DOI QR코드

DOI QR Code

The Important Factors in Security for Introducing the Cloud Services

클라우드 서비스 도입을 위한 보안 중요도 인식에 대한 연구

  • Yoon, Young Bae (Graduate School of Information, Yonsei University) ;
  • Oh, Junseok (Communications Policy Research Center, Yonsei University) ;
  • Lee, Bong Gyou (Graduate School of Information, Yonsei University)
  • Received : 2012.09.05
  • Accepted : 2012.11.15
  • Published : 2012.12.31

Abstract

The cloud service has become the significant factor to save the IT operation cost and to improve the productivities in companies. It was introduced to Korea for enterprise services of major companies in 2008. As the increase of recognition for its effect, more small businesses and public institutions plan to introduce the cloud computing services. The cloud computing researches have only focused on the security threats and response technologies to them. Therefore, this research analyzed the importances of responses to security threats in specific domains. The domains were divided into managerial, physical, and technical security. The specific factors in three domains were used for the analysis in this research as well. The ordered logit model was used for the analysis and the analysis results showed that physical security and managerial security are considered to be significantly important in the cloud computing security. The results also presented that the security policy, the control and surveillance to service infrastructure, and application security are highly important in the respect of specific factors. This research will contribute to enterprises or institutions in Korea, which want to introduce the cloud computing services, by aiding the establishment of effective security strategies.

클라우드 서비스는 2008년 대기업의 기업용 서비스로 우리나라에 도입되었으나, 그 효과에 대한 인식이 높아짐에 따라 중소기업은 물론 공공기관까지 도입을 추진하는 등 중장기적으로 확산될 조짐이다. 그동안 많은 연구에서 클라우드 서비스 활성화의 저해요인으로 보안문제를 지적하였으나 예상되는 보안위협과 함께 대응 기술만을 제시하는 수준이었다. 이에 본 연구에서는 클라우드 서비스를 사용 해본 경험이 있는 기업 종사자들을 대상으로 이들이 인식하고 있는 보안위협의 중요도에 대하여 분석하였다. 이를 위해 클라우드 서비스 보안 영역을 관리적, 물리적, 기술적 보안으로 구분하고 각 영역별 세부요인들을 도출하였다. 순서화 로짓 모형을 통해 각 영역 및 세부 요인별 중요도를 분석한 결과 물리적 보안과 관리적 보안의 중요성을 높게 평가하는 것으로 나타났다. 또한 각 영역별로 보안정책, 서비스 시설에 대한 출입감시/통제 및 어플리케이션 보안을 중요하게 인식하는 것으로 확인되었다. 본 연구결과는 클라우드 서비스를 도입한 기업 종사자들의 실제 사용경험을 바탕으로 그들이 인식하는 보안위협 우선순위를 제시하여 향후 클라우드 서비스를 도입하려는 기업 및 기관들의 보안전략 수립에 도움이 될 것으로 기대된다.

Keywords

References

  1. Korea Communications Commission and Korea Internet Security Agency, "Information Security guide for Cloud Services", 2011.
  2. S.K.Eun, "Cloud Computing Security Technology Trends", Review of Korea Institute of Information Security and Cryptology, Vol.20, No.2, pp.27-31, 2010.
  3. Korea Communications Commission and Korea Internet Security Agency, "Information Security guide for Cloud Services", 2011.
  4. "Asia Pacific End-User Cloud Computing Survey", International Data Corporation, 2009
  5. Cloud Security Alliance, "Top Threats to Cloud Computing V1.0", 2010.
  6. Gartner, "Assessing the Security Risks of Cloud Computing", 2008.
  7. T.H.Kim, I.H.Kim, C.W.Min and Y.I,Eom, "Security Technology Trend in Cloud Computing", Korea Information Science Society review, Vol.30, No.1, pp.30-38, 2012.
  8. J.S.Ryu, "Cloud Computing as Green IT and Security Issues", The Graduate School of Computer Information Communications, Korea University, 2010.
  9. S.K.Eun, N.S.Cho, Y.H.Kim and D.S.Choi, "Cloud Computing Security Technology", Electronics and Telecommunications Trends, ETRI, Vol.24, No.4, pp.79-88, 2009.
  10. K.A.Shin and S.J.Lee, "Information Security Management System on Cloud Computing Service", Journal of the Korea Institute of Information Security and Cryptology, Vol.22, No.1, 2012.
  11. S.J.Kim, "Information Security Plan on Cloud Computing: Information Security Management System", Management Consulting Review, Vol.2, No.2, pp.194-208, 2010.
  12. K.J.Lee, "The Study on the Issue of Cloud Computing Security and the Plans for the Personal Information Protection", Department of Information Security, The Graduate School of Information and Communications, Sungkyunkwan University, 2010.
  13. D.H.Kim, "A Study on the improvement and application of Information Security Management System for Cloud Computing Security", Department of Information Security, The Graduate School of Information and Communications, Sungkyunkwan University, 2011.
  14. J.S.Oh, Y.B.Yoon, J.R.Suh and B.G.Lee, "The Difference of Awareness between Public Institutions and Private Enterprises for Cloud Computing Security", International Journal of Security and Its Applications, Vol.6, No.3, pp.1-10, 2012.
  15. S.W.Lee, S.H.Min, J.Y.Park and S.D.Yoon, "Application of Logit and Probit Model", Pakyoungsa, 2005.

Cited by

  1. A Study of Factors Affecting Attitude Towards Using Mobile Cloud Service vol.18, pp.6, 2013, https://doi.org/10.9723/jksiis.2013.18.6.083
  2. An Empirical Analysis on the Persistent Usage Intention of Chinese Personal Cloud Service vol.16, pp.3, 2015, https://doi.org/10.7472/jksii.2015.16.3.79
  3. A Study on Distributed Processing of Big Data and User Authentication for Human-friendly Robot Service on Smartphone vol.15, pp.1, 2014, https://doi.org/10.7472/jksii.2014.15.1.55
  4. An Efficient and Secure Data Storage Scheme using ECC in Cloud Computing vol.15, pp.2, 2014, https://doi.org/10.7472/jksii.2014.15.2.49