Cloud Vulnerabilities Working Group
Introduction to the Cloud Vulnerabilities Working Group
Founded by the CSA APAC region in May 2013, the CSA Cloud Vulnerabilities Working Group is global working group chartered to conduct research in the area of cloud computing vulnerabilities, with the goals of understanding and educating the classification and exact causes of cloud computing vulnerabilities, recommendations and best practices for the reduction of top vulnerabilities, reporting of vulnerabilities and the development of related tools and standards.
What’s New about Cloud Vulnerabilities?
While cloud computing offers features such as 24/7 availability and elasticity, it faced a new dimension of challenges and vulnerabilities caused by scale, and the challenges of keep systems live and dynamic. It is therefore of maximum benefit to the cloud computing community and industry, if a global vulnerability working group focuses on cloud-related problems and not disparate vulnerability research in the areas of network, storage or systems. It is most effective if we target the problems as a ‘cloud’ problem, as the underlying backend of many cloud systems have dependency relationships between different components, levels of services (IaaS, PaaS, SaaS), backend physical infrastructure and human processes.
Vision and Goals
This is a challenging area, which requires careful planning and research, and a strong participation from a global community. As such, this working group aims to conduct its research in three phases:
- Establishment of a taxonomy for Cloud Vulnerabilities based on statistical data.
- Creation of a cloud vulnerability feed documentation mechanism/ format/ protocol.
- Portal established for cloud vulnerability reporting and tools.
Cloud Vulnerabilities Working Group Leadership
Cloud Vulnerabilities Co-chairs
Dr. Ryan Ko
Dr Ryan Kok-Leong Ko is Head of Cyber Security Lab and Senior Lecturer at the University of Waikato, New Zealand, Affiliate Faculty Member at Idaho State University, USA, and Asia Pacific Research Advisor for the Cloud Security Alliance.
In 2013, he established New Zealand’s first Master of Cyber Security, and NZ’s first university-led cyber security graduate research programme with the Cyber Security Lab at the University of Waikato. Waikato’s Cyber Security Lab also hosts the NZ Cyber Security Challenge since 2014. Dr Ko is recipient of the University of Waikato’s Early Career Academic Excellence, Nola Campbell Memorial ELearning Excellence, and the 2014, 2015 Faculty Teaching Excellence Awards.
Recipient of the inaugural Cloud Security Alliance (CSA) Ron Knode Service Award in 2012, Dr Ryan Ko has served as a CSA APAC volunteer since CSA’s beginnings, including pioneering research via the formation of the CSA Data Governance Working group, CSA Cloud Vulnerabilities Working Group, and as curriculum and examination co-creator of the (ISC)2-CSA Certified Cloud Security Professional (CCSP).
Dr Ko is principal investigator of the MBIE-funded NZ$12.23 million (incl. GST) STRATUS research project – NZ’s largest scientific research grant in the field of computer science. Dr Ko publishes extensively, in indexed academic journals, ranked computer science conference proceedings, international patents, and most recently, co-edited the book on “The Cloud Security Ecosystem – Technical, Legal, Business and Management Issues” with Elsevier. Dr Ko also leads virtualized server security standardization as a technical committee member of the ISO/IEC JTC 1/SC 27 and SPRING/ IDA IT Standards Committee SPSTC.
Prior to his academic career, Dr Ko was a lead computer scientist with HP Labs, leading security innovation and technology transfers for cloud data provenance solutions deployed across USA, EU and Asia. He serves as a technical advisor and board members to NZ listed companies, startups and international organisations, including the NZX-listed LIC, NYRIAD Ltd, and the INTERPOL. Dr Ko holds a B.Eng. (Computer Engineering) (Hons.) and a Ph.D. with the Nanyang Technological University, Singapore, and is member of the IEEE, ACM and the Royal Society of New Zealand.
Co-founder and chair of the Cloud Vulnerabilities Working Group and the CSA Cloud Data Governance Working Group; spearheaded the formation of the CSA APAC Education Council, contributed to several key research papers; acted as an SME representing CSA in the creation of the CCSP certification.
Cloud Vulnerabilities Working Group Initiatives
Please contact Cloud Vulnerabilities Working Group Leadership for more information.
Cloud Vulnerabilities Working Group News
May 21, 2014
Updates include Vulnerabilities Working Group publications, support of academic research conferences, and highlights from the CSA Hong Kong and Macau Chapter.
May 16, 2013
The APAC region leadership team has published its research roadmap for 2013-2014.
Cloud Vulnerabilities Working Group Downloads
In an attempt to ascertain Cloud Computing reliability, 11,491 news articles on cloud computing-related outages from 39 news sources between Jan 2008 and Feb 2012 – effectively covering the first five years of cloud computing – were reviewed.
Release Date: May 31, 2013