Technical, legal and ethical dilemmas: distinguishing risks from malware and cyber-attack tools in the age of 'cloud computing'

Despite hype around the benefits of ‘cloud computing’, challenges in maintaining data security and data privacy have been recognised as significant vulnerabilities (Pearson, 2009; Ristenpart, Tromert, Shacham, & Savage, 2009; Vouk, 2008). These vulnerabilities raise numerous questions about the capacity of organisations relying on cloud solutions to effectively manage risk. This is particularly the case as the threats faced move increasingly from indiscriminate malware to targeted cyber-attack tools. It has also already been recognised how ’cloud solutions’ pose additional challenges for forensic computing specialists including discoverability and chain of evidence (Reilly, Wren, & Berry, 2011; Ruan, Carthy, Kechadi, & Crosbie, 2011). However, to date there has been little consideration of how the differences between indiscriminate malware and targeted cyber-attack tools further problematize the capacity of organisations to manage risk. This paper considers these risks and differentiates between technical, legal and ethical dilemmas posed. The paper highlights the need for organisations to be aware of these issues when deciding to move to cloud solutions.