Privacy Risk, Security, Accountability in the Cloud

Theoharidou, Marianthi; Papanikolaou, Nick; Pearson, Siani; Gritzalis, Dimitris

doi:10.1109/cloudcom.2013.31

Cited by 35 publications

(21 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several surveys among potential cloud adopters indicate that security and privacy is the primary concern hindering its adoption [1]. Cloud specific security and privacy threats such as insecure API, data leakage, insecure data deletion, session or service hijacking, malicious insiders should be controlled in a proactive way [9,18,22]. Similar to traditional computing environment, Attacks such as man-in-the middle, and Trojan are also potential attack for cloud computing [23].…”

Section: Security Privacy and Migration Issues In Cloudmentioning

confidence: 99%

Assurance of Security and Privacy Requirements for Cloud Deployment Models

Islam

Ouedraogo

Kalloniatis

et al. 2018

IEEE Trans. Cloud Comput.

View full text Add to dashboard Cite

Abstract-Despite of the several benefits of migrating enterprise critical assets to the Cloud, there are challenges specifically related to security and privacy. It is important that Cloud Users understand their security and privacy needs, based on their specific context and select cloud model best fit to support these needs. The literature provides works that focus on discussing security and privacy issues for cloud systems but such works do not provide a detailed methodological approach to elicit security and privacy requirements neither methods to select cloud deployment models based on satisfaction of these requirements by Cloud Service Providers. This work advances the current state of the art towards this direction. In particular, we consider requirements engineering concepts to elicit and analyze security and privacy requirements and their associated mechanisms using a conceptual framework and a systematic process. The work introduces assurance as evidence for satisfying the security and privacy requirements in terms of completeness and reportable of security incident through audit. This allows perspective cloud users to define their assurance requirements so that appropriate cloud models can be selected for a given context. To demonstrate our work, we present results from a real case study based on the Greek National Gazette.

show abstract

Section: Security Privacy and Migration Issues In Cloudmentioning

confidence: 99%

Assurance of Security and Privacy Requirements for Cloud Deployment Models

Islam

Ouedraogo

Kalloniatis

et al. 2018

IEEE Trans. Cloud Comput.

View full text Add to dashboard Cite

show abstract

“…Khan et al, 2012;Gruschka and Jensen, 2010;Nahar et al, 2012;Gruschka and Iacono, 2009;Jensen et al, 2009;Dahbur et al, 2011;Gregg, 2010;Kalloniatis et al, 2014;CSA, 2009;Heiser and Nicolett, 2008;AWS, 2014;Office 365_CSA, 2014;CSA_ THREAT, 2010;Ardagna, 2015. Privacy risks Privacy threats and risks from the cloud computing and its surrounding environment. Vimercati et al, 2012;Savola, 2010;Theoharidou et al, 2013;Pearson, 2009;Kalloniatis et al, 2014;AWS, 2014;Office 365, 2014.…”

Section: Risks and Controls In Cloud Computingmentioning

confidence: 99%

“…For instance, it is difficult to identify and control any secondary usage of data as data is stored in the CSP's infrastructure and tends to get transferred in data centres in different geographic locations. Theoharidou et al (2013) examine the privacy risks for the migrated data, applications or services into the cloud by following privacy impact assessment with ten fundamental privacy principals such as accountability, clear purpose, consent, collection, use, accuracy, security, openness, ability to access, and ability to challenge privacy practice. Privacy risks can impact on an organization such as loss of reputation, breach of contractual obligation, economic loss and many more.…”

Section: Privacy Risksmentioning

confidence: 99%

Migration Goals and Risk Management in Cloud Computing

Islam

Fenz

Weippl

et al. 2016

International Journal of Secure Software Engineering

View full text Add to dashboard Cite

Organizations are now seriously considering adopting cloud into the existing business context, but migrating data, application and services into cloud doesn't come without substantial risks. These risks are the significant barriers for the wider cloud adoption. There are works that consolidate the existing work on cloud migration and technology. However, there is no secondary study that consolidates the state of the art research and existing practice on risk management in cloud computing. It makes difficult to understand the risks management trend, maturity, and research gaps. This paper investigates the state of the art research and practices relating to risk management in cloud computing and discusses survey results on migration goals and risks. The survey participants are practitioners from both public and private organizations of two different locations, i.e., UK and Malaysia. The authors identify and classify the relevant literature and systematically compare the existing works and survey results. The results show that most of the existing works do not consider the existing organization and business context for the risk assessment. The authors' study results also reveal that risk management in cloud computing research and practice is still not in a mature stage but gradually advancing. Finally, they propose a risk assessment approach and determine the relative importance of the migration goals from two real migration use cases.

show abstract

“…Almost all existing work on data governance for cloud computing focuses on accountability and interoperability [57,60]. Accountability could be addressed at different levels, technological, regulatory and organisational [95].…”

Section: Cloud Data Governancementioning

confidence: 99%

Data Governance Taxonomy: Cloud versus Non-Cloud

2018

View full text Add to dashboard Cite

Forward-thinking organisations believe that the only way to solve the data problem is the implementation of effective data governance. Attempts to govern data have failed before, as they were driven by information technology, and affected by rigid processes and fragmented activities carried out on a system-by-system basis. Until very recently, governance has been mostly informal, with very ambiguous and generic regulations, in siloes around specific enterprise repositories, lacking structure and the wider support of the organisation. Despite its highly recognised importance, the area of data governance is still underdeveloped and under-researched. Consequently, there is a need to advance research in data governance in order to deepen practice. Currently, in the area of data governance, research consists mostly of descriptive literature reviews. The analysis of literature further emphasises the need to build a standardised strategy for data governance. This task can be a very complex one and needs to be accomplished in stages. Therefore, as a first and necessary stage, a taxonomy approach to define the different attributes of data governance is expected to make a valuable contribution to knowledge, helping researchers and decision makers to understand the most important factors that need to be considered when implementing a data governance strategy for cloud computing services. In addition to the proposed taxonomy, the paper clarifies the concepts of data governance in contracts with other governance domains.

show abstract

Privacy Risk, Security, Accountability in the Cloud

Cited by 35 publications

References 11 publications

Assurance of Security and Privacy Requirements for Cloud Deployment Models

Assurance of Security and Privacy Requirements for Cloud Deployment Models

Migration Goals and Risk Management in Cloud Computing

Data Governance Taxonomy: Cloud versus Non-Cloud

Contact Info

Product

Resources

About