Santa Monica, : Rand, 2011

1-280-12694-9

9786613530806

0-8330-5960-2

1 online resource (135 p.)

Technical report ; ; [TR-933-EC]

342.40858

Cloud computing - Security measures

Computer security

Privacy, Right of

Information policy - European Union countries

Inglese

"Sponsored by the European Commission Directorate General Information Society and Media".

Includes bibliographical references.

Cover; Title Page; Copyright; Preface; Acknowledgements; Contents; Glossary; Executive Summary; Synthesis; Defining cloud computing; Defining security, privacy and trust; Issues arising from the reviewed literature; Risk control frameworks; Operational challenges; Implications from case studies; Gap analysis; Solving the challenges: observations and recommendations; Conclusions; Methodology; Structure of the report; Chapter 1:Introduction; Chapter 2: Definitions and drivers; 2.1 Definitions of cloud computing; 2.2 What's pushing cloud take-up?

2.3 The economics of cloud computing: implications for security; 2.4 Concluding remarks; Chapter 3: Understanding the implications for security, privacy and trust; 3.1 Defining security, privacy and trust; 3.2 Growing focus on security, privacy and trust concerns; 3.3 Identifying key issues and possible enablers for security, trust and privacy in the cloud; Chapter 4: Security, privacy and trust challenges stemming from the technological underpinnings of cloud computing; 4.1 The linchpin of trust: the hypervisor

4.2 Can the distributed models of computation characteristic of grid technology adequately serve the availability and interoperability needs of cloud computing?; 4.3 Current state-of-the-art web services may not be sufficient to establish interoperability for identity management in the cloud; 4.4 Trustworthiness in service-orientated architectures (SOAs); 4.5 Will web application frameworks (APIs and SDKs) be credible in providing trust across distributed environments?; 4.6 The fragility of current encryption approaches in the cloud context; 4.7 Concluding remarks

Chapter 5: Security, privacy and trust challenges inherent to the legal and regulatory aspects of cloud computing; 5.1 Horizontal perspective: applicable law and jurisdiction; 5.2 Vertical issues: main applicable laws; 5.3 The will of the parties: contractual provisions; 5.4 Overcoming legal barriers: key tools; 5.5 Concluding remarks; Chapter 6: Putting it all together: key risks and operational challenges; 6.1 Summary of legal and technical issues; 6.2 Migrating to the cloud: the operational challenges; Chapter 7: Case studies; 7.1 Introduction; 7.2 Initial classification of case studies

7.3 Observations on case studies in practice; 7.4 Matrix of case study typology; 7.5 Case Study 1: the Danish National IT and Telecom Agency; 7.6 Case study 2: the City of Los Angeles; 7.7 Case study 3: EU eHealth provider; 7.8 Implications; Chapter 8: Gap analysis; Chapter 9: Solving the challenges: recommendations and actions; 9.1 Introduction; 9.2 Recommendations; 9.3 Specific actions; Chapter 10: Conclusions; References; Appendices

This report discusses how policy-makers might address the challenges and risks in respect of the security, privacy and trust aspects of cloud computing that could undermine the attainment of broader economic and societal objectives across Europe.