speaker: meng-ting tsai date:2011/04/26 establishing trust in cloud computing ieee computer society
TRANSCRIPT
Speaker: Meng-Ting Tsai
Date:2011/04/26
Establishing Trust in Cloud Computing
IEEE Computer Society
Outline
Introduction
What Is Trust?
A Cloud Computing Example
The Challenges of Trust
Emerging Technologies
Conclusion
112/04/20 2
Introduction(1/2)Cloud computing has opened up a new frontier of challenges by introducing a different type of trust scenario.
The challenges of trusting cloud computing don’t lie entirely in the technology itself.
A lack of transparencyA loss of control over data assetsUnclear security assurances
112/04/20 3
Introduction(2/2)
Understand the trust issues associated with cloud computing from both a technology and business perspective.
112/04/20 4
Outline
Introduction
What Is Trust?
A Cloud Computing Example
The Challenges of Trust
Emerging Technologies
Conclusion
112/04/20 5
What Is Trust?
Control
Ownership
Prevention
Security
112/04/20 6
Outline
Introduction
What Is Trust?
A Cloud Computing Example
The Challenges of Trust
Emerging Technologies
Conclusion
112/04/20 7
A Cloud Computing Example
112/04/20 8
Paas Saas
Iaas
Outline
Introduction
What Is Trust?
A Cloud Computing Example
The Challenges of Trust
Emerging Technologies
Conclusion
112/04/20 9
The Challenges of Trust(1/4)
Although CloudX provides SoftCom with a comprehensive SLA, two major trust-related factors are a concern in this scenario.
Diminishing Control
Lack of Transparency
112/04/20 10
The Challenges of Trust(2/4)Diminishing Control
In cloud computing, this lack of control over the data and processes triggers the risk of losing data confidentiality, integrity, and availability.
Cloud computing virtually requires consumers to relinquish control of running their applications and storing their data.
Lack of TransparencyThe physical location of the storage and processing sites.
The security profiles of these sites.
112/04/20 11
The Challenges of Trust(3/4)To fully trust CloudX, SoftCom needs the following assurances regarding its control of the data:
CloudX will notify SoftCom when an entity accesses its images.
CloudX and its other sites won’t keep unauthorized copies of SoftCom images.
CloudX will destroy SoftCom’s residue (temporary data, intermediate output, or data that’s no longer needed) or outdated images at all the sites that it manages.
112/04/20 12
The Challenges of Trust(4/4)SoftCom also needs three additional assurances:
The software (such as iFilter or iSearch) processing the SoftCom images must be reliable and trustworthy (control of processes).
SoftCom must know where the persistent data storage resides and the processing occurs (physical location).
CloudX must make its service-level security properties transparent to SoftCom (security profiles).
112/04/20 13
Outline
Introduction
What Is Trust?
A Cloud Computing Example
The Challenges of Trust
Emerging Technologies
Conclusion
112/04/20 14
Emerging Technologies
112/04/20 15
Outline
Introduction
What Is Trust?
A Cloud Computing Example
The Challenges of Trust
Emerging Technologies
Conclusion
112/04/20 16
Conclusion
Any new technology must gradually build its reputation for good performance and security, earning users’ trust over time.
To regain consumers’ trust, cloud providers must offer better transparency and more consumer control of data and processes.
112/04/20 17