The overall objective of The Cloud: Understanding the Security, Privacy and Trust Challenges study is to advise on policy and other interventions which should be considered in order to ensure that European users of cloud environments are offered appropriate protections, and to underpin a world-leading European cloud ecosystem. Cloud computing is increasingly subject to interest from policymakers and regulatory authorities. The European Commission's recent Digital Agenda highlighted a need to develop a pan-European 'cloud strategy' that will serve to support growth and jobs and build an innovation advantage for Europe. However, the concern is that currently a number of challenges and risks in respect of security, privacy and trust exist that may undermine the attainment of these broader policy objectives. Our approach has been to undertake an analysis of the technological, operational and legal intricacies of cloud computing, taking into consideration the European dimension and the interests and objectives of all stakeholders (citizens, individual users, companies, cloud service providers, regulatory bodies and relevant public authorities). We undertook literature and document review, interviews, case studies and held an expert workshop to identify, explore and validate these issues in more depth. The present paper represents the final consolidation of all inputs, suggestions and analyses and contains our recommendations for policy and other interventions.
Table of Contents
Definitions and drivers
Understanding the implications for security, privacy and trust
Security, privacy and trust challenges stemming from the technological underpinnings of cloud computing
Security, privacy and trust challenges inherent to the legal and regulatory aspects of cloud computing
Putting it all together: key risks and operational challenges
Solving the challenges: recommendations and actions