Regulatory Developments

Last updated: 
2 weeks 5 days ago
Blog Manager
Log in to request membershipHide blog description
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Recent members:

Cloud Computing Security: Benefits and Risks

Tuesday, December 11, 2012 - 11:20

An interesting presentation by Giles Hogben of ENISA at TERENA’s CSIRT Task Force meeting in Heraklion last week, looking at security issues when moving to the public cloud computing model.There have been several papers on technical issues such as possible leakage of information between different virtual machines running on the same physical hardware (for example by Ristenpart et al), but the talk suggested that the major impacts actually come from the organisational change.

Here there are both risks and benefits: both arising from the fact that using a cloud (as with any type of outsourcing) means that you are depending on someone else to provide security. That could be seen as a risk, since the outsourcing organisation no longer has direct control of security measures and clouds are a “big juicy target” for attackers. However it may well be that the cloud operator is actually better  at doing security than the outsourcer: many security measures such as patch management and filtering scale very well to large systems and a cloud provider is more likely than a small or medium enterprise to be able to recruit and retain a team of security experts.

So cloud security may not be either “better” or “worse” but it’s definitely different. ENISA’s full report is definitely worth reading.

Cloud computing
  • Twitter logo
  • LinkedIn logo
  • Google+ logo
  • Reddit logo
  • StumbleUpon logo