Successfully addressing the privacy, trust and security risks inherent in deployments of cloud computing represents a complex and difficult challenge for one significant reason: the widespread use of cloud technologies brings into sharper focus linkages among issues that formerly were firmly within the purview of ‘stove–piped’ regulatory or technological approaches or domains.

Although the technologies and legal or compliance requirements associated with the cloud may not be new or particularly innovative (for example, the audit requirements resemble those required for outsourcing arrangements), the public policy challenge hinges on whether their combination in a cloud environment undermines or degrades current...

A definition of cloud computing based on a consolidation of the available literature is provided here, as well as an examination of the operational and strategic motivations pushing organisations and individuals to exploit the capabilities of cloud computing.

The starting point for any public policy analysis is the definition of terms and concepts. In light of its novelty there are many definitions of cloud computing. Based on an analysis of twenty such definitions Vaquero et al. find that the literature appears to be converging on the following operational definition:

Clouds are a large pool of easily usable and accessible virtualised...

Having reviewed cloud computing definitions and drivers in the previous chapter, the security, privacy and trust implications of cloud computing will now be examined.

Before assessing the literature dealing with security, privacy and trust in the cloud, it is important to define these terms because their currency and usage can change radically in different contexts. This document uses the following definitions or concepts:

Security concerns the confidentiality, availability and integrity of data or information. Security may also include authentication and non–repudiation.

Privacy concerns the expression of or adherence to various legal and nonlegal norms. In the European context this...

This chapter provides an analysis of the technological challenges of cloud computing and associated services, and will support the argument that the benefits of using clouds hinge on finding appropriate technological answers to the security, privacy and trust challenges. The starting point of this analysis is that cloud technologies are on the whole not new, but that their development has been revitalised by cloud computing. Development paths as they appear in the literature will be examined.

Taking into consideration the US NIST definition, a number of challenges for security, privacy and trust from the underlying technological drivers of cloud computing...

Against the backdrop of the technologically orientated challenges introduced in the previous chapters, it is clear that there are also substantial legal aspects to be taken into consideration for the provisions of cloud computing services. While these challenges are global in nature, the normative response may vary substantially from region to region or even from service to service. Diverging interpretations and legal uncertainties could well endanger the development of innovative cloud service models, as they can adversely affect the trustworthiness of such services: how can users invest in the cloud without a clear perspective on the compliance of the chosen...

The two preceding chapters provided a summary overview of the main legal and technical issues that can present challenges to the deployment and use of cloud services, and also examined what the impact of these issues was on cloud services in practice.

Table 3, below, combines the tables from the previous chapters and provides an overview of many of the key legal and technical concerns found in the literature reviewed, and maps them against the resulting security, privacy and trust implications. As can be seen, some issues such as availability, accountability and integrity appear relatively frequently. Unsurprisingly, each specific identified...

As has been illustrated in the previous chapters of this report there are a range of concerns, challenges and uncertainties relating to the security, privacy and trust issues associated with the use of cloud computing. These may be inherent in the underlying technical components or drivers of cloud computing, such as virtualisation and web services, or the legal or regulatory frameworks that surround cloud computing, such as the identification of applicable law and data protection/privacy compliance.

In any respect, the characteristics of cloud computing (shared to a certain extent with outsourcing) relating to security or privacy may be seen as...

This chapter presents an overview of gaps in various aspects of current European policy approaches relevant to cloud computing. The available approaches will be characterised, including legislation, standards, guidelines, support to implementation and R&D. This gap analysis is designed to indicate where (from the literature, case studies, interviews and expert workshop) gaps, problems, challenges or inadequacies exist in current European policy approaches to addressing the previously identified security, privacy and trust issues of cloud computing.

Three distinct policy domains of relevance can be identified: legislation, implementation and ICT research. With respect to identifying gaps in legislation, some may be wording...

Addressing the security and privacy challenges of cloud computing is a complex undertaking since it requires a combination of technological solutions and legal approaches that is capable of addressing operational realities and concerns. The extent of the technical, legal and operational challenges has been presented in the preceding chapters, and it is clear that an appropriate policy framework will be needed to address these challenges in a way that reconciles business drivers with public interests, while avoiding the pitfall of imposing burdens that put European businesses at a competitive disadvantage. However, the novelty of the subject has led to a...

This research study has shown that the emergent landscape for cloud computing is characterised by a number of challenges for security, privacy and trust. In many respects these challenges are not new (some exhibiting similarities with outsourcing), but cloud computing models brings them into sharper focus. These challenges exist in relation to the use of specific technologies in the cloud context as well as existent or latent vulnerabilities in the technological building blocks comprising different cloud computing deployments. There are also important questions in respect of the pertinent legal and regulatory domains as applied to cloud computing, most notably relating...