Privacy and Security Implications of Cloud Computing - PowerPoint

Document Sample
Privacy and Security Implications of Cloud Computing - PowerPoint Powered By Docstoc
					Privacy and Security Implications
      of Cloud Computing
         17 November 2009 - IGF
          Laurent Bernat - OECD
    OECD Technology Foresight
    Forum on Cloud Computing

• 14 October 2009 : OECD Technology Foresight
  Forum on Cloud Computing

• Government, Business, Civil Society, Technical

               The Cloud (of buzzwords)
Community Private Cloud Regulatory Requirements
  SLA’s Private Cloud Commodity Public Cloud
                                                   Public Cloud
                                              Enterprise Public Cloud
   Closed Private Cloud Hybrid Cloud ASP Storage as a Service
  Cloud Stacks CloudBurstingWeb 3.0Software as a Service
 On-premise Inter Cloud Security 1.3a Information as a Service
Elastic Computing Infrastructure as a Service Clustering
  Off-premise Portability Management as a Service Security as a Service
Resource Democratization Platform as a Service
   Time-Sharing Web 2.0 Integration as a Service Database as a Service
Abstraction of InfrastructureProcess as a Service Interoperability
                                     Grid Computing Testing as a Service
        Hybrid Pricing Pay As You Go Hardware Virtualization
                      Consumption Desktop Virtualization
 Utility Based Pricing Presentation Virtualization
 Application Virtualization Virtualization

  Source: Gaurav Verma, SAS, OECD Cloud Computing Forum, 14 October 2009
             Cloud computing is…
• « A model for enabling convenient, on-demand
  network access to a shared pool of configurable
  computing resources that can be rapidly provisioned
  and released with minimal management effort or
  service provider interaction » (US NIST)
• Various flavours of the Cloud:
   – Infrastructure as a Service, Platform as a Service, Software
     as a Service (degree of user control)
   – Public Cloud, community Cloud, Private Cloud
• Difference between Cloud Computing and Web 2.0
  applications ?
           … driven by real benefits
• Many benefits
   –   Cost
   –   Speed of development
   –   Scalability
   –   Ease of use
   –   Reduction of legal complexity
   –   Environmental impact (green ICT)
   –   Security, reliability
• Many of these benefits facilitate innovation
• Concerns everybody: Individuals, SMEs, Large firms,
  Governments, NGOs
• Opportunity for development (« Could computing »)
          But there are issues…
•   Economic impact (e.g. employment)
•   Competition
•   Standards
•   Discrepancies in legal regimes
•   Environmental impact
•   Security
•   Privacy
               Security & privacy
•Security in the Cloud vs. Security today
•Security is context dependent.
•Risk assessment and management are essential
•Cloud computing makes IT truly global: it magnifies cross-border
 privacy issues
  – « Laws are inhenrently local, Cloud is inherently global »
Problems aren’t new. Their scale is.
Need to better understand the business models
                 OECD Work
• Main challenge is to devise policy approaches
  that foster security and privacy without stifling

• « How to turn security/privacy as a
  competitive advantage to the market rather
  than a showstopper »

• Work on economic aspects of security
                OECD Work
• 2007Recommendation on Privacy
  Law Enforcement Co-operation
• 2008 Seoul Ministerial

• Draft Report on the Changing Privacy

Followed by a
Review of the
•   Cloud computing is an important trend
•   Issues are not new. The scale is.
•   Cross-border challenges
•   International cooperation and dialogue
•   Need for innovative policies that will
    foster innovation AND security/privacy