Security, privacy & trust module
Large amounts of business-critical data are transferred, processed and stored in Cloud services, raising new security, privacy and trust concerns. Examples of Cloud-specific security threats are abuse and nefarious use the Cloud, insecure interfaces, malicious insiders, shared technology issues, amplified concerns of data loss and leakage, the wider impact of account or service hijacking and the unknown risk profile of many Cloud services. Adequate security management of Cloud services and the information stored in them is vital to the success of business, both from service providers and users perspective. Before making decisions on entering data in a Cloud service, it is essential to be able to identify sensitive data and analyse the business criticality and legal constraints. Furthermore, continuous operational security assurance of the Cloud service is needed in management of business-critical information.
VTT’s security and business experts offer cross-disciplinary risk-based and compliance-based expert support and concrete recommendations for secure and trustworthy management of business-critical information in the Cloud and long-term business continuity planning from security, privacy and trust perspective.
The following tasks are recommended:
- Threat and Vulnerability Analysis
- Security Assurance Planning and Processing
- Business Continuity Planning