Business Cloud Computing: How secure is cloud computing?

Ainul Mardhiyah Bt Nor Aziz Business Management Faculty University echnology MA!A "hah Alam# Malaysia
AbstractCloud computing is a way to increase the capacity or add capabilities dynamically without investing in new infrastructure, training new personnel, or licensing new software. It extends Information Technologys (IT existing capabilities. In the last few years, cloud computing has grown from being a promising business concept to one of the fast growing segments of the IT industry !"#.Cloud computing has generated a lot of interest and competition in the industry and it is recogni$e as one of the top "% technologies of &%"%!&#. It is an internet based service delivery model which provides internet based services, computing and storage for users in all mar'et including financial, health care ( government. In this paper did systematic review on different types of clouds and the security issues that should be solved. Cloud security is becoming a 'ey differentiator and competitive edge between cloud providers. This paper discusses the security issues arising in different type of clouds. KeywordsCloud computing, cloud, security, and business cloud computing I I)T*+,-CTI+)

Cloud computing is a style o$ computing where massively scala%le & ' ena%led capa%ilities are delivered (as a service) to e*ternal customers using &nternet technologies))+ Cloud providers currently en,oy a pro$ound opportunity in the mar-etplace+ he providers must ensure that they get the security aspects right# $or they are the ones who will shoulder the responsi%ility i$ things go wrong+ he cloud o$$ers several %ene$its li-e $ast deployment# pay'$or' use# lower costs# scala%ility# rapid provisioning# rapid elasticity# u%i.uitous networ- access# greater resiliency# hypervisor protection against networ- attac-s# low'cost disaster recovery and data storage solutions# on'demand security controls# real time detection o$ system tampering and rapid re'constitution o$ services+ /hile the cloud o$$ers these advantages# until some o$ the ris-s are %etter understood# many o$ the ma,or players will %e tempted to hold %ac- 012 he term 3cloud4 was coined $rom the computer networdiagrams which use it to hide the comple*ity o$ in$rastructure involved+ Cloud computing provides so$tware# plat$orm and in$rastructure as a service+ &ts main $eatures include resource pooling# rapid elasticity# measured service# on'demand sel$ service and %road networ- access+ "o# a cloud is a collection o$ hardware and so$tware that runs in a data centre and ena%les the cloud computing model+ A cloud reduces capital

investment# hardware cost and so$tware licence cost+ Cloud computing also raises severe challenges especially regarding the security level re.uired $or the secure use o$ services provided %y it+ here are no pu%lically availa%le standards speci$ic to cloud computing security+ "o# in this paper# we propose the $ollowing standards $or maintaining security in an unsa$e cloud computing environment+ Main characteristics include5 6n'demand sel$'service+ he a%ility $or an end user to sign up and receive $or e*ample services without the long delays that have characterized traditional & + Broad networ- access+ A%ility to access the service via standard plat$orms $or e*ample des-top# laptop# and mo%ile+ !esource pooling+ !esources are pooled across multiple customers+ !apid elasticity+ Capa%ility can scale to cope with demand pea-s+ Measured "ervice+ Billing is metered and delivered as a utility service+ Cloud Computing stac- 7 it shows three distinct categories within Cloud Computing: &+ "o$tware as a "ervice# &&+ 8lat$orm as a "ervice and &&&+ &n$rastructure as a "ervice

I. .aa. /.oftware as a .ervice. "o$tware delivery model where application and associated data are centrally hosted on the cloud+ Users do not manage the in$rastructure or plat$orm on which the application is running+ For e*ample "aa" include Microso$t 6$$ice19:# ;oogle Apps# "ales$orce+com application+ II. 0aa./0latform as a .ervice Cloud computing service model which provides a centrally hosted so$tware development solution stac-# o$$ering the $acilities to deploy applications $rom anywhere witout %uying underlying hardware and so$tware+ For e*ample o$ 8aa" include /indows# Azure and ;oogle App <ngine+ 8lat$orm is the layer %etween the so$tware and the in$rastructure providing developers with specialized A8&s in their speci$ic

programming segment+ For e*ample# a+N< developer is loo-ing $or a place to host a we% application# someone who uses ">? $or his data%ase %ac-end and &&" $or we% hosting# may loo- to Microso$t Azure+ III. Iaa./Infrastructure as a .ervice A service model o$ cloud computing which control hosts in$rastructure# servers# networ-# @M"# storage# load %alancers# security devices+ For e*ample o$ &aa" include Amazon /e% "ervices and !ac-space o$$erings+ &aa" is the %uilding %locon which 8aa" and "aa" are %uilt+ &t replaces traditional on site servers and networ-ing+

applications+ his results in poor utilization o$ server+ "o# personal clouds provide a new architecture $or improving e$$iciency+ &t includes a hosting plat$orm# inter$acing unit and in$rastructure services+ By %uilding a personal cloud# we can deliver the %ene$its o$ pu%lic cloud without incurring the ris$or the data and application+
"ecurity: &denti$y and Access Management Aata 8rotection "ecurity &ntelligence "o$tware 8lat$orm and &n$rastructure security 8lat$orm as a "ervice B8aa"C Aata%ase /e% /or-$low Analytics "ervice Business 8resence !eporting Contacts 8lat$orm &n$rastructure as a "ervice B&aa"C High availa%ility and disaster recovery ?oad %alancing @irtual machine isolation >uality o$ service @irtual storage Multi tenancy Aggregation @irtual networ @irtual complete

Fig+ 1 B8ersonal Cloud "ecurity &ssuesC ;eneral Cloud: A general cloud in which a service provider ma-es resources such as applications and storage is availa%le to the general pu%lic over the internet+ he main advantages o$ using general cloud services are: <asy and ine*pensive setup %ecause hardware# application and %andwidth costs are covered %y the provider+ "cala%ility to meet needs+ <conomic $or general pu%lic+ here are shared in$rastructures and services in general cloud which may give rise to new security issues+ he $ollowing security challenges are yet to %e solved where the attac-er or hac-er needs to %e hurdled: he actual physical machine where the virtual server is running+ 8lacing malicious code on the physical machine+ Attac- on @M B@irtual MachineC $rom other @Ms+ Ao" Attac-s

Aiagram =: Cloud Computing "tacII. 12*I+-. T304. +5 C6+-,. Clouds are %roadly classi$ied as: 04*.+)26 C6+-,.7 "uch clouds are especially operated %y single organization+ 84)4*26 C6+-,.7 hese clouds are used $or providing services to common people+ ,+92I)/.04CI5IC C6+-,.7 hese clouds are maintained $or speci$ic re.uirements %y a group o$ organizations+ 9I:4, C6+-,.7 hese clouds are mi*tures o$ a%ove said three clouds which can share data to achieve $ul$il a speci$ic re.uirement+ 8ersonal clouds: are used to provide a %road range o$ o$$ice and enterprise computing services+ &t involves applications $or online colla%oration# email and calendaring such as <!8 so$tware+ Conventional approaches to computing have constraint our a%ility to meet the needs+ For e*ample# in traditional computing servers are dedicated to speci$ic

"ecurity: Ao" Attac-s Attac-s on @irtual Machines 8lacing Malicious Code Attac- on physical machine

8lat$orm as a "ervice B8aa"C Aata%ase /e% /or-$low Analytics "ervice Business 8resence !eporting Contacts 8lat$orm &n$rastructure as a "ervice B&aa"C High availa%ility and disaster recovery ?oad %alancing @irtual machine isolation >uality o$ service @irtual storage Multi tenancy Aggregation @irtual networ @irtual complete

Hy%rid Clouds: A hy%rid cloud is a com%ination o$ at least one private cloud and at least one general cloud+ &t is a cloud computing environment in which an organization provides and manages resources internally and e*ternally+ &t allows a %usiness to ta-e advantage o$ the scala%ility and cost e$$ectiveness+ G G G G !is- o$ multiple cloud tenants+ 6ngoing compliance concerns Access control and identity management+ Aata slinging

2dvantage .ecurity in Cloud Computing 6ne o$ the hottest de%ates in the in$ormation technology community today centers around cloud computing+ 8roponents suggest the $le*i%ility# scala%ility and economics o$ the cloud ma-e it a logical choice# while opponents point to security and privacy concerns as reasons not to move to the cloud+ From the perspective o$ a company $ocused on providing secure in$ormation technology solutions to large# very security'conscious customers# we %elieve it is possi%le $or small to mid'sized organizations to have the %est o$ %oth worlds: the %ene$its o$ the cloud can %e a$$orda%ly attained in a way that does not ,eopardize an organization)s security+ "ecurity is the %ig argument against cloud computing these days+ However# one might argue that cloud computing can actually %e more secure than locally managed systems# particularly $or small to mid'sized companies+ Here are a $ew speci$ic e*amples 0E2: 9ultifactor authentication7 A num%er o$ cloud computing vendors now o$$er multi'$actor authentication as part o$ their service+ Multi'$actor authentication is much more secure than the more traditional user name and password authentication convention+ &nstead# multi'$actor authentication systems com%ine something you -now BpasswordC# with something you have Bhard to-enC# andFor something you are B%iometricC+ Un$ortunately# many small and mid'size companies don)t have the resources Bs-ills# time# or moneyC to implement such authentication capa%ilities on their own+ .ecurity patching7 Many so$tware products that we use everyday re.uire diligence when it comes to applying security patches and testing these patches to ma-e sure they were properly applied+ Again# many companies do not have the resources to ade.uately per$orm this comple* and time' consuming tas-# which puts their systems at ris-+ As we are seeing in the news with malware and cy%er attac-s li-e "tu*net# hac-ers typically $eed on -nown vulnera%ilities# o$ten more than a year old# that have not %een patched+

Fig+ E B;eneral Cloud "ecurity &ssuesC

Aomain "peci$ic clouds: &n the past $ew years# security investment was largely driven %y regulatory mandates+ $or e*ample payment card industry# data security standards mandates regular vulnera%ility scanning o$ & assets# retail and $inancial services organization purchased scanning and log management tools+ Mount "inai Hospital in oronto is %uilding a community cloud in con,unction with the Canadian govt+ that will give =E areas hospitals shared access to a $atal ultrasound application and data storage $or patient in$ormation+ "ecurity &ssues in Aomain "peci$ic: Compliance and auditing &ntrusion Aetection B&A"C and Firewall $eatures+ Access control Anti @irusFAnti Malware protection+ Fig+: BAomain "peci$ic Cloud "ecurity &ssuesC "ecurity: Compliance H Auditing &ntrusion Aetection H Firewall Features Access Control Anti @irusF Anti Malware 8rotection
8lat$orm as a "ervice B8aa"C Aata%ase /e% /or-$low Analytics "ervice Business 8resence !eporting Contacts

8lat$orm &n$rastructure as a "ervice B&aa"C High availa%ility and disaster recovery ?oad %alancing @irtual machine isolation >uality o$ service @irtual storage Multi tenancy Aggregation @irtual networ @irtual complete

0hysical security7 !eputa%le cloud computing vendors o$ten host their systems in $acilities that have much stronger physical security controls with meaning$ul certi$ications that many small'to'midsize companies cannot provide on their own+ .ecurity certifications7 Many industries re.uire & systems and $acilities maintain certain types o$ in$ormation security andFor privacy certi$ications+ For e*ample# compliance with the Federal &n$ormation "ecurity Management Act# or F&"MA# is re.uired $or the $ederal government while Health &nsurance 8orta%ility and Accounta%ility Action BH&8AAC compliance is re.uired $or the healthcare industry+ hese certi$ications can %e prohi%itively e*pensive $or smaller organizations to achieve5 however# many cloud vendors provide access to systems and $acilities that are already certi$ied+ <ven i$ your %usiness does not re.uire a certi$ication# it may %e com$orting to engage with vendors who o$$er them as it demonstrates mature %usiness practices as it relates to in$ormation security+ .ecurity issues in .aa. &n "aa"# the client has to depend on the provider $or proper security measures+ he provider must do the wor- to -eep multiple users) $rom seeing each other)s data+ "o it %ecomes di$$icult to the user to ensure that right security measures are in place and also di$$icult to get assurance that the application will %e availa%le when needed 092+ /ith "aa"# the cloud customer will %y de$inition %e su%stituting new so$tware applications $or old ones+ here$ore# the $ocus is not upon porta%ility o$ applications# %ut on preserving or enhancing the security $unctionality provided %y the legacy application and achieving a success$ul data migration 0:2+ he "aa" so$tware vendor may host the application on its own private server $arm or deploy it on a cloud computing in$ra' structure service provided %y a third'party provider Be+g+ Amazon ;oogle# etc+C+ he use o$ cloud computing coupled with the pay' as'you'go BgrowC approach helps the application service provider reduce the investment in in$rastructure services and ena%les it to concentrate on providing %etter services to customers+ 6ver the past decade# computers have %ecome widespread within enterprises# while & service sand computing has %ecome a commodity+ <nterprises to day view data and %usiness processes Btransactions# records# pricing in$ormation# etc+C themselves as strategic and guard them with access control and compliance policies+ However# in the "aa" model# enterprise data is stored at the "aa" provider)s data center# along with the data o$ other enterprises+ Moreover# i$ the "aa" provider is leveraging a pu%lic cloud computing service# the enterprise data might %e stored along with the data o$ other unrelated "aa" applications+ he cloud provider might# additionally# replicate the data at multiple locations across countries $or the purposes o$ maintaining high availa%ility+ Most enterprises are $amiliar with the traditional on premise model# where the data continue store side within the enterprise %oundary# su%,ect to their policies+ Conse.uently# there is a great deal o$ discom$ort with the lac- o$ control and

-nowledge o$ how their data is stored and secured in the "aa" model+ here are strong concerns a%out data %reaches# application vulnera%ilities and availa%ility that can lead to $inancial and legal lia%ilities+ he layered stac- $or a typical "aa" vendor and critical aspects that must %e covered across layers in order to ensure security o$ the enterprise data+ he $ollowing -ey security elements should %e care$ully considered as an integral part o$ the "aa" application development and deployment process: Aata security Networ- security Aata locality Aata integrity Aata segregation Aata access Authentication and authorization .ecurity Issues in 0aa. &n 8aa"# the provider might give some control to the people to %uild applications on top o$ the plat$orm+ But any security %elow the application level such as host and networ- intrusion prevention will still %e in the scope o$ the provider and the provider has to o$$er strong assurances that the data remains inaccessi%le %etween applications+ 8aa" is intended to ena%le developers to %uild their own applications on top o$ the plat$orm+ As a result it tends to %e more e*tensi%le than "aa"# at the e*pense o$ customer'ready $eatures+ his trade o$$ e*tends to security $eatures and capa%ilities# where the %uilt'in capa%ilities are less complete# %ut there is more $le*i%ility to layer on additional security+ Applications su$$iciently comple* to leverage an <nterprise "ervice Bus B<"BC need to secure the <"B directly# leveraging a protocol such as /e% "ervice B/"C "ecurity 0I2+ he a%ility to segment <"Bs is not availa%le in 8aa" environments+ Metrics should %e in place to assess the e$$ectiveness o$ the application security programs+ Among the direct application# security speci$ic metrics availa%le are vulnera%ility scores and patch coverage+ hese metrics can indicate the .uality o$ application coding+ Attention should %e paid to how malicious actors react to new cloud application architectures that o%scure application components $rom their scrutiny+ Hac-ers are li-ely to attac- visi%le code# including %ut not limited to code running in user conte*t+ hey are li-ely to attac- the in$rastructure and per$orm e*tensive %lac- %o* testing+ he vulnera%ilities o$ cloud are not only associated with the we% applications %ut also vulnera%ilities associated with the machine'to'machine "ervice 6riented Architecture B"6AC applications# which are increasingly %eing deployed in the cloud+ .ecurity Issues in Iaa. /ith &aa" the developer has %etter control over the security as long as there is no security hole in the virtualization manager+ Also# though in theory virtual machines might %e a%le to address these issues %ut in practice there are plenty o$

security pro%lems+ he other $actor is the relia%ility o$ the data that is stored within the provider)s hardware+ Aue to the growing virtualization o$ (everything) in in$ormation society# retaining the ultimate control over data to the owner o$ data regardless o$ its physical location will %ecome a topic o$ utmost interest+ o achieve ma*imum trust and security on a cloud resource# several techni.ues would have to %e applied 0J2+ he security responsi%ilities o$ %oth the provider and the consumer greatly di$$er %etween cloud service models+ Amazon)s <lastic Compute Cloud B<CDC in$rastructure as a service o$$ering# as an e*ample# includes vendor responsi%ility $or security up to the hypervisor# meaning they can only address security controls such as physical security# environmental security# and virtualization security+ he consumer# in turn# is responsi%le $or the security controls that relate to the & system including the 6"# applications and data 0:2+ &aa" is prone to various degrees o$ security issues %ased on the cloud deployment model through which it is %eing delivered+ 8u%lic cloud poses the ma,or ris- whereas private cloud seems to have lesser impact+ 8hysical security o$ in$rastructure and disaster management i$ any damage is incurred to the in$rastructure Beither naturally or intentionallyC# is o$ utmost importance+ &n$rastructure not only pertains to the hardware where data is processed and stored %ut also the path where it is getting transmitted+ &n a typical cloud environment# data will %e transmitted $rom source to destination through umpteen num%er o$ third'party in$rastructure devices 0K2+ here is a high possi%ility that data can %e routed through an intruder)s in$rastructure+ he comple*ity involved in &aa" due to each o$ the service deployment models+ Although cloud architecture is an improvised technology# the underlying technologies remain the same+ he cloud is ,ust %uilt over the internet and all the concerns related to security in internet are also posed %y the cloud+ he %asis o$ the cloud technology ma-es the consumer and provider reside at di$$erent location and virtually access the resources over the &nternet+ <ven i$ enormous amount o$ security is put in place in the cloud# still the data is transmitted through the normal underlying &nternet technology+ "o# the security concerns which are threatening the &nternet also threaten the cloud+ But# in a cloud# the ris-s are overwhelmingly high+ his is %ecause o$ its vulnera%ility and the asset value o$ the resources and their nature o$ them residing together+ Cloud systems still uses normal protocols and security measures that are used in the &nternet %ut the re.uirements are at a higher e*tent+ <ncryption and secure protocols cater to the needs to a certain e*tent %ut they are not conte*t oriented+ A ro%ust set o$ policies and protocols are re.uired to help secure transmission o$ data within the cloud+ Concerns regarding intrusion o$ data %y e*ternal non users o$ the cloud through the internet should also %e considered+ Measures should %e set in place to ma-e the cloud environment secure# private and isolated in the &nternet to avoid cy%er criminals attac-ing the cloud+ III *4C+994,2TI+).

Transparency A -ey to improving consumer con$idence in cloud privacy and security is transparency and disclosure+ 8roviders need to improve disclosure o$ privacy notices and %usiness practices so that users -now what is %eing o$$ered+ 8rospective clients and users should %e a%le to understand the security precautions ta-e %y a given provider# and have enough in$ormation to ma-e an in$ormed choice %etween two alternatives a%out their ris- e*posure+ <ven sharing how a cloud provider recruits its employees that administer -ey systems would %e use$ul in$ormation+ A%sent any $ormal lia%ility $or security incidents# current and potential clients need to have as much in$ormation a%out ris-s o$ cloud services use as possi%le+ 6ne o$ the virtues o$ the cloud is its potential $or real'time per$ormance data and on'demand transparency+ For e*ample# companies can o$$er real'time in$ormation on cloud down'time and data %reaches+ here is also some limited evidence that pu%lic disclosures o$ data %reaches lead to a $inancial penalty in the $orm o$ reduced stoc- prices 0J2 that# in turn# might lead to rismitigation+ 6n'demand transparency gives consumers instantaneous in$ormation+ his is an advantage that was not availa%le in the era o$ paper'%ased records or some types o$ des-top computing+ Competition Beyond transparency# the greatest promise $or a more secure set o$ cloud in$rastructures is a competitive mar-etplace+ A diverse enough pool o$ mar-et actors will allow security to %e a credi%le path to di$$erentiating service+ his will engender a positive $eed%ac- loop# where $irms will mar-et themselves# and even the secure provider will have to raise their level o$ security+ Moreover# a larger num%er o$ plat$orms and systems will increase the num%er o$ potential targets $or attac-ers# preventing malware specialization and reducing systematic social ris-+ However# providers must %e large enough to leverage the economies o$ scale discussed a%ove# including security investment# in$ormation sharing# and usa%le inter$aces+ 6ne -ey mechanism in this e.uation is e*porta%ility o$ data and code+ <*porta%ility would reduce switching costs# ena%ling clients to shi$t to more secure providers+ he mar-etplace can %e $urther tended %y rewarding smaller or newer players with government contracts# or at very least guaranteeing open $orums $or industry colla%oration and standard setting+ A diverse mar-etplace allows natural selection to reward success$ul mar-et participants with greater mar-et share+ his selection can %e arti$icially guided through %lunt instruments such as lia%ility# or more su%tle mechanisms such as $ederal guidelines or security certi$ications+ 6egal Clarifications his approach to cloud privacy should %e clari$ied %ecause it is not clear that consumers have a clear sense o$ which

plat$orms they are using and how privacy protections vary across domains+ Auring the course o$ a day# people shi$t .uic-ly $rom cloud to des-top to $lash drives without thought to how con$identiality rules di$$er+ /hen they shi$t $rom a des-top to the cloud# most consumers are unaware that their privacy rights drop precipitously+ &deally# congress should act to re.uire a 3pro%a%le cause4 search warrant that is approved %y a ,udge+ his would provide greater sa$eguards $or online content# pictures# geo location data and emails+ "uch legislation is supported %y a %road coalition o$ cloud providers# technology $irms and advocacy groups $rom across the political spectrum 0=L2+ I1 C+)C6-.I+). &n this paper much o$ the wor- has %een $ocused on types o$ clouds and their security challenges and it descri%es the way o$ designing the solution $or the security threats+ &t gives a comparison %etween di$$erent services providers on di$$erent cloud services "aa"# 8aa"# &aa"+ his review shows that there are several types o$ clouds and the related security challenges on each level+ here is reason to %e optimistic a%out the gains to %e had $rom a transition o$ many in$ormation services to cloud architecture+ Cloud computing ma-es possi%le cost savings# scala%ility# and more e$$icient use o$ & resources# among other things+ However# the ris-s to privacy and security $rom cloud computing cannot %e ignored+ Not all these ris-s are new# and some o$ them can %e mitigated through technology investment and due diligence $rom the client+ But others are systematic in nature# and may not %e solva%le through unilateral innovation+ Uncertainty dominates the client)s a%ility to $orecast risand the data su%,ect)s e*pectation o$ privacy+ ransparency would support selection towards a more security'conscious cloud universe# and mar-et competition can ena%le that shi$t+ /hile some uncertainty will always %e present in a world o$ networ- threats# clari$ied+ + 2C;)+<64,894)T "pecial than-s to my lecturer Ar+ /an A%dul !ahim who is conducting Management &n$ormation "ystem su%,ect $rom University echnology MA!A $or give opportunity to write

this article and than-s to all colleague in Business Faculty who are supporting in process $inishing this article+ *454*4)C4. 0=2 "+ "u%ashini H @+ Mavitha BDL=LC+ A survey on security issues in service delivery models o$ cloud computing+ Nournal o$ Networ- and Computer Applications+ 0D2 ripathi# A+# H Mishra# A+ BDL==C+ Cloud Computing "ecurity Considerations5 "ignal 8rocessing# Communications and Computing B&C"8CCC# &<<< &nternational Con$erence# & Aivision ;ora-hpur Centre: ;ora-hpur &ndia+ 012 @iega# N+ BDLLJC+ Cloud computing and the common man computer# EDBKC# =L9'K+ 0E2 /ood# N+# and racy# !+ BDL==C+ "ecurity Advantages o$ Cloud Computing+ Modern AC Business Magazine#='D+ 0:2 "eccom%e# A+# Hutton# A+# Meisel# A+# /indel# A+# Mohammed# A+# ?icciardi# A+# et al+ BDLLJC+ "ecurity guidance $or critical areas o$ $ocus in cloud computing vD+= cloud security alliance# D:+ 092 Choudhary# @+ BDLLIC+ "o$tware as a service: implications $or investment in so$tware development+ &n: &nternational con$erence on system sciences# DLJ+ 0I2 Aescher# M+# Masser 8+# Feilhauer +# ,oa# A+ M+# Huemer# A+ BDLLJC+ !etaining data control to the client in in$rastructure clouds+ &n: &nternational con$erence on availa%ility# relia%ility and security# A!<"# J'=9+ 0K2 !istenpart# +# romer# <+# "hacham# H+# "avage# "+ BDLLJC+ Hey# you# get o$$ o$ my cloud: e*ploring in$ormation lea-age in third' party compute clouds+ &n: 8roceedings o$ the CC" DLLJ# ACM 8ress+ Computer "cience and Arti$icial &ntelligence ?a%oratory Massachusetts &nstitute o$ echnology: Cam%ridge# U"# DIL'E+ 0J2 Ac.uisti# Alessandro# Friedman# A+# and !ahul eland BDLL9C+ &s here a Cost to 8rivacy Breaches? An <vent "tudy+ &nternational Con$erence o$ &n$ormation "ystems B&C&"C+ 0=L2 Hel$t and Miguel BDL=LC+ echnology Coalition "ee-s "tronger 8rivacy ?aws# New Oor- imes# March 1L+