Security and Privacy in Cloud Computing

Overview

Cloud Computing is a new paradigm for the IT industry. IT services such as infrastructures, platforms and applications are provided remotely, over the Internet. Resources are virtualized. Services are provisioned and de-provisioned on demand, controlled directly by the end users through self-service interfaces. Clouds may be deployed within an organization ("private cloud"), but usually one cloud serves a number of customers ("public cloud"), ranging from few to potentially billions of customers. Increasingly mobile devices (e.g., Apple's iPad) are used to access cloud services -- pointing to a future where IT is a utility like electricity or water, available anytime and everywhere to everybody, and users access IT through personally owned, powerful, mobile clients.

The basic ingredients of Cloud Computing are well known. New challenges are introduced through the specific technologies (e.g., self-service interface to service management softare, massively multi-tenant middleware, low-end hypervisors, cryptography supporting computations on encrypted data) and use cases (e.g., portability of workloads between different clouds, security and risk profiles of clouds, personally owned and powerful mobile devices as universal access devices for cloud computing, on-demand pricing of cloud services, deperimeterization of IT).

More information

• Security and Cloud Computing; by Michael Waidner; Lecture; Universität Stuttgart / IBM Research and Development, November 2011.
• Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance; by Tim Mather, Subra Kumaraswamy, Shahed Latif; O'Reilly, September 2009.
•  Cloud Security Alliance (CSA)