Monday, June 6, 2011
Apple iCloud
What is Apple iCloud?
The purpose of the iCloud creation is to demote the 'PC'.
As the Apple CEO, Steve Jobs said that we are going to move the ... center of your digital life into the cloud.
The iCloud enables people to store and organize their music, documents, photos and emails across multiple devices, so this system will let Apple users access their digital media from anywhere.
What are the consequences?
Apple is jumping into cloud computing at a time when the concept is under rising scrutiny. Last week's hijecking of hundreds of Google's Gmail accounts, including those of senior U.S. government officials, underscored the vulnerability of information stored on the Web.
Security on Cloud?
The Cloud Security Alliance Cloud Controls Matrix(CCM); as a part of the CSA GRC Stack, is specifically designed to provide fundamental ecurity principles to guide cloud venders and assist prospective cloud customers in assessing the overall security risk of a cloud provider. The foundations of the CSA CCM rest on its customized relationship to other industry-accepted security standards, regulations, and controls frameworks such as ISO 27001/27002, ISACA COBIT, PCI, and NIST.
Security challenges of Cloud computing
Despite what Cloud providers and vendors promise, Cloud computing is not secure by nature. Security in the Cloud is often intangible and less visible, which inevitably creates a false sense of security and anxiety about what is actually secured and controlled. Accordingly, the security challenges related to Cloud computing are worth of a deeper attention and can relate to many different aspects.
Users control over Cloud resources - Cloud users typically have no control over the Cloud resources used and there is an inherent risk of data exposure to third
parties on the Cloud or the Cloud provider itself. From a security perspective, segregation of data containers within the technical infrastructure of Cloud computing
may be a mean to ensure that each user can at best enjoy control over its data, information or other content he entrusts to the Cloud supplier.
Data secrecy & confidentiality - Encrypting data in transit has become common practice to protect secrecy and confidentiality of data in a hostile environment.
Contrary, encrypting data at rest - while only end-users may hold the decryption keys - still poses some technical challenges. New threats emerging from new technologies -
Virtualisation and grid technologies expose cloud infrastructures to emerging and high-impact threats against hypervisors and grid controllers.
Access control and use of the data - the cloud computing architecture requires the adoption of identity and access management measures. When data
are trusted to a third party especially for handling or storage within a common user environment, appropriate precaution must be in place to ensure uninterrupted and
full control of the data owner over its data. Application & Platform Security - General purpose software, which was initially developed for internal use, is now being used within the cloud computing
environment without addressing all the fundamental risks associated to this new technology. Another consequence of the migration to Cloud computing is that the secure development lifecycle of the organisation may
need to change to accommodate the Cloud computing risk context.
Security models on Cloud computing - Migrating onto a Cloud may imply outsourcing some security activities to the Cloud provider. This may cause confusion
between Cloud provider and user regarding individual responsibilities, accountability and redress for failure to meet required standards. Means to clarify those issues
can be contracts, but also the adoption of policies, “service statements” or “Terms and Conditions” by the Cloud provider, which will clearly set forth obligations
and responsibilities of all parties involved.
Lack of reference security standards - Currently there is still a lack of generally-admissible Cloud computing standards at EU or worldwide level. The consequence
of this is uncertainty regarding the security and quality levels to be ensured by Cloud providers, but also vendor dependency for Cloud users given that every provider
uses a proprietary set of access protocols and programming interfaces for their Cloud services.
Privacy challenges of Cloud computing
In the Cloud-computing environment, Cloud providers, being by definition third parties, can host or store important data, files and records of Cloud users. In
certain forms of Cloud computing, the use of the service per se entails that personally identifiable information or content related to individual’s privacy sphere are communicated through the platform to,
sometimes, an unrestricted number of users (see, social networking paradigm). Given the volume or location of the Cloudcomputing providers, it is difficult for companies and
private users to keep at all times in control the information or data they entrust to Cloud suppliers. Some key privacy or data protection challenges that can
be characterised as particular to the Cloud-computing context are, in our view, the following: Sensitivity of entrusted information - It appears that any type of information can be hosted on, or managed
by the Cloud. No doubt that all or some of this information may be business sensitive (i.e. bank account records) or legally sensitive (i.e. health records), highly confidential or extremely valuable as company asset
(e.g. business secrets). Entrusting this information to a Cloud increases the risk of uncontrolled dissemination of that information to competitors (who can probably co-share same Cloud platform), individuals concerned
by this information or to any other third party with an interest in this information.
References
http://www.theaustralian.com.au/australian-it/exec-tech/apple-follows-googles-lead-with-icloud/story-e6frgazf-1226070826453
http://www.latimes.com/business/la-fi-apple-cloud-20110607,0,3280141.story
https://cloudsecurityalliance.org/csa-news/cloud-security-alliance-launches-cloud-controls-matrix-ccm-1-1/
http://www.deloitte.com/assets/Dcom-Belgium/Local%20Content/Articles/EN/Market%20Solutions/Cloud%20computing/dcom-be-en-cloud-security-privacy-trust.pdf
Subscribe to:
Posts (Atom)