Cloud Stewardship Economics

Our critical national infrastructure is increasingly dependent on information systems and the services they support. Cloud computing ecosystems of service providers and consumers including individuals, charitable and public bodies, SMEs, large enterprises, and governments will become a significant part of the way these services are provided, allowing more agile coalitions, cost savings and improved service delivery.

Existing approaches to information security do not easily extend to this multiparty world and a step change in security attitudes and information stewardship will be essential. In the cloud, it will be harder to establish the risks and obligations and implement appropriate operational responses. This project aims to establish new approaches for how to assess and manage risk for all the ecosystem participants, regulators and policy makers, and in particular understand how information about perceived attacks can be shared, interpreted and acted on in real time by other parties in the ecosystem.

We will build on and extend the work on the integration of mathematical and economic models of single organisation systems developed as part of the Technology Strategy Board ‘Trust Economics’ project to the multi-party cloud setting. Specifically, providing a unified modelling and simulation framework for exposures, responsibilities, threats, defences, and incentives of the cloud stakeholders that will be used to provide management tools for the prediction, communication and mitigation of risk to decision-makers within SMEs, large enterprises and government.