Risks

Potential risks related to Cloud Computing

The biggest perceived barriers for both consumer and SME take-up of cloud computing are lack of privacydata securityprovider lock-inlack of standardisation, and jurisdictional issues relating to applicable law and law enforcement access to data.

Data security and privacy

Potential general data security risks arising from cloud computing relate to: an increase in threats to data confidentiality due to the concentration of data on common cloud infrastructure; the loss of IT control and governance by organisations using cloud services; and an increased risk of data interception in authentication and transmission procedures.

Multiple approaches exist to tackle these vulnerabilities, such as differentiation of the level of security needed by sensitivity of data or use of a ‘private cloud’ managed by the organisation itself or a provider. Additional data security assurance could also be provided through a form of audit and certification systems of cloud services providers.  

Data security and standards

Transparency is often lacking in providers’ provisions concerning data security, in particular a lack of data integrity guarantees combined with disclaimers of liability clauses in contracts; a lack of standards regarding data control and security; and often unclear and incomplete information concerning security and privacy on cloud providers’ websites.

Jurisdiction and standards

Law-abiding consumers or business users storing their data in the cloud may well be affected by compulsory orders for disclosure, without notification, as in a public or shared cloud authorities may seize the servers or computers containing personal information of the guilty and innocent alike; this is compounded by a lack of standards in providers’ ‘thresholds’ of disclosure.

Jurisdiction

The main challenges surrounding the legal issues regarding privacy relate to: ambiguities as to the role of the cloud service provideruncertainty regarding applicability of EU laws; the need for more effective data protectionuncertainty regarding laws governing international data transfers, and the lack of universality in data protection legislation.

Source: Fielder A. et al., Cloud computing, Study prepared for the European Parliament's Committee on Internal Market and Consumer Protection, 2012, http://www.europarl.europa.eu/committees/en/studiesdownload.html?languageDocument=EN&file=73411. p.47.

CloudWATCH: taking SMEs to the cloud with the European CloudScout

Thursday, 24 September, 2015 - 14:45

More and more small businesses are using the cloud to access markets more quickly, scale and grow without initial up-front costs needed for tradition IT infrastructures. Organisations that are not using the cloud need to start their cloud journey as soon as possible, particularly small and medium-sized businesses.

CloudWATCH2: Takeaways from Cloud for Europe Certification Workshop

Monday, 14 September, 2015 - 16:15
A key takeaway of the workshop is the complexity of risk assessment for cloud services. There is a general lack of standards in cloud-specific risk assessment. An Existing ISO standard relates mainly to ICT security so there is a gap there. ENISA have identified 150 cloud risks and the Cloud Security Alliance 133 cloud controls. However, clearly checking and mapping these is a massive job for companies and is usually just too large especially for SMEs.

Cloud and Big Data: How they transform the banking industry - 14 July 2015

 

The panel of experts included Gino Thielemans, Head of IT Supervision, National Bank of Belgium; Noémie Papp, Legal Adviser, Consumer Affairs and Coordinator Digital issues, European Banking Federation; and Bruno Schroder, National Technology Officer, Microsoft. It was moderated by Florian Damas, Alcatel-Lucent, and Vice Chair, Cloud Council, DIGITALEUROPE.

 

Cloud services, the gateway to big, free-flowing and properly protected data? - 3 February 2015

Many innovative applications using cloud services and big data rely on trans-border data flows. Following the Snowden revelations and increased incidents or cyber-attacks, cloud security (including processing and storage locations) have become a very high priority for cloud providers, cloud customers and for regulators. This panel shared views on how the right balance can be struck between privacy and security considerations on the one hand, and securing the numerous benefits provided by innovative technologies on the other hand.