Cloud Computing - Security Benefits and Risks

William McBorrough
William McBorroughInformation Assurance and Cyber Security Expert, Researcher, Educator and Entrepreneur à MCGlobalTech, Next Gen Cyber
Cloud Assurance Information Assurance in the Cloud by William McBorrough MSIA, CISSP, CISA, CEH Security Principal, Secure Intervention
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What is Cloud Computing? ,[object Object]
So….what is the ‘cloud” ,[object Object],[object Object]
Technology Still Evolving ,[object Object],[object Object]
NIST’s Working Definition ,[object Object],[object Object],[object Object],[object Object],[object Object]
Characteristics ,[object Object],[object Object],[object Object],[object Object],[object Object]
On Demand Self Service ,[object Object]
Broad network access ,[object Object]
Resource pooling ,[object Object]
Rapid elasticity ,[object Object]
Measured Service ,[object Object]
Delivery Models ,[object Object],[object Object],[object Object],[object Object]
Software as a Service (SaaS) ,[object Object]
In other words… ,[object Object],[object Object],[object Object]
SaaS Responsibilities ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Platform as a Service (PaaS) ,[object Object]
In other words… ,[object Object],[object Object]
PaaS Responsibilities ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Infrastructure as a Service (IaaS) ,[object Object]
In other words… ,[object Object],[object Object]
IaaS Responsibilities ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
IaaS Responsibilities – cont’d ,[object Object],[object Object],[object Object],[object Object]
Deployment Models ,[object Object],[object Object],[object Object],[object Object]
Public ,[object Object]
Private ,[object Object]
Community ,[object Object]
Hybrid ,[object Object]
That ’s great… ,[object Object]
Advantages ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
So what ’s the downside? ,[object Object],[object Object]
Just to be clear…. ,[object Object],[object Object]
Understanding Risk ,[object Object],[object Object]
ENISA’s Top Cloud Risk ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Risk Categories ,[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Policy and Organizational Risks
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Technical Risks
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Technical Risks – cont’d
[object Object],[object Object],[object Object],[object Object],Legal Risks
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],General Risks ( not cloud specific)
[object Object],[object Object],[object Object],[object Object],General Risks – cont’d
Fair and Balanced? ,[object Object],[object Object]
Security Benefits of Cloud ,[object Object],[object Object],[object Object],[object Object],[object Object]
References ,[object Object],[object Object],[object Object]
Questions?
1 sur 45

Cloud Computing - Security Benefits and Risks

Télécharger pour lire hors ligne
Technologie

Presentation exploring security benefits and risks of Cloud Computing.

William McBorrough
William McBorroughInformation Assurance and Cyber Security Expert, Researcher, Educator and Entrepreneur à MCGlobalTech, Next Gen Cyber

Recommandé

Cloud computing and its security issuesCloud computing and its security issues
Cloud computing and its security issuesJyoti Srivastava
1.5K vues18 diapositives
Understanding Cloud ComputingUnderstanding Cloud Computing
Understanding Cloud ComputingMohammed Sajjad Ali
1.3K vues37 diapositives
cloud computingcloud computing
cloud computingYasir Hilal
1.5K vues38 diapositives
Cloud security Cloud security
Cloud security Mohamed Shalash
2.8K vues68 diapositives
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
27.7K vues12 diapositives
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesDheeraj Negi
30.3K vues22 diapositives

Contenu connexe

Tendances

Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
1.9K vues133 diapositives
Cloud computing security Cloud computing security
Cloud computing security Akhila Param
733 vues35 diapositives
Cloud computing pptCloud computing ppt
Cloud computing pptJagriti Rai
3.9K vues23 diapositives
Cloud Computing FundamentalsCloud Computing Fundamentals
Cloud Computing FundamentalsSonia Nagpal
6.9K vues32 diapositives
Cloud security PresentationCloud security Presentation
Cloud security PresentationAjay p
4.9K vues46 diapositives
Fundamental cloud securityFundamental cloud security
Fundamental cloud securityAsmaa Ibrahim
4.1K vues33 diapositives

Tendances(20)

Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru1.9K vues
Cloud computing security Cloud computing security
Cloud computing security
Akhila Param733 vues
Cloud computing pptCloud computing ppt
Cloud computing ppt
Jagriti Rai3.9K vues
Cloud Computing FundamentalsCloud Computing Fundamentals
Cloud Computing Fundamentals
Sonia Nagpal6.9K vues
Cloud security PresentationCloud security Presentation
Cloud security Presentation
Ajay p4.9K vues
Fundamental cloud securityFundamental cloud security
Fundamental cloud security
Asmaa Ibrahim4.1K vues
Cloud computingCloud computing
Cloud computing
DebrajKarmakar2.1K vues
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Ninh Nguyen41.6K vues
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
Wen-Pai Lu1.5K vues
Virtualization security and threatVirtualization security and threat
Virtualization security and threat
Ammarit Thongthua ,CISSP CISM GXPN CSSLP CCNP4.3K vues
Cloud computingCloud computing
Cloud computing
Shiva Prasad2.2K vues
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
Capgemini3.9K vues
Cloud computingCloud computing
Cloud computing
MOHIT PANDEY2.9K vues
Cloud ComputingCloud Computing
Cloud Computing
Naveed Farooq4K vues
Characteristics of cloud computingCharacteristics of cloud computing
Characteristics of cloud computing
GOVERNMENT COLLEGE OF ENGINEERING,TIRUNELVELI1.9K vues
Cloud computing by Bharat BodageCloud computing by Bharat Bodage
Cloud computing by Bharat Bodage
Bharat Bodage4.1K vues
Cloud computing presentationCloud computing presentation
Cloud computing presentation
Muhammad Usama Zuberi4.3K vues
Cloud securityCloud security
Cloud security
BikashPokharel3424 vues
Cloud computing risk assesment presentationCloud computing risk assesment presentation
Cloud computing risk assesment presentation
Ahmad El Tawil1.3K vues
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
Viresh Suri9.4K vues

En vedette

Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityPiyush Mittal
1.3K vues41 diapositives

En vedette(20)

The Benefits of Security From a Managed Services ProviderThe Benefits of Security From a Managed Services Provider
The Benefits of Security From a Managed Services Provider
CSI Solutions2.7K vues
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Piyush Mittal1.3K vues
Cloud computing & Security presentationCloud computing & Security presentation
Cloud computing & Security presentation
Parveen Yadav834 vues
Cloud computing security - InsightsCloud computing security - Insights
Cloud computing security - Insights
giorgiacaleffi1K vues
Cloud computing securityCloud computing security
Cloud computing security
Aung Thu Rha Hein1.7K vues
Security in cloud computingSecurity in cloud computing
Security in cloud computing
Abhishek Kumar Sinha1.3K vues
Cloud computing securityCloud computing security
Cloud computing security
Antonio Sanz Alcober1.2K vues
Cloud Computing and Security - ISACA Hyderabad Chapter PresentationCloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
Venkateswar Reddy Melachervu6K vues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issues
Aleem Mohammed3.9K vues
Cloud Computing Security Issues Cloud Computing Security Issues
Cloud Computing Security Issues
Discover Cloud Computing10.1K vues
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud Computing
Jim Geovedi13.1K vues
Structured Analysis and Structured DesignStructured Analysis and Structured Design
Structured Analysis and Structured Design
Sanjay Kumar Chakravarti36.6K vues
2013 State of Cloud Survey SMB Results2013 State of Cloud Survey SMB Results
2013 State of Cloud Survey SMB Results
Symantec58.4K vues
Breaking through the CloudsBreaking through the Clouds
Breaking through the Clouds
Andy Piper72.4K vues
2013 Future of Cloud Computing - 3rd Annual Survey Results2013 Future of Cloud Computing - 3rd Annual Survey Results
2013 Future of Cloud Computing - 3rd Annual Survey Results
Michael Skok205.3K vues
Intro to cloud computing — MegaCOMM 2013, JerusalemIntro to cloud computing — MegaCOMM 2013, Jerusalem
Intro to cloud computing — MegaCOMM 2013, Jerusalem
Reuven Lerner62.4K vues
Cloud security pptCloud security ppt
Cloud security ppt
Venkatesh Chary98.3K vues
Can we hack open source #cloud platforms to help reduce emissions?Can we hack open source #cloud platforms to help reduce emissions?
Can we hack open source #cloud platforms to help reduce emissions?
Tom Raftery65.9K vues
Summer School Scale Cloud Across the EnterpriseSummer School Scale Cloud Across the Enterprise
Summer School Scale Cloud Across the Enterprise
WSO252.2K vues
Simplifying The Cloud Top 10 Questions By SMBsSimplifying The Cloud Top 10 Questions By SMBs
Simplifying The Cloud Top 10 Questions By SMBs
Sun Digital, Inc. 64.3K vues

Similaire à Cloud Computing - Security Benefits and Risks

Cloudmod4Cloudmod4
Cloudmod4kongara
187 vues14 diapositives
Introduction To Cloud ComputingIntroduction To Cloud Computing
Introduction To Cloud Computingkevnikool
2.2K vues30 diapositives

Similaire à Cloud Computing - Security Benefits and Risks(20)

Cloudmod4Cloudmod4
Cloudmod4
kongara187 vues
What Is Cloud Computing?What Is Cloud Computing?
What Is Cloud Computing?
Startup Product Academy, LLC484 vues
Cloud Computing presentation by Lisa Abe at the Canadian IT Lawyers Associat...Cloud Computing presentation by Lisa Abe at the Canadian IT Lawyers Associat...
Cloud Computing presentation by Lisa Abe at the Canadian IT Lawyers Associat...
lisaabe614 vues
Cloud strategy briefing 101 Cloud strategy briefing 101
Cloud strategy briefing 101
Predrag Mitrovic10.1K vues
Introduction To Cloud ComputingIntroduction To Cloud Computing
Introduction To Cloud Computing
kevnikool2.2K vues
Data Security Model Enhancement In Cloud EnvironmentData Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud Environment
IOSR Journals735 vues
Literature Review: Security on cloud computingLiterature Review: Security on cloud computing
Literature Review: Security on cloud computing
Suranga Nisiwasala4.7K vues
An introduction to the cloud 11 v1An introduction to the cloud 11 v1
An introduction to the cloud 11 v1
charan7575672 vues
NSUT_Lecture1_cloud computing[1].pptxNSUT_Lecture1_cloud computing[1].pptx
NSUT_Lecture1_cloud computing[1].pptx
UtkarshKumar6086558 vues
Cloud computingCloud computing
Cloud computing
Nibi Maouriyan371 vues
Security threats in cloud computingSecurity threats in cloud computing
Security threats in cloud computing
Puneet Arora184 vues
Cloud Def V15Cloud Def V15
Cloud Def V15
Krishna Kumar242 vues
NIST Definition of Cloud Computing v15NIST Definition of Cloud Computing v15
NIST Definition of Cloud Computing v15
Bill Annibell12.4K vues
Cloud def-v15Cloud def-v15
Cloud def-v15
sengura254 vues
Cloud Ecosystems A PerspectiveCloud Ecosystems A Perspective
Cloud Ecosystems A Perspective
jmcdaniel6501K vues
Cs6703 grid and cloud computing unit 3Cs6703 grid and cloud computing unit 3
Cs6703 grid and cloud computing unit 3
RMK ENGINEERING COLLEGE, CHENNAI12.1K vues
Cloud ComputingCloud Computing
Cloud Computing
Aniket Saxena4.1K vues
Cloud computing and Cloud Security - Basics and TerminologiesCloud computing and Cloud Security - Basics and Terminologies
Cloud computing and Cloud Security - Basics and Terminologies
Techsparks 76 vues
CLOUD COMPUTING.pptxCLOUD COMPUTING.pptx
CLOUD COMPUTING.pptx
AmitSingh77069115 vues
Cloud models and platformsCloud models and platforms
Cloud models and platforms
Prabhat gangwar431 vues

Plus de William McBorrough

Plus de William McBorrough(20)

MCGlobalTech CMMC Managed Compliance ServiceMCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance Service
William McBorrough667 vues
MCGlobalTech Managed Security Compliance ProgramMCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance Program
William McBorrough952 vues
MCGlobalTech Cyber Capability Statement MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement
William McBorrough866 vues
Cybersecurity Career Information by Next Gen CyberCybersecurity Career Information by Next Gen Cyber
Cybersecurity Career Information by Next Gen Cyber
William McBorrough630 vues
Improving Cyber Readiness with the NIST Cybersecurity FrameworkImproving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity Framework
William McBorrough301 vues
MCG Cybersecurity Webinar Series - Risk ManagementMCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk Management
William McBorrough313 vues
MCG Cybersecurity Webinar Series - Risk ManagementMCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk Management
William McBorrough95 vues
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability Statement
William McBorrough725 vues
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
William McBorrough447 vues
MCGlobalTech Enterprise Risk Management ProgramMCGlobalTech Enterprise Risk Management Program
MCGlobalTech Enterprise Risk Management Program
William McBorrough597 vues
MCGlobalTech Cyber Capability Statement_FinalMCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_Final
William McBorrough291 vues
MCG_OnePageBrochure_FinalMCG_OnePageBrochure_Final
MCG_OnePageBrochure_Final
William McBorrough202 vues
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
William McBorrough457 vues
Information Security Continuous Monitoring within a Risk Management FrameworkInformation Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management Framework
William McBorrough1.6K vues
MCGlobalTech Capability StatementMCGlobalTech Capability Statement
MCGlobalTech Capability Statement
William McBorrough281 vues
Managing Security Risks in ManufacturingManaging Security Risks in Manufacturing
Managing Security Risks in Manufacturing
William McBorrough402 vues
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial Industry
William McBorrough3.8K vues
Protecting Customer Confidential InformationProtecting Customer Confidential Information
Protecting Customer Confidential Information
William McBorrough821 vues
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
William McBorrough1.1K vues
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
William McBorrough292 vues

Dernier

Dernier(20)

Java Platform Approach 1.0 - Picnic MeetupJava Platform Approach 1.0 - Picnic Meetup
Java Platform Approach 1.0 - Picnic Meetup
Rick Ossendrijver23 vues
"Role of a CTO in software outsourcing company", Yuriy Nakonechnyy"Role of a CTO in software outsourcing company", Yuriy Nakonechnyy
"Role of a CTO in software outsourcing company", Yuriy Nakonechnyy
Fwdays35 vues
TE Connectivity: Card Edge InterconnectsTE Connectivity: Card Edge Interconnects
TE Connectivity: Card Edge Interconnects
CXL Forum93 vues
"Thriving Culture in a Product Company — Practical Story", Volodymyr Tsukur"Thriving Culture in a Product Company — Practical Story", Volodymyr Tsukur
"Thriving Culture in a Product Company — Practical Story", Volodymyr Tsukur
Fwdays35 vues
MemVerge: Past Present and Future of CXLMemVerge: Past Present and Future of CXL
MemVerge: Past Present and Future of CXL
CXL Forum105 vues
AMD: 4th Generation EPYC CXL DemoAMD: 4th Generation EPYC CXL Demo
AMD: 4th Generation EPYC CXL Demo
CXL Forum117 vues
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
Splunk76 vues
Data-centric AI and the convergence of data and model engineering: opportunit...Data-centric AI and the convergence of data and model engineering: opportunit...
Data-centric AI and the convergence of data and model engineering: opportunit...
Paolo Missier19 vues
Transcript: The Details of Description Techniques tips and tangents on altern...Transcript: The Details of Description Techniques tips and tangents on altern...
Transcript: The Details of Description Techniques tips and tangents on altern...
BookNet Canada99 vues
PyCon ID 2023 - Ridwan Fadjar Septian.pdfPyCon ID 2023 - Ridwan Fadjar Septian.pdf
PyCon ID 2023 - Ridwan Fadjar Septian.pdf
Ridwan Fadjar163 vues
ThroughputThroughput
Throughput
Moisés Armani Ramírez28 vues
Business Analyst Series 2023 - Week 2 Session 3Business Analyst Series 2023 - Week 2 Session 3
Business Analyst Series 2023 - Week 2 Session 3
DianaGray10307 vues
JCon Live 2023 - Lice coding some integration problemsJCon Live 2023 - Lice coding some integration problems
JCon Live 2023 - Lice coding some integration problems
Bernd Ruecker61 vues
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
Splunk170 vues
Combining Orchestration and Choreography for a Clean ArchitectureCombining Orchestration and Choreography for a Clean Architecture
Combining Orchestration and Choreography for a Clean Architecture
ThomasHeinrichs164 vues
Webinar : Competing for tomorrow’s leaders – How MENA insurers can win the wa...Webinar : Competing for tomorrow’s leaders – How MENA insurers can win the wa...
Webinar : Competing for tomorrow’s leaders – How MENA insurers can win the wa...
The Digital Insurer24 vues
Microchip: CXL Use Cases and Enabling EcosystemMicrochip: CXL Use Cases and Enabling Ecosystem
Microchip: CXL Use Cases and Enabling Ecosystem
CXL Forum107 vues
AI: mind, matter, meaning, metaphors, being, becoming, life valuesAI: mind, matter, meaning, metaphors, being, becoming, life values
AI: mind, matter, meaning, metaphors, being, becoming, life values
Twain Liu 刘秋艳28 vues
MemVerge: Memory Viewer SoftwareMemVerge: Memory Viewer Software
MemVerge: Memory Viewer Software
CXL Forum115 vues
Empathic Computing: Delivering the Potential of the MetaverseEmpathic Computing: Delivering the Potential of the Metaverse
Empathic Computing: Delivering the Potential of the Metaverse
Mark Billinghurst389 vues

Cloud Computing - Security Benefits and Risks

  • 1. Cloud Assurance Information Assurance in the Cloud by William McBorrough MSIA, CISSP, CISA, CEH Security Principal, Secure Intervention
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.

Notes de l'éditeur

  1. European Network and Information Agency LOSS OF GOVERNANCE: in using cloud infrastructures, the client necessarily cedes control to the Cloud Provider (CP) on a number of issues which may affect security. At the same time, SLAs may not offer a commitment to provide such services on the part of the cloud provider, thus leaving a gap in security defences. LOCK-IN: there is currently little on offer in the way of tools, procedures or standard data formats or services interfaces that could guarantee data, application and service portability. This can make it difficult for the customer to migrate from one provider to another or migrate data and services back to an in-house IT environment. This introduces a dependency on a particular CP for service provision, especially if data portability, as the most fundamental aspect, is not enabled.. ISOLATION FAILURE: multi-tenancy and shared resources are defining characteristics of cloud computing. This risk category covers the failure of mechanisms separating storage, memory, routing and even reputation between different tenants (e.g., so-called guest-hopping attacks). However it should be considered that attacks on resource isolation mechanisms (e.g.,. against hypervisors) are still less numerous and much more difficult for an attacker to put in practice compared to attacks on traditional OSs. COMPLIANCE RISKS: investment in achieving certification (e.g., industry standard or regulatory requirements) may be put at risk by migration to the cloud:  if the CP cannot provide evidence of their own compliance with the relevant requirements  if the CP does not permit audit by the cloud customer (CC). In certain cases, it also means that using a public cloud infrastructure implies that certain kinds of compliance cannot be achieved (e.g., PCI DSS (4)). MANAGEMENT INTERFACE COMPROMISE: customer management interfaces of a public cloud provider are accessible through the Internet and mediate access to larger sets of resources (than traditional hosting providers) and therefore pose an increased risk, especially when combined with remote access and web browser vulnerabilities. DATA PROTECTION: cloud computing poses several data protection risks for cloud customers and providers. In some cases, it may be difficult for the cloud customer (in its role as data controller) to effectively check the data handling practices of the cloud provider and thus to be sure that the data is handled in a lawful way. This problem is exacerbated in cases of multiple transfers of data, e.g., between federated clouds. On the other hand, some cloud providers do provide information on their data handling practices. Some also offer certification summaries on their data processing and data security activities and the data controls they have in place, e.g., SAS70 certification. INSECURE OR INCOMPLETE DATA DELETION: when a request to delete a cloud resource is made, as with most operating systems, this may not result in true wiping of the data. Adequate or timely data deletion may also be impossible (or undesirable from a customer perspective), either because extra copies of data are stored but are not available, or because the disk to be destroyed also stores data from other clients. In the case of multiple tenancies and the reuse of hardware resources, this represents a higher risk to the customer than with dedicated hardware. MALICIOUS INSIDER: while usually less likely, the damage which may be caused by malicious insiders is often far greater. Cloud architectures necessitate certain roles which are extremely high-risk. Examples include CP system administrators and managed security service providers. NB : the risks listed above do not follow a specific order of criticality; they are just ten of the most important cloud computing specific risks identified during the assessment. The risks of using cloud computing should be compared to the risks of staying with traditional solutions, such as desktop-based models. To facilitate this, in the main document we have included estimates of relative risks as compared with a typical traditional environment. Please note that it is often possible, and in some cases advisable, for the cloud customer to transfer risk to the cloud provider; however not all risks can be transferred : If a risk leads to the failure of a business, serious damage to reputation or legal implications, it is hard or impossible for any other party to compensate for this damage. Ultimately, you can outsource responsibility but you can't outsource accountability.
  2. European Network and Information Agency
  3. European Network and Information Agency
  4. European Network and Information Agency
  5. European Network and Information Agency
  6. European Network and Information Agency
  7. European Network and Information Agency
  8. European Network and Information Agency