Building Customer Trust in Cloud Computing with an ICT-Enabled Global Regulatory Body
Building customer trust is a huge problem in the cloud computing paradigm. Today, hundreds of companies around the world are offering cloud services in major or minor scale with global or local reach. In spite of the availability of numerous establishments for cloud services, there is a critical link missing with the customers—and that is the lack of appropriate customer trust in the cloud provider’s services. The issue of trust in clouds has already been addressed from multiple technical perspectives where the researchers suggested solutions based on existing knowledge in other computing and communications systems. In this paper, we suggest a different concept of ensuring trust in cloud services by using the power of Information and Communications Technology. The basic idea lies in the fact that there should be a global standardization authority which would certify trusted cloud providers which in turn would earn customer trust. Novelty in this concept is mainly in its operational details presented in the paper. The main objective is to analyze various aspects of this proposed model from the policy making issues alongside slightly addressing technical issues. To make our work easily accessible to general readers and the experts, we also present the backgrounds of cloud computing and analyze the conceptual model with real-life challenges and issues.
KeywordsCenter Certificate Cloud Computing Security Trust
The authors would like to thank the anonymous reviewer(s) for the insightful comments which have helped improve the paper greatly. This work was fully supported by NDC Lab (Networking and Distributed Computing Laboratory), KICT, IIUM. Al-Sakib Khan Pathan is the corresponding author.
Conflict of interest
The authors declare that there is no conflict of interest of this work.
- 1.Computing Curricula 2005. (2005). The overview report. The joint task force for computing curricula 2005 by ACM, AIS, IEEE-CS, 30 September 2005. http://www.acm.org/education/curric_vols/CC2005-March06Final.pdf. Last accessed July 18, 2014.
- 2.Mell, P., & Grance, T. (2011). The NIST definition of cloud computing. NIST Special Publication 800-145, September 2011.Google Scholar
- 5.Potential and Impacts of Cloud Computing Services and Social Network Websites. In Science and technology options assessment report, PE 513.546, European Parliamentary Research Service, January 2014.Google Scholar
- 7.Viriyasitavat, W., & Martin, A. (2010). Formal trust specification in service workflows. In 2010 IEEE/IFIP 8th international conference on embedded and ubiquitous computing (EUC), 11–13 December, 2010, pp. 703–710.Google Scholar
- 8.Viriyasitavat, W., & Martin, A. (2012). A survey of trust in workflows and relevant contexts. IEEE Communications Surveys & Tutorials, 14(3), 911–940.Google Scholar
- 11.Quercia, D., Hailes, S., & Capra, L. (2006). B-Trust: Bayesian trust framework for pervasive computing. In Proceedings of the 4th international conference on Trust (iTrust’06), 2006, LNCS 3986, Springer, pp. 298–312.Google Scholar
- 14.Ranchal, R., Bhargava, B., Othmane, L. B., Kim, A., Kang, M., & Linderman, M. (2010). Protection of identity information in cloud computing without trusted third party. In 2010 29th IEEE symposium on reliable distributed systems, October 31 2010–November 3 2010, pp. 368–372.Google Scholar
- 15.Lin, K.-J., Lu, H., Yu, T., & Tai, C.-E. (2005). A reputation and trust management broker framework for web applications. In The 2005 IEEE international conference on e-technology, e-Commerce and e-Service, 2005 (EEE ‘05), 29 March–1 April 2005, pp. 262–269.Google Scholar
- 17.Goyal, M. K., Gupta, P., Aggarwal, A., & Kumar, P. (2012). QoS based trust management model for Cloud IaaS. In 2012 2nd IEEE international conference on parallel distributed and grid computing (PDGC), 6–8 December 2012, pp. 843–847.Google Scholar
- 18.Raghebi, Z., & Hashemi, M. R., (2013). A new trust evaluation method based on reliability of customer feedback for cloud computing. In 2013 10th international ISC conference on information security and cryptology (ISCISC), 29–30 August 2013, pp. 1–6.Google Scholar
- 21.Pal, S., Khatua, S., Chaki, N., & Sanyal, S. (2012). A new trusted and collaborative agent based approach for ensuring cloud security. Annals of Faculty Engineering Hunedoara—International Journal of Engineering, 10(1), 71–78.Google Scholar
- 22.Manuel, P. D., Selvi, S. T., & Barr, M. I. A.-E. (2009). Trust management system for grid and cloud resources. In First international conference on advanced computing, 2009 (ICAC 2009), 13–15 December 2009, pp. 176–181.Google Scholar
- 26.Building customer trust—A perspective on Service Organization Controls reporting options. In Technical report. PwC network, Canada. http://www.pwc.com/en_CA/ca/controls/performance-assurance/publications/pwc-building-customer-trust-2013-10-en.pdf. Last accessed July 26, 2014.
- 27.Kindy, D. A., & Pathan, A.-S. K. (2013). A detailed survey on various aspects of SQL injection in web applications: Vulnerabilities, innovative attacks and remedies. International Journal of Communication Networks and Information Security, 5(2), 80–92.Google Scholar
- 28.Shin, J., Kim, Y., Park, W., & Park, C., (2012). DFCloud: A TPM-based secure data access control method of cloud storage in mobile devices. In Proceedings of 2012 IEEE CloudCom, 3–6 December 2012, pp. 551–556.Google Scholar
- 29.Jia, W., Zhu, H., Cao, Z., Wei, L., & Lin, X., (2011). SDSM: A secure data service mechanism in mobile cloud computing. In 2011 IEEE INFOCOM workshops, 1015 April 2011, pp. 1060–1065.Google Scholar
- 30.Parann-Nissany, G. (2014). Top cloud computing security issues and solutions. May 5, 2014. http://www.cloudave.com/34670/top-cloud-computing-security-issues-solutions/. Last accessed July 26, 2014.
- 32.Adams, M. (2014). Three ways to build customer trust. Forbes Magazine, 22 April, 2014. http://www.forbes.com/sites/yec/2014/04/22/three-ways-to-build-customer-trust/. Last accessed July 26, 2014.
- 33.General information on ISO. http://www.iso.org/iso/support/faqs/faqs_general_information_on_iso.htm. Last accessed July 26, 2014.
- 34.Brenner, M., Wiebelitz, J., Voigt, G. V., & Smith, M. (2011). Secret program execution in the cloud applying homomorphic encryption. In 2011 Proceedings of 5th IEEE DEST, 31 May–3 June 2011, pp. 114–119.Google Scholar
- 35.Mohammed, M. M. Z. E., & Pathan, A.-S. K.. (2014). International center for monitoring cloud computing providers (ICMCCP) for ensuring trusted clouds. In The 11th IEEE international conference on autonomic and trusted computing (ATC-2014), December 9–12, 2014, Ayodya Resort, Bali, Indonesia.Google Scholar
- 36.Focus Group on Cloud Computing Technical Report. Version 1.0, parts 1 to 7. ITU-T (for Telecommunication Standardization Sector of the International Telecommunications Union), 2012.Google Scholar
- 37.Cloud for Europe. http://ec.europa.eu/digital-agenda/en/news/cloud-europe-stage. Last accessed December 20, 2014.
- 38.US Government Cloud Computing Technology Roadmap, Volume I, Release 1.0 (Draft), NIST, USA, November 2011. http://www.nist.gov/itl/cloud/upload/SP_500_293_volumeI-2.pdf. Last accessed December 26, 2014.
- 39.US Government Cloud Computing Technology Roadmap Volume I: High-Priority Requirements to Further USG Agency Cloud Computing Adoption, NIST, USA, October 2014. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.500-293.pdf. Last accessed December 26, 2014.