View
257
Download
3
Category
Preview:
Citation preview
Cloud ComputingGroup 1
991601 王語瑄 991630 張毓珊 991602 譚學勇 991638 馬美莊 991603 李瑞哲 991639 楊琇婷 991625 陳奕潔 991650 張耀宗 991627 高君毅 991651 蔡宇翔
Question (a)
Describe its possible definitions
000101101010111101011010101110000101010010101110010010010000100001110101101010010
991651 蔡宇翔
Definition
Basically, cloud computing is to deal with a large amount of
data and share IT infrastructure. The number of computers
links together in a large database to provide IT application
cloud services, cloud computing is to emphasize the spirit of
service, and to provide in accordance with the needs of users
customized services.
Reference[1-1]
What is Cloud Computing ?
Reference [1-2]
Definition
In fact, the so-called cloud computing is the network.
The name came from an engineer who usually used a
cloud to represent the meaning of Internet.
To make it easier, the cloud allows different computers
on the network at the same time help us to do one
thing, and greatly improve processing speed.
Reference[1-3]
History Chart
Reference[2-1]
Introduction
1. Centralized computing
It is to use only one computer to handle all of the
operation, if the operation is more heavy, the more
advanced computer we must have.
2. Distributed computing
It allows different computers to assist you in
processing operations at the same time. Once there
are more than two computers that help you deal the
work, it is a basic distributed computing. Reference [2-2]
Introduction
3. SAAS(Software as a service)
SAAS is not only a new type of service model that
provides business applications software through the
Internet, but also a service model that stores software
and data in the provider-side.
4. Grid computing
Grid computing virtually gathers multiple computers that
the owners of these computers are from all sides, linking
with the Internet, and allows users to share computing
power.
Reference [2-2]
Comparsion between grid and cloud
There are some aspects in common.
Both of them adopt the concept of
“serving the public.“ The grid tends to
offer free services, while the cloud
adopts the "just pay how much you use"
concept.
Reference [2-3]
000101101010111101011010101110000101010010101110010010010000100001110101101010010
991601 王語瑄
Question (b)
Provide its possible architectures
and designs
• Architecture – Deployment Models
4 Kinds of Deployment Models of Cloud Computing
NIST (National Institute of Standards and Technology) defines four kinds of deployment models of cloud computing :
• Public Cloud• Private Cloud• Community Cloud• Hybrid Cloud
Reference [3],[4-2]
Deployment Model - Public Cloud
What is Public Cloud?
• “The cloud infrastructure is provisioned for open
use by the general public.”
• “It may be owned, managed and operated by a
business, academic, or government organization,
or some combination of them.”
• “It exists on the premises of the cloud provider.”Reference [3],[4-1]
Deployment Model - Public Cloud
• Merits
– Low cost (or Free)
– Easy to access
– Flexibility and elasticity
– Users only need to take time and some electric bill cost
• Demerit
– Security Concerns
Reference [5-1]
Deployment Model - Examples of Public Cloud
• Amazon Web Services (AWS)
• Google App Engine (GAE)
• Windows Azure
Reference [5-1]
Deployment Model - Private Cloud
What is Private Cloud?
• “The cloud infrastructure is provisioned for exclusive use by
a single organization comprising multiple consumers. (e.g.,
business units)”
• “It may be owned, managed, and operated by the
organization, a third party, or some combination of them.”
• “It may exist on or off premises.”
Reference [3],[4-1]
Deployment Model - Private Cloud
• Merits
– Adopt virtualization
– Save the budget of IT investment
– Environment protection & energy conservation
– Realize the centralized management of software and hardware
– Downsize staff
– Opportunities of partial open to private cloud
• Demerits
– The enterprise still need to take huge amount of cost to build the
hardware environment
– Relative to public cloud, private cloud is inflexibility Reference [5-1]
Deployment Model - Examples of Private Cloud
• IBM Blue Cloud
• Microsoft Mcloud
Reference [5-1]
Deployment Model -Community Cloud
What is Community Cloud?
• “The cloud infrastructure is provisioned for exclusive use by a
specific community of consumers from organizations that have
shared concerns.(e.g., mission, security requirements, policy, and
compliance considerations)”
• “It may be owned, managed, and operated by one or more of the
organizations in the community, a third party, or some
combination of them.”
• “It may exist on or off premises.”
Reference [3],[4-1]
Deployment Model -Community Cloud
• Merits– Multi-tenancy billing
– Maintain high standards of privacy
– Services can be provided by participative organizations
or third party managers
• Demerit– Broad adoption has been slow
Reference [5-1],[5-2]
Deployment Model - Hybrid Cloud
What is Hybrid Cloud?
• “The cloud infrastructure is a composition of two or more
distinct cloud infrastructures. (public, private, or
community)”
• “Remain unique entities, but are bound together by
standardized or proprietary technology that enables data
and application portability.(e.g., cloud bursting for load
balancing between clouds)”
Reference [3],[4-1]
Deployment Model - Hybrid Cloud• Merits
– Reduce the cost– Reduce energy consumption – Downsize IT staff– Can help companies utilize internal and external IT
resources • Demerits
– Dependency over internal IT infrastructure– Complex SLAs(Service Level Agreement): “You need to have
detailed SLAs drawn for both your private and public cloud providers to ensure that they can meet your expectations. At the same time you also need to have a realistic approach towards distribution of workload. Look for potential integration issues that can disrupt services.”
– Complex networking– Data Protection: “Compliance is a difficult parameter to
achieve in hybrid configuration.”Reference [5-1],[5-3]
Question (b)
Provide its possible architectures and designs
000101101010111101011010101110000101010010101110010010010000100001110101101010010
991625 陳奕潔
• Architecture – Service Models
Service Modes
• Three common service modes :
•Infrastructure as a ServiceIaaS•Platform as a ServicePaaS•Software as a ServiceSaaS
Reference [6]
Service ModesWhat is IaaS?
• Infrastructure as a Service.
- Users hire processors, storage capacity, network,
and other basic computing resources through the
cloud service providers.
- No need to purchase hardware and build basic
facility.
Reference [6]
• Saving hardware purchase costs and set-up costs.
• Do not need to worry about hardware upgrades
and maintenance issues.
• Charges based on volume of use.
• Free to deploy and run the software.
Service ModesIaaS - Feature
Reference [6],[8],[9]
• A laboratory provide student a server to run
programs.
– Usually running smoothly.
– Server is busy because of the heavy workload.
Buy a new server ?
Rent a Virtual Server ?
Service ModesIaaS – Example
Reference [7]
Service ModesWhat is PaaS?
• Platform as a Service.
– Users use the supported platforms, tools and
programming languages to develop and test
software.
– Vendors will be responsible for the execution of
the program on the platform.
Reference [6]
Service Modes PaaS – Example
Server
workload
Computing and storage resources
Traffic Management
Reference [7]
Service ModesPaaS – Feature
• Application deployment easier.
• Reduce hardware and software procurement
and management costs.
• Save manpower, material and time costs.
• Suppliers must ensure the availability and
stability of the platform.
• Charges based on volume of use.
Reference [6],[8],[9]
Service Modes What is SaaS?
• Software as a Service.
– SaaS providers deploy applications on their own
servers.
– Only need to connect to the Internet, users can
use these cloud softwares.
Reference [6]
Service Modes SaaS – Feature
• Lease rather than buy.
• Decrease cost.
• Curb pirate version of software.
• Facilitate software deployment and upgrades.
• Provides a set of username and password.
• Anytime, anywhere access to services.
Reference [6],[8],[9]
Service Modes SaaS – Example
Reference [9]
Question (c)
Its possible strengths, weaknesses, opportunities and threats
000101101010111101011010101110000101010010101110010010010000100001110101101010010
991650 張耀宗
• Strength
• Weakness
SWOT AnalysisStrengths
1. Hardware manufacturing technology – Taiwan is currently the server hardware and mobile
devices foundry producing countries. Hardware manufacturing technology is mature, with a cloud data center servers, storage, network hardware equipment manufacturing and maintenance of their own capabilities.
2. Enough resources – Taiwan's large enterprises generally complete intranet
related equipment and architecture. With the hardware manufacturing technology is mature, We have enough resources to import the new cloud system.
Reference [10]
SWOT AnalysisStrengths
3. Government program– Government promoted large-type network
communications program, establishing an information society and information and development capabilities, making information infrastructure, information comprehensive, Taiwan suitable as experimental and innovative cloud services base.
4. Location– Taiwan is located in Southeast Asia and
Mainland China's network of external connection through the center location, and the infrastructure set up almost covers the entire network, Internet penetration is high. Reference [10]
SWOT AnalysisWeakness
1. Experience– Taiwan is currently the server hardware and mobile
devices foundry producing countries, not only lack of large-scale software development system software development technology and talent, but also the lack of large-scale system software product development plans and management experience.
2. Money– Cloud computing needs to invest large amounts of
money , equipment and human, for a long time.– So that , Taiwan's general business is not easy to get
into the cloud services market alone. Reference [11]
SWOT AnalysisWeakness
3. Key of cloud technologies – The key of cloud technologies is currently
dominated by foreign manufacturers, Taiwanese manufacturers inadequate technology and scale, visibility is not as Europe, America, Japan and other manufacturers.
4. Started late– Cloud computing technology research and
development started late, is not easy to catch up with others countries.
Reference [11]
SWOT Analysis Weakness
5. The market is small‒ Taiwan’s domestic market is insufficient to
support large service platform, enterprise demand is not clear yet, the cost is high, the market is small, It's hard to reach market size, potential users and software vendors to maintain industry sidelines.
Reference [11]
Question (c)
Its possible strengths, weaknesses, opportunities and threats
000101101010111101011010101110000101010010101110010010010000100001110101101010010
991627 高君毅
• Opportunity
• Threat
SWOT AnalysisOpportunity
1. Develop high quality data center in Taiwan– Taiwan is the biggest production base of
component for cloud data center.
– If we can pick up the skills of the framework of cloud system , the management software of large scale system, the computing system of data center , ect , we'll hold the superiority of cost in the market of data center.
– People can invest the resources and develop reasonable price and high quality data center in Taiwan.
Reference [12]
SWOT AnalysisOpportunity
2. Advance additional value of terminal device – Base on the superiority of manufacturing terminal
device and the knowledge of service in information industry of Taiwan, to imitate the successful model of markets in application software and to push forward the software with the hardware.
– Import the innovate application software with small and medium-sized software enterprises, it can advance the additional value of manufacturing terminal device in Taiwan
– and push forward the development of software industry. Reference [12]
SWOT AnalysisOpportunity
3. Establish the cloud computing center– In addition to two of the above, Networked
Communications Program and Industrial Technology Research Institute establish the cloud computing center.
– Hardware companies transform the service strategy into service industry development such as Foxconn and ASUS and the technique of cloud computing has been putting emphasis with IT industry.
Reference [12]
SWOT AnalysisOpportunity
4. Introduce B2B cloud and SaaS
– The cooperation with both sides of the Taiwan
straits broaden the market of cloud computing.
Companies in Taiwan can develop the solution
for value chain and assist small and medium-
sized enterprises in both sides of the Taiwan
straits to introduce B2B cloud and SaaS.
Reference [12]
SWOT AnalysisThreat
1. Standard of technique– Big companies in the world control the standard of
technique and bash on competitor by strategic alliance and patent litigation.
– If the companies in Taiwan can't unite with each other to integrate the resources, it's difficult to compete with big companies in the world.
2. Companies in China develop cloud computing– The companies in China has been developing cloud
computing, cooperating with big companies in the world such as IBM and establish the cloud computing center.
Reference [13]
SWOT AnalysisThreat
3. Easy to introduce cloud computing – The companies in China strengthen their ability of
integrating system.– Their telecommunication and Internet operators are
experienced with large scale maintenance services. It's easy to introduce cloud computing in the future.
4. Manufacture cloud data center – The companies in Taiwan don't have the ability to
manufacture cloud data center by their self. The data will be controlled by big companies in the world and they will drive straight in to domestic demand market.
– The information industry will decline in Taiwan.Reference [13]
Question (d) Explain its possible applications in various IT related areas and their possible vendors
000101101010111101011010101110000101010010101110010010010000100001110101101010010
991630 張毓珊
• Google App Engine
• Amazon Web Services
• Salesforce.com
Case 1: Google App Engine
• PaaS• Concept : Give me a nice API and take
care of the implementation• “Google App Engine lets you run web
applications on Google's infrastructure.”• App Engine applications are easy to
build, easy to maintain, and easy to scale as your traffic and data storage needs grow.
Reference [14]
Case 1: Google App Engine• Provide :
– 500MB of storage– up to 5 million page views a month– 10 applications per developer account
• Services :– URL Fetch & Mail “Applications can access resources on the Internet, such as web
services or other data, and send email messages using App Engine's mail service.”
– Memcache “a high-performance, distributed memory object caching system,
primarily intended for fast access to cached results of datastore queries.”
– Google accounts App Engine supports integrating an app with Google Accounts for user
authentication.
Reference [14]
Case 1: Google App Engine• Limit :
– Language : Python 、 Java “You can develop your application for the Java runtime
environment using common Java web development tools and API standards or using the Python programming language, and run it on an optimized Python interpreter.”
• Signature Features :– No assembly required– It's easy to scale– It's free to get started
• Google offers the same reliability, availability and scalability at par with Google’s own applications
Reference [14]
Case 2: Amazon Web Services• IaaS • Concept : Paying for What You Use• “Amazon Web Services offers a
complete set of infrastructure and application services that enable you to run virtually everything in the cloud”
Reference [15]
Case 2: Amazon Web Services• Replace upfront infrastructure investment
with low monthly costs– “Building on-premises infrastructure can be
slow and expensive. There is expensive hardware that needs to be ordered, paid for, installed and configured - and all of this needs to happen long before you actually need it. With Cloud Computing, you don’t have to spend time on these activities; instead you just pay for the resources you consume on a variable basis.”
Reference [15]
“We avoided significant costs including $800,000 in CapEx costs and $5,000 - $8,000 per month in OpEx costs.”
• Elastic Compute Cloud (EC2)– “Web service that provides resizable
compute capacity in the cloud.”– Rent computing resources by the hour– Additional costs for bandwidth
• Simple Storage Service (S3)– “Highly-scalable, reliable, and low-latency
data storage.”– Charge by the GB/month– Additional costs for bandwidth
Case 2: Amazon Web Services
Reference [15]
Case 2: Amazon EC2• “Have the choice of multiple instance types,
operating systems and software packages. “– EC2 allows you to select a configuration of
memory, CPU, instance storage, and the boot partition size that is optimal for your choice of operating system and application. For example, your choice of operating systems (instances) includes numerous Linux distributions, and Microsoft Windows Server.
Reference [15]
Case 2: Amazon EC2• “Amazon EC2 reduces the time required,
allowing you to quickly scale capacity, both up and down, as your computing requirements change. “
• Elastic : user can create, launch, and terminate server instances as needed, paying by the hour for active servers
Reference [15]
Case 3: Salesforce.com• SaaS • Concept : Just run it for me• “Salesforce.com is a global enterprise
software company. The best known is it’s customer relationship management (CRM) product”
• World’s Most Innovative Company in 2011 and 2012
Reference [17]
Case 3: Salesforce.com• Charges :
– $65 per month per user license
• Signature Features :– Multitenancy “the fundamental technology that clouds use
to share IT resources cost-efficiently and securely.”
– 100% cloud computing– Mobility– Community
Reference [18]
Case 3: Salesforce.com• Upgrades :
– releases three new upgrades each year
based on customer feedback
• Sustainability
Reference [16]
Case 3: Salesforce.comWhy Salesforce CRM ?
Low cost - No longer need to install software or hardware
Build application more fast - Only need to spend about half the cost of
traditional software platforms, it can use 5 times faster speed construction applications than traditional software platforms.
Reference [16]
Ability to support cross-border- Support for multiple languages, multiple time
zones, multi-currency
World-class security Mechanism- In Salesforce trust Web site to access
completely open and transparent approach to security and system status.
Case 3: Salesforce.comWhy Salesforce CRM ?
Reference [16]
Question (d) Explain its possible applications in various IT related areas and their possible vendors
000101101010111101011010101110000101010010101110010010010000100001110101101010010
991639 楊琇婷
• PC-cillin Internet Security
• Taiwan Mobile Cloud Data Center
Case 4: PC-cillin Internet Security
• Previous - Traditional Antivirus
– Virus pattern files saved on the client
→ delay time
→ security vulnerability
Malware appears
Malware discovered
Pattern file available
User downloads pattern file
Reference [20]
Case 4: PC-cillin Internet Security
• Nowadays - Cloud Antivirus
– Virus pattern files saved on the cloud
Reference [19]
Case 4: PC-cillin Internet Security
• Benefit Reduce the resource consumption of the client
• Save memory usage
• Shorten the scan time
• Speed up the boot
Immediate access to protection
Reference [19]
Case 5: Taiwan MobileThe Green Cloud Data Center
Taiwan Mobile built the first high specification
green cloud IDC in Neihu District, Taipei. It provide
a secure and stable virtual computing environment.
So that enterprises do not need to build their own
data center or buy server appliance, they can install
or deploy software or application projects online,
rapid completion of system provisioning and
migration.
Reference [21][22]
Case 5: Taiwan MobileThe Green Cloud Data Center
• Service :
Reference [23]
Question (e) provide a cost and benefit evaluation for any of the cloud applications listed in (d)
000101101010111101011010101110000101010010101110010010010000100001110101101010010
991639 楊琇婷
• Taiwan Mobile Cloud Data Center
Evaluation of costs and benefits(Take case 5 for example)
• Cost– Spend NT$5 billion building– Purchase Network and hardware equipment– Hire IT staff, engineers– Maintenance, repair equipment
• Benefit– Estimated 2014 production will reach NT$13.3 billion– More efficient allocation of resources– Promote enterprise development: enterprises can focus
on the development of their industry– Reduce environmental pollution
Reference [21][22]
Comparison Between Cloud Computing and Traditional IT
000101101010111101011010101110000101010010101110010010010000100001110101101010010
991638 馬美莊
Comparison of Traditional and Cloud CRM
Reference [24]
Comparison of traditional and cloud POS
• What’s POS ?
POS= Point of Sale
One kind of information system used to record
the retail industry sales information.
Reference [25]
From a structural comparison with the cost side
Reference [25]
Reference [25]
Function from the service side comparison
• Service object Customization v.s. Modular “Traditional POS required by different
industries, the development of different system services, and provide customized services.”
“Cloud POS only according to different industries, providing modular services, unable to provide customized services.”
Reference [25]
• Copyright and Services Purchase v.s. Hire “Copyright traditional POS once
purchased, update or require the purchase of different modules to be charged separately.”
“Cloud POS Copyright hire, duration of the contract to pay, but also according to the actual needs of any additions required modules, and if it updates the system will automatically update at no extra cost.”
Function from the service side comparison
Reference [25]
• Interface and importHighly functional v.s. Simplistic, humane “Traditional POS operator interface is designed for users to make change in demand, so the function is strong, but often need someone to help import.” “POS in the cloud-based online service, it seeks to simplify operation and humane. Also offer online video job description to help users successfully imported, and diversified data input.”
Function from the service side comparison
Reference [25]
• Data reads and mobile applications
One-dimensional bar code v.s. One-dimensional, two-
dimensional bar code (can be used with mobile devices)
“Identification of a traditional POS-dimensional bar code-based,
does not work with mobile devices such as smart phones, iPad,
iPod, tablet PCs and other mobile devices operate; need extra
charge if required.”
“Cloud POS can read 1D and 2D bar codes, and can be used with
mobile devices”
Function from the service side comparison
Reference [25]
• Data storage and management Responsible v.s. Trusteeship
“ The user's responsibility to traditional POS data
storage responsibility rests with the user data
corruption or expand managed.”
“POS data mining cloud cloud hosting system, a
professional backup and security mechanisms, do
not worry about data corruption or hacking and
other issues.”
Function from the service side comparison
Reference [25]
Cloud Security
000101101010111101011010101110000101010010101110010010010000100001110101101010010
991603 李瑞哲
• Infrastructure Security
• Data Storage Security
Infrastructure Security: The Network Level
• Ensuring Data Confidentiality and Integrity
– Use of HTTPS (instead of HTTP) would have mitigated
the integrity risk
• Ensuring Proper Access Control
– “Cloud providers do not sufficiently “age” IP addresses
when they are no longer needed for one customer.
Addresses are usually reassigned and reused by other
customers as they become available.”Reference [26]
• Ensuring the Availability of Internet-Facing Resources– BGP† prefix hijacking– The event of YouTube
• Network-Level Mitigation– Reduce your confidentiality risks by using encryption
Infrastructure Security: The Network Level
Preventive controls
“Network access control supplied by provider, encryption of data in transit “
Detective controls
“Provider-managed aggregation of security event logs, network-based intrusion detection system, intrusion prevention system “
Reference [26]
• DoS
– “Application-level DoS attacks could manifest
themselves as high-volume web page reloads, or
protocol-specific requests supported by a cloud
service”
– DoS attacks on pay-as-you-go cloud applications will
result in a dramatic increase in your cloud utility bill.
This type of attack is also being characterized as
economic denial of sustainability (EDoS).
Infrastructure Security: The Application Level
Reference [26]
• SaaS Application Security
– SaaS providers are largely responsible for
securing the applications and components they
offer to customers. Customers are usually
responsible for operational security functions.
Infrastructure Security: The Application Level
Preventive controls
“Identity management, access control assessment, browser hardened with latest patches”
Detective controls
“Login history and available reports from SaaS vendors”
Reference [26]
• PaaS Application Security
– Since PaaS applications may use third-party applications,
components, or web services, the third-party application
provider may be responsible for securing their services
Infrastructure Security: The Application Level
Preventive controls
“User authentication, account management, browser hardened with latest patches, endpoint security measures including antivirus and IPS”
Detective controls
“Application vulnerability scanning”
Reference [26]
• IaaS Application Security
– Customers of IaaS clouds are responsible for all
aspects of their application security and should take
the steps necessary to protect their application
Infrastructure Security: The Application Level
Preventive controls
“Least-privileged configuration, timely patching of application, user authentication, access control, account management, browser hardened with latest patches, antivirus, host firewall”
Detective controls
“Logging, event correlation, application vulnerability scanning and monitoring”
Reference [26]
Data Security and Storage : Storage
• Confidentiality
– Individuals or groups of data can't be obtained by
outsiders
– Asymmetric encryption
Reference [28]
• Integrity
– “Refers to the transmission, storage,
information or data in the process, to ensure
that the information or data from
unauthorized tampering or tampered can be
quickly found”
– Message Authentication codes (MACs)
• Adding Cipher Block Chaining (CBC)
• Adding One-Way Hash
Data Security and Storage : Storage
Reference [27]
• Availability
– “That can be accessed at any time and obtain
information”
– “A number of high-profile cloud provider
outages have occurred”
– “Prospective cloud storage customers must be
certain to ascertain just what services their
provider is actually offering”
Data Security and Storage : Storage
Reference [26]
Cloud Security
000101101010111101011010101110000101010010101110010010010000100001110101101010010
991602 譚學勇
• Identity and Access Management (IAM)
• Privacy Concerns
Identity and Access Management (IAM)
• Why IAM?– Improve operational efficiency– Regulatory compliance management
• IAM Challenges– Users whose roles often change for
business reasons– Access policies for information are
seldom centrally and consistently applied
Reference [26]
IAM Definitions• Authentication
– “Authentication is the process of verifying the identity of a user or system.”
• Authorization– “Authorization is the process of determining the privileges
the user or system is entitled to once the identity is established.”
• Auditing– “Auditing entails the process of review and examination of
authentication, authorization records, and activities to determine the adequacy of IAM system controls, to verify compliance with established security policies and procedures, to detect breaches in security services, and to recommend any changes that are indicated for countermeasures.” Reference [26]
What are the key privacy concerns in the cloud?
• Access
– Data subjects have a right to know what personal information is held and can make a request to stop processing it. ”
• Compliance
– Data may be stored in multiple countries. What is the relevant jurisdiction that governs an entity’s data in the cloud and how is it determined?
• Storage– Privacy laws in various countries place limitations on transfer
some types of personal information to other countries.
– When the data is stored in the cloud, such a transfer may occur without the knowledge of the organization, resulting in a potential violation of the local law.
Reference [26]
What are the key privacy concerns in the cloud?
• Retention– How long is personal information retained? Which
retention policy governs the data?• Destruction
– Did the CSP really destroy the data, or just make it inaccessible to the organization?
• Audit and monitoring– How can organizations monitor their CSP that privacy
requirements are met?• Privacy breaches
– How do you know that a breach has occurred, how do you ensure that the CSP notifies you when a breach occurs, and who is responsible for managing the breach notification process?
Reference [26]
Changes to Privacy Risk Management and Compliance in Relation to Cloud Computing
• Collection Limitation Principle– “collection of personal data should be limited to the
minimum amount of data required for the purpose for which it is collected.”
• Use Limitation Principle– “personal data should not be disclosed, made available,
or otherwise used for purposes other than those with the consent of the data subject, or by the authority of law.”
• Security Principle– “Personal data should be protected by reasonable
security safeguards against such risks as loss or unauthorized access, destruction, use, modification, or disclosure of data.”
Reference [26]
• Retention and Destruction Principle– “personal data should not be retained for longer than
needed to perform the task for which it was collected, or as required by laws or regulations.”
– “Data should be destroyed in a secure way at the end of the retention period.”
• Transfer Principle– “data should not be transferred to countries that don’t
provide the same level of privacy protection as the organization that collected the information.”
• Accountability Principle– “an organization is responsible for personal information
under its control and should designate an individual or individuals who are accountable for the organization’s compliance with the remaining principles.”
Changes to Privacy Risk Management and Compliance in Relation to Cloud Computing
Reference [26]
Reference
1-1 http://www.cc.ntu.edu.tw/chinese/epaper/0008/20090320_8008.htm1-2 http://www.google.com/search?q=%E9%9B%B2%E7%AB%AF%E4%B8%89%E5%B1%A4&source=lnms&tbm=isch&sa=X&ei=lX_BUcP2HcfkkgXNuYCwBA&ved=0CAkQ_AUoAQ&biw=1304&bih=707#facrc=_&imgrc=mwU-nrNGUvJFLM%3A%3BKNE_x-Rxk-VhgM%3Bhttp%253A%252F%252Figt.dxhs.tyc.edu.tw%252Fsystem%252Fuploads%252F599d2b62d98d865ba23064006f0fdc7c4267debe.png%3Bhttp%253A%252F%252Figt.dxhs.tyc.edu.tw%252Fsections%252F553%252Fpages%252F1405%253Flocale%253Dzh_tw%3B300%3B272
1-3 http://tw.myblog.yahoo.com/johand920/article?mid=61&next=60&l=f&fid=1
Reference
2-1 http://www.google.com/search?biw=1304&bih=707&tbm=isch&sa=1&q=cloud+history&oq=cloud++his&gs_l=img.1.1.0i19l2j0i5i19.61914.69543.0.71581.19.14.4.1.1.0.181.1605.1j11.12.0...0.0...1c.1.17.img.LcbGcHMlLtU#facrc=_&imgrc=Fi33FXix1LRMPM%3A%3B4Qp9t1JEuPp3AM%3Bhttp%253A%252F%252Fei.marketwatch.com%252FMultimedia%252F2011%252F04%252F26%252FPhotos%252FCody%252520charts%252Fcloud-computing-growth.jpg%3Bhttp%253A%252F%252Fblogs.marketwatch.com%252Fcody%252F2011%252F04%252F30%252Fbest-stocks-for-the-cloud-revolution%252F%3B470%3B5162-2 http://tnrc.ncku.edu.tw/100report/class/100.09.02-1.pdf 2-3 http://sls.weco.net/blog/bryan0314/14-jan-2009/12497
Reference3. The NIST definitions of deployment models of cloud
computing,http://csrc.nist.gov/publications/nistpubs/800-145/SP800- 145.pdf4-1. The diagrams of deployment modelshttp://www.cloudopenlab.org.tw/ccipo_industryDefinition.do4-2. The figure of deployment models of cloud computing, http://www.ubiry.com/en/services/cloud-consulting/5-1. The characteristic of deployment models, http://tmue.edu.tw/~cyang/class/Intro_CS_M/Intro_Cloud.pdf5-2. The pros and cons of Community Cloud, dcia.info/activities/ccw2012/11-8%20Greenberg.ppt5-3. The pros and cons of Hybrid Cloud,https://exploreb2b.com/articles/pros-and-cons-of-hybrid-cloud
6. 雲端服務架構 _IAAS/PAAS/SAAS
http://eblog.cisanet.org.tw/80366493/article/content.aspx?ArticleID=996
7. 國家科學委員會 - 雲端計算http://web1.nsc.gov.tw/ct.aspx?xItem=14873&ctNode=40
8. 財經知識庫 - 雲端運算
http://www.moneydj.com/kmdj/wiki/wikiviewer.aspx?keyid=b2a16b54-77ee-4a1d-8feb-a3d0366e55c8
9. 網管人 - 認識雲端運算架構與框架
http://www.netadmin.com.tw/article_content.aspx?sn=1201310001
10. http://www.aceredc.com/eDC/download/cloud_trend.pdf
Reference
11. http://investtaiwan.nat.gov.tw/doc/20100820_2.pdf
12. http://www.ey.gov.tw/policy8/cp.aspx?n=5187513675EB4E69
13.http://newsletter.ascc.sinica.edu.tw/news/read_news.php?nid=2385
14. Google developers
https://developers.google.com/appengine/docs/whatisgoogleappengine
15. Amazonhttp://aws.amazon.com/
Reference
16. Salesforcehttp://www.salesforce.com/
17. MBA 智庫百科http://wiki.mbalib.com/zh-tw/Salesforce.com%E5%85%AC%E5%8F%B8
18. 天新資訊http://fiti.force.com/web/page?pageid=a0n20000000zB8SAAU
19. Trend Micro Taiwan─Smart Protection Network 介紹影片http://www.trendmicro.com.tw/spn/movie/index.asp
20. 雲端運算智庫─「如果雲知道」 雲端安全防護技術http://www.runpc.com.tw/content/cloud_content.aspx?id=103984
Reference
21. U-3C.com─ 「台哥大跨足雲端市場 50 億元興建綠色機房」http://computer.u-3c.com/article1404.htm
22. 台灣大哥大─新聞中心http://corp.taiwanmobile.com/press-release/news/press_20120509_558828.html
23. 谷元宏─全方位的雲端服務http://www.digitimes.com.tw/tw/B2B/Seminar/Service/download/053A109240/053A109240_YFOMH35XTLKLCFGSC5IH.pdf
24. http://sficloud.blogspot.tw/2010/02/crm.html
25. http://www.gs1tw.org/twct/gs1w/pubfile/2012_sUMMER_P17- 33.pdf
Reference
26. Tim Mather & Subra Kumaraswamy & Shahed Latif. Cloud Security and Privacy. O'Reilly Media.
27. Wiki 百科http://zh.wikipedia.org/wiki/%E5%AE%8C%E6%95%B4%E6%80%A7
28. https://www.google.com.tw/search?hl=zh-TW&site=imghp&tbm=isch&source=hp&biw=1366&bih=667&q=%E9%9D%9E%E5%B0%8D%E7%A8%B1%E7%B7%A8%E7%A2%BC&oq=%E9%9D%9E%E5%B0%8D%E7%A8%B1%E7%B7%A8%E7%A2%BC&gs_l=img.3...1114.3143.0.3401.18.11.0.6.0.0.108.565.10j1.11.0...0.0.0..1ac.1j4.17.img.dOTMBQT9whE#facrc=_&imgrc=ZZ7sVKwr4F_EvM%3A%3BuOMY-40_Xx1zOM%3Bhttp%253A%252F%252Fwww.asiapeak.com%252Fimg%252Fasymmetric.JPG%3Bhttp%253A%252F%252Fwww.asiapeak.com%252FPGPTheory.php%3B655%3B330
Reference
Recommended