SlideShare a Scribd company logo

Trust in the Cloud

blogzilla
blogzilla

Presented at the Dutch government's cyber dialogue, 17 Jan 2014

TechnologyBusiness
1 of 11
Download to read offline
TRUST IN THE CLOUD Ian Brown Oxford University
WHAT IS THE CLOUD?  “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, ser vers, storage, applications, and ser vices) that can be rapidly provisioned and released with minimal management ef for t or ser vice provider interaction ” US National Institute of Standards and Technology, 2011  Public, community, hybrid, private clouds Estimated value of different categories of cloud services across the EU Source: Pierre Audoin Consultants, PAC's Cloud Computing Worldwide by countries datamart 2012
T YPES OF CLOUD SERVICES  Storage as a Ser vice: Dropbox, Box.net, Amazon Scalable Storage Service (S3), Iron Mountain, EMC Atmos Online, Google Cloud Storage, and Microsoft‟s SQL Azure  Sof tware as a Ser vice ( SaaS): Google Docs, Calendar and Gmail, Zimbra, Spotify, Salesforce.com, Microsoft Of fice 365, and SAP Business by Design  Platform as a Ser vice ( PaaS): IBM Websphere, Force.com, Springsource, Morphlabs, Google App Engine, Microsoft Windows Azure, and Amazon Elastic Beanstalk  Infrastructure as a Ser vice ( IaaS): Amazon‟s Elastic Compute Cloud, Zimory, Elastichosts, and VMWare‟s vCloud Express
OPPORTUNITIES AND RISKS Motivations for business to use cloud computing ENISA, Catteddu, D. & Hogben, G. (eds.), An SME perspective on cloud computing - Survey, 2009, Drivers - Question 3  EU Commission predicts strategy impact of €45bn direct spend and cumulative impact on GDP of €957bn, and 3.8m jobs, by 2020  UK expects to save £200m in 2014-15
WHAT TO DO  EU Commission: “Given that data protection concerns were identified as one of the most serious barriers to cloud computing takeup, it is all the more important that Council and Parliament work swiftly towards the adoption of the proposed regulation as soon as possible in 2013.”
JURISDICTION  In many countries, provisions reflect the idea that the „whole‟ of fence need not take place within the country in order to assert territorial jurisdiction. Territorial linkages can be made with reference to elements or ef fects of the act, or the location of computer systems or data utilized for the of fence  Where they arise, jurisdictional conflicts are typically resolved through formal and informal consultations between countries  UNODC study found no need for additional forms of jurisdiction over a putative „cyberspace‟ dimension. Rather, forms of territoriality -based and nationality -based jurisdiction are almost always able to ensure a suf ficient connection between cybercrime acts and at least one State
ACCESSING CLOUD DATA CoE CC §32: “A Party may, without the authorisation of another Party…access or receive, through a computer system in its territory, stored computer data located in another Party, if the Party obtains the lawful and voluntary consent of the person who has the lawful authority to disclose the data to the Party through that computer system.”
FRANCE‟S “SOVEREIGN CLOUD”  Numergy and Cloudwatt each received €75 million from French government, for a 33% stake. SFR owns 47% and Bull 20% of Numergy. Orange owns 44.5% of Cloudwatt, Thales 22.5%  Numergy using SFR‟s cloud infrastructure based on VMware , Cisco and HP, moving to OpenStack . Cloudwatt building new system based on OpenStack  Numergy is developing “compliance -focused partnerships”, aiming for 20-25 partner “Cloud Team Alliance” in 2014  “A full industrial policy for development of an autonomous European Cloud computing capacity based on free/open -source software should be supported. Such a policy would reduce US control over the high end of the Cloud e -commerce value chain and EU online advertising markets. Currently European data is exposed to commercial manipulation, foreign intelligence surveillance and industrial espionage. Investments in a European Cloud will bring economic benefits as well as providing the foundation for durable data sovereignty.” (Bowden 2013)
PERSONAL/TRUSTED CLOUDS Source: Derek McAuley, Percom 2011 Source: Fig 12.1, Tclouds D2.1.2, 2011
FURTHER INFORMATION  C. Bowden, The US sur veillance programmes and their impact on EU citizens' fundamental rights , European Parliament PE 474.405, 2013  D. Catteddu & G. Hogben (eds.), Cloud Computing: Benefits, risks and recommendations for information security , ENISA, 2009  European Commission, Unleashing the Potential of Cloud Computing in Europe, COM(2012) 529 final, 27.9.2012  A. Fielder and I. Brown, Cloud Computing, European Parliament IP/A/IMCO/ST/2011 -18, May 2012  TClouds consortium, Technical Requirements and Architecture for Privacy -enhanced and Resilient Trusted Clouds, D2.1 .1 , 3.10.2011  UN Office on Drugs and Crime, Comprehensive Study on Cybercrime, March 2013

Recommended

Towards a Future Internet workshop
Towards a Future Internet workshopTowards a Future Internet workshop
Towards a Future Internet workshopblogzilla
 
Systemic cybersecurity risk
Systemic cybersecurity riskSystemic cybersecurity risk
Systemic cybersecurity riskblogzilla
 
Collective and participative experiences in real-world and online communities
Collective and participative experiences in real-world and online communitiesCollective and participative experiences in real-world and online communities
Collective and participative experiences in real-world and online communitiesictseserv
 
Mary Barnsdale article about Fog Computing for Cisco
Mary Barnsdale article about Fog Computing for CiscoMary Barnsdale article about Fog Computing for Cisco
Mary Barnsdale article about Fog Computing for CiscoMary Barnsdale
 
Isidro Laso Ballesteros (DG Information Society and Media) Internet Architect...
Isidro Laso Ballesteros (DG Information Society and Media) Internet Architect...Isidro Laso Ballesteros (DG Information Society and Media) Internet Architect...
Isidro Laso Ballesteros (DG Information Society and Media) Internet Architect...FIA2010
 
Towards the clouds together, collaboration on cloud services in research and ...
Towards the clouds together, collaboration on cloud services in research and ...Towards the clouds together, collaboration on cloud services in research and ...
Towards the clouds together, collaboration on cloud services in research and ...Andres Steijaert
 
Public Policy
Public PolicyPublic Policy
Public Policybrisso99
 
Security and privacy issues and solutions of Mobile Cloud Computing
Security and privacy issues and solutions of Mobile Cloud ComputingSecurity and privacy issues and solutions of Mobile Cloud Computing
Security and privacy issues and solutions of Mobile Cloud ComputingTahmin Aysha Murshed
 

More Related Content

What's hot

The Future of the Internet
The Future of the InternetThe Future of the Internet
The Future of the InternetJon Lebkowsky
 
Cisco 2013 Annual Security Report
Cisco 2013 Annual Security ReportCisco 2013 Annual Security Report
Cisco 2013 Annual Security ReportKim Jensen
 
Building the Cloud-Enabled Enterprise Campus to Meet Today's Network Needs
Building the Cloud-Enabled Enterprise Campus to Meet Today's Network NeedsBuilding the Cloud-Enabled Enterprise Campus to Meet Today's Network Needs
Building the Cloud-Enabled Enterprise Campus to Meet Today's Network NeedsJuniper Networks
 
TLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030am
TLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030amTLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030am
TLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030amRod Dines
 
Rethinking Governance via Social Networking: The case of direct vs. indirect ...
Rethinking Governance via Social Networking: The case of direct vs. indirect ...Rethinking Governance via Social Networking: The case of direct vs. indirect ...
Rethinking Governance via Social Networking: The case of direct vs. indirect ...Timo Wandhoefer
 
Future Of Internet Presentation
Future Of Internet PresentationFuture Of Internet Presentation
Future Of Internet Presentationguestf0bdc63
 
Modelli di interoperabilità in un hybrid cloud environment
Modelli di interoperabilità in un hybrid cloud environmentModelli di interoperabilità in un hybrid cloud environment
Modelli di interoperabilità in un hybrid cloud environmentCSI Piemonte
 
Truzzt box 3.2-en
Truzzt box 3.2-enTruzzt box 3.2-en
Truzzt box 3.2-enh-bauer2014
 
Products And Platforms In The Age Of Communities
Products And Platforms In The Age Of CommunitiesProducts And Platforms In The Age Of Communities
Products And Platforms In The Age Of CommunitiesBenjamin Tincq
 
What is the role of cloud computing, web 2.0, and web 3.0 semantic technologi...
What is the role of cloud computing, web 2.0, and web 3.0 semantic technologi...What is the role of cloud computing, web 2.0, and web 3.0 semantic technologi...
What is the role of cloud computing, web 2.0, and web 3.0 semantic technologi...Mills Davis
 
A Proposed Solution to Secure MCC Uprising Issue and Challenges in the Domain...
A Proposed Solution to Secure MCC Uprising Issue and Challenges in the Domain...A Proposed Solution to Secure MCC Uprising Issue and Challenges in the Domain...
A Proposed Solution to Secure MCC Uprising Issue and Challenges in the Domain...IJERD Editor
 
The Network Effects Bible
The Network Effects BibleThe Network Effects Bible
The Network Effects BibleNFX
 
Social Production
Social ProductionSocial Production
Social ProductionIvan Labra
 

What's hot (19)

Judicial Frameworks and Privacy Issues of Cloud Computing
Judicial Frameworks and Privacy Issues of Cloud ComputingJudicial Frameworks and Privacy Issues of Cloud Computing
Judicial Frameworks and Privacy Issues of Cloud Computing
 
Technology Innovation
Technology InnovationTechnology Innovation
Technology Innovation
 
The Future of the Internet
The Future of the InternetThe Future of the Internet
The Future of the Internet
 
Cisco 2013 Annual Security Report
Cisco 2013 Annual Security ReportCisco 2013 Annual Security Report
Cisco 2013 Annual Security Report
 
Building the Cloud-Enabled Enterprise Campus to Meet Today's Network Needs
Building the Cloud-Enabled Enterprise Campus to Meet Today's Network NeedsBuilding the Cloud-Enabled Enterprise Campus to Meet Today's Network Needs
Building the Cloud-Enabled Enterprise Campus to Meet Today's Network Needs
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
TLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030am
TLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030amTLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030am
TLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030am
 
Security Threats Predictions in 2015 – Netmagic
Security Threats Predictions in 2015 – NetmagicSecurity Threats Predictions in 2015 – Netmagic
Security Threats Predictions in 2015 – Netmagic
 
Columbia citi economics of net 060515 final
Columbia citi economics of net 060515 finalColumbia citi economics of net 060515 final
Columbia citi economics of net 060515 final
 
Rethinking Governance via Social Networking: The case of direct vs. indirect ...
Rethinking Governance via Social Networking: The case of direct vs. indirect ...Rethinking Governance via Social Networking: The case of direct vs. indirect ...
Rethinking Governance via Social Networking: The case of direct vs. indirect ...
 
Future Of Internet Presentation
Future Of Internet PresentationFuture Of Internet Presentation
Future Of Internet Presentation
 
Modelli di interoperabilità in un hybrid cloud environment
Modelli di interoperabilità in un hybrid cloud environmentModelli di interoperabilità in un hybrid cloud environment
Modelli di interoperabilità in un hybrid cloud environment
 
Truzzt box 3.2-en
Truzzt box 3.2-enTruzzt box 3.2-en
Truzzt box 3.2-en
 
Products And Platforms In The Age Of Communities
Products And Platforms In The Age Of CommunitiesProducts And Platforms In The Age Of Communities
Products And Platforms In The Age Of Communities
 
Morgondagens Webbplatser
Morgondagens WebbplatserMorgondagens Webbplatser
Morgondagens Webbplatser
 
What is the role of cloud computing, web 2.0, and web 3.0 semantic technologi...
What is the role of cloud computing, web 2.0, and web 3.0 semantic technologi...What is the role of cloud computing, web 2.0, and web 3.0 semantic technologi...
What is the role of cloud computing, web 2.0, and web 3.0 semantic technologi...
 
A Proposed Solution to Secure MCC Uprising Issue and Challenges in the Domain...
A Proposed Solution to Secure MCC Uprising Issue and Challenges in the Domain...A Proposed Solution to Secure MCC Uprising Issue and Challenges in the Domain...
A Proposed Solution to Secure MCC Uprising Issue and Challenges in the Domain...
 
The Network Effects Bible
The Network Effects BibleThe Network Effects Bible
The Network Effects Bible
 
Social Production
Social ProductionSocial Production
Social Production
 

Viewers also liked

Data Retention - Dead or Merely Stunned?
Data Retention - Dead or Merely Stunned?Data Retention - Dead or Merely Stunned?
Data Retention - Dead or Merely Stunned?Graham Smith
 
The Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsThe Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsblogzilla
 
Why the FEP Donor Retention Data is so Vital to Every Fundraiser
Why the FEP Donor Retention Data is so Vital to Every FundraiserWhy the FEP Donor Retention Data is so Vital to Every Fundraiser
Why the FEP Donor Retention Data is so Vital to Every FundraiserBloomerang
 
delphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-maskingdelphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-maskingJes Breslaw
 
ISSA Data Retention Policy Development
ISSA Data Retention Policy DevelopmentISSA Data Retention Policy Development
ISSA Data Retention Policy DevelopmentBill Lisse
 
Webianr: GDPR: How to build a data protection framework
Webianr: GDPR: How to build a data protection frameworkWebianr: GDPR: How to build a data protection framework
Webianr: GDPR: How to build a data protection frameworkLeigh Hill
 

Viewers also liked (6)

Data Retention - Dead or Merely Stunned?
Data Retention - Dead or Merely Stunned?Data Retention - Dead or Merely Stunned?
Data Retention - Dead or Merely Stunned?
 
The Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsThe Data Retention Directive: recent developments
The Data Retention Directive: recent developments
 
Why the FEP Donor Retention Data is so Vital to Every Fundraiser
Why the FEP Donor Retention Data is so Vital to Every FundraiserWhy the FEP Donor Retention Data is so Vital to Every Fundraiser
Why the FEP Donor Retention Data is so Vital to Every Fundraiser
 
delphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-maskingdelphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-masking
 
ISSA Data Retention Policy Development
ISSA Data Retention Policy DevelopmentISSA Data Retention Policy Development
ISSA Data Retention Policy Development
 
Webianr: GDPR: How to build a data protection framework
Webianr: GDPR: How to build a data protection frameworkWebianr: GDPR: How to build a data protection framework
Webianr: GDPR: How to build a data protection framework
 

Similar to Trust in the Cloud

Cloud computing assignment
Cloud computing assignmentCloud computing assignment
Cloud computing assignmentACCA Global
 
Cloud Computing introduction by saransh
Cloud Computing introduction by saranshCloud Computing introduction by saransh
Cloud Computing introduction by saranshSaransh Agarwal
 
Security and Privacy Issues of Fog Computing: A Survey
Security and Privacy Issues of Fog Computing: A SurveySecurity and Privacy Issues of Fog Computing: A Survey
Security and Privacy Issues of Fog Computing: A SurveyHarshitParkar6677
 
Security and privacy issues of fog
Security and privacy issues of fogSecurity and privacy issues of fog
Security and privacy issues of fogRezgar Mohammad
 
THE IMPACT OF EXISTING SOUTH AFRICAN ICT POLICIES AND REGULATORY LAWS ON CLOU...
THE IMPACT OF EXISTING SOUTH AFRICAN ICT POLICIES AND REGULATORY LAWS ON CLOU...THE IMPACT OF EXISTING SOUTH AFRICAN ICT POLICIES AND REGULATORY LAWS ON CLOU...
THE IMPACT OF EXISTING SOUTH AFRICAN ICT POLICIES AND REGULATORY LAWS ON CLOU...csandit
 
A220113
A220113A220113
A220113irjes
 
Teja pp matter
Teja pp matterTeja pp matter
Teja pp matter9505567198
 
A survey of fog computing concepts applications and issues
A survey of fog computing concepts applications and issuesA survey of fog computing concepts applications and issues
A survey of fog computing concepts applications and issuesRezgar Mohammad
 
Introduction to cloud security
Introduction to cloud securityIntroduction to cloud security
Introduction to cloud securityIAEME Publication
 
Dr.M.Florence Dayana-Cloud Computing-Unit - 1.pdf
Dr.M.Florence Dayana-Cloud Computing-Unit - 1.pdfDr.M.Florence Dayana-Cloud Computing-Unit - 1.pdf
Dr.M.Florence Dayana-Cloud Computing-Unit - 1.pdfDr.Florence Dayana
 
SURVEY OF CLOUD COMPUTING
SURVEY OF CLOUD COMPUTINGSURVEY OF CLOUD COMPUTING
SURVEY OF CLOUD COMPUTINGijwscjournal
 
SURVEY OF CLOUD COMPUTING
SURVEY OF CLOUD COMPUTINGSURVEY OF CLOUD COMPUTING
SURVEY OF CLOUD COMPUTINGijwscjournal
 
Fog Computing - DEV.BG 2018
Fog Computing - DEV.BG 2018Fog Computing - DEV.BG 2018
Fog Computing - DEV.BG 2018Trayan Iliev
 
Cloud computing..
Cloud computing..Cloud computing..
Cloud computing..manoj kumar
 

Similar to Trust in the Cloud (20)

Cloud computing assignment
Cloud computing assignmentCloud computing assignment
Cloud computing assignment
 
Cloud Computing introduction by saransh
Cloud Computing introduction by saranshCloud Computing introduction by saransh
Cloud Computing introduction by saransh
 
Security and Privacy Issues of Fog Computing: A Survey
Security and Privacy Issues of Fog Computing: A SurveySecurity and Privacy Issues of Fog Computing: A Survey
Security and Privacy Issues of Fog Computing: A Survey
 
Security and privacy issues of fog
Security and privacy issues of fogSecurity and privacy issues of fog
Security and privacy issues of fog
 
THE IMPACT OF EXISTING SOUTH AFRICAN ICT POLICIES AND REGULATORY LAWS ON CLOU...
THE IMPACT OF EXISTING SOUTH AFRICAN ICT POLICIES AND REGULATORY LAWS ON CLOU...THE IMPACT OF EXISTING SOUTH AFRICAN ICT POLICIES AND REGULATORY LAWS ON CLOU...
THE IMPACT OF EXISTING SOUTH AFRICAN ICT POLICIES AND REGULATORY LAWS ON CLOU...
 
A220113
A220113A220113
A220113
 
Teja pp matter
Teja pp matterTeja pp matter
Teja pp matter
 
Cloud versus cloud
Cloud versus cloudCloud versus cloud
Cloud versus cloud
 
Cloud computing ppts
Cloud computing pptsCloud computing ppts
Cloud computing ppts
 
Cloud computing ppts
Cloud computing pptsCloud computing ppts
Cloud computing ppts
 
A survey of fog computing concepts applications and issues
A survey of fog computing concepts applications and issuesA survey of fog computing concepts applications and issues
A survey of fog computing concepts applications and issues
 
fogcomputing
fogcomputingfogcomputing
fogcomputing
 
Introduction to cloud security
Introduction to cloud securityIntroduction to cloud security
Introduction to cloud security
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Dr.M.Florence Dayana-Cloud Computing-Unit - 1.pdf
Dr.M.Florence Dayana-Cloud Computing-Unit - 1.pdfDr.M.Florence Dayana-Cloud Computing-Unit - 1.pdf
Dr.M.Florence Dayana-Cloud Computing-Unit - 1.pdf
 
SURVEY OF CLOUD COMPUTING
SURVEY OF CLOUD COMPUTINGSURVEY OF CLOUD COMPUTING
SURVEY OF CLOUD COMPUTING
 
SURVEY OF CLOUD COMPUTING
SURVEY OF CLOUD COMPUTINGSURVEY OF CLOUD COMPUTING
SURVEY OF CLOUD COMPUTING
 
Fog Computing - DEV.BG 2018
Fog Computing - DEV.BG 2018Fog Computing - DEV.BG 2018
Fog Computing - DEV.BG 2018
 
Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computing
 
Cloud computing..
Cloud computing..Cloud computing..
Cloud computing..
 

More from blogzilla

Interoperability for SNS competition
Interoperability for SNS competitionInteroperability for SNS competition
Interoperability for SNS competitionblogzilla
 
Transatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentTransatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentblogzilla
 
Lessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open BankingLessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open Bankingblogzilla
 
Covid exposure apps in England and Wales
Covid exposure apps in England and WalesCovid exposure apps in England and Wales
Covid exposure apps in England and Walesblogzilla
 
Key issues in data protection policy
Key issues in data protection policyKey issues in data protection policy
Key issues in data protection policyblogzilla
 
Trusted government access to private sector data
Trusted government access to private sector dataTrusted government access to private sector data
Trusted government access to private sector datablogzilla
 
Interoperability in the Digital Services Act
Interoperability in the Digital Services ActInteroperability in the Digital Services Act
Interoperability in the Digital Services Actblogzilla
 
Making effective policy use of academic expertise
Making effective policy use of academic expertiseMaking effective policy use of academic expertise
Making effective policy use of academic expertiseblogzilla
 
Introduction to Cybersecurity for Elections
Introduction to Cybersecurity for ElectionsIntroduction to Cybersecurity for Elections
Introduction to Cybersecurity for Electionsblogzilla
 
Cyber Essentials for Managers
Cyber Essentials for ManagersCyber Essentials for Managers
Cyber Essentials for Managersblogzilla
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africablogzilla
 
Human rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QCHuman rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QCblogzilla
 
Data science and privacy regulation
Data science and privacy regulationData science and privacy regulation
Data science and privacy regulationblogzilla
 
Where next for encryption regulation?
Where next for encryption regulation?Where next for encryption regulation?
Where next for encryption regulation?blogzilla
 
Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?blogzilla
 
Regulation and the Internet of Things
Regulation and the Internet of ThingsRegulation and the Internet of Things
Regulation and the Internet of Thingsblogzilla
 
Global Cyber Security Capacity Centre
Global Cyber Security Capacity CentreGlobal Cyber Security Capacity Centre
Global Cyber Security Capacity Centreblogzilla
 
Privacy post-Snowden
Privacy post-SnowdenPrivacy post-Snowden
Privacy post-Snowdenblogzilla
 
Keeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodKeeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodblogzilla
 
Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?blogzilla
 

More from blogzilla (20)

Interoperability for SNS competition
Interoperability for SNS competitionInteroperability for SNS competition
Interoperability for SNS competition
 
Transatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentTransatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgment
 
Lessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open BankingLessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open Banking
 
Covid exposure apps in England and Wales
Covid exposure apps in England and WalesCovid exposure apps in England and Wales
Covid exposure apps in England and Wales
 
Key issues in data protection policy
Key issues in data protection policyKey issues in data protection policy
Key issues in data protection policy
 
Trusted government access to private sector data
Trusted government access to private sector dataTrusted government access to private sector data
Trusted government access to private sector data
 
Interoperability in the Digital Services Act
Interoperability in the Digital Services ActInteroperability in the Digital Services Act
Interoperability in the Digital Services Act
 
Making effective policy use of academic expertise
Making effective policy use of academic expertiseMaking effective policy use of academic expertise
Making effective policy use of academic expertise
 
Introduction to Cybersecurity for Elections
Introduction to Cybersecurity for ElectionsIntroduction to Cybersecurity for Elections
Introduction to Cybersecurity for Elections
 
Cyber Essentials for Managers
Cyber Essentials for ManagersCyber Essentials for Managers
Cyber Essentials for Managers
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africa
 
Human rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QCHuman rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QC
 
Data science and privacy regulation
Data science and privacy regulationData science and privacy regulation
Data science and privacy regulation
 
Where next for encryption regulation?
Where next for encryption regulation?Where next for encryption regulation?
Where next for encryption regulation?
 
Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?
 
Regulation and the Internet of Things
Regulation and the Internet of ThingsRegulation and the Internet of Things
Regulation and the Internet of Things
 
Global Cyber Security Capacity Centre
Global Cyber Security Capacity CentreGlobal Cyber Security Capacity Centre
Global Cyber Security Capacity Centre
 
Privacy post-Snowden
Privacy post-SnowdenPrivacy post-Snowden
Privacy post-Snowden
 
Keeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodKeeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public good
 
Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?
 

Recently uploaded

Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialJoão Esperancinha
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneUiPathCommunity
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 

Recently uploaded (20)

Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorial
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyone
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 

Trust in the Cloud

  • 1. TRUST IN THE CLOUD Ian Brown Oxford University
  • 2. WHAT IS THE CLOUD?  “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, ser vers, storage, applications, and ser vices) that can be rapidly provisioned and released with minimal management ef for t or ser vice provider interaction ” US National Institute of Standards and Technology, 2011  Public, community, hybrid, private clouds Estimated value of different categories of cloud services across the EU Source: Pierre Audoin Consultants, PAC's Cloud Computing Worldwide by countries datamart 2012
  • 3. T YPES OF CLOUD SERVICES  Storage as a Ser vice: Dropbox, Box.net, Amazon Scalable Storage Service (S3), Iron Mountain, EMC Atmos Online, Google Cloud Storage, and Microsoft‟s SQL Azure  Sof tware as a Ser vice ( SaaS): Google Docs, Calendar and Gmail, Zimbra, Spotify, Salesforce.com, Microsoft Of fice 365, and SAP Business by Design  Platform as a Ser vice ( PaaS): IBM Websphere, Force.com, Springsource, Morphlabs, Google App Engine, Microsoft Windows Azure, and Amazon Elastic Beanstalk  Infrastructure as a Ser vice ( IaaS): Amazon‟s Elastic Compute Cloud, Zimory, Elastichosts, and VMWare‟s vCloud Express
  • 4. OPPORTUNITIES AND RISKS Motivations for business to use cloud computing ENISA, Catteddu, D. & Hogben, G. (eds.), An SME perspective on cloud computing - Survey, 2009, Drivers - Question 3  EU Commission predicts strategy impact of €45bn direct spend and cumulative impact on GDP of €957bn, and 3.8m jobs, by 2020  UK expects to save £200m in 2014-15
  • 5.
  • 6. WHAT TO DO  EU Commission: “Given that data protection concerns were identified as one of the most serious barriers to cloud computing takeup, it is all the more important that Council and Parliament work swiftly towards the adoption of the proposed regulation as soon as possible in 2013.”
  • 7. JURISDICTION  In many countries, provisions reflect the idea that the „whole‟ of fence need not take place within the country in order to assert territorial jurisdiction. Territorial linkages can be made with reference to elements or ef fects of the act, or the location of computer systems or data utilized for the of fence  Where they arise, jurisdictional conflicts are typically resolved through formal and informal consultations between countries  UNODC study found no need for additional forms of jurisdiction over a putative „cyberspace‟ dimension. Rather, forms of territoriality -based and nationality -based jurisdiction are almost always able to ensure a suf ficient connection between cybercrime acts and at least one State
  • 8. ACCESSING CLOUD DATA CoE CC §32: “A Party may, without the authorisation of another Party…access or receive, through a computer system in its territory, stored computer data located in another Party, if the Party obtains the lawful and voluntary consent of the person who has the lawful authority to disclose the data to the Party through that computer system.”
  • 9. FRANCE‟S “SOVEREIGN CLOUD”  Numergy and Cloudwatt each received €75 million from French government, for a 33% stake. SFR owns 47% and Bull 20% of Numergy. Orange owns 44.5% of Cloudwatt, Thales 22.5%  Numergy using SFR‟s cloud infrastructure based on VMware , Cisco and HP, moving to OpenStack . Cloudwatt building new system based on OpenStack  Numergy is developing “compliance -focused partnerships”, aiming for 20-25 partner “Cloud Team Alliance” in 2014  “A full industrial policy for development of an autonomous European Cloud computing capacity based on free/open -source software should be supported. Such a policy would reduce US control over the high end of the Cloud e -commerce value chain and EU online advertising markets. Currently European data is exposed to commercial manipulation, foreign intelligence surveillance and industrial espionage. Investments in a European Cloud will bring economic benefits as well as providing the foundation for durable data sovereignty.” (Bowden 2013)
  • 10. PERSONAL/TRUSTED CLOUDS Source: Derek McAuley, Percom 2011 Source: Fig 12.1, Tclouds D2.1.2, 2011
  • 11. FURTHER INFORMATION  C. Bowden, The US sur veillance programmes and their impact on EU citizens' fundamental rights , European Parliament PE 474.405, 2013  D. Catteddu & G. Hogben (eds.), Cloud Computing: Benefits, risks and recommendations for information security , ENISA, 2009  European Commission, Unleashing the Potential of Cloud Computing in Europe, COM(2012) 529 final, 27.9.2012  A. Fielder and I. Brown, Cloud Computing, European Parliament IP/A/IMCO/ST/2011 -18, May 2012  TClouds consortium, Technical Requirements and Architecture for Privacy -enhanced and Resilient Trusted Clouds, D2.1 .1 , 3.10.2011  UN Office on Drugs and Crime, Comprehensive Study on Cybercrime, March 2013

Editor's Notes

  1. EC quote: p8 of CC strategy
  2. (1)  An individual located in country A with control over cloud data. Access may be obtained either because (i) the individual consents; or (ii) authorities make use of an existing live connection from the individual’s device. (2)  An individual located in country B with control over cloud data. Access may be obtained due to the consent of the individual. (3)  The cloud service provider in country B. Access may be obtained either because (i) the cloud service provider consents; or (ii) data access credentials have been obtained by law enforcement. (4)  The cloud service provider’s offices in country A. Access may be obtained through local informal arrangements between law enforcement and the cloud service provider.
  3. http://gigaom.com/2013/11/18/a-guide-to-the-french-national-clouds/
  4. http://perscon.net/docs/talks/pdf/2011-03-23-percom-personal.pdf