KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

The Establishment of Security Strategies for Introducing Cloud Computing

  • Yoon, Young Bae (Republic of Korea Air Force, Ministry of National Defense) ;
  • Oh, Junseok (Communications Policy Research Center, Yonsei University) ;
  • Lee, Bong Gyou (Graduate School of Information, Yonsei University)
  • Received : 2013.01.02
  • Accepted : 2013.03.19
  • Published : 2013.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

Cloud computing has become one of the most important technologies for reducing cost and increasing productivity by efficiently using IT resources in various companies. The cloud computing system has mainly been built for private enterprise, but public institutions, such as governments and national institutes, also plans to introduce the system in Korea. Various researches have pointed to security problems as a critical factor to impede the vitalization of cloud computing services, but they only focus on the security threats and their correspondents for addressing the problems. There are no studies that analyze major security issues with regard to introducing the cloud computing system. Accordingly, it is necessary to research the security factors in the cloud computing given to public institutions when adopting cloud computing. This research focuses on the priority of security solutions for the stepwise adoption of cloud computing services in enterprise environments. The cloud computing security area is classified into managerial, physical and technical area in the research, and then derives the detailed factors in each security area. The research derives the influence of security priorities in each area on the importance of security issues according to the identification of workers in private enterprise and public institutions. Ordered probit models are used to analyze the influences and marginal effects of awareness for security importance in each area on the scale of security priority. The results show workers in public institutions regard the technical security as the highest importance, while physical and managerial security are considered as the critical security factors in private enterprise. In addition, the results show workers in public institutions and private enterprise have remarkable differences of awareness for cloud computing security. This research compared the difference in recognition for the security priority in three areas between workers in private enterprise, which use cloud computing services, and workers in public institutions that have never used the services. It contributes to the establishment of strategies, with respect to security, by providing guidelines to enterprise or institutions that want to introduce cloud computing systems.

Keywords

References

  1. M. Armbrust, "A View of Cloud Computing," Communications of the ACM, vol. 53, no. 4, pp. 50-58, 2010. Article (CrossRef Link)
  2. S. J. Kim, "Information Security Plan on Cloud Computing: Information Security Management System," Management Consulting Review, vol. 1, no. 2, pp. 194-208, 2010. http://www.dbpia.co.kr/Journal/ArticleDetail/1366259
  3. S. Marston, Z. Li, S. Bandyopadhyay, J. Zhang and A. Ghalsasi, "Cloud Computing - The Business Perspective," Decision Support Systems, vol. 51, no. 1, pp. 176-189, 2011. Article (CrossRef Link) https://doi.org/10.1016/j.dss.2010.12.006
  4. S. Y. Shin, "Master Plan for Vitalization of Cloud Computing," Local Information Magazine, vol. 61, pp. 46-51, 2010. http://www.klid.or.kr/section/board/bbs_view.html?PID=localdata&seq=1195
  5. Korea Communications Commission and Korea Internet Security Agency, "Information Security guide for Cloud Services," Korea Communications Commissions and Korea Internet Security Agency, October, 2011. http://www.nipa.kr/know/trandInformationView.it?identifier=02-004-111020-000021&menuNo=26&page=5
  6. S. K. Eun, "Cloud Computing Security Technology Trends," Review of Korea Institute of Information Security and Cryptology, vol. 20, no. 2, pp. 27-31, 2010. http://ocean.kisti.re.kr/is/mv/showPDF_ocean.jsp?pYear=2010&koi=KISTI1.1003%2FJNL.JAKO201027463260075&sp=32&CN1=JAKO201027463260075&poid=kiisc&kojic=JBBHBD&sVnc=v20n2&sFree
  7. E. Y. Choi, B. J. Han, D. H. Shin, H. C. Jung and KISA Security R&D Team, "A Study for Enhancing Mobile Cloud Computing Security," in Proc. of 2011 Korean Society for Internet Information Summer Conference, vol. 12, no. 1, pp. 221-222, 2011.
  8. Korea Communications Commission Press, "KCC Open the Cloud Service Test Bed," Korea Communications Commission, November, 2010.
  9. F. Gens, R. Mahowald, R. L. Villars, D. Bradshaw, C. Morris, "Cloud Computing 2010 An IDC Update," International Data Corporation, 2010.
  10. J. Heiser and M. Nicolett, "Assessing the Security Risks of Cloud Computing," Gartner, 2008. http://www.gartner.com/DisplayDocument?id=685308
  11. S. Gorniak, D. Ikonomou, P. Saragiotis, P. Belimpasakis, B. Bencsath, M. Broda, L. Buttyan, G. Clemo, P. Kijewski, A. Merle, K. Mitrokotsa, A. Munro, O. Popov, C. W. Probst, L. Romano, C. Siaterlis, V. Siris, I. Verbauwhede, and C. Vishik, "Priorities for Research on Current and Emerging Network Trends," European Network and Information Security Agency, 2010.
  12. J. S. Ryu, "Cloud Computing as Green IT and Security Issues," The Graduate School of Computer Information Communications, Korea University, Aug.2010. http://naver.nanet.go.kr/SearchDetailView.do?cn=KDMT1201072878&sysid=nhn
  13. S. K. Eun, N. S. Cho, Y. H. Kim and D. S. Choi, "Cloud Computing Security Technology," Electronics and Telecommunications Trends, Electronics and Telecommunications Research Institute, vol. 24, no. 4, pp. 79-88, 2009. http://ettrends.etri.re.kr/PDFData/24-4_079_088.pdf
  14. Y. J. Rho, "A Study on the Private Information Technologies using Cloud Computing," Department of Mechanical Engineering, Korea University, 2010.
  15. C. S. Lim, "Cloud Computing Security Technology," Review of Korea Institutes of Information Security and Cryptology, vol. 19, no. 3, pp. 14-17, 2009. http://ocean.kisti.re.kr/is/mv/showPDF_ocean.jsp?pYear=2009&koi=KISTI1.1003%2FJNL.JAKO200922951807082&sp=14&CN1=JAKO200922951807082&poid=kiisc&kojic=JBBHBD&sVnc=v19n3&sFree
  16. Cloud Security Alliance, "Security Guidance for Critical Areas of Focus in Cloud Computing V2.1," December 2009. https://cloudsecurityalliance.org/research/security-guidance/
  17. K. J. Lee, "The Study on the Issue of Cloud Computing Security and the Plans for the Personal Information Protection," Department of Information Security, The Graduate School of Information & Communications, Sungkyunkwan University, 2010. http://naver.nanet.go.kr/SearchDetailView.do?cn=KDMT1201130607&sysid=nhn
  18. D. H. Kim, "A Study on the improvement and application of Information Security Management System for Cloud Computing Security," Department of Information Security, The Graduate School of Information and Communication, Sungkyunkwan University, 2011. http://www.riss.kr/search/detail/DetailView.do?p_mat_type=be54d9b8bc7cdb09&control_no=2de2b4752a6b263dffe0bdc3ef48d419&naverYN=Y
  19. K. E. Train, "Discrete Choice Methods with Simulation", Cambridge University Press 2 edition, USA, 2009.
  20. W. E. Greene and D. A. Hensher, "Modeling Ordered Choices: A Primer and Recent Developments," Social Science Research Network, 2010.
  21. Y. H. Cho, "Defect Management System Plan for ISMS Certification," Dept. of Information Security, The Graduate School of Information and Communications, Konkuk University, 2010. http://naver.nanet.go.kr/SearchDetailView.do?cn=KDMT1201130607&sysid=nhn
  22. J. S. Oh,, Y. B. Yoon, J. R. Seo and B. G. Lee, "The Difference of Awareness between Public institutions and Private Companies for Cloud Computing Security", International Journal of Security and Its Applications, Vol.6, No.3, pp.1-10, 2012.http://www.sersc.org/journals/IJSIA/vol6_no3_2012/1.pdf
  23. Y. B. Yoon, J. S. Oh and B. G. Lee, "The Important Factors in Security for Introducing the Cloud Services", Journal of Korean Society for Internet Information, Vol.13, No.6, pp.21-28, 2012. Article (CrossRef Link).

Cited by

  1. MetricsCloud: Scaling-Up Metrics Dissemination in Large Organizations vol.2014, pp.None, 2013, https://doi.org/10.1155/2014/905431
  2. Dynamic and Quantitative Method of Analyzing Service Consistency Evolution Based on Extended Hierarchical Finite State Automata vol.2014, pp.None, 2014, https://doi.org/10.1155/2014/793271
  3. An Improved Privacy Preserving Construction for Data Integrity Verification in Cloud Storage vol.8, pp.10, 2013, https://doi.org/10.3837/tiis.2014.10.019
  4. Computational Analytics of Client Awareness for Mobile Application Offloading with Cloud Migration vol.8, pp.11, 2013, https://doi.org/10.3837/tiis.2014.11.014
  5. An Exploratory Study of Cloud Service Level Agreements - State of the Art Review vol.9, pp.3, 2013, https://doi.org/10.3837/tiis.2015.03.001
  6. A Hybrid Multi-Criteria Decision-Making Model for a Cloud Service Selection Problem Using BSC, Fuzzy Delphi Method and Fuzzy AHP vol.86, pp.1, 2013, https://doi.org/10.1007/s11277-015-2976-z
  7. Exploring users’ experiences of using personal cloud storage services: a phenomenological study vol.37, pp.3, 2013, https://doi.org/10.1080/0144929x.2018.1435722
  8. Password‐based encryption approach for securing sensitive data vol.3, pp.5, 2020, https://doi.org/10.1002/spy2.121
  9. How risk perception influences CEOs' technological decisions: extending the technology acceptance model to small and medium-sized enterprises' technology decision makers vol.24, pp.3, 2013, https://doi.org/10.1108/ejim-09-2019-0253