Privacy and Security Implications of Cloud Computing - PowerPoint

Document Sample
Privacy and Security Implications of Cloud Computing - PowerPoint Powered By Docstoc
					Privacy and Security Implications
      of Cloud Computing
         17 November 2009 - IGF
          Laurent Bernat - OECD
    OECD Technology Foresight
    Forum on Cloud Computing

• 14 October 2009 : OECD Technology Foresight
  Forum on Cloud Computing

• Government, Business, Civil Society, Technical
  Community

• www.oecd.org/ict
               The Cloud (of buzzwords)
Community Private Cloud Regulatory Requirements
  SLA’s Private Cloud Commodity Public Cloud
                                                   Public Cloud
                                              Enterprise Public Cloud
   Closed Private Cloud Hybrid Cloud ASP Storage as a Service
  Cloud Stacks CloudBurstingWeb 3.0Software as a Service
 On-premise Inter Cloud Security 1.3a Information as a Service
Elastic Computing Infrastructure as a Service Clustering
  Off-premise Portability Management as a Service Security as a Service
Resource Democratization Platform as a Service
   Time-Sharing Web 2.0 Integration as a Service Database as a Service
Abstraction of InfrastructureProcess as a Service Interoperability
                                     Grid Computing Testing as a Service
        Hybrid Pricing Pay As You Go Hardware Virtualization
                      Consumption Desktop Virtualization
 Utility Based Pricing Presentation Virtualization
       Subscription
 Application Virtualization Virtualization

  Source: Gaurav Verma, SAS, OECD Cloud Computing Forum, 14 October 2009
             Cloud computing is…
• « A model for enabling convenient, on-demand
  network access to a shared pool of configurable
  computing resources that can be rapidly provisioned
  and released with minimal management effort or
  service provider interaction » (US NIST)
• Various flavours of the Cloud:
   – Infrastructure as a Service, Platform as a Service, Software
     as a Service (degree of user control)
   – Public Cloud, community Cloud, Private Cloud
• Difference between Cloud Computing and Web 2.0
  applications ?
           … driven by real benefits
• Many benefits
   –   Cost
   –   Speed of development
   –   Scalability
   –   Ease of use
   –   Reduction of legal complexity
   –   Environmental impact (green ICT)
   –   Security, reliability
• Many of these benefits facilitate innovation
• Concerns everybody: Individuals, SMEs, Large firms,
  Governments, NGOs
• Opportunity for development (« Could computing »)
          But there are issues…
•   Economic impact (e.g. employment)
•   Competition
•   Standards
•   Discrepancies in legal regimes
•   Environmental impact
•   Security
•   Privacy
               Security & privacy
•Security in the Cloud vs. Security today
•Security is context dependent.
•Risk assessment and management are essential
•Cloud computing makes IT truly global: it magnifies cross-border
 privacy issues
  – « Laws are inhenrently local, Cloud is inherently global »
Problems aren’t new. Their scale is.
Need to better understand the business models
                 OECD Work
• Main challenge is to devise policy approaches
  that foster security and privacy without stifling
  innovation.

• « How to turn security/privacy as a
  competitive advantage to the market rather
  than a showstopper »

• Work on economic aspects of security
                OECD Work
• 2007Recommendation on Privacy
  Law Enforcement Co-operation
• 2008 Seoul Ministerial



• Draft Report on the Changing Privacy
  Environment
30thAnniversary
Conference
(2010)


Followed by a
Review of the
Privacy
Guidelines
                Conclusion
•   Cloud computing is an important trend
•   Issues are not new. The scale is.
•   Cross-border challenges
•   International cooperation and dialogue
•   Need for innovative policies that will
    foster innovation AND security/privacy
www.oecd.org/ict