Transaction Search Form: please type in any of the fields below.
Date: November 22, 2024 Fri
Time: 11:32 am
Time: 11:32 am
Results for cloud computing (australia)
2 results foundAuthor: Hutchings, Alice Title: Cloud Computing for Small Business: Criminal and security threats and prevention measures Summary: Compared with large organisations, small businesses operate in a distinct and highly resource-constrained operating and technical environment. Their proprietors are often time poor, have minimal bargaining power and have limited financial, technical, legal and personnel resources. It is therefore unsurprising that cloud computing and its promise of smoothing cash flows and dramatically reducing ICT overheads is attractive to small business. Cloud computing shifts the delivery and maintenance of software, databases and storage to the internet, transforming them into Pay-As-You-Go services accessed through a web browser. While providing many benefits, cloud computing also brings many risks for small business, including potential computer security and criminal, regulatory and civil liability issues. This paper, undertaken as a collaborative partnership with the ARC Centre of Excellence in Policing and Security at Griffith University, identifies these risks and offers a perspective on how they might be contained so that the benefits of cloud computing do not outweigh the risks for small businesses in the 21st century. Details: Canberra: Australian Institute of Criminology, 2013. 8p. Source: Internet Resource: Trends & Issues in criminal and Criminal Justice No. 456: Accessed May 29, 2013 at: http://www.aic.gov.au/publications/current%20series/tandi/441-460/tandi456.html Year: 2013 Country: Australia URL: http://www.aic.gov.au/publications/current%20series/tandi/441-460/tandi456.html Shelf Number: 128842 Keywords: Cloud Computing (Australia)Computer CrimesComputer SecurityFinancial Crimes |
Author: James, Lachlan Title: Final Report - Cloud Computing Threat Assessment for Small Business Summary: Small businesses are not simply scaled-down versions of big business. Compared with larger organisations, small businesses operate in a distinct and highly resource constrained operating and technical environment. They are time-poor, have minimal bargaining power, and limited or inconsistent financial, technical, legal and personnel resources. Above all, small businesses are typically focused on one thing: survival. It is therefore unsurprising that cloud computing—and its promise of smoothing cash flows and dramatically reducing IT overhead—is attractive to small business. Cloud computing shifts the delivery and maintenance of software, databases and storage to the internet, transforming them into Pay-As-You-Go (PAYG) services accessed through a small business user’s web-browser. Cloud computing often comes with zero upfront costs, and scales (up and down) with the demands of the small business. Cloud computing services demand minimal technical skills: they are easy to setup and require little if any maintenance. Accessed via a secure login, for the small business, cloud computing typically represents increased standards of security. However, along with the benefits, cloud computing also embodies many risks for small business, including potential computer security, criminal, regulatory and civil liability issues. Cloud computing—like other new information technologies— challenges the application and understanding of many pre-existing areas of law. Examples of key criminal, regulatory and legal threats for small business adopting cloud computing include: • Cloud Providers are the Target, But Small Business is the Victim – While cloud service providers themselves hold much greater appeal to cybercriminals, it is the cloud service provider’s small business tenants— experiencing disrupted services and hence disruption to their already fragile revenues—that are the real victims. Lacking policies, procedures and training relating to cyber and network security, small businesses are particularly vulnerable to having account details stolen, and their cloud services hijacked. • Ever Changing Sea of International, National & Local Regulation – Where personal information—including financial and credit details—is stored in the cloud, a routine international commercial transaction may require a small business to comply with a myriad of ever changing international, national and state-level regulations and industry-specific standards. • Practical Benefits of Cloud Computing Potentially Non-Compliant – Even some simple, practical benefits of using the cloud—such as storing MYOB files on a cloud storage service (such as DropBox)—may render the small business non-compliant. • Inequality of Bargaining Power: “Take It or Leave It” Service Agreements – With almost no bargaining power and faced with industry-wide boilerplate terms and conditions, small business has little choice but to accept one-sided cloud agreements on a “take it or leave it” basis, leaving vendors absolved of substantially all liability. • Service Credits Inconsistent with Potential Damage to Small Business – Despite the potentially devastating impact of even relatively short service outages, small business is typically left with “service credits” (based on a proportion of monthly subscription fees) as their “sole and exclusive remedy.” • Overseas Legal Jurisdiction & Choice-of-Law – With cloud service agreements frequently setting the legal jurisdiction and choice-of-law to the vendor’s overseas headquarters, even the most simple legal action immediately becomes prohibitively expensive for all but the most successful small business. • Unilateral Termination of Accounts & Data Loss – Cloud service providers, particularly in relation to free accounts, often reserve the right to unilaterally terminate accounts with or without notice, potentially devastating the small business. Absolved of substantially all liability, the cloud service provider leaves the aggrieved small business with no cause of action and no right to recover. Findings – Responding to the Criminal, Regulatory & Legal Threats Technical & Commercial Practices to Reduce Risks – The research has found that there are technical and commercial practices that can be implemented today by small businesses to reduce at least some of the security and commercial risks: • Policies & Training – Small businesses can provide computer security training to personnel, and institute simple policies setting out (for example) how computer resources should be used, how often passwords should be changed, access rights for staff, and how and when employees may bring in and use their own devices. • Industry Education – Industry bodies can provide education and training to small businesses about appropriate practices and regulatory requirements. • Cyber & Cloud Insurance – Existing cyber liability insurance holds out some limited hope of compensating for losses as a result of cybercrime. However, the best hope for broader coverage rests with contingent business interruption insurance adapted to the unique circumstances of cloud computing (“cloud insurance”) being developed by new entrepreneurial ventures such as CloudInsure. Opportunities for Legislative Intervention – The research also identified the likely need for legislative intervention. The near-term future of cloud computing shows signs of bifurcation into budget solutions (much like existing offerings) and premium services with increased security and regulatory compliance, and greater acceptance of liability. But without a change in relative bargaining power between the cloud service provider and small business, it is unclear if competitive forces alone will be sufficient to bring about quality premium services at a price affordable to cost-conscious small business. To encourage cloud service providers to deliver more attractive, secure and cost effective solutions, inequality of bargaining power between cloud service providers and small business clients will need to be addressed. In this respect, there is significant opportunity for judiciously applied legislative intervention. Opportunities for such carefully considered intervention include: a refined doctrine of unconscionability; possible introduction of legal principles broadly akin to “contracts of adhesion” in the United States; and new regulatory powers—possibly adapted from the Communications Alliance (formerly the Australian Communications Industry Forum, Industry Code for Consumer Contracts, ACIF C620:2005)—to police the cloud computing industry. Acting in concert, a combination of technical and commercial solutions—including improved cybersecurity practices, industry education programs, and new species of “cloud insurance”—together with legislative programs may serve to place small business on substantially the same footing as larger businesses, enabling them to fully capture the true benefits of cloud computing while enduring a more equitable share of the risks. Details: Canberra: Australian Institute of Criminology, 2012. 81p. Source: Internet Resource: Accessed July 19, 2013 at: http://www.aic.gov.au/media_library/publications/special/002/Cloud-Computing-DBCDE.pdf Year: 2012 Country: Australia URL: http://www.aic.gov.au/media_library/publications/special/002/Cloud-Computing-DBCDE.pdf Shelf Number: 129472 Keywords: Cloud Computing (Australia)Computer CrimesComputer SecurityCrimes Against BusinessFinancial Crimes |