2. WHAT IS THE CLOUD?
“Cloud computing is a model
for enabling ubiquitous,
convenient, on-demand
network access to a shared
pool of configurable
computing resources (e.g.,
networks, ser vers, storage,
applications, and ser vices)
that can be rapidly
provisioned and released with
minimal management ef for t or
ser vice provider interaction ” US National Institute of
Standards and Technology,
2011
Public, community, hybrid,
private clouds
Estimated value of different categories of cloud
services across the EU
Source: Pierre Audoin Consultants, PAC's Cloud Computing
Worldwide by countries datamart 2012
3. T YPES OF CLOUD SERVICES
Storage as a Ser vice: Dropbox, Box.net, Amazon Scalable
Storage Service (S3), Iron Mountain, EMC Atmos Online,
Google Cloud Storage, and Microsoft‟s SQL Azure
Sof tware as a Ser vice ( SaaS): Google Docs, Calendar and
Gmail, Zimbra, Spotify, Salesforce.com, Microsoft Of fice 365,
and SAP Business by Design
Platform as a Ser vice ( PaaS): IBM Websphere, Force.com,
Springsource, Morphlabs, Google App Engine, Microsoft
Windows Azure, and Amazon Elastic Beanstalk
Infrastructure as a Ser vice ( IaaS): Amazon‟s Elastic Compute
Cloud, Zimory, Elastichosts, and VMWare‟s vCloud Express
4. OPPORTUNITIES AND RISKS
Motivations for business to use cloud computing
ENISA, Catteddu, D. & Hogben, G. (eds.), An SME perspective on
cloud computing - Survey, 2009, Drivers - Question 3
EU Commission
predicts strategy
impact of €45bn
direct spend and
cumulative impact on
GDP of €957bn, and
3.8m jobs, by 2020
UK expects to save
£200m in 2014-15
5.
6. WHAT TO DO
EU Commission: “Given
that data protection
concerns were
identified as one of the
most serious barriers to
cloud computing takeup, it is all the more
important that Council
and Parliament work
swiftly towards the
adoption of the
proposed regulation as
soon as possible in
2013.”
7. JURISDICTION
In many countries, provisions reflect the idea that the „whole‟
of fence need not take place within the country in order to
assert territorial jurisdiction. Territorial linkages can be made
with reference to elements or ef fects of the act, or the
location of computer systems or data utilized for the of fence
Where they arise, jurisdictional conflicts are typically resolved
through formal and informal consultations between countries
UNODC study found no need for additional forms of
jurisdiction over a putative „cyberspace‟ dimension. Rather,
forms of territoriality -based and nationality -based jurisdiction
are almost always able to ensure a suf ficient connection
between cybercrime acts and at least one State
8. ACCESSING CLOUD DATA
CoE CC §32: “A Party may, without the
authorisation of another Party…access or receive,
through a computer system in its territory, stored
computer data located in another Party, if the
Party obtains the lawful and voluntary consent of
the person who has the lawful authority
to disclose the data to the Party through that
computer system.”
9. FRANCE‟S “SOVEREIGN CLOUD”
Numergy and Cloudwatt each received €75 million from French
government, for a 33% stake. SFR owns 47% and Bull 20% of
Numergy. Orange owns 44.5% of Cloudwatt, Thales 22.5%
Numergy using SFR‟s cloud infrastructure based on VMware ,
Cisco and HP, moving to OpenStack . Cloudwatt building new
system based on OpenStack
Numergy is developing “compliance -focused partnerships”,
aiming for 20-25 partner “Cloud Team Alliance” in 2014
“A full industrial policy for development of an autonomous
European Cloud computing capacity based on free/open -source
software should be supported. Such a policy would reduce US
control over the high end of the Cloud e -commerce value chain
and EU online advertising markets. Currently European data is
exposed to commercial manipulation, foreign intelligence
surveillance and industrial espionage. Investments in a European
Cloud will bring economic benefits as well as providing the
foundation for durable data sovereignty.” (Bowden 2013)
11. FURTHER INFORMATION
C. Bowden, The US sur veillance programmes and their impact on
EU citizens' fundamental rights , European Parliament PE
474.405, 2013
D. Catteddu & G. Hogben (eds.), Cloud Computing: Benefits, risks
and recommendations for information security , ENISA, 2009
European Commission, Unleashing the Potential of Cloud
Computing in Europe, COM(2012) 529 final, 27.9.2012
A. Fielder and I. Brown, Cloud Computing, European Parliament
IP/A/IMCO/ST/2011 -18, May 2012
TClouds consortium, Technical Requirements and Architecture for
Privacy -enhanced and Resilient Trusted Clouds, D2.1 .1 ,
3.10.2011
UN Office on Drugs and Crime, Comprehensive Study on
Cybercrime, March 2013
Editor's Notes
EC quote: p8 of CC strategy
(1) An individual located in country A with control over cloud data. Access may be obtained either because (i) the individual consents; or (ii) authorities make use of an existing live connection from the individual’s device. (2) An individual located in country B with control over cloud data. Access may be obtained due to the consent of the individual. (3) The cloud service provider in country B. Access may be obtained either because (i) the cloud service provider consents; or (ii) data access credentials have been obtained by law enforcement. (4) The cloud service provider’s offices in country A. Access may be obtained through local informal arrangements between law enforcement and the cloud service provider.