Database Reference
In-Depth Information
19.4.1 D
etaChment
From
r
eality
A big limitation of existing research is the failure to look at reality. Many security
schemes impose unrealistic overheads (e.g., >35%). In practice, users are unlikely to
use such inefficient systems. Another issue facing current research efforts is the fail-
ure to consider economy—many security schemes would cause significant changes
to existing cloud infrastructures, which are not economically feasible. Finally, many
attacks are based on flawed or impractical threat models and simply do not make any
economic sense. For example, in most cases, a multibillion dollar cloud service pro-
vider has little incentive to act dishonestly, but many solutions are designed with a cloud
provider as the main adversary. Designing a realistic and practical threat model for
cloud computing, and Big Data is vital toward creating solutions to real-life problems.
19.4.2 r
egulatory
C
omPlianCe
While a lot of research has been conducted on many areas of cloud security involv-
ing data confidentiality, integrity, and privacy, very little research has been done
in the areas of regulatory compliance [9]. Sensitive data such as patient medical
records and business information are highly regulated through government regula-
tions worldwide. For example, in the United States, the Sarbanes-Oxley Act regu-
lates financial data while the Health Insurance Portability and Accountability Act
of 1996 regulates patient information. Such regulations require strict integrity and
confidentiality guarantees for sensitive information. Although extensive work has
been done for complying with these regulations for local storage systems, it is not
very clear whether any cloud based system complies with the regulations, given the
fundamental nature and architecture of clouds.
19.4.3 l
legal
i
ssues
Another murky legal issue is that of jurisdiction: in many cases, clouds span the
whole world. For example, Amazon's clouds are located in North and South America,
Europe, and Asia. It is not very clear whether a client's data is subject to, say, the
European Union regulations if the subject is based in the United States, but his data
is replicated in one of Amazon's data centers located in, say, Europe. The legal foun-
dations for forensic investigations as well as other cybercrime prosecution involving
a cloud are yet to be decided.
19.5 CONCLUSION
Cloud computing and Big Data represent the massive changes occurring in our data
processing and computational infrastructures. With the significant benefits in terms of
greater flexibility, performance, scalability, clouds are here to stay. Similarly, advances
in Big Data-processing technology will reap numerous benefits. However, as many of
our everyday computing services move to the cloud, we do need to ensure that the data
and computation will be secure and trustworthy. In this chapter, we have outlined the
major research questions and challenges in cloud and big security and privacy.
Search WWH ::
Custom Search