iBestuur: "Has the cloud made us safer?"
This article is from iBestuur.nl. (in Dutch)
The concept of cloud computing has been around for almost 30 years. This raises the question of whether the phenomenon has made the digital ecosystem on Earth safer or not. This is the central question of the research project MASCOT, which stands for 'Measuring Security in Cloud Outsourcing'.
According to researcher Dr. Abhishta Abhishta from the Industrial Engineering and Business Information Systems group (IEBIS) at the University of Twente, it is too early to provide an answer to the question. "We haven't lived in the Cloud era long enough to assess it retrospectively," he says. "However, I do think it is concerning if we completely abandon the idea that we should have some control over our own IT infrastructure."
"Security is still a commonly heard argument for transitioning to the cloud," says Abhishta. "Cloud service providers have the resources for security and specialized personnel. Additionally, they have a distributed infrastructure that allows them to provide continuity in case of outages and better fend off DDoS attacks. However, there are enough examples of disruptions at major cloud providers. Consider the 38 terabytes of data leaked from Microsoft's Azure. Additionally, a small number of dominant players in the cloud market should not make society overly dependent."
"You cannot outsource the responsibility for your own cybersecurity to your cloud provider. It may seem obvious, but in practice, it happens on a large scale," says Abhishta. "Large players using the cloud know what they are doing; they have Chief Information Security Officers (CISOs) for that purpose. However, consumers and small to medium-sized businesses do not think about this, or not enough."
The MASCOT project was triggered by the major DDoS attack in October 2016 on the DNS service provider Dyn, which left the US West Coast without internet for several hours. The project looks at how customers responded to that downtime.
The project investigates the security of cloud infrastructure from both a social science and computer science perspective. It is funded by NWO. The project team is led by Prof. Dr. Ir. Roland van Rijswijk-Deij and project leader Dr. Anna Sperotto, who oversee the technical aspect of the research. Dr. Abhishta and Prof. Dr. Ir. Bart Nieuwenhuis handle the business and management side. PhD candidate Etienne Kahn researches the 'dark cloud' or Geo-blocking. PhD student Yasir Haq examines the impact of cloud computing on security. Sousan Tarahomi (another PhD student but outside the project) investigates centralization and cloud security. The project partners include SURF, Logius, KPN, and NLnet Labs.
MASCOT is one of the projects in the Commit2Data research program, which encompasses more than 60 big data research projects across various application areas, including energy, logistics, and cybersecurity.
Gerelateerde items
Bekijk hieronder de calls gerelateerd aan het thema iBestuur: "Has the cloud made us safer?"
Cybersecurity - Digitale Veiligheid & Privacy
Dit financieringsinstrument biedt de mogelijkheid om binnen één project fundamenteel en praktijkgericht cybersecurity onderzoek uit te voeren. Voor de aanvraag wordt een consortium gevormd, waarin tenminste een erkende kennisinstelling en tenminste een niet academische private co-financier participeert.
MASCOT - MeAsuring Security in Cloud OuTsourcing
Over the past decade, the trend in both the public sector and industry has been to outsource ICT to the cloud. While cost savings are often used as a rationale for outsourcing, another argument that is frequently used is that the cloud improves security. The reasoning behind this is twofold. First, cloud service providers are typically thought to have skilled staff trained in good security practices. Second, cloud providers often have a vastly distributed, highly connected network infrastructure, making them more resilient in the face of outages and denial-of-service attacks. Yet many examples of cloud outages, often due to attacks, call into question whether outsourcing to the cloud does improve security.