iBestuur: "Has the cloud made us safer?"

This article is from iBestuur.nl. (in Dutch)

The concept of cloud computing has been around for almost 30 years. This raises the question of whether the phenomenon has made the digital ecosystem on Earth safer or not. This is the central question of the research project MASCOT, which stands for 'Measuring Security in Cloud Outsourcing'.

According to researcher Dr. Abhishta Abhishta from the Industrial Engineering and Business Information Systems group (IEBIS) at the University of Twente, it is too early to provide an answer to the question. "We haven't lived in the Cloud era long enough to assess it retrospectively," he says. "However, I do think it is concerning if we completely abandon the idea that we should have some control over our own IT infrastructure."

"Security is still a commonly heard argument for transitioning to the cloud," says Abhishta. "Cloud service providers have the resources for security and specialized personnel. Additionally, they have a distributed infrastructure that allows them to provide continuity in case of outages and better fend off DDoS attacks. However, there are enough examples of disruptions at major cloud providers. Consider the 38 terabytes of data leaked from Microsoft's Azure. Additionally, a small number of dominant players in the cloud market should not make society overly dependent."

"You cannot outsource the responsibility for your own cybersecurity to your cloud provider. It may seem obvious, but in practice, it happens on a large scale," says Abhishta. "Large players using the cloud know what they are doing; they have Chief Information Security Officers (CISOs) for that purpose. However, consumers and small to medium-sized businesses do not think about this, or not enough."

The MASCOT project was triggered by the major DDoS attack in October 2016 on the DNS service provider Dyn, which left the US West Coast without internet for several hours. The project looks at how customers responded to that downtime.

The project investigates the security of cloud infrastructure from both a social science and computer science perspective. It is funded by NWO. The project team is led by Prof. Dr. Ir. Roland van Rijswijk-Deij and project leader Dr. Anna Sperotto, who oversee the technical aspect of the research. Dr. Abhishta and Prof. Dr. Ir. Bart Nieuwenhuis handle the business and management side. PhD candidate Etienne Kahn researches the 'dark cloud' or Geo-blocking. PhD student Yasir Haq examines the impact of cloud computing on security. Sousan Tarahomi (another PhD student but outside the project) investigates centralization and cloud security. The project partners include SURF, Logius, KPN, and NLnet Labs.

MASCOT is one of the projects in the Commit2Data research program, which encompasses more than 60 big data research projects across various application areas, including energy, logistics, and cybersecurity.