[KSCI] Korea Science Citation Index Service

http://dx.doi.org/10.3837/tiis.2013.04.015

The Establishment of Security Strategies for Introducing Cloud Computing

Yoon, Young Bae (Republic of Korea Air Force, Ministry of National Defense)
Oh, Junseok (Communications Policy Research Center, Yonsei University)
Lee, Bong Gyou (Graduate School of Information, Yonsei University)

Publication Information

KSII Transactions on Internet and Information Systems (TIIS) / v.7, no.4, 2013 , pp. 860-877 More about this Journal

Abstract

Cloud computing has become one of the most important technologies for reducing cost and increasing productivity by efficiently using IT resources in various companies. The cloud computing system has mainly been built for private enterprise, but public institutions, such as governments and national institutes, also plans to introduce the system in Korea. Various researches have pointed to security problems as a critical factor to impede the vitalization of cloud computing services, but they only focus on the security threats and their correspondents for addressing the problems. There are no studies that analyze major security issues with regard to introducing the cloud computing system. Accordingly, it is necessary to research the security factors in the cloud computing given to public institutions when adopting cloud computing. This research focuses on the priority of security solutions for the stepwise adoption of cloud computing services in enterprise environments. The cloud computing security area is classified into managerial, physical and technical area in the research, and then derives the detailed factors in each security area. The research derives the influence of security priorities in each area on the importance of security issues according to the identification of workers in private enterprise and public institutions. Ordered probit models are used to analyze the influences and marginal effects of awareness for security importance in each area on the scale of security priority. The results show workers in public institutions regard the technical security as the highest importance, while physical and managerial security are considered as the critical security factors in private enterprise. In addition, the results show workers in public institutions and private enterprise have remarkable differences of awareness for cloud computing security. This research compared the difference in recognition for the security priority in three areas between workers in private enterprise, which use cloud computing services, and workers in public institutions that have never used the services. It contributes to the establishment of strategies, with respect to security, by providing guidelines to enterprise or institutions that want to introduce cloud computing systems.

Keywords

Cloud Computing; Cloud Security; Security Strategies; Ordered Choice Regression; Ordered Probit Model;

Citations & Related Records

Reference

1	D. H. Kim, "A Study on the improvement and application of Information Security Management System for Cloud Computing Security," Department of Information Security, The Graduate School of Information and Communication, Sungkyunkwan University, 2011. http://www.riss.kr/search/detail/DetailView.do?p_mat_type=be54d9b8bc7cdb09&control_no=2de2b4752a6b263dffe0bdc3ef48d419&naverYN=Y
2	K. E. Train, "Discrete Choice Methods with Simulation", Cambridge University Press 2 edition, USA, 2009.
3	W. E. Greene and D. A. Hensher, "Modeling Ordered Choices: A Primer and Recent Developments," Social Science Research Network, 2010.
4	Y. H. Cho, "Defect Management System Plan for ISMS Certification," Dept. of Information Security, The Graduate School of Information and Communications, Konkuk University, 2010. http://naver.nanet.go.kr/SearchDetailView.do?cn=KDMT1201130607&sysid=nhn
5	J. S. Oh,, Y. B. Yoon, J. R. Seo and B. G. Lee, "The Difference of Awareness between Public institutions and Private Companies for Cloud Computing Security", International Journal of Security and Its Applications, Vol.6, No.3, pp.1-10, 2012.http://www.sersc.org/journals/IJSIA/vol6_no3_2012/1.pdf
6	S. K. Eun, "Cloud Computing Security Technology Trends," Review of Korea Institute of Information Security and Cryptology, vol. 20, no. 2, pp. 27-31, 2010. http://ocean.kisti.re.kr/is/mv/showPDF_ocean.jsp?pYear=2010&koi=KISTI1.1003%2FJNL.JAKO201027463260075&sp=32&CN1=JAKO201027463260075&poid=kiisc&kojic=JBBHBD&sVnc=v20n2&sFree
7	E. Y. Choi, B. J. Han, D. H. Shin, H. C. Jung and KISA Security R&D Team, "A Study for Enhancing Mobile Cloud Computing Security," in Proc. of 2011 Korean Society for Internet Information Summer Conference, vol. 12, no. 1, pp. 221-222, 2011.
8	Korea Communications Commission Press, "KCC Open the Cloud Service Test Bed," Korea Communications Commission, November, 2010.
9	F. Gens, R. Mahowald, R. L. Villars, D. Bradshaw, C. Morris, "Cloud Computing 2010 An IDC Update," International Data Corporation, 2010.
10	J. Heiser and M. Nicolett, "Assessing the Security Risks of Cloud Computing," Gartner, 2008. http://www.gartner.com/DisplayDocument?id=685308
11	S. Gorniak, D. Ikonomou, P. Saragiotis, P. Belimpasakis, B. Bencsath, M. Broda, L. Buttyan, G. Clemo, P. Kijewski, A. Merle, K. Mitrokotsa, A. Munro, O. Popov, C. W. Probst, L. Romano, C. Siaterlis, V. Siris, I. Verbauwhede, and C. Vishik, "Priorities for Research on Current and Emerging Network Trends," European Network and Information Security Agency, 2010.
12	J. S. Ryu, "Cloud Computing as Green IT and Security Issues," The Graduate School of Computer Information Communications, Korea University, Aug.2010. http://naver.nanet.go.kr/SearchDetailView.do?cn=KDMT1201072878&sysid=nhn
13	Cloud Security Alliance, "Security Guidance for Critical Areas of Focus in Cloud Computing V2.1," December 2009. https://cloudsecurityalliance.org/research/security-guidance/
14	S. K. Eun, N. S. Cho, Y. H. Kim and D. S. Choi, "Cloud Computing Security Technology," Electronics and Telecommunications Trends, Electronics and Telecommunications Research Institute, vol. 24, no. 4, pp. 79-88, 2009. http://ettrends.etri.re.kr/PDFData/24-4_079_088.pdf
15	Y. J. Rho, "A Study on the Private Information Technologies using Cloud Computing," Department of Mechanical Engineering, Korea University, 2010.
16	C. S. Lim, "Cloud Computing Security Technology," Review of Korea Institutes of Information Security and Cryptology, vol. 19, no. 3, pp. 14-17, 2009. http://ocean.kisti.re.kr/is/mv/showPDF_ocean.jsp?pYear=2009&koi=KISTI1.1003%2FJNL.JAKO200922951807082&sp=14&CN1=JAKO200922951807082&poid=kiisc&kojic=JBBHBD&sVnc=v19n3&sFree
17	K. J. Lee, "The Study on the Issue of Cloud Computing Security and the Plans for the Personal Information Protection," Department of Information Security, The Graduate School of Information & Communications, Sungkyunkwan University, 2010. http://naver.nanet.go.kr/SearchDetailView.do?cn=KDMT1201130607&sysid=nhn
18	M. Armbrust, "A View of Cloud Computing," Communications of the ACM, vol. 53, no. 4, pp. 50-58, 2010. Article (CrossRef Link)
19	S. J. Kim, "Information Security Plan on Cloud Computing: Information Security Management System," Management Consulting Review, vol. 1, no. 2, pp. 194-208, 2010. http://www.dbpia.co.kr/Journal/ArticleDetail/1366259
20	S. Marston, Z. Li, S. Bandyopadhyay, J. Zhang and A. Ghalsasi, "Cloud Computing - The Business Perspective," Decision Support Systems, vol. 51, no. 1, pp. 176-189, 2011. Article (CrossRef Link) DOI ScienceOn
21	S. Y. Shin, "Master Plan for Vitalization of Cloud Computing," Local Information Magazine, vol. 61, pp. 46-51, 2010. http://www.klid.or.kr/section/board/bbs_view.html?PID=localdata&seq=1195
22	Korea Communications Commission and Korea Internet Security Agency, "Information Security guide for Cloud Services," Korea Communications Commissions and Korea Internet Security Agency, October, 2011. http://www.nipa.kr/know/trandInformationView.it?identifier=02-004-111020-000021&menuNo=26&page=5
23	Y. B. Yoon, J. S. Oh and B. G. Lee, "The Important Factors in Security for Introducing the Cloud Services", Journal of Korean Society for Internet Information, Vol.13, No.6, pp.21-28, 2012. Article (CrossRef Link).

Reference

None	(2013) Advances in software engineering MetricsCloud: Scaling-Up Metrics Dissemination in Large Organizations / 2014 (None) , 1
None	(2014) The Scientific World Journal Dynamic and Quantitative Method of Analyzing Service Consistency Evolution Based on Extended Hierarchical Finite State Automata / 2014 (None) , 793271
10	(2013) KSII Transactions on internet and information systems : TIIS An Improved Privacy Preserving Construction for Data Integrity Verification in Cloud Storage / 8 (10) , 3607
11	(2013) KSII Transactions on internet and information systems : TIIS Computational Analytics of Client Awareness for Mobile Application Offloading with Cloud Migration / 8 (11) , 3916
3	(2013) KSII Transactions on internet and information systems : TIIS An Exploratory Study of Cloud Service Level Agreements - State of the Art Review / 9 (3) , 843
1	(2013) Wireless personal communications A Hybrid Multi-Criteria Decision-Making Model for a Cloud Service Selection Problem Using BSC, Fuzzy Delphi Method and Fuzzy AHP / 86 (1) , 57
3	(2013) Behaviour & information technology Exploring users’ experiences of using personal cloud storage services: a phenomenological study / 37 (3) , 295
5	(2020) Security and privacy Password‐based encryption approach for securing sensitive data / 3 (5) , None
3	(2013) European journal of innovation management How risk perception influences CEOs' technological decisions: extending the technology acceptance model to small and medium-sized enterprises' technology decision makers / 24 (3) , 777

1	An Improved Privacy Preserving Construction for Data Integrity Verification in Cloud Storage / [Xia, Yingjie;Xia, Fubiao;Liu, Xuejiao;Sun, Xin;Liu, Yuncai;Ge, Yi;] / KSII Transactions on Internet and Information Systems (TIIS)
2	Computational Analytics of Client Awareness for Mobile Application Offloading with Cloud Migration / [Nandhini, Uma;TamilSelvan, Latha;] / KSII Transactions on Internet and Information Systems (TIIS)