Archive

Archive for the ‘cloud computing’ Category

CRS — Cybersecurity – Authoritative Reports and Resources (updated)

February 19, 2014 Comments off

Cybersecurity – Authoritative Reports and Resources (PDF)
Source: Congressional Research Service (via MSPB Watch)

This report provides references to analytical reports on cybersecurity from CRS, other government agencies, trade associations, and interest groups. The reports and related websites are grouped under the following cybersecurity topics:

• policy overview
• National Strategy for Trusted Identities in Cyberspace (NSTIC)
• cloud computing and FedRAMP
• critical infrastructure
• cybercrime, data breaches and data security
• national security, cyber espionage, and cyberwar (including Stuxnet)
• international efforts
• education/training/workforce
• research and development (R&D)

In addition, the report lists selected cybersecurity-related websites for congressional and government agencies, news, international organizations, and organizations or institutions.

About these ads

Fordham Law National Study Finds Public School Use of Cloud Computing Services Causes Data Privacy Problems

January 3, 2014 Comments off

Fordham Law National Study Finds Public School Use of Cloud Computing Services Causes Data Privacy Problems
Source: Center on Law and Information Policy (Fordham Law School)

Fordham Law School’s Center on Law and Information Policy (CLIP) today released a report on how school districts address privacy when they transfer student information to cloud computing service providers. The report marks the nation’s first in-depth analysis of this increasingly contentious issue.

The study found that as public schools in the United States rapidly adopt cloud-computing services to fulfill their educational objectives and take advantage of new technologically enabled opportunities, they transfer increasing quantities of student information to third-party providers, without requiring basic privacy protections such as strong data security measures and limitations on commercial data mining. As a result, school districts frequently fall short of federal privacy standards and of community expectations for children’s privacy.

Cloudy with a Chance of Success: Contracting for the Cloud in Government

December 4, 2013 Comments off

Cloudy with a Chance of Success: Contracting for the Cloud in Government
Source: IBM Center for the Business of Government

With the movement of government activities to leverage cloud computing, government agencies are now increasingly writing and negotiating contracts with cloud service providers. While agencies have been writing and negotiating contracts for many years, contracts for cloud services present a special set of challenges. In this important report, Shannon Tufts and Meredith Weiss present a detailed analysis of 12 major issues that need to be addressed in all cloud contracts. In addition to traditional issues such as pricing, cloud computing contracts require that a variety of data assurance issues be addressed, including data ownership, access to data, disposition of data, data breaches, and data storage location.

This report is based on a detailed analysis of five public sector contracts in North Carolina for cloud services. The five case studies included a local government, a state agency, a higher education institution, a local public health organization, and a K-12 public school system. Based on these case studies, the authors developed a series of recommendations for government organizations to guide them in the writing and negotiating of contracts for cloud services.

Interactive Genomics: Rapidly Querying Genomes in the Cloud

November 20, 2013 Comments off

Interactive Genomics: Rapidly Querying Genomes in the Cloud
Source: Microsoft Research

Genome sequence data is now “Big Data” in both volume and velocity. Joined with medical records, genome data can be mined for insights for treating disease. Genomics today is dominated by batch processing: simple analytical questions take days to answer. We propose instead that genomics be made interactive so that queries on a large genome database in the cloud are answered across the network in seconds. Towards this vision, we introduce a query language, Genome Query Language (GQL), in which intervals are first class, and joins are based on intersection not equality. GQL can be used to query for large structural variations on the TCGA cancer archive using only 5-10 lines of high level code that takes around 60 seconds to execute in the Azure cloud on an input BAM file of 83 GB. GQL results can be incrementally deployed both on the UCSC browser and by refactoring an existing variant caller to provide 6x speedup. Our paper focuses on the system design and five key optimizations — cached parsing, lazy joins, materialized views and chromosomal parallelism — that speed up query processing by 100x. We also reflect on 3 years of experience designing and using GQL.

Cloud Computing for Small Business: Criminal and Security Threats and Prevention Measures

November 13, 2013 Comments off

Cloud Computing for Small Business: Criminal and Security Threats and Prevention Measures (PDF)
Source: Australian Institute of Criminology

Compared with large organisations, small businesses operate in a distinct and highly resource-constrained operating and technical environment. Their proprietors are often time poor, have minimal bargaining power and have limited financial, technical, legal and personnel resources. It is therefore unsurprising that cloud computing and its promise of smoothing cash flows and dramatically reducing ICT overheads is attractive to small business. Cloud computing shifts the delivery and maintenance of software, databases and storage to the internet, transforming them into Pay-As-You-Go services accessed through a web browser. While providing many benefits, cloud computing also brings many risks for small business, including potential computer security and criminal, regulatory and civil liability issues. This paper, undertaken as a collaborative partnership with the ARC Centre of Excellence in Policing and Security at Griffith University, identifies these risks and offers a perspective on how they might be contained so that the benefits of cloud computing do not outweigh the risks for small businesses in the 21st century.

Emerging Cyberthreats Report 2014

November 8, 2013 Comments off

Emerging Cyberthreats Report 2014
Source: Georgia Institute of Technology
From press release:

As more businesses find their way into the cloud, few engage in security measures beyond those provided by the associated cloud storage firm, a new report from Georgia Tech notes. Even fewer seek heightened data protection because of concerns that usability and access to remote data would be significantly reduced.

These concerns are among findings made by the Georgia Tech Information Security Center (GTISC) and the Georgia Tech Research Institute (GTRI) in today’s release of the Georgia Tech Emerging Cyber Threats Report for 2014. The report was released at the annual Georgia Tech Cyber Security Summit, a gathering of industry and academic leaders who have distinguished themselves in the field of cyber security.

In related findings, the report reveals security issues involving the “Internet of Things,” referring to the notion that the increase of Internet-capable devices could create opportunities remote hacking and data leakage. With everything from home automation to smartphones and other personal devices becoming connected to the Internet, these devices will capture more real-world information and could permit outside parties, companies, and governments to misuse that information.

In the mobile space, even though designers of mobile devices and tablets have developed a robust ecosystem to prevent large-scale device compromises, the report finds that the threat of malicious and potentially targeted use remains. Earlier this year, researchers at Georgia Tech reported that they found ways to bypass the vetting process of Apple’s App Store and subsequently showed how malicious USB chargers can be used to infect Apple iOS devices.

What does the Commission mean by secure Cloud computing services in Europe?

October 15, 2013 Comments off

What does the Commission mean by secure Cloud computing services in Europe?
Source: European Commission

Europe should aim to be the world’s leading ‘trusted cloud region’.

Widespread adoption of cloud computing is essential for improving productivity levels in the European economy; but the spread of cloud could slow in light of recent revelations about PRISM and other surveillance programmes. These surveillance revelations have also led to calls for national or regional cloud computing initiatives.

This challenge must be addressed and also turned into a Europe-wide opportunity: for companies operating in Europe to offer the trusted cloud services that more and more users are demanding globally.

The Commission is strongly against a “Fortress Europe” approach to cloud computing. We need instead a single market for cloud computing. For example the proposal for the data protection regulation will provide a uniform legal base for the protection of personal data in Europe. The fundamental principle at stake is the need to look beyond borders when it comes to cloud computing. Separate initiatives or a Fortress Europe approach is not going to work.

Achieving this ambition is not a task for the European Commission alone, it begins the cloud providers themselves and includes all stakeholders: Member States, industry and individual users.

CRS — Cybersecurity: Authoritative Reports and Resources (9/20/13)

October 1, 2013 Comments off

Cybersecurity: Authoritative Reports and Resources (PDF)
Source: Congressional Research Service (via U.S. Department of State Foreign Press Center)

Cybersecurity vulnerabilities challenge governments, businesses, and individuals worldwide. Attacks have been initiated by individuals, as well as countries. Targets have included government networks, military defenses, companies, or political organizations, depending upon whether the attacker was seeking military intelligence, conducting diplomatic or industrial espionage, or intimidating political activists. In addition, national borders mean little or nothing to cyberattackers, and attributing an attack to a specific location can be difficult, which also makes a response problematic.

Congress has been actively involved in cybersecurity issues, holding hearings every year since 2001. There is no shortage of data on this topic: government agencies, academic institutions, think tanks, security consultants, and trade associations have issued hundreds of reports, studies, analyses, and statistics.

This report provides links to selected authoritative resources related to cybersecurity issues. This report includes information on
• “Legislation”
• “Executive Orders and Presidential Directives”
• “Data and Statistics”
• “Cybersecurity Glossaries”
• “CRS Reports by Topic”
• Government Accountability Office (GAO) reports
• White House/Office of Management and Budget reports
• Military/DOD
• Cloud Computing
• Critical Infrastructure
• National Strategy for Trusted Identities in Cyberspace (NSTIC)
• Cybercrime/Cyberwar
• International
• Education/Training/Workforce
• Research and Development (R&D)
• “Related Resources: Other Websites”

The report will be updated as needed.

Towards a Holistic Data Center Simulator

September 19, 2013 Comments off

Towards a Holistic Data Center Simulator
Source: Microsoft Research

Data center (DC) design has become increasingly important with the rapid growth of cloud computing and online services. The rapid growth rate makes them a significant consumer on the energy grid. Differences in environmental operating conditions, energy price and availability, network bandwidth and latency, as well as unpredictable user demand pose significant challenges for determining the right size, density, and energy sources for data centers. Data from real data centers is often proprietary and severely limits academia and research institutions from addressing these challenges. Building a data center testbed for research is not only cost prohibitive (e.g., a 1 MW datacenter costs approximately $10 Million- $22 Million [1]) but is also difficult to continually upgrade or explore diversified technologies and industry practices.

Existing modeling, design methodologies and tools are not capable of capturing the scale and heterogeneity in complex systems like data centers. To effectively model performance, energy consumption, energy technologies, network, server trends, failure recovery, and varied operational scenarios, we propose coordinated research efforts to build a DC level full system modeling and simulation platform that enables researchers to investigate multiple DC design aspects for energy and resource efficiency.

What Do You See In The Cloud? Understanding the Cloud-Based User Experience through Practices

September 4, 2013 Comments off

What Do You See In The Cloud? Understanding the Cloud-Based User Experience through Practices
Source: Microsoft Research

End users have begun to incorporate cloud-based services into their collaborative practices. What spurs and constrains this adoption? Are the cloud services understood adequately and used effectively? How might we intervene to promote a better connection between user practices and cloud services? In this study, we focus on collaborative practices that surround the adoption, use, and understanding of two popular, but sometimes contrasting, cloud services for creating and sharing content: Dropbox and Google Docs. We conducted 22 in-depth interviews with people who used these services, including collaborators who used the services together, and people who had migrated from Google Docs to Google Drive. We found that users thought of the cloud in terms of the practices it helped them accomplish. Their understanding of the cloud was often shaped by the particular file storage and sharing technologies the cloud was re-placing (remediation). Furthermore, collaborating with others through the cloud sometimes revealed different assumptions about how the cloud worked, leading users to develop socially negotiated practices around their use of the cloud. We use this analysis to identify some specific opportunities for designers to help users build more accurate conceptual models of the cloud and use its capabilities more fully: (1) when users are adopting the cloud to enact a practice; (2) when users are replacing an existing technology with the cloud; and (3) when users are encountering others’ practices through collaboration.

High Interest CRS Report — Cybersecurity: Authoritative Reports and Resources

July 24, 2013 Comments off

Cybersecurity: Authoritative Reports and Resources (PDF)
Source: Congressional Research Service (via Federation of American Scientists)

Cybersecurity vulnerabilities challenge governments, businesses, and individuals worldwide. Attacks have been initiated by individuals, as well as countries. Targets have included government networks, military defenses, companies, or political organizations, depending upon whether the attacker was seeking military intelligence, conducting diplomatic or industrial espionage, or intimidating political activists. In addition, national borders mean little or nothing to cyberattackers, and attributing an attack to a specific location can be difficult, which also makes a response problematic.

Congress has been actively involved in cybersecurity issues, holding hearings every year since 2001. There is no shortage of data on this topic: government agencies, academic institutions, think tanks, security consultants, and trade associations have issued hundreds of reports, studies, analyses, and statistics.

This report provides links to selected authoritative resources related to cybersecurity issues. This report includes information on

• “Legislation”
• “Executive Orders and Presidential Directives”
• “Data and Statistics”
• “Cybersecurity Glossaries”
• “Reports by Topic”
• Government Accountability Office (GAO) reports
• White House/Office of Management and Budget reports
• Military/DOD
• Cloud Computing
• Critical Infrastructure
• National Strategy for Trusted Identities in Cyberspace (NSTIC)
• Cybercrime/Cyberwar
• International
• Education/Training/Workforce
• Research and Development (R&D)
• “Related Resources: Other Websites”

The report will be updated as needed.

CRS — Cloud Computing: Constitutional and Statutory Privacy Protections

April 1, 2013 Comments off

Cloud Computing: Constitutional and Statutory Privacy Protections (PDF)

Source: Congressional Research Service (via Federation of American Scientists)

Cloud computing is fast becoming an integral part of how we communicate with one another, buy music, share photos, conduct business, pay our bills, shop, and bank. Many of the activities that once occurred solely in the physical world, including communications with one another, are increasingly moving to the digital world. What was once a letter to a friend is now a Facebook message; a call to a loved one is now a Skype chat; a private meeting with a business partner is now a video conference call. In short, the cloud is revolutionizing not only how we compute, but also how we live. Where individuals once locked personal or business papers solely in a desk drawer or filing cabinet, they now also store them on someone else’s computer.

In short, cloud computing is a web-based service that allows users to access anything from e-mail to social media on a third-party computer. For instance, Gmail and Yahoo are cloud-based email services that allow users to access and store emails that are saved on each respective service’s computer, rather than on the individual’s computer. As more communications are facilitated through these cloud-based programs, it is no surprise that government and law enforcement would seek to access this stored information to conduct criminal investigations, prevent cyber threats, and thwart terrorist attacks, among other purposes. This prompts the following questions: (1) What legal protections are in place for information shared and stored in the cloud? (2) What legal process must the government follow to obtain this information? and (3) How do these rules differ from those applied in the physical world?

Protections of communications in the physical world flow from the Fourth Amendment and various federal statutes such as the Electronic Communications Privacy Act of 1986 (ECPA), which includes the Stored Communications Act (SCA). Under the Fourth Amendment, government officials are generally prohibited from accessing an individual’s communication, such as tapping into a telephone call or opening a postal letter, without first obtaining judicial approval. In the digital world, courts have by and large required law enforcement to acquire a warrant before accessing the contents of electronic communications, but have permitted law enforcement to access non-content information such as routing data with lesser process. These cases do not seem to distinguish between cloud-based and traditional forms of Internet services.

Federal courts have applied the SCA to various electronic communications including e-mails, messages sent on social networking sites like Facebook and MySpace, and movies posted on video-sharing sites like YouTube. The process for obtaining these communications under the SCA depends on how long the information has been stored with the service provider and how the provider is classified under the SCA. The relatively few cases dealing with cloud computing have required lesser legal process for accessing electronic communications sent via cloud-based services than traditional forms of Internet computing.

In light of this rapidly changing technology, there have been several legislative proposals to augment the Fourth Amendment’s protections for digital communications and update existing statutory protections like the SCA for information shared and stored in the cloud.

EDPS: responsibility in the Cloud should not be up in the air

November 16, 2012 Comments off

EDPS: responsibility in the Cloud should not be up in the air (PDF)

Source: European Data Protection Supervisor

Today, the European Data Protection Supervisor (EDPS) adopted his opinion on the Commission Communication on "Unleashing the potential of Cloud Computing in Europe" in which the Commission proposes key actions and policy steps to speed up the use of cloud computing services in Europe. The EDPS Opinion not only reacts to the Communication but also highlights the data protection challenges created by cloud computing and how the proposed Data Protection Regulation will tackle them when the reformed rules come into effect.

While many businesses, public authorities and consumers expect to benefit from a reduction in IT services costs and/or access to better services when using cloud computing, the main issue of concern for cloud customers is whether the system is reliable and trustworthy and that data processing operations can be carried out in compliance with data protection rules.

Peter Hustinx, EDPS, says: "Cloud computing can bring enormous benefits to individuals and organisations alike but it must also provide an adequate level of protection. Currently, many cloud customers, including members of social media, have little influence over the terms and conditions of the service offered by cloud providers. We must ensure that the cloud service providers do not avoid taking responsibility and that cloud customers are able to fulfil their data protection obligations. The complexity of cloud computing technology does not justify any lowering of data protection standards."

GovCloud: The future of government work

July 30, 2012 Comments off

GovCloud: The future of government work
Source: Deloitte
From press release:

According to GovCloud: The future of government work, a report launched today by Deloitte Touche Tohmatsu Limited (DTTL), today’s government is being asked to solve the problems of the 21st century with a workforce and managerial structure designed for a different era. The report offers a potential alternative framework, the GovCloud model, which is a collaborative teaming environment that supports shared services, workplace flexibility, and scalable, on-demand capabilities.

“The GovCloud model represents a dramatic departure from the status quo,” says Paul Macmillan, Global Industry Leader, Public Sector, DTTL. “The concept would use a cadre of government-wide workers to help small agencies adapt to evolving circumstances and thereby leverage changes in work, workers, workplaces, processes, and technologies.”

Just as cloud computing is revolutionizing the way businesses and governments use technology, GovCloud has the potential to transform how governments organize their workforces, according to the report. GovCloud would allow on-demand access to shared resources by having workers reside in a central talent pool—or “cloud”—accessible by numerous agencies. Cost efficiencies would be optimized since each individual agency would not have to maintain and manage a large workforce. And GovCloud would be dynamically scalable, with resources that could be quickly shifted from low-need to high-need programs without hiring new workers or setting up new departments or agencies.

How to Track Your Data: Rule-Based Data Provenance Tracing Algorithms

July 26, 2012 Comments off

How to Track Your Data: Rule-Based Data Provenance Tracing Algorithms
Source: HP Labs

As cloud computing and virtualization technologies become mainstream, the need to be able to track data has grown in importance. Having the ability to track data from its creation to its current state or its end state will enable the full transparency and accountability in cloud computing environments. In this paper, we showcase a novel technique for tracking end-to-end data provenance, a meta-data describing the derivation history of data. This breakthrough is crucial as it enhances trust and security for complex computer systems and communication networks. By analyzing and utilizing provenance, it is possible to detect various data leakage threats and alert data administrators and owners; thereby addressing the increasing needs of trust and security for customers’ data. We also present our rule-based data provenance tracing algorithms, which trace data provenance to detect actual operations that have been performed on files, especially those under the threat of leaking customers’ data. We implemented the cloud data provenance algorithms into an existing software with a rule correlation engine, show the performance of the algorithms in detecting various data leakage threats, and discuss technically its capabilities and limitations.

Tracking of Data Leaving the Cloud

July 20, 2012 Comments off

Tracking of Data Leaving the Cloud
Source: HP Labs

Data leakages out of cloud computing environments are fundamental cloud security concerns for both the end- users and the cloud service providers. A literature survey of the existing technologies revealed the inadequacies of current technologies and the need for a new methodology. This position paper discusses the requirements and proposes a novel auditing methodology that enables tracking of data transferred out of Clouds. Initial results from our prototypes are reported. This research is aligned to our vision that by providing transparency, accountability and audit trails for all data events within and out of the Cloud, trust and confidence can be instilled into the industry as users will get to know what exactly is going on with their data in and out of the Cloud.

New From the GAO

July 11, 2012 Comments off

New GAO Reports

Source: Government Accountability Office

1. Information Technology Reform: Progress Made but Future Cloud Computing Efforts Should be Better Planned. GAO-12-756, July 11.
http://www.gao.gov/products/GAO-12-756
Highlights – http://www.gao.gov/assets/600/592250.pdf
Podcast – http://www.gao.gov/multimedia/podcasts/592234

2. Ryan White Care Act: Improvements Needed in Oversight of Grantees. GAO-12-610, June 11.
http://www.gao.gov/products/GAO-12-610
Highlights – http://www.gao.gov/assets/600/591497.pdf

Privacy, Security and Trust in Cloud Computing

July 8, 2012 Comments off

Privacy, Security and Trust in Cloud Computing
Source: HP Labs

Cloud computing refers to the underlying infrastructure for an emerging model of service provision that has the advantage of reducing cost by sharing computing and storage resources, combined with an on-demand provisioning mechanism relying on a pay- per-use business model. These new features have a direct impact on information technology (IT) budgeting but also affect traditional security, trust and privacy mechanisms. The advantages of cloud computing – its ability to scale rapidly, store data remotely, and share services in a dynamic environment – can become disadvantages in maintaining a level of assurance sufficient to sustain confidence in potential customers. Some core traditional mechanisms for addressing privacy (such as model contracts) are no longer flexible or dynamic enough, so new approaches need to be developed to fit this new paradigm. In this chapter we assess how security, trust and privacy issues occur in the context of cloud computing and discuss ways in which they may be addressed.

From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud

June 29, 2012 Comments off

From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud
Source: Social Science Research Network

This paper explains how changing technology, especially the rising adoption of encryption, is shifting law enforcement and national security lawful access to far greater emphasis on stored records, notably records stored in the cloud. The major and growing reliance on surveillance access to stored records results from the following changes:

      Encryption. Adoption of strong encryption is becoming much more common for data and voice communications, via virtual private networks, encrypted webmail, SSL web sessions, and encrypted Voice over IP voice communications.

        Declining effectiveness of traditional wiretaps. Traditional wiretap techniques at the ISP or local telephone network increasingly encounter these encrypted communications, blocking the effectiveness of the traditional techniques.

          New importance of the cloud. Government access to communications thus increasingly relies on a new and limited set of methods, notably featuring access to stored records in the cloud.

            The “haves” and “have-nots.” The first three changes create a new division between the “haves” and “have-nots” when it comes to government access to communications. The “have-nots” become increasingly dependent, for access to communications, on cooperation from the “have” jurisdictions.

          Part 1 of the paper describes the changing technology of wiretaps and government access. Part 2 documents the growing adoption of strong encryption in a wide and growing range of settings of interest to government agencies. Part 3 explains how these technological trends create a major shift from real-time intercepts to stored records, especially in the cloud.

CRS — Cybersecurity: Authoritative Reports and Resources

May 8, 2012 Comments off

Cybersecurity: Authoritative Reports and Resources (PDF)
Source: Congressional Research Service (via Federation of American Scientists)

Cybersecurity vulnerabilities challenge governments, businesses, and individuals worldwide. Attacks have been initiated by individuals, as well as countries. Targets have included government networks, military defenses, companies, or political organizations, depending upon whether the attacker was seeking military intelligence, conducting diplomatic or industrial espionage, or intimidating political activists. In addition, national borders mean little or nothing to cyberattackers, and attributing an attack to a specific location can be difficult, which also makes a response problematic.

Congress has been actively involved in cybersecurity issues, holding hearings every year since 2001. There is no shortage of data on this topic: government agencies, academic institutions, think tanks, security consultants, and trade associations have issued hundreds of reports, studies, analyses, and statistics.

This report provides links to selected authoritative resources related to cybersecurity issues. This report includes information on

  • “Legislation”
  • “Hearings in the 112th Congress”
  • “Executive Orders and Presidential Directives”
  • “Data and Statistics”
  • “Cybersecurity Glossaries”
  • “Reports by Topic”
  • Government Accountability Office (GAO) reports
  • White House/Office of Management and Budget reports
  • Military/DoD
  • Cloud Computing
  • Critical Infrastructure
  • National Strategy for Trusted Identities in Cyberspace (NSTIC)
  • Cybercrime/Cyberwar
  • International
  • Education/Training/Workforce
  • Research and Development (R&D)
  • “Related Resources: Other Websites”

The report will be updated as needed.

Follow

Get every new post delivered to your Inbox.

Join 785 other followers