Skip to main content

Can a Cloud Be Really Secure? A Socratic Dialogue

Abstract

Issues related to Cloud Computing security are emerging to be important and of concern to various stakeholders. However there is little consensus as to what the nature and scope of such challenges might be. Clearly there are multiple points of view with respect to management of Could Computing security. In this paper we adopt an innovative way – the Socratic Dialogue – as a means to present several perspectives and the discordances therein. One of the authors, a technology enthusiast, makes a case for technical security and the benefits of Cloud Computing. The other authors points to the systemic problems in Cloud Computing and warns of the looming dangers. As the dialogue progresses, both authors seems to agree that the answer resides in adopting a socio-technical perspective. In a final synthesis a set of conditions necessary for Cloud Computing security are presented.

Keywords

  • Cloud Computing
  • Cloud Service
  • Information Security
  • Cloud Provider
  • Cloud Computing Service

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-94-007-0641-5_16
  • Chapter length: 16 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   149.00
Price excludes VAT (USA)
  • ISBN: 978-94-007-0641-5
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   199.99
Price excludes VAT (USA)
Hardcover Book
USD   279.99
Price excludes VAT (USA)

Notes

  1. 1.

    McCarthy, J. “Recursive Functions of Symbolic Expressions and their Computation by Machine, Part I,” Communications of the ACM 3, 4 (1960): 184.

  2. 2.

    Foster, I., at al., “Cloud Computing and Grid Computing 360-Degree Compared,” in Grid Computing Environments Workshop 2008, GCE ’08 (2008);Luis, V.M., at al., “A Break in the Clouds: Towards a Cloud Definition,” SIGCOMM Computer Communication Review 39, 1 (2009): 50.

  3. 3.

    Balachandra, R.K., R.V. Paturi, and A. Rakshit, “Cloud Security Issues,” in IEEE International Conference on Services Computing (IEEE, 2009).

  4. 4.

    Beaty, K., et al., “Desktop to Cloud Transormation Planning,” in 2009 IEEE International Symposium on Parallel & Distributed Processing (IEEE, 2009) ; Descher, M., et al., “Retaining Data Control to the Client in Infrastructure Clouds,” in 2009 International Conference on Availability, Reliability and Security (2009).

  5. 5.

    Kaufman, L.M. “Data Security in the World of Cloud Computing.” IEEE Security & Privacy Magazine 7, 4 (2009): 61.

  6. 6.

    Oliva, T.A., and C.M. Capdevielle. “Can Systems Really Be Taught: (A Socratic Dialogue).” Academy of Management Review 5, 2 (1980): 277; Mitroff, I.I. “The Tally: A Dialogue on Feyerabend and Ford.” Theory and Society 3, 4 (1976): 601. Among others.

  7. 7.

    CNN, “Info on 3.9 M Citigroup Customers Lost Computer Tapes with Information About Consumer Lending Lost by UPS in transit to Credit Bureau,” CNNMoney.com, 2005, http://money.cnn.com/2005/06/06/news/fortune500/security_citigroup/ (10 September 2010).

  8. 8.

    Best, J. “Lost Data Total Nears 30 million records,” (2008), http://www.silicon.com/publicsector/0,3800010403,39295167,00.htm (10 September 2010).

  9. 9.

    Armbrust, M., et al., Above the Clouds: A Berkeley View of Cloud Computing. Berkley, CA, 2009.

  10. 10.

    In June 2003 the US Federal Trade Commission opened the “Do Not Call Registry” to comply with the Do-Not-Call Implementation Act of 2003. The Act allows for companies to make calls up to 18 months where there is an existing business relationship. This period can easily be extended for any amount of time with a range of merger and acquisition tricks and other loopholes.

  11. 11.

    Conti, G. Googling Security: How Much Does Google Know About You? Addison-Wesley Professional, 2009.

  12. 12.

    Google privacy center, “Privacy Policy”, Last modified: March 11, 2009, http://www.google.com/privacypolicy.html (10 September 2010).

  13. 13.

    Kaufman, L.M. “Data Security in the World of Cloud Computing.” IEEE Security & Privacy Magazine 7, 4 (2009): 61.

  14. 14.

    Descher, M., et al., “Retaining Data Control to the Client in Infrastructure Clouds,” in 2009 International Conference on Availability, Reliability and Security (2009).

  15. 15.

    Tian, X., X. Wang, and A. Zhou, “DSP RE-Encryption: A Flexible Mechanism for Access Control Enforcement Management in DaaS,” in 2009 IEEE International Conference on Cloud Computing (2009).

  16. 16.

    Balachandra, R.K., R.V. Paturi, and A. Rakshit, “Cloud Security Issues,” in IEEE International Conference on Services Computing (IEEE, 2009).

  17. 17.

    Saikat G., K. Tang, and P. Francis. “NOYB: Privacy in Online Social Networks.” in Proceedings of the first workshop on Online social networks, Seattle, WA, USA (2008).

  18. 18.

    Pearson, S. “Taking Account of Privacy when Designing Cloud Computing Services,” in 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing (2009).

  19. 19.

    Balachandra, R.K., R.V. Paturi, and A. Rakshit, “Cloud Security Issues,” in IEEE International Conference on Services Computing (IEEE, 2009).

  20. 20.

    Europe’s Information Society, “eHealth” (2005) http://ec.europa.eu/information_society/activities/eten/library/about/themes/ehealth/index_en.htm (10 September 2010).

  21. 21.

    Nuttall, C. “US urged to probe Google’s ‘cloud’ services,” (2009), http://www.ft.com/cms/s/0/55572a2e-1425-11de-9e32-0000779fd2ac.html?nclick_check=1 (10 September 2010).

  22. 22.

    Armstrong, M.P., G. Rushton, and D.L. Zimmerman. “Geographically Masking Health Data to Preserve Confidentiality.” Statistics in Medicine 18, 5 (1999): 497.

  23. 23.

    Europe’s Information Society, “eHealth” (2005), http://ec.europa.eu/information_society/activities/eten/library/about/themes/ehealth/index_en.htm (10 September 2010)

  24. 24.

    Europe’s Information Society, “Information can save your life” (2007), http://ec.europa.eu/information_society/tl/qualif/health/index_en.htm (10 September 2010)

  25. 25.

    Baker, R.K. “Offshore IT Outsourcing and the 8/sup thsup/Data Protection Principle – Legal and Regulatory Requirements – with Reference to Financial Services.” International Journal of Law and Information Technology 14, 1 (2006): 1.

  26. 26.

    Halperin, R., and J. Backhouse. “A Roadmap for Research on Identity in the Information Society.” Identity in the Information Society 1, 1 (2008): 71.

  27. 27.

    Cavoukian, A. “Privacy in the Clouds, A White Paper on Privacy and Digital Identity: Implications for the Internet,” 2008, http://www.ipc.on.ca/images/Resources/privacyintheclouds.pdf (10 September 2010).

  28. 28.

    PRIME. “Privacy and Identity Management for Europe,” 2008, http://www.prime-project.eu/ (10 September 2010).

  29. 29.

    http://identityproject.lse.ac.uk/identityreport.pdf (26 May 2010).

  30. 30.

    Nurmi, D., et al., “The Eucalyptus Open-Source Cloud-Computing System,” Proceedings of the 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid (Volume 00, 2009).

  31. 31.

    http://groups.google.com/group/google-appengine/browse_thread/thread/e9237fc7b0aa7df5?pli=1 (26 May 2010).

  32. 32.

    BBC News, “Gmail down again for some users,” 2009, http://news.bbc.co.uk/2/hi/7934443.stm (10 September 2010).

  33. 33.

    De Waal, A. “Darfur and the Failure of the Responsibility to Protect,” International Affairs 83, 6 (2007): 1039.

  34. 34.

    Weick, K.E., and K.H. Roberts. “Collective Mind in Organizations: Heedful Interrelating on Flight Decks.” Administrative Science Quarterly 38, (1993): 357.

  35. 35.

    Dhillon, G. “Organizational Competence in Harnessing IT: A Case Study.” Information & Management 45, 5 (2008): 297.

  36. 36.

    http://www.trustguide.org/ (10 September 2010)

  37. 37.

    Ashforth, B.E., and F. Mael, “Socia Identity Theory and the Organization.” Academy of Management Review 14, 1 (1989): 20.

  38. 38.

    Dhillon, G. “Violation of Safeguards by Trusted Personnel and Understanding Related Information Security Concerns.” Computers & Security 20, 2 (2001): 165.

  39. 39.

    Ibid.

  40. 40.

    Shapiro, S.P. “The Social Control of Impersonal Trust.” The American Journal of Sociology 93, 3 (1987): 623.

  41. 41.

    Granovetter, M. “Economic Action and Social Structure: The Problem of Embeddedness.” The American Journal of Sociology 91, 3 (1985): 481.

  42. 42.

    We have had to make this assertion generic to maintain anonymity. It is however based on interview data collected by one of the authors in October 2009 of interpersonal relationships between Cloud Computing provides and their clients

  43. 43.

    Conti, G. Googling Security: How Much Does Google Know About You? Addison-Wesley Professional, 2009.

  44. 44.

    Parker, D. Computer Security Management. Reston, VA: Reston Publishing, 1981.

  45. 45.

    Baskerville, R. “Information Systems Security Design Methods: Implications for Information Systems Development.” ACM Computing Surveys 25, 4 (1993): 375; Wing, J.M. “A specifier’s Introduction to Formal Methods.” Computer 23, 9 (1990): 8.

  46. 46.

    Dhillon, G., and J. “Backhouse. Information System Security Management in the New Millennium.” Communications of the ACM 43, 7 (2000): 125.

  47. 47.

    Hedberg, B., and E. Mumford. “The Design of Computer Systems: Man’s Vision of Man as an Integral Part of the System Design Process. Human Choice and Computers,” in The IFIP Conference on Human Choice and Computers. Amsterdam: North-Holland Publishing Company, 1975; Mumford, E. “The Impact of Systems Change in Organisations. Results and Conclusions from a Multinational Study of Information Systems Development in Banks.” in Systems Design and Human Needs, edited by. N.-B. Andersen, B. Hedberg, D. Mercer, E. Mumford and A. Solé. Alphen aan den Rijn, Holland: Sijthoff & Noordhoff, 1979.

  48. 48.

    Stanton, J.M., at al., “Analysis of End User Security Behaviors.” Computers & Security 24, 2 (2005): 124.

  49. 49.

    Dhillon, G., and J. Backhouse. Information System Security Management in the New Millennium. Communications of the ACM 43, 7 (2000): 125.

References

  • Armstrong, M.P., G. Rushton, and D.L. Zimmerman. “Geographically Masking Health Data to Preserve Confidentiality.” Statistics in Medicine 18, 5 (1999): 497–525.

    CrossRef  Google Scholar 

  • Armbrust, M., A. Fox, R. Griffith, A.D. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia. Above the Clouds: A Berkeley View of Cloud Computing. Berkley, CA, 2009.

    Google Scholar 

  • Ashforth, B.E., and F. Mael. “Socia Identity Theory and the Organization.” Academy of Management Review 14, 1 (1989): 20–39.

    CrossRef  Google Scholar 

  • Baker, R.K. “Offshore IT Outsourcing and the 8/sup thsup/Data Protection Principle – Legal and Regulatory Requirements – with Reference to Financial Services.” International Journal of Law and Information Technology 14, 1 (2006): 1–27.

    CrossRef  Google Scholar 

  • Balachandra, R.K., R.V. Paturi, and A. Rakshit, “Cloud Security Issues.” In IEEE International Conference on Services Computing (IEEE, 2009).

    Google Scholar 

  • Baskerville, R. “Information Systems Security Design Methods: Implications for Information Systems Development.” ACM Computing Surveys 25, 4 (1993): 375–414.

    CrossRef  Google Scholar 

  • BBC News. Gmail Down Again for Some Users, 2009, http://news.bbc.co.uk/2/hi/7934443.stm. (10 September 2010).

  • Beaty, K., A. Kochut, and H. Shaikh. “Desktop to Cloud Transormation Planning.” In 2009 IEEE International Symposium on Parallel & Distributed Processing (IEEE, 2009).

    Google Scholar 

  • Best, J. “Lost Data Total Nears 30 million records,” (2008), http://www.silicon.com/publicsector/0,3800010403,39295167,00.htm (10 September 2010).

  • Cavoukian, A. “Privacy in the Clouds, A White Paper on Privacy and Digital Identity: Implications for the Internet,” 2008, http://www.ipc.on.ca/images/Resources/privacyintheclouds.pdf (10 September 2010).

  • CNN, “Info on 3.9 M Citigroup Customers Lost Computer Tapes with Information About Consumer Lending Lost by UPS in transit to Credit Bureau,” CNNMoney.com, 2005, http://money.cnn.com/2005/06/06/news/fortune500/security_citigroup/ (10 September 2010).

  • Conti, G. Googling Security: How Much Does Google Know About You? Addison-Wesley Professional, 2009.

    Google Scholar 

  • Descher, M., P. Masser, T. Feilhauer, A.M. Tjoa and D. Huemer, “Retaining Data Control to the Client in Infrastructure Clouds.” In 2009 International Conference on Availability, Reliability and Security (2009).

    Google Scholar 

  • De Waal, A. “Darfur and the Failure of the Responsibility to Protect.” International Affairs 83, 6 (2007): 1039–1054.

    CrossRef  Google Scholar 

  • Dhillon, G. “Organizational Competence in Harnessing IT: A Case Study.” Information & Management 45, 5 (2008): 297–303.

    CrossRef  Google Scholar 

  • Dhillon, G. “Violation of Safeguards by Trusted Personnel and Understanding Related Information Security Concerns.” Computers & Security 20, 2 (2001): 165–72.

    CrossRef  Google Scholar 

  • Dhillon, G., and J. Backhouse. “Information System Security Management in the New Millennium.” Communications of the ACM 43, 7 (2000): 125–128.

    CrossRef  Google Scholar 

  • Europe’s Information Society, “eHealth” (2005) http://ec.europa.eu/information_society/activities/eten/library/about/themes/ehealth/index_en.htm (10 September 2010).

  • Foster, I., Z. Yong, I. Raicu, and S. Lu. “Cloud Computing and Grid Computing 360-Degree Compared.” In Grid Computing Environments Workshop 2008, GCE ’08 (2008).

    Google Scholar 

  • Google privacy center, “Privacy Policy”, Last modified: March 11, 2009, http://www.google.com/privacypolicy.html (10 September 2010).

  • Granovetter, M. “Economic Action and Social Structure: The Problem of Embeddedness.” The American Journal of Sociology 91, 3 (1985): 481–510.

    CrossRef  Google Scholar 

  • Halperin, R., and J. Backhouse. “A Roadmap for Research on Identity in the Information Society.” Identity in the Information Society 1, 1 (2008): 71–87.

    CrossRef  Google Scholar 

  • Hedberg, B., and E. Mumford. “The Design of Computer Systems: Man’s Vision of Man as an Integral Part of the System Design Process. Human Choice and Computers.” In The IFIP Conference on Human Choice and Computers. Amsterdam: North-Holland Publishing Company, 1975.

    Google Scholar 

  • Kaufman, L.M. “Data Security in the World of Cloud Computing.” IEEE Security & Privacy Magazine 7, 4 (2009): 61–64.

    CrossRef  Google Scholar 

  • Luis, V.M., R.M. Luis, C. Juan, and L. Maik. “A Break in the Clouds: Towards a Cloud Definition.” SIGCOMM Computer Communication Review 39, 1 (2009): 50–55.

    Google Scholar 

  • McCarthy, J. “Recursive Functions of Symbolic Expressions and their Computation by Machine, Part I.” Communications of the ACM 3, 4 (1960): 184–195.

    CrossRef  Google Scholar 

  • Mitroff, I.I. “The Tally: A Dialogue on Feyerabend and Ford.” Theory and Society 3, 4 (1976): 601–609.

    CrossRef  Google Scholar 

  • Mumford, E. “The Impact of Systems Change in Organisations. Results and Conclusions from a Multinational Study of Information Systems Development in Banks.” In Systems Design and Human Needs, edited by. N.-B. Andersen, B. Hedberg, D. Mercer, E. Mumford and A. Solé. Alphen aan den Rijn, Holland: Sijthoff & Noordhoff, 1979.

    Google Scholar 

  • Nurmi, D., R. Wolski, C. Grzegorczyk, G. Obertelli, S. Soman, L. Youseff and D. Zagorodnov, The Eucalyptus Open-Source Cloud-Computing System, Proceedings of the 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid (Volume 00, 2009).

    Google Scholar 

  • Nuttall, C. “US urged to probe Google’s ’cloud’ services” (2009), http://www.ft.com/cms/s/0/55572a2e-1425-11de-9e32-0000779fd2ac.html?nclick_check=1 (10 September 2010).

  • Oliva, T.A., and C.M. Capdevielle. “Can Systems Really Be Taught: (A Socratic Dialogue).” Academy of Management Review 5, 2 (1980): 277–279.

    CrossRef  Google Scholar 

  • Parker, D. Computer Security Management. Reston, VA: Reston Publishing, 1981.

    Google Scholar 

  • Pearson, S. “Taking Account of Privacy when Designing Cloud Computing Services.” In 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing (2009).

    Google Scholar 

  • PRIME. “Privacy and Identity Management for Europe” 2008, http://www.prime-project.eu/ (10 September 2010).

  • Saikat G., K. Tang, and P. Francis. NOYB: Privacy in Online Social Networks. in Proceedings of the first workshop on Online social networks, Seattle, WA, USA (2008).

    Google Scholar 

  • Shapiro, S.P. “The Social Control of Impersonal Trust.” The American Journal of Sociology 93, 3 (1987): 623–658.

    CrossRef  Google Scholar 

  • Stanton, J.M., K.R. Stam, P. Mastrangelo, and J. Jolton. “Analysis of End User Security Behaviors.” Computers & Security 24, 2 (2005): 124–133.

    CrossRef  Google Scholar 

  • Tian, X., X. Wang, and A. Zhou. “DSP RE-Encryption: A Flexible Mechanism for Access Control Enforcement Management in DaaS.” In 2009 IEEE International Conference on Cloud Computing (2009).

    Google Scholar 

  • Weick, K.E., and K.H. Roberts. “Collective Mind in Organizations: Heedful Interrelating on Flight Decks.” Administrative Science Quarterly 38, (1993): 357–381.

    CrossRef  Google Scholar 

  • Wing, J.M. “A specifier’s Introduction to Formal Methods.” Computer 23, 9 (1990): 8–24.

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Gurpreet Dhillon .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2011 Springer Science+Business Media B.V.

About this chapter

Cite this chapter

Dhillon, G., Kolkowska, E. (2011). Can a Cloud Be Really Secure? A Socratic Dialogue. In: Gutwirth, S., Poullet, Y., De Hert, P., Leenes, R. (eds) Computers, Privacy and Data Protection: an Element of Choice. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-0641-5_16

Download citation