Milano, 15 Maggio 2012 · 2015-04-23 · Cloud Modelli di Servizio Cloud computing uses three basic...

1

Privacy e Cloud Computing

Fronteggiare la crescita

dei rischi e della complessità

Milano, 15 Maggio 2012Milano, 15 Maggio 2012

Bologna, 31 Maggio 2012

Giulio Spreafico CISA CISM CGEIT CRISC

22

Agenda

Cloud Computing: Definizioni e concetti

Rischi nel Cloud Computing e Privacy

Cloud Computing impatti Privacy

La regolamentazione EU Data Protection

Audit del Cloud Computing e la Privacy

3

CLOUD E PRIVACY:

https://privacycloudmobile.clusit.it/

4

Oracle Community for Security

Organizzazione di aziende, studi legali e associazioni che collaborano in un contesto precompetitivo per affrontare il bisogno di sicurezza di cui si ha bisogno in Italia. Svolge attività di formazione, informazione e iniziative a sfondo culturale per il mercato. Dal 2007 ha prodotto numerosi studi tematici nell’ambito della Sicurezza e della Governance, del Rischio e della Compliance.Le iniziative vengono realizzate da gruppi di lavoro interdisciplinari che coinvolgono avvocati, consulenti, auditor e tecnici per affrontare i temi considerati a 360 gradi.

http://www.oracle.com/it/technologies/security/partner-171975-ita.html

5Milano - Gennaio 2011 5

Definizione di Cloud Computing

Il National Institute of Standards and Technology (NIST) e la Cloud Security Alliance (CSA) definiscono il CloudComputing come:

un "modello che consente di accedere via rete in modo conveniente e on-demand a un insieme condiviso di risorse di calcolo configurabili che possono essere ottenute e rilasciate interagendo molto limitatamente con il fornitore di servizi o con uno sforzo di gestione minimale".

Le Applicazioni gestite in Cloud presentano indubbi vantaggi di contenimento dei costi e di flessibilità di utilizzo, con implicazioni in parte sovrapponibili a quelle dell'outsourcing tradizionale, ma con aspetti e prospettive che aprono a nuovi e diversi scenari di rischio.

6Milano - Gennaio 2011 6

Il Cloud Computing

Caratteristiche essenziali

Modelli di servizio

Modo in cui èrealizzato

7

Approccio di terzo grado

8

Cloud Modelli di Servizio

Cloud computing uses three basic service models:• Infrastructure as a Service (IaaS) —Capability to provision

processing, storage, networks and other fundamental computing resources that offer the customer the ability to deploy and run arbitrary software, which can include operating systems and applications. IaaS puts these IT operations into the hands of a third party. The primary difference between this approach and traditional outsourcing is that with cloud computing, access to the infrastructure is through the public or private networks and the assignment andpayment for resources is based on usage.

• Platform as a Service (Paas) —Capability to deploy onto the cloud infrastructure customer-created or acquired applications created using programming languages and tools supported by the provider

• Software as a Service (SaaS) —Capability to use the provider’s applications that run on the cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based e-mail).

9

Cloud computing deployment models

• Private cloud

• Community cloud

• Public cloud

• Hybrid cloud

10


Private cloud:Operated solely for an organizationMay be managed by the organization or a third partyMay exist on or off premise

Community cloud:Shared by several organizationsSupports a specific community that has a shared mission or interestMay be managed by the organizations or a third partyMay reside on or off premise

11


Public cloud:

Made available to the general public or a large industry group

Owned by an organization that sells cloud services

Hybrid cloud:

Composed of two or more clouds (private, community or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds)

12

Benefici del Cloud

• Riduzione dei costi• Flessibilità• Elasticità e scalabilità• Costo legato al reale

utilizzo• Rapidità di realizzazione

di nuove soluzioni• Ottimizzazione ed

interoperabilità dei processi amministrativi / di business

• Razionalizzazione dei processi gestionali e di supporto

� Focalizzazione sul “core business”

� Garanzia della continuità di servizio

� Miglioramento dei Livelli di Servizio

� Efficienze Energetica� Controllo, misurazione e

attribuzione dei costi� Mobilità del servizio

1313

Agenda






14

Rischi del Cloud: impatti Privacy

• Il Cloud computing può evidenziare rischi differenti rispetto all’IT tradizionale a causa dei diversi modelli di servizio, modelli operativi e le tecnologie utilizzate per abilitare i servizi Cloud

• Il Cloud comporta nuovi mix di vecchi rischi che accentrando le risorse ed fruendole via rete tramite dei fornitori cambiano i pesi relativi non sempre necessariamente in peggio

• I principali rischi sono quelli di Riservatezza e Compliance per Data at rest, in transit, in processing

15

ISACA Rischi Cloud

• Enterprises need to be particular in choosing a provider. Reputation, history and sustainability should all be factors to consider. Sustainability is of particular importance to ensure that services will be available and data can be tracked.

• The cloud provider often takes responsibility for information handling, which is a critical part of the business. Failure to perform to agreed-upon service levels can impact not only confidentiality but also availability, severely affecting business operations.

• The dynamic nature of cloud computing may result in confusion as to where information actually resides. When information retrieval is required, this may create delays.

Fonte: Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives

16

ISACA Rischi Cloud

• Third-party access to sensitive information creates a risk of compromise to confidential information. In cloud computing, this can pose a significant threat to ensuring the protection of intellectual property (IP) and trade secrets.

• Public clouds allow high-availability systems to be developed at service levels often impossible to create in private networks, except at extraordinary costs. The downside to this availability is thepotential for commingling of information assets with other cloud customers, including competitors. Compliance to regulations and laws in different geographic regions can be a challenge for enterprises. At this time there is little legal precedent regarding liability in the cloud. It is critical to obtain proper legal advice to ensure that the contract specifies the areas where the cloud provider is responsible and liable for ramifications arising from potential issues.


17

ISACA Rischi Cloud e Continuità

• Due to the dynamic nature of the cloud, information may not immediately be located in the event of a disaster.

• Business continuity and disaster recovery plans must be well documented and tested.

• The cloud provider must understand the role it plays in terms of backups, incident response and recovery.

• Recovery time objectives should be stated in the contract.


18

ISACA: Rischi Cloud e Rischi di Outsourcing

Rischi Simili all’outsourcing:• Loss of business focus

• Solution failing to meet business and/or user requirements; not performing as expected; or not integrating with strategic IT plan, information architecture and technology direction

• Incorrect solution selected or significant missing requirements

• Contractual discrepancies and gaps between business expectationsand service provider capabilities

• Control gaps between processes performed by the service providerand the organization

Fonte: Cloud Computing Management Audit/Assurance Program

19


Rischi Simili all’outsourcing:

• Compromised system security and confidentiality

• Invalid transactions or transactions processed incorrectly

• Costly compensating controls

• Reduced system availability and questionable integrity of information

• Poor software quality, inadequate testing and high number of failures

• Failure to respond to relationship issues with optimal and approved decisions


20


Rischi Simili all’outsourcing:• Insufficient allocation of resources

• Unclear responsibilities and accountabilities

• Inaccurate billings

• Litigation, mediation or termination of the agreement, resulting in added costs and/or business disruption and/or total loss of the organization

• Inability to satisfy audit/assurance charter and requirements ofregulators or external auditors

• Reputation

• Fraud


21

ISACA: Rischi Cloud addizionali specifici

Cloud computing has additional risks:

• Greater dependency on third parties:– Increased vulnerabilities in external interfaces

– Increased risks in aggregated data centers

– Immaturity of the service providers with the potential for service provider going concern issues

– Increased reliance on independent assurance processes

• Increased complexity of compliance with laws and regulations:– Greater magnitude of privacy risks

– Transborder flow of personally identifiable information affecting contractual compliance


22


Cloud computing has additional risks:• Reliance on the Internet as the primary conduit to the

organization’s data introduces:– Security issues with a public environment– Availability issues of Internet connectivity

• Due to the dynamic nature of cloud computing:– The location of the processing facility may change according

to load balancing– The processing facility may be located across international

boundaries– Operating facilities may be shared with competitors– Legal issues (liability, ownership, etc.) relating to differing

laws in hosting countries may put data at risk


23

CSA Cloud: Point of Concern Sicurezza

Key Cloud Security Problems from CSA Top Threats Research:

– Trust: Lack of Provider transparency, impacts Governance, Risk Management, Compliance

– Data: Leakage, Loss or Storage in unfriendly geography

– Insecure Cloud software– Malicious use of Cloud services– Account/Service Hijacking– Malicious Insiders– Cloud-specific attacks

24

Le sfide del Cloud Computing

25

Le sfide del Cloud

La sfida principale del Cloud è

• Sicurezza e Privacy

• Vendor Lock In

• Loss of Governance

• Offerta Cloud inadeguata

2626

Agenda






27

Caratteristiche Cloud Computing e Privacy

La specifica natura del Cloud computing:– informazioni aziendali siano trattate in contesti

esterni al perimetro dell’organizzazione e potenzialmente condivisi con gli altri clienti del Cloud provider

– utilizzo strutturale di reti pubbliche per connettere l’ambito aziendale con il cloud provider

– accessibilità delle informazioni aziendali senza vincoli di orario e di luogo da parte degli utenti.

28

Cloud catene di Sourcing e impatti Privacy

• Titolari e Responsabili Esterni

• Il luogo del trattamento dei dati

• Il trasferimento dei dati all’estero

• Le misure di sicurezza da adottare

Il Contratto deve essere al centro dell’attenzione

29

Data protection regulation e impatti cloud

Privacy: With privacy concerns growing across the globe it will be imperative for cloud computing service providers to prove to existing and prospective customers that privacy controls are in place and demonstrate their ability to prevent, detect and react to breaches in a timely manner. Information and reporting lines of communication need to be in place and agreed on before service provisioning commences.These communication channels should be tested periodically during operations.Trans-border information flow: When information can be stored anywhere in the cloud, the physical location of the information can become an issue. Physical location dictates jurisdiction and legal obligation. Country laws governing personally identifiable information (PII) vary greatly. What is allowed in one country can be a violation in another.

Fonte ISACA: Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives

30

Caratteristiche Cloud computing e Privacy

Responsabilità del Cloud Provider e SLALe responsibilità del Cloud Provider dipendono dalmodello :

• Per Saas e PaaS includono:• security platform configuration and

maintenance• log collection• security monitoring

• Per Iaas queste responsabilità sono del cliente

31

Governance Cloud e Privacy

• Il Governo dei servizi in Cloud comportano rischi specifici da gestire esplicitamente

• individuare i livelli di servizio e le modalità per verificarne il rispetto, (da definirsi nel contratto di servizio)

• I dati che verranno trattati in modalità Cloud devono essere stati classificati individuando le varie tipologie di dati personali ed i trattamenti

• le informazioni necessarie per una corretta valutazione del rischio, rispetto ai problemi di collocazione geografica dei datacenter devono poi essere raccolte

32

Il Contratto

Ai fini Privacy devono essere definiti nel contratto:

• Proprietà dei dati e dei contenuti

• Modifiche alle condizioni d’uso

• Limiti al recesso e regole per il termine del contratto

33

Il Contratto

Inoltre sono da specificare

• Condizione di auditabilità

• Vessatorietà delle clausole

• Recepimento della normativa italiana

• Procedure di notifica degli incidenti di sicurezza

34

Trasferimento dei dati all’estero

• Il Cloud computing comporta che l’ubicazione dei luoghi in cui il trattamento avviene possa non essere definito a priori e comunque possa variare, anche in funzione di esigenze operative ordinarie.

• La privacy dedica una particolare attenzione alla esportazione dei dati verso contesti regolati da normative non equipollenti potenzialmente

• Il Cloud provider può avvalersi nell’erogazione del servizio offerto, dei servizi cloud di altri provider (ad es. un provider SaaS potrà utilizzare l’infrastruttura di un provider IaaS) (catena di sourcing cloud)

35

Impatti Organizzativi Cloud e Privacy

Definizione di ruoliDevono essere definiti i ruoli pertinenti al trattamento dei dati in Cloud :

– responsabili presso il fornitore – amministratori di sistema presso il fornitore (esistono

difficoltà con un fornitore estero)– incaricati del cliente, ed in particolare amministratori

di sistema, che operano sui processi presso il fornitore

– personale del cliente che, riveste ruoli importanti dal punto di vista della gestione dei trattamenti in cloud(ad esempio, le figure che verificano gli SLA)

36

Impatti Organizzativi Cloud e Privacy

• Gestione del Rischio

• Gestione Identità

• Gestione Eventi di Sicurezza

• Gestione Informazioni

• Gestione Asset

• Audit e Controllo

• Resilienza e BC / DR

• MonitoraggioLe soluzioni Cloud impattano sui processi aziendali:Governance, gestione delle identità e degli accessi,

attività di controllo e audit.

37

Security Concerns Cloud

• Abuse and nefarious use of cloud computing• Insecure API• Malicious insiders• Shared technology vulnerabilities• Data loss/leakage• Account, service and traffic hijacking• Unknown risk profilese anche

– Secure Code– Physical Security– IAM– Operational risk includes the risk of unsuccessful or untested patch

management, logical intrusions and possible outages, DR/BC, and the risk that accrues to application and data backups

Fonte: IT Control Objectives for Cloud Computing: Controls and Assurance in the Cloud

38

Misure Cloud di sicurezza idonee Privacy

• Usare reti e protocolli di trasmissione sicuri

• Criptare il dato a riposo nel database

• Criptare il dato nel file system

• Rimuovere le chiavi dalla disponibilità del provider

• Richiedere al CSP forme di autenticazione federata

• Fornirsi di un sistema di Identity (de)provisioning

• Richiedere al CSP la notifica immediata di eventi di sicurezza

38

39

Cloud e misure idonee Privacy nelle normative complementari

Le soluzioni Cloud devono garantire le

Misure idonee

richieste nelle normative complementari Privacy :• Privacy e Amministratori di sistema

• Privacy Internet e Posta elettronica

• Privacy e Tracciabilità operativa (Banche)

L’individuazione di misure di sicurezza “idonee e preventive” perla sicurezza dei dati personali trattate

considerato il contesto operativo ed organizzativospecifico aziendale

in relazione all’evoluzione della tecnologia.

4040

Agenda






41

Privacy EU: La nuova Regolamentazione

42

Nuovo Regolamento EU e Impatti Cloud

Controller and Processor (CAP. IV Sez. 1)• the controller (Titolare) shall choose a processor

(Responsabile - terza parte di servizio) providing sufficient guarantees to implement appropriate technical and organisational measures (art 26.1)

• the processor shall enlist another processor only with the prior permission of the controller (Art. 26 (2)(d)

• the processor shall hand over all results to the controller after the end of the processing and not process the personal data otherwise (to hand over all data to the data controller after the termination of the contract). (Art. 26(2)(g)).

• data processor to make available to the controller and the supervisory authority all information necessary to control compliance with the (data processor’s) obligations(Art. 26(2)(h))

43

Impatti Cloud Nuovo Regolamento EU

Data Security (Art.30)

– The controller (Titolari) and processor (Responsabili Esterni) shall implement … security measures to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected. (Art 30.1)

– the controller and the data processor following an evaluation of the risks, take the measures referred to in paragraph 1 to protect personal data against accidental or unlawful destruction or accidental loss and to prevent any unlawful forms of processing, in particular any unauthorised disclosure, dissemination or access, or alteration of personal data. Art.30.2

CSP IASS non conosce la natura dei datiCSP SAAS possono offrire misure specifiche di sicurezza

44

Impatti Cloud Nuovo Regolamento EU

Data Breach Notification and Communication (Art. 4, 31 e 32)

• personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed (Art 4.9)

• In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 24 hours after having become aware of it, notify the personal data breach to the supervisory authority (Art. 31)

• When the personal data breach is likely to adversely affect the protection of the personal data or privacy of the data subject, the controller shall, … communicate the personal data breach to the data subject without undue delay (Art. 32)

Definizione “personal data breach” estesa che proviene dalla Direttiva’ e-privacy Directive 2002/58/EC29 as amended by

Directive 2009/136/EC30 Article 2(h)

45

Regolamento EU: Il Data Protection Officer

• Designazione del Data Protection Officer (Articolo 35)

• Posizione del Data Protection Officer (Articolo 36)

• Compiti del Data Protection Officer (Articolo 37)

Convergenza dei ruoli organizzativi del responsabile Sicurezza del Cloud Computing e il Data Protection

Officer

4646

Agenda






47

Dimensioni del Cloud Computing Audit

Attività interna all’azienda

Attività di verifica dei controlli presso il fornitore

Aspetti di governance pertinenti al Cloud

Conformità dei contratti fra cliente e fornitore

Controlli specifici per il Cloud

• Governance e gestione del rischio• Contratti• Individuazione delle effettive

modalità di offerta del servizio • Ruoli• Misure di sicurezza

48

Cloud Computing ManagementAudit Assurance Program

Cloud Computing ManagementCloud Computing ManagementCloud Computing ManagementCloud Computing Management Audit/Assurance ProgramAudit/Assurance ProgramAudit/Assurance ProgramAudit/Assurance Program

49

Gli Assurance Program di ISACA

• Gli Assurance program sono organizzati per fornire la duplice lettura di Best Practice e di Audit Program.

• Gli Obiettivi di Controllo costituiscono le Best Practice e per ciascun obiettivo sono declinate le attività di verifica.

• A titolo esemplificativo e con riferimento al Program di Cloud:– il paragrafo Planning indica come organizzare l’audit– il paragrafo Governing evidenzia rischi ERM e gli

aspetti di SLA, gli aspetti legali, quelli di compliance e di portabilità / interoperabilità

– Il paragrafo Operating evidenzia: gestione Incidenti, Sicurezza Applicativa, Integrità dei Dati, IAM, Virtualizzazione

50

Cloud Assurance Guide

Objective The cloud computing audit/assurance review will:

• Provide stakeholders with an assessment of the effectiveness of the cloud computing service provider’s internal controls and security .

• Identify internal control deficiencies within the customer organization and its interface with the service provider.

• Provide audit stakeholders with an assessment of the quality of and their ability to rely on the service provider’sattestations regarding internal controls .

51

Cloud Assurance Guide: Audit Scope

The review will focus on:• The Governance affecting cloud computing• The Contractual compliance between the

service provider and customer• Control issues specific to cloud computing

52

Cloud Computing Audit Assurance

1. Identity management

2. Security incident management

3. Network perimeter security

4. Systems development

5. Project management

6. IT risk management

7. Data management

8. Vulnerability management

1. If the organization’s identity management system is integrated with the cloud computing system

2. to interface with and manage cloud computing incidents

3. as an access point to the Internet

4. in which the cloud is part of the application infrastructure

5. (in ogni caso)

6. (in ogni caso)

7. for data transmitted and stored on cloud systems

8. (in ogni caso)

Audit/assurance reviews of the following areas be performed priorto the execution of the cloud computing review:

53

Cloud Assurance Guide

The cloud computing audit/assurance review:

• is not designed to replace or focus on audits that provide assurance of specific application processes

• excludes assurance of an application’s functionality and suitability

54

Cloud Assurance: Prerequisiti di Competenza dell’Auditor

Cloud computing incorporates many IT processes.

Since the focus is on:– Information governance

– IT management

– Network

– Data

– Contingency and Encryption controls

the audit and assurance professional should have the requisite knowledge of these issues.

55

Cloud Assurance: Prerequisiti di Competenza

• In addition, proficiency in risk assessment, information security components of IT architecture, risk management, and the threats and vulnerabilities of cloudcomputing and Internet-based data processing is required

• Therefore, it is recommended that the audit and assurance professional conducting the assessment have the requisite experience and organizational relationships to effectively execute the assurance processes

• Because cloud computing is dependent on web services, the auditor should have at least a basic understanding of Organization for the Advancement of Structured Information Standards (OASIS) Web Services Security (WS-Security or WSS) Standards (www.oasis-open.org).

56

Beneficio di Audit e raccolta di evidenze

Il Cloud computing può fornire, usando la virtualizzazione,

– “immagini” di virtual machines dedicate, ai fini di evidenze per la ”forensic analysis”

– storage per i log a minori costi senzacompromettere la performance

Rischi dell’ambiente virtualizzato (Assurance Check list ISACA)

57

Cloud Certificazioni di sicurezza e Privacy

Alcuni fornitori Cloud iniziano a certificare almeno in parte i propri processi, in modo da offrire garanzie ai clienti, o a fornire volontariamente informazioni sulle proprie infrastrutture.

Un esempio è l'iniziativa STAR della CloudSecurity Alliance

58

Cloud: La Check listCOSO

Audit/Assurance Program Step COBIT Cross-

reference

Con

trol

E

nviro

nmen

t

Ris

k A

sse

ssm

ent

Con

trol

Act

iviti

es

Info

rmat

ion

and

Com

mun

ica

tion

Mon

itorin

g

Reference Hyper-

link

Issue Cross-

reference

Comments

1. PLANNING AND SCOPING THE AUDIT

2. GOVERNING THE CLOUD 2.1 Governance and Enterprise Risk Management (ERM)

2.2 Legal and Electronic Discovery

2.3 Compliance and Audit

2.4 Portability and Interoperability

3. OPERATING IN THE CLOUD

3.1 Incident Response, Notification and Remediation

3.2 Application Security

3.3 Data Security and Integrity

3.4 Identity and Access Management

3.5 Virtualization1

1 ISACA is developing an audit/assurance program on the topic of virtualization, which is scheduled to be issued by the end of 2010.

59

Verifiche specifiche Privacy: Cloud Data Protection Contractual Obligations

Determine if the contract establishes the following data protection processes:

– Full disclosure of the service provider’s internal security practices and procedures

– Data retention policies in conformance with local jurisdiction requirements

– Reporting on geographical location of customer data – Circumstances in which data can be seized and notification of

any such events – Notification of subpoena or discovery concerning any

customer data or processes – Penalties for data breaches – Protection against data contamination between customers

(compartmentalization)

60

Verifiche Specifiche Privacy: Compliance and Audit - Compliance Scope

Data Protection Responsibilities Control:

The deployment scenario (SaaS, PaaS, IaaS) defines the data protection responsibilities between the customer and service provider, and these responsibilities are clearly established contractually.

– Determine that the responsibilities for data protection are based on the risk for the deployment scenario.

– Review the contract to determine the assignment of responsibilities.

– Based on the contract, determine if the customer and service provider each have established appropriate data protection measures within the scope of their responsibilities.

61

Conclusioni

• Il Cloud computing rende più labili i confini tra l’organizzazione aziendale ed il mondo esterno

• Il Cloud Computing comporta rischi specifici di sicurezza e conformità

• La nuova regolamentazione EU richiederà ai CloudService Provider e alle aziende di adeguarsi alle nuove regole

• Le funzioni aziendali: legale, ICT, Sicurezza, Audit, devono operare in sinergia per rivedere i processi e i controlli

• L’Audit assume un ruolo decisivo per assicurare un Governo adeguato dei Rischi Cloud

62

Conclusioni

Domande

Osservazioni

Commenti

6363

Cloud Computing: Le pubblicazioni

• ISACA• CSA• NIST• ENISA• Garante della Privacy

64

Cloud Pubblicazioni ISACA

• Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives

• Guiding Principles for Cloud Computing Adoption and Use

• IT Control Objectives for Cloud Computing: Controls and Assurance in the Cloud

• Cloud Computing Management Audit/Assurance Program

65

CSA: materiale scaricabile

• Security Guidance• Cloud Controls Matrix • Consensus Assessments Initiative Questionnaire• Cloud Consumer Advocacy Questionnaire and

Information Survey Results (CCAQIS)• TCI Reference Architecture Model• SecaaS Defined Categories of Service 2011• GRC Stack• TCI Reference Architecture Quick Guide• Download Top Threats Report• CSA Chapter Launch Guide

https://cloudsecurityalliance.org/

66

Cloud Pubblicazioni ENISA, NIST e Garante

• ENISA: Cloud Computing Assurance framework

• ENISA: Technology Induced Challanges in Privacy

• NIST: Guidelines on Security and Privacy in Public Cloud Computing– SP 800-144: Guidelines on Security and Privacy in Public

Cloud Computing

– SP 800-145: The NIST Definition of Cloud Computing

– SP 800-146: Cloud Computing Synopsis and Recommendations (ancora DRAFT)

– SP 500- 291: Cloud Standards Roadmap

• Documento del Garante della Privacy

Milano, 15 Maggio 2012 · 2015-04-23 · Cloud Modelli di Servizio Cloud computing uses three basic...

Documents

Transcript of Milano, 15 Maggio 2012 · 2015-04-23 · Cloud Modelli di Servizio Cloud computing uses three basic...