources for other users
• With mobile devices, the threat may be even stronger
– Users misplace or have the device stolen from them
– Security mechanisms on handheld gadgets are often times insufficient compared to say, a de
sktop computer
– Provides a potential attacker an easy avenue into a cloud system.
– If a user relies mainly on a mobile device to access cloud data, the threat to availability is als
o increased as mobile devices malfunction or are lost
• Devices that access the cloud should have
– Strong authentication mechanisms
– Tamper-resistant mechanisms
– Strong isolation between applications
– Methods to trust the OS
– Cryptographic functionality when traffic confidentiality is required
21. Conclusion
• Cloud computing is sometimes viewed as a reincarnation
of the classic mainframe client-server model
– However, resources are ubiquitous, scalable, highly virtualized
– Contains all the traditional threats, as well as new ones
• In developing solutions to cloud computing security issue
s it may be helpful to identify the problems and approach
es in terms of
– Loss of control
– Lack of trust
– Multi-tenancy problems
22. References
1. NIST (Authors: P. Mell and T. Grance), "The NIST Definition of Cl
oud Computing (ver. 15)," National Institute of Standards and Tec
hnology, Information Technology Laboratory (October 7 2009).
2. J. McDermott, (2009) "Security Requirements for Virtualization in
Cloud Computing," presented at the ACSAC Cloud Security Work
shop, Honolulu, Hawaii, USA, 2009.
3. J. Camp. (2001), “Trust and Risk in Internet Commerce,” MIT P
ress
4. T. Ristenpart et al. (2009) “Hey You Get Off My Cloud,” Procee
dings of the 16th ACM conference on Computer and communicati
ons security, Chicago, Illinois, USA
23. References for Cloud Security
• M. Armbrust, et al., "Above the Clouds: A Berkeley View of Cloud Computing," UC Be
rkeley Reliable Adaptive Distributed Systems LaboratoryFebruary 10 2009.
• Cloud Security Alliance, "Security Guidance for Critical Areas of Focus in Cloud Com
puting, ver. 2.1," 2009.
• M. Jensen, et al., "On Technical Security Issues in Cloud Computing," presented at th
e 2009 IEEE International Conference on Cloud Computing, Bangalore, India 2009.
• P. Mell and T. Grance, "Effectively and Securely Using the Cloud Computing Paradig
m," ed: National Institute of Standards and Technology, Information Technology Labo
ratory, 2009.
• N. Santos, et al., "Towards Trusted Cloud Computing," in Usenix 09 Hot Cloud Works
hop, San Diego, CA, 2009.
• R. G. Lennon, et al., "Best practices in cloud computing: designing for the cloud," pre
sented at the Proceeding of the 24th ACM SIGPLAN conference companion on Obje
ct oriented programming systems languages and applications, Orlando, Florida, USA,
2009.
• P. Mell and T. Grance, "The NIST Definition of Cloud Computing (ver. 15)," National I
nstitute of Standards and Technology, Information Technology LaboratoryOctober 7 2
009.
• C. Cachin, et al., "Trusting the cloud," SIGACT News, vol. 40, pp. 81-86, 2009.
• J. Heiser and M. Nicolett, "Assessing the Security Risks of Cloud Computing," Gartne
r 2008.
• A. Joch. (2009, June 18) Cloud Computing: Is It Secure Enough? Federal Computer
Week.