The development of information and communication
technology, the increased use of the internet, as well as the effects of
the recession within the last years, have lead to the increased use of
cloud computing based solutions, also called on-demand solutions.
These solutions offer a large number of benefits to organizations as
well as challenges and risks, mainly determined by data visualization
in different geographic locations on the internet. As far as the specific
risks of cloud environment are concerned, data security is still
considered a peak barrier in adopting cloud computing. The present
study offers an approach upon ensuring the security of cloud data,
oriented towards the whole data life cycle. The final part of the study
focuses on the assessment of data security in the cloud, this
representing the bases in determining the potential losses and the
premise for subsequent improvements and continuous learning.
[1] M. Mircea, B. Ghilic-Micu, and M. Stoica, "Combining Business
Intelligence with Cloud Computing to Delivery Agility in Actual
Economy," Journal of Economic Computation and Economic
Cybernetics Studies, vol. 45 (1), pp. 39-54, 2011.
[2] I-Newswire, "BI Trends 2012 From Hype to Breakthrough",
http://www.onenewspage.com/n/Press+Releases/74mxa6hsy/BI-Trends-
2012-From-Hype-to-Breakthrough.htm
[3] D. Teneyuca, "Internet cloud security: The illusion of inclusion,"
Information security tehnical report, pp. 1-6, Sept. 2011.
[4] D. Catteddu, and G. Hogben, "Cloud computing: benefits, risks and
recommendations for information security," European Network and
Information Security Agency, 2009.
[5] S. Subashini, and V. Kavitha, "A survey on security issues in service
delivery models of cloud computing," Journal of Network and Computer
Applications, vol. 34, pp.1-11, July 2011.
[6] P. Goldstein, "Alternative IT sourcing strategies: From the campus to the
cloud," EDUCAUSE Center for Applied Research, 2009.
[7] Jitterbit Inc., "Five Integration Tips to Cloud Computing Success," pp.
1-3, 2009.
[8] S. Kanhere, and V. Kanhere, "IS Audit and Security Professionals: An
Emerging Role in a Changing World Order," ISACA Journal, vol. 5, pp.
50-53, 2009.
[9] B. Ghilic-Micu, M. Mircea, and M. Stoica, "The Audit of Business
Intelligence Solutions," Informatica Economica, vol. 14 (1), pp. 66-77,
2010.
[10] P. Wilson, "Positive perspectives on cloud security," Information
security tehnical report, pp. 1-5, Sept. 2011.
[11] D. Zissis, and D. Lekkas, "Addressing cloud computing security issues,"
Future Generation Computer Systems, vol. 28, pp. 583-592, March
2012.
[12] M. Mircea, and A.I. Andreescu, "Using Cloud Computing in Higher
Education: A Strategy to Improve Agility in the Current Financial
Crisis," Communications of the IBIMA, pp.1-14, 2011.
[13] Cloud Security Alliance, "Security Guidance for Critical Areas of Focus
in Cloud Computing V2.1," 2009.
https://cloudsecurityalliance.org/csaguide.pdf
[14] J. Rich, "Cloud Data Security: Store (Rough Cut)," 2009.
https://securosis.com
[15] A. Acquisti, S.W. Smith, and A. Sadeghi A, "Trust and Trustworthy
Computing" In: Third International Conference, TRUST 2010 Berlin,
Germany. New York: Springer Heidelberg, 2010.
[16] H. Bidgoli, "Security Issues and Measures: Protecting Electronic
Commerce Resources," Electronic Commerce, pp. 363-398, 2002.
[17] S. Jordan, and A. Bruno, "CCDA 640-864 Official Cert Guide, 4th
Edition," Indianapolis: Cisco Press. 2011.
[18] Cloud Security Alliance, "CSA Guide V2"
http://cloudsecurityalliance.org/
[19] European Network and Information Security Agency, "Cloud
Computing Information Assurance Framework".
[20] Business assurance for the 21st century. Common Assurance. 2011
http://commonassurance.
com/resources/Business_Assurance_for_the_21st_Centuryfinal.
pdf.
[21] B. Kaliski, and W. Pauley, "Toward Risk Assessment as a Service in
Cloud Environments," pp. 1-7, 2012.
http://www.usenix.org/event/hotcloud10/tech/full_papers/Kaliski.pdf
[22] Cloud Audit, "The Automated Audit, Assertion, Assessment, and
Assurance API". http://www.cloudaudit.org/
[23] Open Cloud Computing Interface. OCCI Working Group.
http://www.occiwg.org/doku.php
[24] T. Mellor, "Maintaining Security Governance in the Cloud - The Role of
the Security Specialist" http://ezinearticles.com/?Maintaining-Security-
Governance-in-the-Cloud---The-Role-of-the-Security-
Specialist&id=5421468
[25] R. Bernard, "Information Lifecycle Security Risk Assessment: A tool for
closing security gaps," Computers & security, vol. 26, pp. 26-30, 2007.
[26] P.G. Dorey, and A. Leite, "Commentary: Cloud computing. A security
problem or solution?" Information security tehnical report, pp. 1-8,
Sept. 2011.
[27] R. Bojanc, and B. Jerman-Blaži─ì, "Towards a standard approach for
quantifying an ICT security investment," Computer Standards &
Interfaces, vol. 30, pp. 216-222, May 2008.
[28] S. Fua, and Y. Xiao, "An Effective Process of Information Security Risk
Assessment," Energy Procedia, vol. 11, pp. 1050-1057, December 2011.
[29] L. Hayden, "IT Security Metrics: A practical framework for measuring
security & protecting data", 2010.
[30] J. Zhao, and S. Zhao, "Opportunities and threats: A security assessment
of state e-government websites," Government Information Quarterly,
vol. 27, pp. 49-56, January 2010.
[31] M. Ciampa, "Security guide to network security fundamentals" 3rd ed.
Boston: Course Technology, Cengage Learning. 2009.
[32] I. Winkler, "What is a security audit?" Tech Target.
http://searchcio.techtarget.com/sDefinition/0,,sid182_gci955099,00.html
[33] L. Zhuoa, and Z. Wang, "Research and Implementation of Log-based
Network Security Audit System," Energy Procedia, vol. 11, pp. 2021-
2026, December 2011.
[1] M. Mircea, B. Ghilic-Micu, and M. Stoica, "Combining Business
Intelligence with Cloud Computing to Delivery Agility in Actual
Economy," Journal of Economic Computation and Economic
Cybernetics Studies, vol. 45 (1), pp. 39-54, 2011.
[2] I-Newswire, "BI Trends 2012 From Hype to Breakthrough",
http://www.onenewspage.com/n/Press+Releases/74mxa6hsy/BI-Trends-
2012-From-Hype-to-Breakthrough.htm
[3] D. Teneyuca, "Internet cloud security: The illusion of inclusion,"
Information security tehnical report, pp. 1-6, Sept. 2011.
[4] D. Catteddu, and G. Hogben, "Cloud computing: benefits, risks and
recommendations for information security," European Network and
Information Security Agency, 2009.
[5] S. Subashini, and V. Kavitha, "A survey on security issues in service
delivery models of cloud computing," Journal of Network and Computer
Applications, vol. 34, pp.1-11, July 2011.
[6] P. Goldstein, "Alternative IT sourcing strategies: From the campus to the
cloud," EDUCAUSE Center for Applied Research, 2009.
[7] Jitterbit Inc., "Five Integration Tips to Cloud Computing Success," pp.
1-3, 2009.
[8] S. Kanhere, and V. Kanhere, "IS Audit and Security Professionals: An
Emerging Role in a Changing World Order," ISACA Journal, vol. 5, pp.
50-53, 2009.
[9] B. Ghilic-Micu, M. Mircea, and M. Stoica, "The Audit of Business
Intelligence Solutions," Informatica Economica, vol. 14 (1), pp. 66-77,
2010.
[10] P. Wilson, "Positive perspectives on cloud security," Information
security tehnical report, pp. 1-5, Sept. 2011.
[11] D. Zissis, and D. Lekkas, "Addressing cloud computing security issues,"
Future Generation Computer Systems, vol. 28, pp. 583-592, March
2012.
[12] M. Mircea, and A.I. Andreescu, "Using Cloud Computing in Higher
Education: A Strategy to Improve Agility in the Current Financial
Crisis," Communications of the IBIMA, pp.1-14, 2011.
[13] Cloud Security Alliance, "Security Guidance for Critical Areas of Focus
in Cloud Computing V2.1," 2009.
https://cloudsecurityalliance.org/csaguide.pdf
[14] J. Rich, "Cloud Data Security: Store (Rough Cut)," 2009.
https://securosis.com
[15] A. Acquisti, S.W. Smith, and A. Sadeghi A, "Trust and Trustworthy
Computing" In: Third International Conference, TRUST 2010 Berlin,
Germany. New York: Springer Heidelberg, 2010.
[16] H. Bidgoli, "Security Issues and Measures: Protecting Electronic
Commerce Resources," Electronic Commerce, pp. 363-398, 2002.
[17] S. Jordan, and A. Bruno, "CCDA 640-864 Official Cert Guide, 4th
Edition," Indianapolis: Cisco Press. 2011.
[18] Cloud Security Alliance, "CSA Guide V2"
http://cloudsecurityalliance.org/
[19] European Network and Information Security Agency, "Cloud
Computing Information Assurance Framework".
[20] Business assurance for the 21st century. Common Assurance. 2011
http://commonassurance.
com/resources/Business_Assurance_for_the_21st_Centuryfinal.
pdf.
[21] B. Kaliski, and W. Pauley, "Toward Risk Assessment as a Service in
Cloud Environments," pp. 1-7, 2012.
http://www.usenix.org/event/hotcloud10/tech/full_papers/Kaliski.pdf
[22] Cloud Audit, "The Automated Audit, Assertion, Assessment, and
Assurance API". http://www.cloudaudit.org/
[23] Open Cloud Computing Interface. OCCI Working Group.
http://www.occiwg.org/doku.php
[24] T. Mellor, "Maintaining Security Governance in the Cloud - The Role of
the Security Specialist" http://ezinearticles.com/?Maintaining-Security-
Governance-in-the-Cloud---The-Role-of-the-Security-
Specialist&id=5421468
[25] R. Bernard, "Information Lifecycle Security Risk Assessment: A tool for
closing security gaps," Computers & security, vol. 26, pp. 26-30, 2007.
[26] P.G. Dorey, and A. Leite, "Commentary: Cloud computing. A security
problem or solution?" Information security tehnical report, pp. 1-8,
Sept. 2011.
[27] R. Bojanc, and B. Jerman-Blaži─ì, "Towards a standard approach for
quantifying an ICT security investment," Computer Standards &
Interfaces, vol. 30, pp. 216-222, May 2008.
[28] S. Fua, and Y. Xiao, "An Effective Process of Information Security Risk
Assessment," Energy Procedia, vol. 11, pp. 1050-1057, December 2011.
[29] L. Hayden, "IT Security Metrics: A practical framework for measuring
security & protecting data", 2010.
[30] J. Zhao, and S. Zhao, "Opportunities and threats: A security assessment
of state e-government websites," Government Information Quarterly,
vol. 27, pp. 49-56, January 2010.
[31] M. Ciampa, "Security guide to network security fundamentals" 3rd ed.
Boston: Course Technology, Cengage Learning. 2009.
[32] I. Winkler, "What is a security audit?" Tech Target.
http://searchcio.techtarget.com/sDefinition/0,,sid182_gci955099,00.html
[33] L. Zhuoa, and Z. Wang, "Research and Implementation of Log-based
Network Security Audit System," Energy Procedia, vol. 11, pp. 2021-
2026, December 2011.
@article{"International Journal of Information, Control and Computer Sciences:62591", author = "Marinela Mircea", title = "Addressing Data Security in the Cloud", abstract = "The development of information and communication
technology, the increased use of the internet, as well as the effects of
the recession within the last years, have lead to the increased use of
cloud computing based solutions, also called on-demand solutions.
These solutions offer a large number of benefits to organizations as
well as challenges and risks, mainly determined by data visualization
in different geographic locations on the internet. As far as the specific
risks of cloud environment are concerned, data security is still
considered a peak barrier in adopting cloud computing. The present
study offers an approach upon ensuring the security of cloud data,
oriented towards the whole data life cycle. The final part of the study
focuses on the assessment of data security in the cloud, this
representing the bases in determining the potential losses and the
premise for subsequent improvements and continuous learning.", keywords = "cloud computing, data life cycle, data security,
security assessment.", volume = "6", number = "6", pages = "841-8", }
