Paper Title: Enterprise Data Security Research in Public Cloud Computing
Author: Youchan Zhu, Peng Liu , and Junting Wang
More and more enterprises are increasing the dependency on the clouds computing to leverage the benefits of its services and cost optimization to acquire such services on premises. But this transition is not coming free of challenges, more cloud computing dependency men more security challenges. Considering that each enterprise has its own characteristics, the security challenges also will be different from enterprise to another. Also, the cloud computing as a technology has its own security challenges which is completely different than the traditional IT. This paper discussed the following identified security issues from cloud computing prospective:
- The separation of enterprises and data resources: moving the enterprises data resources outside the organization resulting to less control and more data breach risk.
- Multi-tenant shared environment: the base idea from cloud computing is to create a big pool of resources that can be shared with multiple subscribers. To ensure the isolation between the tenancies, the provider use different types of encryptions to achieve that.
- Information security management is uncontrollable: (Siani Pearson) “The most basic security requirement in the life cycle of data are confidentiality, integrity and availability”. The enterprises my lose the security control over the data lifecycle when they move it the service provider infrastructure.
- The data migration: (Jay Heiser, Mark Nicolett, 2008) “would data be stored as regulation format? How to service? Whether there is an effective migration support when users decided to change service from a provider to another”
- Security management are lack of transparency: moving to the cloud may result losing the visibility on services logs and related operation views.
To avoid those risks, the enterprises should develop more comprehensive security strategies that may include:
- The enterprise should grantee the data location and availability through the service contracts and service level agreement with the service provider.
- Making sure that the privacy is protected by the necessary encryption, user authentication, and audit tools.
Quality of the Research
The paper was very clear and match the title, it’s clearly mentioned the issues and the related resolution strategies for each. But the paper didn’t consider the countries governance attempts to issue the lows and regulations to control the usage of cloud computing, privacy, and fair use of it.
Quality of Presentation
The paper was well organized, and all the ideas was displayed in a very clear flow. It would eb better if the authors tried to support their ideas with some known cases and statistics that may happened to the organizations moved to the cloud.
- ZHU, Y.C., LIU, P. and WANG, J.T., 2012. Enterprise Data Security Research in Public Cloud Computing. Applied Mechanics and Materials, 198-199, pp. 435.
- Siani Pearson, Yun Chen. A Privacy Manager for Cloud Computing[EB/OL]. HPlabs.
- Jay Heiser, Mark Nicolett.Assessing the Security Risks of Cloud Computing[EB/CL].Garmer Techndogy Business Research In—sight.2008
- Yumna Ghazi, Rahat Masood, Abid Rauf, Muhammad Awais Shibli & Osman Hassan, 2016, DB-SECaaS: a cloud-based protection system for document-oriented NoSQL databases, EURASIP Journal on Information Security, Article number: 16, 03 August 2016