Abstract
This research measured factors that influence the adoption of encryption to secure data in the cloud and provided guidance on when encryption might be most appropriate. Additionally, the study investigated the important elements necessary to develop a framework for a secure cloud computing environment. The objective of this research was to provide normative guidance and empirical data that assists both cloud service providers and users of cloud technology in selecting the best mitigation, or suite of mitigations, that most effectively protect data in the cloud. This research helps to fill a gap by examining issues affecting cloud consumers, the elements that play a role in the decision to use a cloud service, and the influencing factors in the decision to use encryption to secure data in the cloud.
Chapter PDF
Similar content being viewed by others
References
Avanade (January 2009a) global survey of cloud computing. Retrieved from the Avanade website: http://avanade.dk/_uploaded/pdf/avanadethoughtleadershipcloudsurveyexecutivesummary833173.pdf
Avanade (September 2009b) global survey of cloud computing. Retrieved from the Avanade website: http://www.avanade.com/Documents/Research%20and%20Insights/fy10cloudcomputingexecutivesummaryfinal314006.pdf
Blum, D., Krikken, R.: Using encryption to protect sensitive data in cloud computing environments (2010), Retrieved from The Burton Group website: http://www.burtongroup.com/Client/Research/Document.aspx?cid=1904&contentView=FullContent
Bradshaw, S., Millard, C., Walden, I.: Contracts for clouds: Comparison and analysis of the terms and conditions of cloud computing services. Information Journal of Law and Information Technology 19, 187–223 (2011), doi:10.1093/ijlit
Cloud Security Alliance (CSA), Security guidance for critical areas of focus in cloud computing v2.1. (2009) Retrieved from Cloud Security Alliance website: http://www.cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf
Chichester, R.: Litigating on the clouds. Retrieved from the Texas Bar CLE Online Library (2009), http://www.texasbarcle.com/CLE/OLSearchResults.asp?ViewProgram=25231&searchtype=VA&sCalledFrom=OLSEARCH.ASP&FreeOnly=
Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., Molina, J.: Controlling data in the cloud: Outsourcing computation without outsourcing control. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security (CCSW 2009), pp. 85–90. ACM, Chicago (November 13, 2009), doi:10.1145/1655008.1655020
Cole, S.: Adopting Biometrics: factors that influence decision-making managers (unpublished doctoral dissertation). University of Fairfax, Vienna, Virginia (2008)
Comings, D.: Factors influencing the development of COTS information security products that meet federal requirements for national security systems (unpublished doctoral dissertation). University of Fairfax, Vienna, Virginia (2008)
Couillard, D.: Defogging the cloud: Applying fourth amendment principles to evolving privacy expectations in cloud computing. Minnesota Law Review 93, 2205–2239 (2010), http://ssrn.com/abstract=1832982 (retrieved)
Dynes, S., Brechbuhl, H., Johnson, M.E.: Information security in the extended enterprise: Some initial results from a field study of an industrial firm (Working Paper Series 05-1). Glassmeyer/McNamee Center for Digital Strategies, Tuck School of Business at Dartmouth. (2005), http://www.tuck.dartmouth.edu/cds-uploads/publications/pdf/Paper_InfoSecurityExtended.pdf (retrieved)
Ettlie, J.: Managing innovation. Elsevier Butterworth-Heinemann, Burlington (2006)
European Network and Information Security Agency (ENISA), Cloud computing: Benefits, risks and recommendations for information security. Retrieved ENISA website (2009), http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment
Fichman, R.: Information technology diffusion: A review of empirical research. In: DeGross, J.I., Becker, J.D., Elam, J.J. (eds.) Proceedings of the Thirteenth International Conference on Information Systems, ICIS 1992, pp. 195–206 (1992)
Fischmann, M.: Data confidentiality and reputation schemes in distributed information systems, Humboldt University, Berlin, Germany. Doctoral thesis (2008), http://edoc.hu-berlin.de/dissertationen/fischmann-matthias-2008-05-23/PDF/fischmann.pdf (retrieved)
Forsheit, T.: Legal implications of cloud computing – part four (2009), Retrieved from the Information Law Group web site: http://www.infolawgroup.com/2009/11/articles/cloud-computing-1/legal-implications-of-cloud-computing-part-four-ediscovery-and-digital-evidence/
Department of Health and Human Services (HHS), Health insurance portability and accountability act (HIPAA) administration simplification. Regulation Text 45 CFR Parts 160, 162, and 164 (Unofficial Version, as amended through February 16 2006, Retrieved from the HHS website (2006), http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/adminsimpregtext.pdf
International Standards Organization/International Electrotechnical Commission (ISO/IEC), Information technology - Security techniques - Code of practice for information security management. ISO/IEC, Geneva (2005)
Johnson, M., Goetz, E.: Embedding information security into the organization. IEEE Security and Privacy 5(3), 16–24 (2007), doi:10.1109/MSP.2007.59
Kaufman, L.: Data security in the world of cloud computing. IEEE Security and Privacy 7(4), 61–64 (2009), doi:10.1109/MSP.2009.87
Lauter, K., Naehrig, M., Vaikuntanathan, V.: Can homomorphic encryption be practical? In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, CCSW 2011. ACM, New York (2011), http://dx.doi.org/10.1145/2046660.2046682
Lease, D.: Factors influencing the adoption of biometric security technologies by decision making information technology and security managers (2005), http://drdavidlease.com/uploads/David_Lease_UMI_Dissertation.pdf (retrieved)
Mass. Gen. Laws § 17 Standards for the Protection of Personal Information. 201 CMR 17.00
McCallister, E., Grance, T., Scarfone, A.: Guide to protecting the confidentiality of personally identifiable information. Retrieved from the National Institute of Standards and Technology (NIST) website (2010), http://www.nist.gov/manuscript-publication-search.cfm?pub_id=904990
Mowbray, M., Pearson, S.: A client-based privacy manager for cloud computing. In: Proceedings of the Fourth International ICST Conference on Communication System Software and Middleware, pp. 1–8. ACM, New York (2009), doi:10.1145/1621890.1621897
Naone, E.: Homomorphic encryption. Technology Review (May/June 2011), http://www.technologyreview.com/computing/37197/ (retrieved)
Nevada Gen. Laws NRS 603A: Security of Personal Information (2010)
Payment Card Industry, PCI, Data security standard requirements and assessment procedures v1.2.1. (2009) Retrieved from the PCI website: https://www.pcisecuritystandards.org/security_standards/pci_dss_download.html
Ponemon Institute, Security of cloud computing providers study (2011), Retrieved from the Computer Associates website: http://www.ca.com/~/media/Files/IndustryResearch/security-of-cloud-computing-providers-final-april-2011.pdf
Roberts, G., Pick, J.: Technology factors in corporate adoption of mobile cell phones: A case study analysis. In: Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS 2004 - Track 9) (2004), doi:10.1109/HICSS.2004.1265678
Soliman, K., Janz, B.: Interorganizational information systems: Exploring an internet-based approach. Information and Management 41, 697–706 (2004), http://dx.doi.org/10.1016/j.im.2003.06.001
Ting, W.: Factors influencing the adoption of enterprise wide information security metrics by decision making managers (unpublished doctoral dissertation), University of Fairfax, Vienna, Virginia (2008)
Tobin, P.K.J., Bidoli, M.: Factors Affecting the Adoption of Voice over Internet Protocol (VoIP) and other Converged IP services in South Africa. South African Journal of Business Management 37(1), 31–40 (2006)
Turek, J.: Factors That Influence Security Executives to Recommend Unified Threat Management (unpublished doctoral dissertation), University of Fairfax, Vienna, Virginia (2011)
VarShney, U., Snow, A., McGivern, M., Howard, C.: Voice Over IP. Communications of the ACM 45(1), 89–95 (2002), doi:10.1145/502269.502271
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Stavinoha, K.E. (2013). Factors Influencing Adoption of Encryption to Secure Data in the Cloud. In: Marinos, L., Askoxylakis, I. (eds) Human Aspects of Information Security, Privacy, and Trust. HAS 2013. Lecture Notes in Computer Science, vol 8030. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39345-7_38
Download citation
DOI: https://doi.org/10.1007/978-3-642-39345-7_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39344-0
Online ISBN: 978-3-642-39345-7
eBook Packages: Computer ScienceComputer Science (R0)