Tuesday, April 30, 2013

Featured Paper: Cloud Computing Security and Privacy

Cloud computing has been viewed by many as the next inevitable step towards a more efficient system for information management and storage. However, as our dependence on cloud computing continues to grow, many have started to examine the privacy, security, and legal ramifications that such a system creates. The Center for Applied Cybersecurity Research (CACR), located at Indiana University, has recently released a new white paper, Cloud Computing Security and Privacy, that examines the privacy and security risks associated with cloud dependence, as well as what should be done to create more secure and sustainable cloud-computing systems. The white paper was authored by Drew Simshaw, former information security fellow at CACR and current project manager and policy analyst with the Center for Law, Ethics, and Applied Research (CLEAR) in Health Information. I highly recommend taking a look at this white paper if you at all involved in cloud computing. The abstract appears below:

As the world’s data increase at unfathomable rates, individuals and organizations are seeking more convenient and cost effective ways to store and manage it. Many are turning to the cloud, recognizing its benefits, but failing to understand how it actually works. To confirm that cloud computing is no longer a fringe IT issue, one need look no further than President Obama’s re-election campaign, which was successful thanks in no small part to its utilization of Amazon’s cloud platform for a massive voter database. As cloud computing use continues to increase, security and privacy issues, as evidenced by recent events, should be considered so individuals and organizations can decide how best to store and manage their data. Although these events shed some light on measures that can be taken to reduce risk, they also demonstrate that bigger thinking is needed when it comes to improving security and privacy in the cloud. Therefore, as opportunity in the cloud expands and the stakes continue to rise, individuals, organizations, and cloud service providers must bear in mind the following security and privacy issues:
  • Creating a Bigger Target for Hackers
  • Government Access to Data in the Cloud
  • Data Access and Control in the Cloud
  • Cloud Service Outages and Human Error
  • Authentication
  • Encryption

In addition to being a guest author at Cybercrime Review, Andrew Proia is a research assistant to Professor Fred Cate, Director of the Center for Applied Cybersecurity Research. Andrew is also set to become a CACR Post-Doctoral fellow in information security law & policy later this year. All opinions expressed by the author are solely in his individual capacity.


  1. Cloud security continues to improve, but it is still a legitimate concern. Cloud storage users need to do what they can to maximize cloud performance, including monitoring the applications that are in the cloud.