No edit summary |
(Adding categories) |
||
| (10 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| + | == Citation == |
||
| ⚫ | |||
| + | |||
| ⚫ | |||
== Overview == |
== Overview == |
||
| − | The key conclusion of this paper is that the [[cloud]] |
+ | The key conclusion of this paper is that the [[cloud]]'s [[economies of scale]] and [[flexibility]] are both a friend and a foe from a [[security]] point of view. The massive concentrations of resources and [[data]] present a more attractive target to [[attacker]]s, but [[cloud]]-based defenses can be more [[robust]], [[scalable]] and cost-effective. This paper allows an informed assessment of the [[security risk]]s and benefits of using [[cloud computing]] — providing [[security]] guidance for potential and existing [[user]]s of [[cloud computing]]. |
| + | |||
| + | == Legal concerns == |
||
| + | |||
| + | Most legal issues involved in [[cloud computing]] will currently be resolved during [[contract]] evaluation (i.e., when making comparisons between different [[cloud service provider|provider]]s) or [[negotiation]]s. The more common case in [[cloud computing]] will be selecting between different [[contract]]s on offer in the market (contract evaluation) as opposed to [[contract negotiation]]s. However, opportunities may exist for prospective customers of [[cloud services]] to choose [[cloud service provider|provider]]s whose contracts are negotiable. |
||
| + | |||
| + | Unlike traditional [[Internet service]]s, [[standard contract clause]]s may deserve additional review because of the nature of [[cloud computing]]. The parties to a [[contract]] should pay particular attention to their rights and obligations related to notifications of [[security breach|breaches in security]], [[data transfer]]s, creation of [[derivative work]]s, change of control, and [[access]] to [[data]] by law enforcement entities. Because the [[cloud]] can be used to [[outsource]] [[critical internal infrastructure]], and the [[interruption]] of that [[infrastructure]] may have wide-ranging effects, the parties should carefully consider whether standard [[limitations on liability]] adequately represent [[allocation of risk|allocations of liability]], given the parties' use of the [[cloud]], or responsibilities for [[infrastructure]]. |
||
| + | |||
| + | Until legal precedent and regulations address [[security]] concerns specific to [[cloud computing]], customers and [[cloud service provider]]s alike should look to the terms of their [[contract]] to effectively address [[security risk]]s. |
||
[[Category:EU]] |
[[Category:EU]] |
||
[[Category:Publication]] |
[[Category:Publication]] |
||
[[Category:Security]] |
[[Category:Security]] |
||
[[Category:Cloud computing]] |
[[Category:Cloud computing]] |
||
| + | [[Category:2009]] |
||
Latest revision as of 03:59, 3 November 2013
Citation[]
European Network and Information Security Agency, Cloud Computing: Benefits, Risks and Recommendations for Information Security (Nov. 2009) (full-text).
Overview[]
The key conclusion of this paper is that the cloud's economies of scale and flexibility are both a friend and a foe from a security point of view. The massive concentrations of resources and data present a more attractive target to attackers, but cloud-based defenses can be more robust, scalable and cost-effective. This paper allows an informed assessment of the security risks and benefits of using cloud computing — providing security guidance for potential and existing users of cloud computing.
Legal concerns[]
Most legal issues involved in cloud computing will currently be resolved during contract evaluation (i.e., when making comparisons between different providers) or negotiations. The more common case in cloud computing will be selecting between different contracts on offer in the market (contract evaluation) as opposed to contract negotiations. However, opportunities may exist for prospective customers of cloud services to choose providers whose contracts are negotiable.
Unlike traditional Internet services, standard contract clauses may deserve additional review because of the nature of cloud computing. The parties to a contract should pay particular attention to their rights and obligations related to notifications of breaches in security, data transfers, creation of derivative works, change of control, and access to data by law enforcement entities. Because the cloud can be used to outsource critical internal infrastructure, and the interruption of that infrastructure may have wide-ranging effects, the parties should carefully consider whether standard limitations on liability adequately represent allocations of liability, given the parties' use of the cloud, or responsibilities for infrastructure.
Until legal precedent and regulations address security concerns specific to cloud computing, customers and cloud service providers alike should look to the terms of their contract to effectively address security risks.