Is the current clouding service sufficient

Cloud computing

  • Violation of the confidentiality and integrity of the data
    It is no longer easy for the data owner to localize the data in a public or hybrid cloud. Therefore, the protection of the data on the infrastructure, platform and application level can often no longer be guaranteed by conventional means. Adequate access control is difficult to implement, especially for sensitive data. The infrastructure of the cloud itself can also be attacked or misused.

  • Deletion of data
    In many cases, data must be deleted (e.g. due to legal regulations). Here, too, there is the risk of insufficient or incomplete deletion on all platforms and databases of the cloud, since the localization of the data is difficult. Even after the job has ended, the processed data and all intermediate results must be deleted in the public cloud.

  • Insufficient tenant separation
    If the client separation is not adequately secured, there is a risk that third parties can view or manipulate data without authorization. This risk is increased in a public cloud because virtualization and grid computing do not physically separate the data from different clients.

  • Violation of compliance
    Since data in a public cloud can in principle be processed in all countries of the world in their specific legal systems, the fulfillment of all legal requirements is an essential task when using public cloud services.

  • Violation of data protection laws
    It is not clear from the outset in which countries, data centers, on which servers and with which software the data will be stored and processed. The data flows are also unknown. There is a risk of violating data protection regulations.

  • Insolvency of the provider
    The insolvency of a provider usually does not mean the bankruptcy of all data centers that the provider has used. Data centers will also be sold to other providers in the event of bankruptcy. In all of these cases there is a risk that data is not protected against unauthorized access.

  • Subcontractor problem
    Another problem is the transfer of orders to subcontractors. The provider will often oblige subcontractors for certain services. In a public cloud, this complexity often remains hidden from the user (and should remain hidden according to the philosophy of cloud computing). Data can then reside on an unknown subcontractor's computing resources anywhere in the world.

  • Confiscation of hardware
    Hardware can be confiscated in any country in which the provider uses computing resources. Most of the client's data will be on seized servers. Log data on servers and routers can enable conclusions to be drawn about the business activity of the customer even if no other business data is available.

  • Resource trading becomes conceivable It is also conceivable that providers build up trading with their resources among one another and thus implement a "resource exchange" as indicated in Figure 2. Resources are offered at a certain price on this exchange. In performance peaks, the price per CPU hour would be traded higher on the stock exchange. It is still completely unclear what consequences this can have for the security of the data.

  • Blackmail attempts
    The risk of blackmail attempts increases, as the group of people with administrative tasks for resources in the public cloud is unmanageably large. The staff deployed generally have different levels of training and safety awareness. The motivation levels of employees in many countries are also not calculable.