Abstract
Issues related to Cloud Computing security are emerging to be important and of concern to various stakeholders. However there is little consensus as to what the nature and scope of such challenges might be. Clearly there are multiple points of view with respect to management of Could Computing security. In this paper we adopt an innovative way – the Socratic Dialogue – as a means to present several perspectives and the discordances therein. One of the authors, a technology enthusiast, makes a case for technical security and the benefits of Cloud Computing. The other authors points to the systemic problems in Cloud Computing and warns of the looming dangers. As the dialogue progresses, both authors seems to agree that the answer resides in adopting a socio-technical perspective. In a final synthesis a set of conditions necessary for Cloud Computing security are presented.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
McCarthy, J. “Recursive Functions of Symbolic Expressions and their Computation by Machine, Part I,” Communications of the ACM 3, 4 (1960): 184.
- 2.
- 3.
Balachandra, R.K., R.V. Paturi, and A. Rakshit, “Cloud Security Issues,” in IEEE International Conference on Services Computing (IEEE, 2009).
- 4.
Beaty, K., et al., “Desktop to Cloud Transormation Planning,” in 2009 IEEE International Symposium on Parallel & Distributed Processing (IEEE, 2009) ; Descher, M., et al., “Retaining Data Control to the Client in Infrastructure Clouds,” in 2009 International Conference on Availability, Reliability and Security (2009).
- 5.
Kaufman, L.M. “Data Security in the World of Cloud Computing.” IEEE Security & Privacy Magazine 7, 4 (2009): 61.
- 6.
- 7.
CNN, “Info on 3.9 M Citigroup Customers Lost Computer Tapes with Information About Consumer Lending Lost by UPS in transit to Credit Bureau,” CNNMoney.com, 2005, http://money.cnn.com/2005/06/06/news/fortune500/security_citigroup/ (10 September 2010).
- 8.
Best, J. “Lost Data Total Nears 30 million records,” (2008), http://www.silicon.com/publicsector/0,3800010403,39295167,00.htm (10 September 2010).
- 9.
Armbrust, M., et al., Above the Clouds: A Berkeley View of Cloud Computing. Berkley, CA, 2009.
- 10.
In June 2003 the US Federal Trade Commission opened the “Do Not Call Registry” to comply with the Do-Not-Call Implementation Act of 2003. The Act allows for companies to make calls up to 18 months where there is an existing business relationship. This period can easily be extended for any amount of time with a range of merger and acquisition tricks and other loopholes.
- 11.
Conti, G. Googling Security: How Much Does Google Know About You? Addison-Wesley Professional, 2009.
- 12.
Google privacy center, “Privacy Policy”, Last modified: March 11, 2009, http://www.google.com/privacypolicy.html (10 September 2010).
- 13.
Kaufman, L.M. “Data Security in the World of Cloud Computing.” IEEE Security & Privacy Magazine 7, 4 (2009): 61.
- 14.
Descher, M., et al., “Retaining Data Control to the Client in Infrastructure Clouds,” in 2009 International Conference on Availability, Reliability and Security (2009).
- 15.
Tian, X., X. Wang, and A. Zhou, “DSP RE-Encryption: A Flexible Mechanism for Access Control Enforcement Management in DaaS,” in 2009 IEEE International Conference on Cloud Computing (2009).
- 16.
Balachandra, R.K., R.V. Paturi, and A. Rakshit, “Cloud Security Issues,” in IEEE International Conference on Services Computing (IEEE, 2009).
- 17.
Saikat G., K. Tang, and P. Francis. “NOYB: Privacy in Online Social Networks.” in Proceedings of the first workshop on Online social networks, Seattle, WA, USA (2008).
- 18.
Pearson, S. “Taking Account of Privacy when Designing Cloud Computing Services,” in 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing (2009).
- 19.
Balachandra, R.K., R.V. Paturi, and A. Rakshit, “Cloud Security Issues,” in IEEE International Conference on Services Computing (IEEE, 2009).
- 20.
Europe’s Information Society, “eHealth” (2005) http://ec.europa.eu/information_society/activities/eten/library/about/themes/ehealth/index_en.htm (10 September 2010).
- 21.
Nuttall, C. “US urged to probe Google’s ‘cloud’ services,” (2009), http://www.ft.com/cms/s/0/55572a2e-1425-11de-9e32-0000779fd2ac.html?nclick_check=1 (10 September 2010).
- 22.
Armstrong, M.P., G. Rushton, and D.L. Zimmerman. “Geographically Masking Health Data to Preserve Confidentiality.” Statistics in Medicine 18, 5 (1999): 497.
- 23.
Europe’s Information Society, “eHealth” (2005), http://ec.europa.eu/information_society/activities/eten/library/about/themes/ehealth/index_en.htm (10 September 2010)
- 24.
Europe’s Information Society, “Information can save your life” (2007), http://ec.europa.eu/information_society/tl/qualif/health/index_en.htm (10 September 2010)
- 25.
Baker, R.K. “Offshore IT Outsourcing and the 8/sup thsup/Data Protection Principle – Legal and Regulatory Requirements – with Reference to Financial Services.” International Journal of Law and Information Technology 14, 1 (2006): 1.
- 26.
Halperin, R., and J. Backhouse. “A Roadmap for Research on Identity in the Information Society.” Identity in the Information Society 1, 1 (2008): 71.
- 27.
Cavoukian, A. “Privacy in the Clouds, A White Paper on Privacy and Digital Identity: Implications for the Internet,” 2008, http://www.ipc.on.ca/images/Resources/privacyintheclouds.pdf (10 September 2010).
- 28.
PRIME. “Privacy and Identity Management for Europe,” 2008, http://www.prime-project.eu/ (10 September 2010).
- 29.
http://identityproject.lse.ac.uk/identityreport.pdf (26 May 2010).
- 30.
Nurmi, D., et al., “The Eucalyptus Open-Source Cloud-Computing System,” Proceedings of the 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid (Volume 00, 2009).
- 31.
- 32.
BBC News, “Gmail down again for some users,” 2009, http://news.bbc.co.uk/2/hi/7934443.stm (10 September 2010).
- 33.
De Waal, A. “Darfur and the Failure of the Responsibility to Protect,” International Affairs 83, 6 (2007): 1039.
- 34.
Weick, K.E., and K.H. Roberts. “Collective Mind in Organizations: Heedful Interrelating on Flight Decks.” Administrative Science Quarterly 38, (1993): 357.
- 35.
Dhillon, G. “Organizational Competence in Harnessing IT: A Case Study.” Information & Management 45, 5 (2008): 297.
- 36.
http://www.trustguide.org/ (10 September 2010)
- 37.
Ashforth, B.E., and F. Mael, “Socia Identity Theory and the Organization.” Academy of Management Review 14, 1 (1989): 20.
- 38.
Dhillon, G. “Violation of Safeguards by Trusted Personnel and Understanding Related Information Security Concerns.” Computers & Security 20, 2 (2001): 165.
- 39.
Ibid.
- 40.
Shapiro, S.P. “The Social Control of Impersonal Trust.” The American Journal of Sociology 93, 3 (1987): 623.
- 41.
Granovetter, M. “Economic Action and Social Structure: The Problem of Embeddedness.” The American Journal of Sociology 91, 3 (1985): 481.
- 42.
We have had to make this assertion generic to maintain anonymity. It is however based on interview data collected by one of the authors in October 2009 of interpersonal relationships between Cloud Computing provides and their clients
- 43.
Conti, G. Googling Security: How Much Does Google Know About You? Addison-Wesley Professional, 2009.
- 44.
Parker, D. Computer Security Management. Reston, VA: Reston Publishing, 1981.
- 45.
- 46.
Dhillon, G., and J. “Backhouse. Information System Security Management in the New Millennium.” Communications of the ACM 43, 7 (2000): 125.
- 47.
Hedberg, B., and E. Mumford. “The Design of Computer Systems: Man’s Vision of Man as an Integral Part of the System Design Process. Human Choice and Computers,” in The IFIP Conference on Human Choice and Computers. Amsterdam: North-Holland Publishing Company, 1975; Mumford, E. “The Impact of Systems Change in Organisations. Results and Conclusions from a Multinational Study of Information Systems Development in Banks.” in Systems Design and Human Needs, edited by. N.-B. Andersen, B. Hedberg, D. Mercer, E. Mumford and A. Solé. Alphen aan den Rijn, Holland: Sijthoff & Noordhoff, 1979.
- 48.
Stanton, J.M., at al., “Analysis of End User Security Behaviors.” Computers & Security 24, 2 (2005): 124.
- 49.
Dhillon, G., and J. Backhouse. Information System Security Management in the New Millennium. Communications of the ACM 43, 7 (2000): 125.
References
Armstrong, M.P., G. Rushton, and D.L. Zimmerman. “Geographically Masking Health Data to Preserve Confidentiality.” Statistics in Medicine 18, 5 (1999): 497–525.
Armbrust, M., A. Fox, R. Griffith, A.D. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia. Above the Clouds: A Berkeley View of Cloud Computing. Berkley, CA, 2009.
Ashforth, B.E., and F. Mael. “Socia Identity Theory and the Organization.” Academy of Management Review 14, 1 (1989): 20–39.
Baker, R.K. “Offshore IT Outsourcing and the 8/sup thsup/Data Protection Principle – Legal and Regulatory Requirements – with Reference to Financial Services.” International Journal of Law and Information Technology 14, 1 (2006): 1–27.
Balachandra, R.K., R.V. Paturi, and A. Rakshit, “Cloud Security Issues.” In IEEE International Conference on Services Computing (IEEE, 2009).
Baskerville, R. “Information Systems Security Design Methods: Implications for Information Systems Development.” ACM Computing Surveys 25, 4 (1993): 375–414.
BBC News. Gmail Down Again for Some Users, 2009, http://news.bbc.co.uk/2/hi/7934443.stm. (10 September 2010).
Beaty, K., A. Kochut, and H. Shaikh. “Desktop to Cloud Transormation Planning.” In 2009 IEEE International Symposium on Parallel & Distributed Processing (IEEE, 2009).
Best, J. “Lost Data Total Nears 30 million records,” (2008), http://www.silicon.com/publicsector/0,3800010403,39295167,00.htm (10 September 2010).
Cavoukian, A. “Privacy in the Clouds, A White Paper on Privacy and Digital Identity: Implications for the Internet,” 2008, http://www.ipc.on.ca/images/Resources/privacyintheclouds.pdf (10 September 2010).
CNN, “Info on 3.9 M Citigroup Customers Lost Computer Tapes with Information About Consumer Lending Lost by UPS in transit to Credit Bureau,” CNNMoney.com, 2005, http://money.cnn.com/2005/06/06/news/fortune500/security_citigroup/ (10 September 2010).
Conti, G. Googling Security: How Much Does Google Know About You? Addison-Wesley Professional, 2009.
Descher, M., P. Masser, T. Feilhauer, A.M. Tjoa and D. Huemer, “Retaining Data Control to the Client in Infrastructure Clouds.” In 2009 International Conference on Availability, Reliability and Security (2009).
De Waal, A. “Darfur and the Failure of the Responsibility to Protect.” International Affairs 83, 6 (2007): 1039–1054.
Dhillon, G. “Organizational Competence in Harnessing IT: A Case Study.” Information & Management 45, 5 (2008): 297–303.
Dhillon, G. “Violation of Safeguards by Trusted Personnel and Understanding Related Information Security Concerns.” Computers & Security 20, 2 (2001): 165–72.
Dhillon, G., and J. Backhouse. “Information System Security Management in the New Millennium.” Communications of the ACM 43, 7 (2000): 125–128.
Europe’s Information Society, “eHealth” (2005) http://ec.europa.eu/information_society/activities/eten/library/about/themes/ehealth/index_en.htm (10 September 2010).
Foster, I., Z. Yong, I. Raicu, and S. Lu. “Cloud Computing and Grid Computing 360-Degree Compared.” In Grid Computing Environments Workshop 2008, GCE ’08 (2008).
Google privacy center, “Privacy Policy”, Last modified: March 11, 2009, http://www.google.com/privacypolicy.html (10 September 2010).
Granovetter, M. “Economic Action and Social Structure: The Problem of Embeddedness.” The American Journal of Sociology 91, 3 (1985): 481–510.
Halperin, R., and J. Backhouse. “A Roadmap for Research on Identity in the Information Society.” Identity in the Information Society 1, 1 (2008): 71–87.
Hedberg, B., and E. Mumford. “The Design of Computer Systems: Man’s Vision of Man as an Integral Part of the System Design Process. Human Choice and Computers.” In The IFIP Conference on Human Choice and Computers. Amsterdam: North-Holland Publishing Company, 1975.
Kaufman, L.M. “Data Security in the World of Cloud Computing.” IEEE Security & Privacy Magazine 7, 4 (2009): 61–64.
Luis, V.M., R.M. Luis, C. Juan, and L. Maik. “A Break in the Clouds: Towards a Cloud Definition.” SIGCOMM Computer Communication Review 39, 1 (2009): 50–55.
McCarthy, J. “Recursive Functions of Symbolic Expressions and their Computation by Machine, Part I.” Communications of the ACM 3, 4 (1960): 184–195.
Mitroff, I.I. “The Tally: A Dialogue on Feyerabend and Ford.” Theory and Society 3, 4 (1976): 601–609.
Mumford, E. “The Impact of Systems Change in Organisations. Results and Conclusions from a Multinational Study of Information Systems Development in Banks.” In Systems Design and Human Needs, edited by. N.-B. Andersen, B. Hedberg, D. Mercer, E. Mumford and A. Solé. Alphen aan den Rijn, Holland: Sijthoff & Noordhoff, 1979.
Nurmi, D., R. Wolski, C. Grzegorczyk, G. Obertelli, S. Soman, L. Youseff and D. Zagorodnov, The Eucalyptus Open-Source Cloud-Computing System, Proceedings of the 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid (Volume 00, 2009).
Nuttall, C. “US urged to probe Google’s ’cloud’ services” (2009), http://www.ft.com/cms/s/0/55572a2e-1425-11de-9e32-0000779fd2ac.html?nclick_check=1 (10 September 2010).
Oliva, T.A., and C.M. Capdevielle. “Can Systems Really Be Taught: (A Socratic Dialogue).” Academy of Management Review 5, 2 (1980): 277–279.
Parker, D. Computer Security Management. Reston, VA: Reston Publishing, 1981.
Pearson, S. “Taking Account of Privacy when Designing Cloud Computing Services.” In 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing (2009).
PRIME. “Privacy and Identity Management for Europe” 2008, http://www.prime-project.eu/ (10 September 2010).
Saikat G., K. Tang, and P. Francis. NOYB: Privacy in Online Social Networks. in Proceedings of the first workshop on Online social networks, Seattle, WA, USA (2008).
Shapiro, S.P. “The Social Control of Impersonal Trust.” The American Journal of Sociology 93, 3 (1987): 623–658.
Stanton, J.M., K.R. Stam, P. Mastrangelo, and J. Jolton. “Analysis of End User Security Behaviors.” Computers & Security 24, 2 (2005): 124–133.
Tian, X., X. Wang, and A. Zhou. “DSP RE-Encryption: A Flexible Mechanism for Access Control Enforcement Management in DaaS.” In 2009 IEEE International Conference on Cloud Computing (2009).
Weick, K.E., and K.H. Roberts. “Collective Mind in Organizations: Heedful Interrelating on Flight Decks.” Administrative Science Quarterly 38, (1993): 357–381.
Wing, J.M. “A specifier’s Introduction to Formal Methods.” Computer 23, 9 (1990): 8–24.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media B.V.
About this chapter
Cite this chapter
Dhillon, G., Kolkowska, E. (2011). Can a Cloud Be Really Secure? A Socratic Dialogue. In: Gutwirth, S., Poullet, Y., De Hert, P., Leenes, R. (eds) Computers, Privacy and Data Protection: an Element of Choice. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-0641-5_16
Download citation
DOI: https://doi.org/10.1007/978-94-007-0641-5_16
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-007-0640-8
Online ISBN: 978-94-007-0641-5
eBook Packages: Humanities, Social Sciences and LawLaw and Criminology (R0)