Lecture 13 - Cloud Issues and Challenges (Standard & Law)

8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)

1/169

Cloud Computing

Cloud Issues and ChallengesStandard and Law


2/169

in ton m myCc vn v thch thc inton m myTiu chun v Lut


3/169

Agenda

Introduction Issues & challenges

Cloud Security Security & attack

Cloud Standard and Law

Guideline for secure cloud Law and privacy


4/169

Agenda

Giithiu Cc vn v thch thc

m my an ninh An ninh v tn cng

m my tiu chun v Lut Hng dn an ton in ton m my

Php lut v s ring t


5/169

Cloud Standard and Law


6/169

m my tiu chun v Lut


7/169

Outline

Introduction Why we need a security standard and obey the law

Business, risk and money

Cloud Security Alliance (CSA) Governance and operation

Law and Privacy

Which one is important Summary


8/169

phctho

Giithiu Ti sao chng ta cnmttiu chunbomtv tun

theo php lut

Kinh doanh, ri ro v tinbc Lin minh Bo mt in ton m my(CSA)

Qun tr v hot ng

Php lutv bomt l mtquan trng

Tm tt


9/169

Security

A lot of cloud service are provided by manycompanies Storage, web hosting, business model etc.

Dropbox, Amazon EC2 and Salesforce. Cloud computing is full range of services.

Also, these are many traditional and cloud securityissues How can we go smoothly?


10/169

Security

Rt nhiu dch v m my c cung cp binhiu cng ty Lu tr, my ch web, m hnh kinh doanh etc.

Dropbox, Amazon EC2 and Salesforce. in ton m my l y cc dch v.

Ngoi ra, cc rt nhiu cc vn an ninh truynthng v in ton m my Lm th no chng ta c thdin ra sun s?


11/169

Security Issue

Cloud computing is the subset of computerservices It also has the same problems of traditional security

issue. Hardware, software and management attacks.

Cloud computing has other particular problem Under the concept of on-demand service, users share all

of the resources. Incomplete isolation technique would increase the security risk.


12/169

Security Issue

in ton m my l tp hp cc dch v my tnh N cng c vn tng t ca vn an ninh truyn

thng. Phncng, phnmm v qun l cc cuctn cng.

in ton m my c vn c th khc Theo khi nim v dch v theo yu cu, ngi s dng

chia s tt c cc ngun ti nguyn.

K thut cch ly khng y s lm tng nguy c bo mt.


13/169

Risk

In addition to the security issue, users alsoconcern the security risk How about the security management?

How about the incident response and remediation?


14/169

Risk

Ngoi cc vn an ninh, ngi dng cng c linquan n cc nguy c bo mt Lm th no vvicqun l an ninh?

Lm th no vng ph sc v khcphc?


15/169

Why so Serious?

In companies, each time of security problemmeans an economic loss Stopping service one hour not only stops making money

but also loss the customers. Companys reputation is the most important part.

How can we find the best solution? Where is the security guideline?


16/169

Why so Serious?

Trong cng ty, mi ln v vn bo mt l mtthit hi kinh t Dngdchvmtgi khng chdnglivickimtin

m cn mtkhch hng. Danh tingca cng ty l phn quan trngnht.

Lm th no chng ta c th tm thygii php ttnht? M l hng dn bo mt?


17/169

Back to the Cloud

In recent years, cloud computing is popular andlots of companies want to join into this industry Every company want to be the leader. Every company want to design the standard.

View to the security , there are lots of the cybersecurity standard ISO 27002

NIST RFC 2196

There is the cloud security standards?


18/169

Back to the Cloud

Trong nhng nm gn y, in ton m my l phbin v rt nhiu cng ty mun tham gia vo ngnhcng nghip ny Mi cng ty mun tr thnh lnh o. Mi cng ty munthitk tiu chun.

Xem n an ninh, c rt nhiu tiu chun an ninhmng ISO 27002

NIST RFC 2196

C cc tiu chun bo mt m my?


19/169

Cloud Security Alliance


20/169

Lin minh Bo mt in ton

m my


21/169

Standard

Cloud security alliance (CSA) is a not-for-profitorganization Try to promote the use of best practices for providing

security assurance within Cloud Computing. Provide education on the uses of Cloud Computing.

CSA provides general views of cloud computing,security issue which may be encountered and

some security suggestion User can use the cloud control matrix to build a secure

cloud environment


22/169

Standard

m my lin minh an ninh (CSA) l mttchcphi linhun C gng thc y vic s dng cc thc hnh tt nht

cung cp m bo an ninh trong in ton m my. Cung cp gio dc v vic s dng in ton m my.

CSA cung cp quan im chung ca in ton mmy, vn an ninh m c th gp phi v mt sgi bo mt Ngi dng c th s dng ma trn kim sot in ton

m my xy dng mt mi trng in ton mmy an ton


23/169

Security Matrix


24/169

Security Matrix


25/169

Cloud Control Field

CSA separates cloud computing into two fieldswhich has total 12 subprojects: Governance Operation

Cloud governance introduce how to build a securecloud service Cloud company build a secure environment.

How does the cloud customer choose a secure platform. Cloud operation introduce how to solve securityproblem and maintain a secure cloud environment.


26/169

Cloud Control Field

CSA tch in ton m my vo hai lnh vc trong c tng s 12 tiu d n : quntr hot ng

m my qun l gii thiu cch xy dng mt dch vm my an ton Cng ty in ton m my xy dng mt mi trng an ton. Lm th no khch hng la chn mt nn tng in ton

m my an ton. m my hot ng gii thiu cch gii quyt vn an ninh v duy tr mt mi trng in ton m myan ton.


27/169

Cloud Control Field (contd)

CSA Guidelines

Governance

Operation

1. Disaster recovery

2. Data center operation

3. Incident response4. Application security

5. Encryption and key

management

6. Access management

7. Virtualization


28/169

Cloud Control Field (contd)

Hng dn CSA

quntr

hot ng

1. Qun l ri ro2. Pht hin php l vin t

3. Tun th v kim ton4. ILM

5. Kh nng di chuyn

v kh nng tngtc

1. khcphcthmha2. Trung tm hot ng

d liu

3. ng ph sc4. bomtngdng5. M ha v qun l ch

cht6. qun l truy cp7. o ha


29/169

Before Join in Cloud

CSA provides five steps How to choose a suitable cloud platform

Requirement AssetDeploy

Model

Service

Model

Data Flow

and Logic


30/169

Before Join in Cloud

CSA cung cp nm bc Lm th no chn mt nn tng in ton m my

ph hp

Yu cu ti sntrin khai m

hnh

M hnh dchv

Lu lngd liu v

Logic


31/169

Before Join in Cloud (contd)

Step 1: understand your requirement CSA classify the usage of cloud into two classes: data

and application.

Depended on your usage, understand which one isrunning on your cloud platform.

Step 2: assess your assets Depended on the important of data and application, you

should provide difference level of security protection.


32/169


Bc 1: hiu yu cu ca bn CSA phn loi vic s dng in ton m my c hai

loi: d liu v ng dng.

Ph thuc vo cch s dng ca bn, hiu c mt lchy trn nn tng m my ca bn.

Bc 2: nh gi ti sn ca bn Ph thuc vo tm quan trng ca d liu v ng dng,

bn nn cung cp khc nhau ca bo v an ninh.


33/169


Bc 3: la chn m hnh trin khai Ph thuc vo yu cu an ton ca bn, m hnh trin khai

khc nhau c tnh cht bo v mc nh s khc bit. m my ring trong mi trng ni b c bo v mc nh

cao nht.

Bc 4: chn m hnh dch v in ton m my vnh cung cp SaaS c trch nhim hn v IaaS cn phi xy dng li cc c

ch bo mt ca chnh mnh.

Bc 5: hiu c dng chy d liu v chng trnhlogic Thit k mt dch v in ton m my an ton hp l v

hiu qu yu cu cng ty hon ton hiu c quy trnh lmvic ca dch v v cc mi e da c th.


34/169

Prepared

After five steps, companies and customers canboth select the cloud platform which meets therequirement

But there are many security issue need to be concerned. Combined with the full understand of requirement

and classify the assert, cloud users could designthe suitable secure environment. Build the service environment or platform. Operate the service.

Keep the service quality.


35/169

Prepared

Sau nm bc, cc cng ty v khch hng c thchn c hai nn tng m my, p ng yu cu Nhng c nhiu vn an ninh cn phi c quan tm.

Kt hp vi y hiu cc yu cu v phn loicc khng nh, ngi s dng in ton m myc th thit k cc mi trng an ton ph hp. Xy dng mi trng dch v hay nn tng.

Hot ng dch v. Gi cht lng phc v.


36/169

CLOUD SECURITY ALLIANCE

Governance

Operation


37/169


Governance

Operation


38/169

LIN MINH BO MT INTON M MY

qun tr

hot ng


39/169

Governance

Governance and enterprise risk management

Legal and electronic discovery

Compliance and audit

Information Lifecycle Management Portability and interoperability


40/169

quntr

Qun tr v qun l ri ro doanh nghip

Pht hin php l v in t

Tun th v Thnghim

Thng tin Qun l Vng i Kh nng di chuyn v kh nng tng tc


41/169

Governance

In cloud computing, companies provide many servicesto users and customers use services what they need How to reduce the security risk when using cloud computing?

The security risk in cloud computing include Any kind of emergency. Audit and law problem.

Migration between two cloud vendor.

etc. Governance is a guideline when choosing a suitable

cloud vendor and service model.


42/169

quntr

Trong in ton m my, cc cng ty cung cp nhiudch v cho ngi s dng v khch hng s dng dchv g h cn Lm th no gim nguy c bo mt khi s dng in ton

m my?

Cc nguy c bo mt trong in ton m my baogm Bt k loi trng hp khn cp. Kim th v vn nguyn l.

Di c gia hai nh cung cp in ton m my. etc. Qun tr l mt hng dn khi la chn mt nh cung

cp in ton m my ph hp v m hnh dch v.


43/169

Governance (contd)

In governance field, CSA proposed five class whichneed to be concerned and CSA given somesuggestions

Governance and enterprise risk management Legal and electronic discovery

Compliance and audit

Information lifecycle management

Portability and interoperability

Governance

1. Risk Management

2. Legal and electronicdiscovery

3. Compliance and audit

4. ILM

5. Portability and

interoperability


44/169

Quntr(tip theo)

Trong lnh vc qun tr, CSA xut nm lp mcn phi c quan tm v CSA a ra mt s gi

Qun tr v qun l ri ro doanh nghip Pht hin php l v in t

Tun th v thnghim

Qun l vng i thng tin

Kh nng di chuyn v kh nng tng tc

Governance

1. Qun l ri ro

2. Pht hin php l vin t3. Tun th v kim ton4. ILM

5. Kh nng di chuynv kh nng tng

tc


45/169

Risk Management

In cloud computing, a effective risk managementfollows a well-defined information securitymanagement processes

Extendibility Reproducibility

The management processes are elasticity whenbusiness growth and can be used in difference

enterprises.

Risk Management


46/169

Qun lriro

Trong in ton m my, qun l ri ro hiu qusau mt quy trnh qun l an ninh thng tin cxc nh r

mrng lpli

Cc quy trnh qun l l tnh n hi khi tngtrng kinh doanh v c th c s dng trong

cc doanh nghip khc bit.

Risk Management


47/169

Management

Enterprises should design the security metric andstandard before design the security management Everyone needs to understand and record the security

metric. Enterprises use parts of profits used in security controls.

Enterprises assess of audit to keep the securityrequirement.

Risk Management


48/169

qun l

Doanh nghip nn thit k bo mt s liu v tiuchun trc khi thit k qun l an ninh Tt c mi ngi cn phi hiu v ghi li s an ton s

liu.

Doanh nghip s dng phn li nhun c s dngtrong kim sot an ninh.

Cc doanh nghip nh gi ca kim ton gi cho cc

yu cu an ninh.

Risk Management


49/169

Enterprise Risk

Companies in cloud computing lose the control ofsystem and security management Service level agreement (SLA) is only one to ensure the

risk management.

Enterprise should choose the cloud vendor which canprovide the suitable SLA.

Depended on SLA, companies usually cannot test

the security management Avoid to affect the other user.

Avoid to affect the QoS of cloud environment.

Risk Management


50/169

riro doanh nghip

Cc cng ty trong in ton m my mt s kimsot ca h thng v qun l an ninh Tha thun cp dch v (SLA) ch l mt m bo

qun l ri ro. Doanh nghip nn la chn cc nh cung cp in ton

m my c th cung cp cc SLA thch hp.

Ph thuc vo SLA, cc cng ty thng khng thkim tra vic qun l an ninh Trnh nh hng n ngi s dng khc. Trnh nh hng n QoS ca mi trng in ton

m my.

Risk Management


51/169

Information Risk

Information risk management is used forinformation C.I.A. properties Cloud users need to build the SLA requirement and

collect necessary information to design themanagement policy.

In SaaS, the major security information are provided bycloud vendor.

In IaaS, users need to collect and control almost all ofinformation.

Risk Management


52/169

riro thng tin

Qun l ri ro thng tin c s dng cho thngtin ca CIA bt ng sn Ngi s dng in ton m my cn phi xy dng

cc yu cu SLA v thu thp thng tin cn thit thitk cc chnh sch qun l.

Trong SaaS, cc thng tin bo mt ln c cung cp binh cung cp in ton m my.

In IaaS, users need to collect and control almost all ofinformation.

Risk Management


53/169

Third-party Apps

Cloud users need to review the informationtransfer chain between cloud service and third-party service

Service relation and dependence. Cloud vendors third-party application management

Response mechanism for service interruption

Third-party applications extendibility.

Risk Management


54/169

ngdngca bn thba

Ngi s dng in ton m my cn phi xemxt cc chui chuyn giao thng tin gia cc dchv m my v dch v ca bn th ba

Mi quan h dch v v ph thuc. Ca bn th ba qun l ng dng m my ca nh cung

cp

C ch phn ng cho gin on dch v

Extendibility ng dng ca bn th ba.

Risk Management


55/169

Legal

In cloud computing, data is not controlled bycustomers Instead, cloud vendor hosts all data in cloud environment. How to identify the liability is the important things.

A complete cloud law management has three parts Functionality

Definition the cloud service and functionality.

Judicature Legal norms of cloud service and data management.

Contract The structure of contract, terms, conditions and the law enforcement

agencies.

Legal and Electronic

Discovery


56/169

php l

Trong in ton m my, d liu khng c kim sotbi khch hng Thay vo , nh cung cp in ton m my lu tr tt c d liu

trong mi trng in ton m my. Lm th no xc nh trch nhim l nhng iu quan trng.

Mt qun l hon chnh lut php in ton m my c baphn chc nng

nh ngha cc dch v m my v chc nng.

bo may t phap Quy phm php lut ca dch v in ton m my v qun l d liu. hp ng

Cu trc ca hp ng, cc iu khon, iu kin v cc c quan thcthi php lut.

Pht hin php lv in t


57/169

Electronic Discovery

Compared with traditional service Cloud computing provides services anywhere and

anytime.

Cloud computing uses virtualization that usersunknown the location of the service and data.

The legal liability may be different in different countries.

Difference countries has difference law norms

Electronic evidence. Record system.

Management policy.


Discovery


58/169

Electronic Discovery

So vidchvtruynthng in ton m my cung cp dch v bt c ni no v bt c

lc no.

in ton m my s dng o ha m ngi dng khng

bit v tr ca dch v v d liu. Trch nhim php l c th khc nhau cc nc khc nhau.

Cc nc khc nhau c tiu chun php lut khc bit Chng c in t.

Ghi li h thng. Chnh sch qun l.


Discovery


59/169

Suggestions

Both vendor and customer full understand theroles of law Electronic evidence, legal recourse and the

expert testimony.

Cloud vendor needs to keep the system secure Provides reliability evidences when customers required. Recover the data assets when customers terminate the

contract.

Cloud security agreement should be review andaudit by third-party Test QoS and detect the system vulnerabilities.


Discovery


60/169

xut

C hai nh cung cp v khch hng hiu y v vaitr ca php lut Chng c in t, truy i hp php v cc chuyn gia chng..

Nh cung cp m my cn phi gi cho h thng anton Cung cp bng chng ng tin cy khi khch hng yu cu.

Thu hi ti sn d liu khi khch hng chm dt hp ng.

Tha thun an ninh in ton m my nn c xemxt v kim ton ca bn th ba Kim tra QoS v phthin cc lhnghthng.


Discovery


61/169

Compliance & Audit

In cloud computing, the system separated intoseveral parts It is easy to extend, manage and operate.

It is hard to supervise and audit. Cloud auditors need to gain rich experience such

that Supervise the vendor easily and effectively.

Distinction between liability.

Compliance and

audit

l


62/169

Tun th v kim ton

Trong in ton m my, h thng tch thnhnhiu phn N rt d dng m rng, qun l v vn hnh.

Tht kh c th gim st v kim ton. m my kim ton vin cn phi t c kinh

nghim phong ph nh vy m. Gim st cc nh cung cpd dng v hiuqu.

Phn bitgia trch nhim.

Compliance and

audit

dli d


63/169

Readiness

In cloud computing, companies should preparewell for audit Legal department

Help to review the cloud service contract, supervise the cloudvendor and resolver the legal disputes.

Right of audit Cloud service contract should be changed to satisfy the customers

requirement.

Compliance and

audit

C li d


64/169

sn sng

Trong in ton m my, cc cng ty nn chun btt cho kim ton bphn php l

Gip xem xt cc hp ng dch v in ton m my,gim st cc nh cung cp in ton m my v phn giicc tranh chp php l.

Bn phicakim ton Hp ng dch v in ton m my nn c thay i

p ng yu cu ca khch hng.

Compliance and

audit

Information


65/169

ILM

The goal of information lifecycle management (ILM) Improve the system performance. Increate the service functionality.

In cloud computing, data security lifecycle is

challenged More elasticity Multi-tenant The new design concept of logic

Public environment Cloud users should care about the six phrase of data

life

lifecycle

management

ILMInformation


66/169

ILM

Mc tiu ca thng tin qun l vng i(ILM) Cithinhiusuththng. Tng cng cc chc nng dch v.

Trong in ton m my, d liu vng i an ninh l

thch thc hn n hi Nhiu ngi thu nh Khi nim thit k mi ca logic

mi trng cng cng Ngi s dng in ton m my nn quan tm ncm t su ca cuc sng d liu

lifecycle

management

ILM ( d)Information


67/169

ILM (contd)lifecyclemanagement

ILM ( d)Information


68/169

ILM (contd)lifecyclemanagement

S tiInformation


69/169

Suggestion

Cloud customers should understand the full secureprocess of data include storage location, encryption method and

management policy.

should be written in the SLA.

Understand the data could be confiscated Cloud vendor need to notify the users.

Cloud vendor need to protect the data which cannot bemodified or damaged.

lifecycle

management

hInformation


70/169

ngh

m my khch hng nn hiu qu trnh an tony cc d liu bao gm v tr lu tr, phng php m ha v chnh

sch qun l.

nn c vit trong cc SLA.

Hiu cc dliu c thbtch thu Nh cung cp m my cn phi thng bo cho ngi s

dng. Nh cung cp m my cn phi bo v d liu m

khng th c sa i hoc b h hng.

lifecycle

management

S tiInformation


71/169

Suggestion

Only the data owner has the right of access control Cloud vendor need to disable all access at the beginning.

Even cloud vendors staff cannot access the datawithout the permission.

Understand the security boundary The encryption system, key management and how to

choose the security key.

The data isolation technique, backup and recoversystem.

lifecycle

management

hInformation


72/169

ngh

Ch c chshudliu c quynkim sot truycp Nh cung cp m my cn phi v hiu ha tt c cc

truy cp ngay t u.

Ngay c cc nh cung cp m my nhn vin khng thtruy cp d liu m khng cn s cho php.

Hiu c ranh gii bo mt

H thng m ha, qun l ch cht v lm th no lachn cc kha bo mt.

K thut cch ly d liu, sao lu v phc hi h thng.

lifecycle

management

P t bilitPortability and


73/169

Portability

Cloud computing is the new service model forcompanies Company choose the cloud vendor by cost, service

quality, properties and other factors.

Company may migrate from one cloud vendor intoanother cause by New service contract would increate the operating costs.

Cloud vendor ceases operation or stop providing someservices.

Portability and

interoperability

t h di Kh nng di


74/169

tnh di ng

in ton m my l m hnh dch v mi cho cccng ty Cng ty la chn cc nh cung cp in ton m my

ca chi ph, cht lng dch v, ti sn v cc yu tkhc.

Cng ty c th di chuyn t mt nh cung cp inton m my vo nguyn nhn khc bng cch

Hp ng dch v mi s lm tng chi ph vn hnh. Nh cung cp in ton m my khng cn hot ng

hoc ngng cung cp mt s dch v.

chuyn v khnng tng tc

I t bilitPortability and


75/169

Interoperability

Companies need to design the system and secureguideline for particular cloud vendor Migrate to another vendor would need to modify the

system or re-build the new system.

The difficulty of porting service platform dependson the cloud model SaaS usually concerns the data and service platform.

IaaS needs to consider the underlying system whichmay be incompatible.

Portability and

interoperability

kh t tPortability and


76/169

kh nng tng tc

Cc cng ty cn phi thit k h thng v hngdn an ton cho cc nh cung cp in ton mmy ring

Chuyn sang nh cung cp khc s cn phi sa i hthng hoc ti xy dng h thng mi.

Nhng kh khn ca nn tng dch v porting phthuc vo m hnh in ton m my

SaaS thng lin quan n d liu v nn tng dch v. IaaS cn xem xt cc h thng c bn c th khng

tng thch.

Portability and

interoperability

SuggestionPortability and


77/169

Suggestion

Understand the storage space and the bandwidthof network before migration Depending on the other users experience, migrate the

physical machine usually more effective and less cost.

Record all the detail when migration.

For IaaS Understand the image compatibility before migration.

Understand the subsequent disposal when hardwareare eliminated

Portability and

interoperability

nghPortability and


78/169

ngh

Hiu c khng gian lu tr v bng thng camng trc khi di c Ty thuc vo kinh nghim ca ngi s dng khc, di

chuyn cc my vt l thng c hiu qu hn v chi pht hn.

Ghi li tt c cc chi tit khi di chuyn.

cho IaaS

Hiu c kh nng tng thch hnh nh trc khi dic.

Hiu vic x l tip theo khi phn cng c loi b

Portability and

interoperability

Suggestion (contd)Portability and


79/169

Suggestion (contd)

For PaaS Understand the migration tools what vendor provided.

Understand the migration affect include performanceand QoS.

Understand how to test and examine the newenvironment.

For SaaS

Data duplicate and backup periodically. The customized plug-ins should able to be re-build.

Understand any migration laws and regulations.

Portability and

interoperability

ngh (tip theo)Kh nng dih kh


80/169

ngh(tip theo)

For PaaS Hiu bit v cc cng c chuyn i nhng g nh cung

cp cung cp.

Hiu s di c nh hng bao gm hiu sut v QoS.

Hiu lm th no kim tra v kim tra mi trngmi.

For SaaS

D liu trng lp v sao lu nh k. Cc ty chnh plug-in nn c th c ti xy dng.

Hiu bt k lut l v quy nh nhp c.

chuyn v khnng tng tc


81/169


Governance

Operation


82/169


Governance

Operation

Operation


83/169

Operation

Users or customers could be encountered thesecurity problem on cloud Difference between traditional data center and cloud.

Security problem on large scale data center. Backup and recover policy.

CSA provides many suggestion Any kind of secure events occurred when company run

the service on the cloud computing environment. The secure factors need to be concerned.

hot ng


84/169

hot ng

Ngi s dng hoc khch hng c th gp phicc vn an ninh trn m my S khc bit gia cc trung tm d liu truyn thng v

in ton m my.

Vn an ninh trn trung tm d liu quy m ln.

Sao lu v phc hi chnh sch.

CSA cung cpnhiugi

Bt k loi s kin an ton xy ra khi cng ty chy ccdch v trn mi trng in ton m my.

Cc yu t an ton cn phi c quan tm.

Operation (contd)


85/169

Operation (cont d)

Similar with governance, CSA proposed five classwhich need to be concerned and CSA given somesuggestions Traditional security, business continuity and disaster

recovery. Data center operations Incident response, notification and remediation Application security

Encryption and key management Identity and access management Virtualization

Hot ng (tip theo)


86/169

Hot ng (tip theo)

Tng t vi qun tr, CSA xut nm lp m cnphi c quan tm v CSA a ra mt s gi An ninh truyn thng, lin tc kinh doanh v khc phc

thm ha.

Hot ng trung tm d liu

ng ph s c, thng bo v khc phc

bo mt ng dng

M ha v qun l ch cht Nhn dng v qun l truy cp

o ha

Disaster RecoverDisaster recovery &


87/169

Disaster Recover

Similar with traditional data center, cloudcomputing needs to design the policy of businesscontinuity planning (BCP) and disaster recover(DR) Every components in system could be failure.

The large system is hard to keep the system stability.

The disaster, like file disaster or earthquake, coulddamage the cloud infrastructure.

Data Center

Khi phc thm haKhcphcthm

ha &


88/169

Khiphcthmha

Tng t vi trung tm d liu truyn thng, inton m my cn phi thit k cc chnh sch lpk hoch kinh doanh lin tc (BCP) v phc hithm ha (DR) Tt c cc thnh phn trong h thng c th tht bi.

Cc h thng ln l kh khn gi s n nh h thng.

Thin tai, thm ha nh tp tin hay trn ng t, c th

lm hng c s h tng in ton m my.

ha &Trung tm dliu

Data CenterDisaster recovery &


89/169

Data Center

Service-level agreement (SLA) is part of servicecontract Classify the service and define the delivery time or

performance.

Traditional data center usually allocates the fixnumber of server or resource to customers It is easy to overestimate or underestimate.

How to dynamic allocate all resource? Reach the SLA requirement.

Reduce the probability of overestimate

Data Center

Trung tm d liuKhcphcthm

ha &


90/169

Trung tm dliu

Tha thun cp dch v (SLA) l mt phn ca hpng dch v Phn loi cc dch v v xc nh thi gian giao hng, thc

hin.

Trung tm d liu truyn thng thng c phn bs lng sa cha ca my ch hoc ngun lc chokhch hng N rt d dng nh gi qu cao hoc nh gi thp.

Lm th no nng ng phn b tt c cc ngun tinguyn? t yu cu SLA. Gim kh nng c lng qu cao

ha &Trung tm dliu

SuggestionDisaster recovery &


91/169

Suggestion

Keep in mind: centralized management meansconcentration risk.

Cloud vendor needs to have a strict managementmechanism Access control and manage policy. Background checks of employees. Internal/external security control file.

Cloud customers should be possible to On-site investigate the cloud infrastructure. View and understand the BCP and DR.

Data Center

SuggestionDisaster recovery &


92/169

Suggestion

Hy nh: qun l tp trung c ngha l nguy c tptrung.

Nh cung cp m my cn phi c mt c chqun l cht ch Truy cpkim sot v qun l cc chnh sch. Kim tra l lchca nhn vin. Nib / bn ngoi tp tin kim sot an ninh..

m my khch hng c th Trn trang web iu tra c s h tng in ton m

my. Xem v hiu cc BCP v DR.

Data Center

Suggestion (contd)Disaster recovery &


93/169

Suggestion (cont d)

Companies need to understand the contract of Recovery time

Recovery object

Recovery policy

Customers need to gain the right or permission Audit the SLA by third-party.

Understand the process, policy and affect of system

patch.

Data Center

Suggestion (contd)Disaster recovery &


94/169

Suggestion (cont d)

Cc cng ty cn phi hiu hp ng thi gian phc hi

phc hi i tng

chnh sch phc hi

Khch hng cn phi t c quyn hoc chophp Kim ton SLA bi bn th ba.

Hiu bit v cc quy trnh, chnh sch v nh hng cav li h thng.

Data Center

Incident ResponseIncident Response


95/169

Incident Response

The properties of cloud computing could be hard tomanage and response the incident events Large scale, shared resource and automated management.

Cloud vendor needs a standard operation process (SOP) for

incident response. The cloud vendor provides the complexity and large-

scale service It is hard to monitor the traces and response the incident

immediately. Each services could cross-impact the management policy.

Incident Response

Incident ResponseIncident Response


96/169

Incident Response

Cc thuc tnh ca in ton m my c th ckh khn qun l v p ng cc s kin s c Quy m ln, chia s ti nguyn v qun l t ng. Nh cung cp m my cn c mt qu trnh hot ng

tiu chun (SOP) cho ng ph s c. Cc nh cung cp m my cung cp cc dch v

phc tp v quy m ln Tht kh theo di cc du vt v ng ph s c ngay

lp tc. Mi dch v c th cho nh hng n chnh sch qun

l.

p

ViewsIncident Response


97/169

Views

View for monitor We need the security operation center (SOC). Each new services and resources should be monitor by

SOC.

SOC provides the notification and guideline foremergency or security events.

View for customer Customers need to evaluate the SLA which meets the

requirement or not. Customers should understand the SOP for incident

response.

p

NhnIncident Response


98/169

Nhn

Xem cho mn hnh Chng ta cn cc trung tm hot ng an ninh (SOC).

Mi dch v v ngun lc mi nn c gim st biSOC.

SOC cung cp cc thng bo v hng dn cho cc skin khn cp, an ninh.

Xem cho khch hng

Khch hng cn phi nh gi cc SLA p ng cc yucu hay khng.

Khch hng nn hiu SOP cho ng ph s c.

p

SuggestionIncident Response


99/169

Suggestion

Before using cloud computing Define the normal events and unusual events. Test your system which is compatible with cloud

environment or not.

SOC is usually used in single or pure environment In multi-tenant environment, SOC needs to be modified

to monitor data from any source. Application layer firewall and log file are helpful on

multi-tenant for SOC. Each sensitive data should be encrypted to reduce

the losses.

p

nghIncident Response


100/169

ngh

Trc khi s dng in ton m my Xc nh cc s kin bnh thng v cc s kin bt thng. Kim tra h thng ca bn tng thch vi mi trng in

ton m my hay khng.

SOC thng c s dng trong mi trng n lhoc tinh khit Trong mi trng a ngi dng, SOC cn phi c sa i

theo di d liu t bt c ngun no. Lp ng dng tng la v tp tin ng nhp l hu ch trn

nhiu ngi thu nh cho SOC. Mi d liu nhy cm nn c m ha gim thit

hi..

p

Application SecurityApplication Security


101/169

Application Security

In cloud computing Cloud vendor provides the environment to users.

Users run the applications which may be designed byusers or third-party.

Similar with normal applications, services in cloudalso need to well-design and keep it secure Preliminary analysis and confidentiality

Integrate and availability tests Demilitarized Zone

an ninh ng dngan ninh ngdng


102/169

an ninh ngdng

Trong in ton m my Nh cung cp in ton m my cung cp mi trng

cho ngi s dng. Ngi s dng chy cc ng dng c th c thit k

bi ngi s dng hoc bn th ba. Tng t vi ng dng thng thng, dch v in

ton m my cng cn phi cng thit k v gicho n an ton

Phn tch s b v bo mt Tch hp v kim tra tnh sn sng Khu phi qun s

InteroperationApplication Security


103/169

Interoperation

Services and applications in cloud interactivefrequently The dependencies between applications affect the

system security.

Third-party applications also can damage and changethe system stability.

The test tools cloud vendor provided can help system toenhance system security.

Application Security


104/169

Dch v v cc ng dng trong in ton m mytng tc thng xuyn S ph thuc gia cc ng dng nh hng n an ninh

h thng.

Cc ng dng ca bn th ba cng c th lm hng vthay i s n nh h thng.

Cc cng c kim tra nh cung cp in ton m myc th gip cung cp h thng tng cng an ninh h

thng.

SuggestionApplication Security


105/169

Suggestion

In the application development lifecycle, we needto concern the three parts Security threats and trust model.

Cloud platform program assessment tool.

Applications quality check point.

Keep in mind Cannot suppose all communications are in security

channel. The storage and management for application

certificate are important.

nghApplication Security


106/169

ngh

Trong vng i pht trin ng dng, chng ta cnquan tm ba phn Cc mi e da an ninh v m hnh tin cy. Nn tng cng c nh gi chng trnh in ton m

my. im kim tra cht lng ca ng dng.

Ghi nh Khng th cho rngttc cc thng tin lin lc trong

knh bomt.. Vic lu tr v qun l cp giy chng nhn ng

dng l quan trng.

EncryptionEncryption &Key Management


107/169

yp

How to avoid the data be theft is the importantsecurity issue Cloud vendor cannot guarantee that sensitive data be in

the secure protection.

The encryption is the efficient way to protect theimportant data.

In some country, data which is hosted or must beencryption

Personal information. State secure file. etc.

Key Management

m ham ha &qun l ch cht


108/169

Lm th no trnh c nhng d liu cnh cp l vn bo mt quan trng m my nh cung cp khng th m bo rng d liu

nhy cm c bo v an ton.

M ha l cch hiu qu bo v d liu quan trng.

Trong mt s quc gia, d liu c lu tr trnmy hoc phi c m ha

Thng tin c nhn. Nh nc tp tin an ton.

vv ....

qun l chcht

Key managementEncryption &Key Management


109/169

y g

The encryption system can provide theinformation security for data Dependent by the encryption algorithm, e.g. Caesar shift

or AES.

Dependent by the key selection.

Dependent by the key management.

Key Management

qun lchchtEncryption &Key Management


110/169

q

Hthng m ha c th cung cp cc thng tin bomtcho dliu Ph thuc bi cc thut ton m ha, v d Caesar thay

i hoc AES.

Ph thuc bng cch la chn quan trng. Ph thuc bi cc qun l ch cht.

Key Management

ManagementEncryption &Key Management


111/169

g

Encrypting and decrypting data costs manyresource and time Classify the data by sensitive and importance.

Choose the suitable the encryption algorithm.

In cloud, encryption system is frequency used Simple or common password is useless.

A non-secure key management would damage the

encryption system.

Key Management

ManagementEncryption &Key Management


112/169

g

M ha v gii m dliu chi ph nhiu ti nguynv thi gian Phn loi cc dliunhycm v quan trng.

Chnthutton m ha ph hp.

Trong m my, h thng m ha l tn s s dng n gin hoc chung mt khu l v ch.

Mt qun l ch cht khng an ton s lm hng h

thng m ha.

y g

SuggestionEncryption &Key Management


113/169

gg

Cloud customers need to understand theencryption system using in cloud Encryption algorithm and costs.

Key management and Key generation policy.

Customers need to specify the encryption servicein SLA The encryption system should be audited by third-party.

Limitation for length and strength of key is required.

y g

SuggestionEncryption &Key Management


114/169

gg

m my khch hng cn phi hiu h thng mha s dng trong in ton m my Thutton m ha v chi ph.

Qun l chchtv chnh sch h chnh.

Khch hng cn phi xc nh cc dch v m hatrong SLA H thng m ha phi c kim ton bi bn th ba.

Gii hn cho chiu di v sc mnh ca trng l cnthit.

y g

Access ControlAccessManagement


115/169

After keeping data in security environment andencryption, we need to understand the accesscontrol policy Guest can accessed the sensitive data is dangerous.

In cloud computing, number of users is largerbeyond our imagination Complex of access control policy

Add / delete users access right immediately. Identify and authorize the user.

g

iu khin truy cptruy cpqun l


116/169

y p

Sau khi gi d liu trong mi trng bo mt vm ha, chng ta cn phi hiu c chnh schkim sot truy cp Khch c th truy cp cc dliunhycm l nguy him.

Trong in ton m my, s lng ngi dngln hn ngoi sc tng tng ca chng ti Phc tp ca cc chnh sch kim sot truy cp

Thm / xa ngi dng quyn truy cp ngay lp tc. Xc nh v y quyn cho ngi s dng.

q

IAMAccessManagement


117/169

The identify and access management (IAM) system incloud should be fair and rigorous assessed Identity provision

Authentication

Union management Authorization and user configuration

Customers can use the third-party authorization OpenID, Google or Facebook

Cloud vendor need to provide the (single sign-on) SSO Avoid the repeated login

IAMAccessManagement


118/169

Cc xc nh v h thng qun l truy cp (IAM) trongm my phi cng bng v nghim ngt nh gi cung cp danh tnh xc thc

qun l cng on U quyn v cu hnh ngi dng.

Khch hng c thsdnguquynca bn th ba OpenID, Google or Facebook

Nh cung cp m my cn phi cung cp (ng nhpmt ln) SSO Trnh ng nhp lp i lp li

VirtualizationVirtualization


119/169

In cloud, virtualization technique is widely used Abstract and integrate the resource. Easily to provide the on-demand resource to users.

Virtualized resource means mix all resource Concentration of risk. Each user must meet the secure requirement.

Hypervisor monitor and communicate withvirtualization machine (VM) Break the hypervisor could break all system. Attacking to hypervisor is the new malicious methods.

o hao ha


120/169

Trong m my, k thut o ha c s dng rng ri Tru tng v tch hp cc ti nguyn. D dng cung cp cc ngun ti nguyn theo yu cu cho

ngi s dng.

Ngun ti nguyn o ha c ngha l kthpttc ccngun ti nguyn Tp trung ri ro. Mi ngi s dng phi p ng cc yu cu an ton.

Hypervisor gim st v giao tipvi my o (VM) Ph v cc hypervisor c th ph v tt c cc h thng. Tn cng hypervisor l phng php c hi mi.

SuggestionVirtualization


121/169

Understand the virtualization technique used incloud environment The security and isolation of hypervisor.

The default configure and setting must be secure.

The resource image of VM must be tested and verified.

The hypervisor owns the high secure permission Only few staff and users has the right to access the

hypervisor. Each access to hypervisor must be recorded.

SuggestionVirtualization


122/169

Hiu bit v cc k thut o ha c s dngtrong mi trng in ton m my An ninh v s c lp ca hypervisor.

Cc cu hnh mc nh v thit lp phi c an ton.

Hnh nh ti nguyn ca my o phi c kim tra vxc minh.

Hypervisor shu cho php an ton cao

Ch c vi nhn vin v ngi dng c quyn truy cpvo my tnh o.

Mi truy cp hypervisor phi c ghi.

Summary


123/169

Cloud security alliance (CSA) provides the securityguidance and separate cloud security Two field: governance and operation.

Twelve sub-categories.

Each sub-categories introduce the problem couldoccurred and given some suggestions.

In three service model, CSA provides the general

views and give difference suggestions fordifference model.

Tm tt


124/169

m my lin minh an ninh (CSA) hng dn bomt v an ninh in ton m my ring Hai lnh vc: qun tr v hot ng.

Mi hai tiu mc.

Mi tiu mc gii thiu cc vn c th xy ra va ra mt s gi .

Trong ba m hnh dch v, CSA cung cp cc quan

im chung v gi s khc bit cho m hnh khcbit.


125/169

Law and Privacy


126/169

Php lutv bomt

The Real World


127/169

Like the real world, criminals are around of us andwe can be the victim anytime and anywhere In the computer would, crackers hide in the network

and try to attack anything interesting.

Lawless employees also try to sale the sensitive andimportant data.

Law is the last line of defense.

Thgiithc


128/169

Nh th gii thc, bn ti phm l xung quanhchng ta v chng ta c th l nn nhn bt c lcno v bt c ni no Trong my tnh s, bnh quy gin n trong mng li v

c gng tn cng bt c iu g th v. Nhn vin v lut l cng c gng bn cc d liu nhy

cm v quan trng.

Php lutl dng cui cng caquc phng.

Enforcement


129/169

Users try to believe the performance andprotection what company claim But lots of security incidents are frequency appeared in

the news. In 2011, Dropbox claims all data in server are encrypted, but

User are beginning to doubt the companys guarantee.

Law can provide the basic protection Company needs to provide the basic security protection

and basic quality of service. Also, law resolves the dispute between user and

company.

thcthi


130/169

Ngi dng c gng tin rng vic thc hin v bo vnhng g cng ty yu cu bi thng Nhng rt nhiu s c an ninh l tn s xut hin trong cc

tin tc. Trong nm 2011, Dropbox tuyn b tt c cc d liu trong my

ch c m ha, nhng Ngi dng ang bt u nghi ng c bo lnh ca cng ty.

Php lut c th cung cp cc bo v c bn Cng ty cn cung cp cc bo v an ninh c bn v cht lng

c bn ca dch v. Ngoi ra, php lut gii quyt tranh chp gia ngi s dngv cng ty.

Online Shopping


131/169

It is popular and convenient to purchase on theinternet People can buy books, foods, and the car on the web.

People could not see the product until receive the

product.

There are many problems on online shopping There are some difference between image and product.

It may be some mistake on the price. The personal information could be hijacked or therft.

mua smtrctuyn


132/169

N l ph bin v thun tin mua trn internet Mi ngi c th mua sch, thc phm, v chic xe trn

web.

Ngi khng th nhn thy cc sn phm cho n khi

nhn c sn phm. C nhiu vn v mua sm trc tuyn

C mtss khc bitgia hnh nh v snphm.

N c th l mts sai lmv gi.

Thng tin c nhn c thbtn cng hoc therft.

Security Protection


133/169

On the customers view All personal data must be under the full protection.

Everything must be meet the description of the product.

On the companies view Security protection is not just the responsibility of the

company.

But world is not all liking wishful!

bov an ninh


134/169

Trn quan im khch hng Tt c cc d liu c nhn phi c t di s bo v

y .

Tt c mi th phi c p ng cc m t v sn

phm. Trn quan im cng ty

Bov an ninh khng ch l trch nhimca cng ty.

Nhng th gii khng phi l tt c thch m!

Privacy


135/169

On the other hand, the privacy is the basicpersonal right No one shall be subjected to arbitrary interference.

Everyone has the right to the protection of the law

against such interference or attacks.

The privacy includes Personal information.

Religion and sexual orientation.

ring t


136/169

Mt khc, s ring t l quyn c nhn c bn Khng ai c th b mt cch c on.

Mi ngi u c quyn c lut php bo v chng linhng xm nh vy.

S ring t bao gm Thng tin c nhn.

Tn gio v khuynh hng tnh dc.

Net Generation


137/169

Now is the net generation Every teenager is living in internet.

Everyone can find lots of interesting information ininternet.

Phone number, intimate photos or contents of email.

Users need someone to protect the privacy The law and government can provides the basic and

strong protection.

But in sometime, the law is also broken the right ofprivacy.

ThHMng


138/169

By gi l thhmng Mi thiu nin ang sng trong internet.

Tt c mi ngi c th tm thy rt nhiu thng tin thv trn internet.

S in thoi, hnh nh thn mt hoc ni dung ca email.

Ngi s dng cn mt ai bo v s ring t nh ca php lut v chnh ph c th cung cp s bo

v c bn v mnh m.

Nhng trong i khi, lut php cng b ph v quynring t.


139/169

LAW AND PRIVACY

Information Protection

USA PATRIOT Act


140/169

LAW AND PRIVACY


USA PATRIOT Act

Personal Information


141/169

Everyone in the internet would leave some traces User leaves the personal information to apply for Google

and Facebook account.

User leaves the name, phone number and address to

buy something. This information can be used on some malicious

behavior Fake identity.

Internet fraud

Thng tin c nhn


142/169

Tt c mi ngi trn Internet s li mt s duvt Ngi dng ri khi thng tin c nhn p dng cho

Google v ti khon Facebook.

Ngi dng ri khi tn, s in thoi v a ch muamt ci g .

Thng tin ny c th c s dng trn mt shnh vi nguy him Danh tnh gi.

gian ln internet

Law of Personal Information


143/169

In 2010, Taiwan government enact laws to protectthe personal information It specifies the limitation of personal information

collection, process and usage.

Companies need to provide the evidence actively toexclude the liability.

Php lutca thng tin c nhn


144/169

Trong nm 2010, chnh ph i Loan ban hnhlut bo v thng tin c nhn N xc nh cc gii hn ca b su tp thng tin c

nhn, qu trnh v cch s dng.

Cc cng ty cn phi cung cp bng chng tch cc loi tr trch nhim.

Clause


145/169

There are many clauses to specify the usage ofpersonal information and the penalty of breakingthe law Everyone can apply for compensation top to twenty

thousand when personal information has been violated. When a crime occurs, companies need to provide the

evidence that they has been meet the requirement ofthe law.

iu khon


146/169

C rt nhiu iu khon xc nh vic s dngthng tin c nhn v cc hnh pht vi phm phplut Tt c mi ngi c th p dng cho u bi thng cho

hai mi ngn khi thng tin c nhn b vi phm. Khi mt ti c xy ra, cc cng ty cn phi cung cp bng

chng cho thy h c p ng yu cu ca phplut.

Company Risk


147/169

From the probability point of view Each company may lose the sensitive information.

Cloud company has lots personal information.

If company lost 1/20 data (e.g. Five thousand data) Fines would be up to one million NT dollars.

Also, company lose his corporate image.

riro cng ty


148/169

T quan im xc sut xem Mi cng ty c th mt thng tin nhy cm.

Cng ty in ton m my c rt nhiu thng tin cnhn.

Nu cng ty b mt 1/20 d liu (v d: Nm ngn dliu).

Tin pht s ln n mt triu la NT.

Ngoi ra, cng ty bmthnh nh cng ty ca mnh.

Traces


149/169

Companies are invested in the preservation ofevidence to avoid penalties of laws Companies try to keep traces and logs which records all

operations.

The record system must be stable and reliable But there are few guideline used for record system.

Company also need to modify all system to interact withrecord system.

It would be complex, massive and expansive.

duvt


150/169

Cc cng ty c u t trong vic bo qunchng c trnh hnh pht ca php lut Cc cng ty c gng gi du vt v cc bn ghi m ghi li

tt c cc hot ng..

Cc h thng h s phi c n nh v ng tincy Nhng c rt t hng dn s dng cho h thng h s.

Cng ty cng cn phi sa i tt c cc h thng tngtc vi h thng h s. N s l phctp, ln v mrng.

When Crime Occurred


151/169

The traces is the first solution used to identify theattribution of responsibility Traces must be clean and cannot be modified.

The method of keeping trace also need to be trusted.

But unlike the fingerprint or DNA, electronicevidences are easier to modify or fake Keeping the isolation between traces and system is

important.

Khitiphmxyra


152/169

Cc du vt l gii php u tin c s dng xc nh cc quyn hn ca trch nhim Du vt phi sch v khng th c sa i.

Cc phng php gi du vt cng cn phi c tin cy.

Nhng khng ging nh du vn tay hay DNA,chng c in t l d dng hn sa i hocgi mo

Gi cch ly gia cc duvtv hthng l rtquantrng.

In Cloud


153/169

In cloud computing Traces would growth into a massive and large size such

that finding the crime evidence is difficult.

The large size of traces means the difficult of keep

record stable and reliable. How to duplicate, isolate and manage the traces?

Replica and off-site backup.

Automation and systematization.

Reduce human intervention.

trong My


154/169

Trong in ton m my Du vt s pht trin thnh mt kch thc ln v ln

nh vy m vic tm kim cc bng chng ti phm lkh khn.

Kch thc ln ca cc du vt c ngha l kh khn gili n nh v ng tin cy.

Lm th no nhn bn, c lp v qun l cc duvt? Bn sao v sao lu off-site. T ng ha v h thng ha. Gim s can thip ca con ngi.


155/169

LAW AND PRIVACY


USA PATRIOT Act


156/169

LAW AND PRIVACY


USA PATRIOT Act

Outside the Law


157/169

In a special case, law may be outside the country One user in A country would be under the law of B

country.

Cloud provides service to anywhere on the world Server and user are usually located at the difference

country.

Have Foreign country the right to access the user data?

Bn ngoiLut


158/169

Trong trng hp c bit, php lut c th c bn ngoi t nc Mt ngi s dng trong mt quc gia s theo php lut

ca quc gia B.

in ton m my cung cp dch v cho bt cni no trn th gii My ch v ngi s dng thng c t ti cc quc

gia khc nhau.

C quc gia nc ngoi c quyn truy cp vo d liungi dng?

USA Patriot Act


159/169

One of the most important news in cloudcomputing is USA patriot act U.S. government has the right to access all of data in the

U.S. country.

Also, U.S. government has the right to access the datawhich is hosted by U.S. companies no matter what thedata at USA or at foreign country.

Microsoft and Google recognized to provide the

data to the U.S. intelligence The data are located on the server in Europe.

LutiqucHoa Kz


160/169

Mt trong nhng tin tc quan trng nht trongin ton m my l Hoa K hnh ng yu nc Chnh ph M c quyn truy cp vo tt c cc d liu

trong nc M.

Ngoi ra, chnh ph M c quyn truy cp d liu ct chc bi cc cng ty M khng c vn g cc dliu M hoc nc ngoi.

Microsoft v Google cng nhn cung cp cc d

liu cho tnh bo M Cc dliunm trn my ch chu u.

USA Patriot Act (contd)


161/169

U.S. Server Europe Server

User

U.S. Company

Data

Replicate or Remote backup

U.S. intelligence

Law enforcement

USA Patriot Act (contd)


162/169

U.S. Server Europe Server

User

U.S. Company

Data

Nhn rng hoc sao lu t xa

tnh bo M

thc thi php lut

Affect


163/169

Users mistrust the cloud service User data could be access without any permission.

User cannot keep secret in the internet.

Lots of important institution are limited to use thecloud service The sensitive data, important service and technique

cannot be hosted on the cloud companies.

If necessary, all data must be encrypted andindependent stores the key.

nhHng


164/169

Ngi dng khng tin tng cc dch v in tonm my D liu ngi dng c th truy cp m khng c s cho php.

Ngi s dng khng th gi b mt trong mng Internet.

Rt nhiu t chc quan trng c gii hn s dngdch v in ton m my Cc d liu nhy cm, dch v quan trng v k thut khng

th c lu tr trn cc cng ty in ton m my.

Nu cn thit, tt c cc d liu phi c lu tr c mha v c lp phm.

Summary


165/169

Cloud computing is the new industry The laws grow up slower than cloud computing service.

The old provision cannot meet the companies orcustomers requirement.

The new provision still not well-develop. Depending the properties of cloud

Cloud computing service cannot avoid the need toprovide cross-country service.

There may have some conflict between local laws andforeign laws.

Tm tt


166/169

in ton m my l ngnh cng nghip mi Php lut ln ln chm hn so vi dch v in ton

m my. Vic cung cp c khng th p ng cc cng ty hoc

khch hng yu cu. Quy nh mi vn khng pht trin tt.

Ty theo tnh cht ca in ton m my Dch v in ton m my khng c th trnh c s

cn thit phi cung cp dch v xuyn quc gia. C th c mt s mu thun gia lut php a phng

v php lut nc ngoi.

Summary (contd)


167/169

The privacy is the popular issue for cloud securityissue Cloud services is growing rapidly and around of our life.

Cloud vendors and companies own lots of customers

private information and data. The law is used to protect our right

When government needs to protect the most people, theprivacy of small number of people will be violated.

Who wants to be a small part of the victims?

Tm tt(tip theo)


168/169

S ring t l vn ph bin cho cc vn anninh in ton m my Dch v in ton m my ang pht trin nhanh

chng v xung quanh cuc sng ca chng ti. Cc nh cung cp in ton m my v cc cng ty s

hu rt nhiu khch hng thng tin c nhn v d liu.

Php lut c s dng bo v quyn cachng ti Khi chnh ph cn phi bo v hu ht mi ngi, s

ring t ca s t ngi s b vi phm. Ai mun tr thnh mt phn nh ca cc nn nhn?

Reference


169/169

Cloud Security Alliance (CSA)https://cloudsecurityalliance.org/

News http://www.zdnet.com.tw/news/software/0,20000856

78,20126532,00.htm http://www.informationsecurity.com.tw/article/article

_detail.aspx?tv=11&aid=6286

http://law.moj.gov.tw/LawClass/LawAll.aspx?PCode=I0

050021
https://cloudsecurityalliance.org/https://cloudsecurityalliance.org/http://www.zdnet.com.tw/news/software/0,2000085678,20126532,00.htmhttp://www.zdnet.com.tw/news/software/0,2000085678,20126532,00.htmhttp://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=6286http://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=6286http://law.moj.gov.tw/LawClass/LawAll.aspx?PCode=I0050021http://law.moj.gov.tw/LawClass/LawAll.aspx?PCode=I0050021http://law.moj.gov.tw/LawClass/LawAll.aspx?PCode=I0050021http://law.moj.gov.tw/LawClass/LawAll.aspx?PCode=I0050021http://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=6286http://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=6286http://www.zdnet.com.tw/news/software/0,2000085678,20126532,00.htmhttp://www.zdnet.com.tw/news/software/0,2000085678,20126532,00.htmhttps://cloudsecurityalliance.org/https://cloudsecurityalliance.org/

Documents

Lecture 13 - Cloud Issues and Challenges (Standard & Law)