{"title":"Clouds and their discontents","authors":"John Manferdelli","doi":"10.1145/2046660.2046662","DOIUrl":null,"url":null,"abstract":"Cloud computing has become increasingly popular and important. Many companies have policy initiatives encouraging or even mandating the use of \"cloud\" computing. The popularity of cloud computing stems primarily from the hope for significant cost savings but also from the ability to scale quickly without large capital expenditures and efficient sharing and curation of very large data sets (for example, search indexes). Clouds, like distributed computing generally, also offers the ability to access data and resources from any connected device (increasingly mobile devices like smart phones and lightweight tablets like iPads). However, cloud computing in all its incarnations (Infrastructure as a Service, Software as a Service, Platform as a Service) raises a number of security questions that current providers have not addressed (or remain ominously silent about): increased susceptibility to insider attacks due to concentration of valuable data, \"fate-sharing\" and other vulnerabilities due to multi-tenancy, policy issues arising from multi-jurisdictional siting, vulnerabilities arising from scale operations, the opacity of cloud operators security practices and disclosure of interruption of operations or attacks. Despite these potential issues, cloud computing can be beneficial with judicial and transparent application of some simple security principles. We discuss cloud infrastructure, economics, operations and security infrastructure desiderata.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"56 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cloud Computing Security Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2046660.2046662","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Cloud computing has become increasingly popular and important. Many companies have policy initiatives encouraging or even mandating the use of "cloud" computing. The popularity of cloud computing stems primarily from the hope for significant cost savings but also from the ability to scale quickly without large capital expenditures and efficient sharing and curation of very large data sets (for example, search indexes). Clouds, like distributed computing generally, also offers the ability to access data and resources from any connected device (increasingly mobile devices like smart phones and lightweight tablets like iPads). However, cloud computing in all its incarnations (Infrastructure as a Service, Software as a Service, Platform as a Service) raises a number of security questions that current providers have not addressed (or remain ominously silent about): increased susceptibility to insider attacks due to concentration of valuable data, "fate-sharing" and other vulnerabilities due to multi-tenancy, policy issues arising from multi-jurisdictional siting, vulnerabilities arising from scale operations, the opacity of cloud operators security practices and disclosure of interruption of operations or attacks. Despite these potential issues, cloud computing can be beneficial with judicial and transparent application of some simple security principles. We discuss cloud infrastructure, economics, operations and security infrastructure desiderata.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
