Cloud computing has become one of the most important technologies for reducing cost and increasing productivity by efficiently using IT resources in various companies. The cloud computing system has mainly been built for private enterprise, but public institutions, such as governments and national i...
Cloud computing has become one of the most important technologies for reducing cost and increasing productivity by efficiently using IT resources in various companies. The cloud computing system has mainly been built for private enterprise, but public institutions, such as governments and national institutes, also plans to introduce the system in Korea. Various researches have pointed to security problems as a critical factor to impede the vitalization of cloud computing services, but they only focus on the security threats and their correspondents for addressing the problems. There are no studies that analyze major security issues with regard to introducing the cloud computing system. Accordingly, it is necessary to research the security factors in the cloud computing given to public institutions when adopting cloud computing. This research focuses on the priority of security solutions for the stepwise adoption of cloud computing services in enterprise environments. The cloud computing security area is classified into managerial, physical and technical area in the research, and then derives the detailed factors in each security area. The research derives the influence of security priorities in each area on the importance of security issues according to the identification of workers in private enterprise and public institutions. Ordered probit models are used to analyze the influences and marginal effects of awareness for security importance in each area on the scale of security priority. The results show workers in public institutions regard the technical security as the highest importance, while physical and managerial security are considered as the critical security factors in private enterprise. In addition, the results show workers in public institutions and private enterprise have remarkable differences of awareness for cloud computing security. This research compared the difference in recognition for the security priority in three areas between workers in private enterprise, which use cloud computing services, and workers in public institutions that have never used the services. It contributes to the establishment of strategies, with respect to security, by providing guidelines to enterprise or institutions that want to introduce cloud computing systems.
Cloud computing has become one of the most important technologies for reducing cost and increasing productivity by efficiently using IT resources in various companies. The cloud computing system has mainly been built for private enterprise, but public institutions, such as governments and national institutes, also plans to introduce the system in Korea. Various researches have pointed to security problems as a critical factor to impede the vitalization of cloud computing services, but they only focus on the security threats and their correspondents for addressing the problems. There are no studies that analyze major security issues with regard to introducing the cloud computing system. Accordingly, it is necessary to research the security factors in the cloud computing given to public institutions when adopting cloud computing. This research focuses on the priority of security solutions for the stepwise adoption of cloud computing services in enterprise environments. The cloud computing security area is classified into managerial, physical and technical area in the research, and then derives the detailed factors in each security area. The research derives the influence of security priorities in each area on the importance of security issues according to the identification of workers in private enterprise and public institutions. Ordered probit models are used to analyze the influences and marginal effects of awareness for security importance in each area on the scale of security priority. The results show workers in public institutions regard the technical security as the highest importance, while physical and managerial security are considered as the critical security factors in private enterprise. In addition, the results show workers in public institutions and private enterprise have remarkable differences of awareness for cloud computing security. This research compared the difference in recognition for the security priority in three areas between workers in private enterprise, which use cloud computing services, and workers in public institutions that have never used the services. It contributes to the establishment of strategies, with respect to security, by providing guidelines to enterprise or institutions that want to introduce cloud computing systems.
* AI 자동 식별 결과로 적합하지 않은 문장이 있을 수 있으니, 이용에 유의하시기 바랍니다.
문제 정의
Three representative researches such as Kim [2], Lee [17], and Kim [18] suggested the response technologies for security issues in the cloud computing environment based on ISMS. This research also focuses on the strategies for the security priority based on the three aspects of KISA ISMS. Therefore, variables are selected on the basis of three security areas in KISA ISMS and related researches as well and they are presented in Table 3.
This research focuses on the importance of cloud computing security in three areas. The variables in the research are constructed on the basis of KISA ISMS.
제안 방법
The analysis results of this research offers a framework for establishing a system based on cloud computing services with minimum trials at the beginning stage.
The ordered probit model is used to analyze the importance of the cloud computing security in this research.
For instance, he provided “entrance control” in physical security, “accident management” in managerial security, “application security” in technical security of service providers, and “the selection of the service providers” in technical security of service consumers. Therefore, the detailed variables are redefined in this research according to the items which are summarized in order to evaluate security issues of cloud computing in previous researches and KISA ISMS.
Therefore, this research analyzed the differences in awareness for the security of cloud computing in private enterprises and public institutions by ordered probit model.
For the analysis, the actual perceptions of private enterprise and public institution workers are investigated in three security sectors which are managerial, physical, and technical security. This research can be applied as a guideline for establishing security strategies when public institutions and private enterprises introduce cloud computing by analyzing the perception gap of security importance.
This work has expanded the research model that analyzed the importance of cloud computing security in three aspects.
대상 데이터
The data for the research were collected through a web survey during March 2012. A total number of 298 workers in private enterprises and public institutions responded to the web survey. Seven responses were removed because they had missing data, therefore 291 samples are used for the analysis.
A total number of 298 workers in private enterprises and public institutions responded to the web survey. Seven responses were removed because they had missing data, therefore 291 samples are used for the analysis. The relevant socio-demographic and behavioral characteristics of the data are presented in Table 2.
성능/효과
For the analysis results about detailed factors in managerial security, security inspection and security policy are significant in public institutions, while security policy, personnel security and security incident management have significant effects in private enterprises.
The analysis results show gender, age, job tenure, and number of employees are not statistically significant in the case of public institutions, but the age variable is statistically significant at the 5% significance level in private enterprises.
The analysis results show gender, age, job tenure, and number of employees are not statistically significant in the case of public institutions, but the number of employees variable is statistically significant at the 10% significance level in private enterprises.
The analysis conducted on the basis of security domain and subdomain in KISA ISMS. The analysis results shows that public institution workers, who do not have experience in cloud computing services, have significantly different awareness for security compared to private enterprise employees who use cloud computing services. Also, it is found that service users and nonusers have a recognition gap between each other, and suggests security strategies to public institutions and private enterprises that will introduce the cloud computing services.
With the same method, the proportion of marginal effect on physical security increased, the variable of respectively environmental control of facility is 14.6% and 5.5%, the variable of import and export control of items has increases of 4.3% and 3.9%, and the equipment/facility positioning variable has a 3.6% and 4.6% respectively.
후속연구
Since most service providers and consumers of cloud computing pay attention to security issues in the world, the scope of this research will be extended to not only the world popular providers of the services but also the domestic and global companies which use cloud computing services and want to introduce them for enhancing the company productivity.
참고문헌 (23)
M. Armbrust, "A View of Cloud Computing," Communications of the ACM, vol. 53, no. 4, pp. 50-58, 2010. Article (CrossRef Link)
S. J. Kim, "Information Security Plan on Cloud Computing: Information Security Management System," Management Consulting Review, vol. 1, no. 2, pp. 194-208, 2010. http://www.dbpia.co.kr/Journal/ArticleDetail/1366259
S. Marston, Z. Li, S. Bandyopadhyay, J. Zhang and A. Ghalsasi, "Cloud Computing - The Business Perspective," Decision Support Systems, vol. 51, no. 1, pp. 176-189, 2011. Article (CrossRef Link)
S. Y. Shin, "Master Plan for Vitalization of Cloud Computing," Local Information Magazine, vol. 61, pp. 46-51, 2010. http://www.klid.or.kr/section/board/bbs_view.html?PIDlocaldata&seq1195
Korea Communications Commission and Korea Internet Security Agency, "Information Security guide for Cloud Services," Korea Communications Commissions and Korea Internet Security Agency, October, 2011. http://www.nipa.kr/know/trandInformationView.it?identifier02-004-111020-000021&menuNo26&page5
S. K. Eun, "Cloud Computing Security Technology Trends," Review of Korea Institute of Information Security and Cryptology, vol. 20, no. 2, pp. 27-31, 2010. http://ocean.kisti.re.kr/is/mv/showPDF_ocean.jsp?pYear2010&koiKISTI1.1003%2FJNL.JAKO201027463260075&sp32&CN1JAKO201027463260075&poidkiisc&kojicJBBHBD&sVncv20n2&sFree
E. Y. Choi, B. J. Han, D. H. Shin, H. C. Jung and KISA Security R&D Team, "A Study for Enhancing Mobile Cloud Computing Security," in Proc. of 2011 Korean Society for Internet Information Summer Conference, vol. 12, no. 1, pp. 221-222, 2011.
Korea Communications Commission Press, "KCC Open the Cloud Service Test Bed," Korea Communications Commission, November, 2010.
F. Gens, R. Mahowald, R. L. Villars, D. Bradshaw, C. Morris, "Cloud Computing 2010 An IDC Update," International Data Corporation, 2010.
J. Heiser and M. Nicolett, "Assessing the Security Risks of Cloud Computing," Gartner, 2008. http://www.gartner.com/DisplayDocument?id685308
S. Gorniak, D. Ikonomou, P. Saragiotis, P. Belimpasakis, B. Bencsath, M. Broda, L. Buttyan, G. Clemo, P. Kijewski, A. Merle, K. Mitrokotsa, A. Munro, O. Popov, C. W. Probst, L. Romano, C. Siaterlis, V. Siris, I. Verbauwhede, and C. Vishik, "Priorities for Research on Current and Emerging Network Trends," European Network and Information Security Agency, 2010.
J. S. Ryu, "Cloud Computing as Green IT and Security Issues," The Graduate School of Computer Information Communications, Korea University, Aug.2010. http://naver.nanet.go.kr/SearchDetailView.do?cnKDMT1201072878&sysidnhn
S. K. Eun, N. S. Cho, Y. H. Kim and D. S. Choi, "Cloud Computing Security Technology," Electronics and Telecommunications Trends, Electronics and Telecommunications Research Institute, vol. 24, no. 4, pp. 79-88, 2009. http://ettrends.etri.re.kr/PDFData/24-4_079_088.pdf
Y. J. Rho, "A Study on the Private Information Technologies using Cloud Computing," Department of Mechanical Engineering, Korea University, 2010.
C. S. Lim, "Cloud Computing Security Technology," Review of Korea Institutes of Information Security and Cryptology, vol. 19, no. 3, pp. 14-17, 2009. http://ocean.kisti.re.kr/is/mv/showPDF_ocean.jsp?pYear2009&koiKISTI1.1003%2FJNL.JAKO200922951807082&sp14&CN1JAKO200922951807082&poidkiisc&kojicJBBHBD&sVncv19n3&sFree
Cloud Security Alliance, "Security Guidance for Critical Areas of Focus in Cloud Computing V2.1," December 2009. https://cloudsecurityalliance.org/research/security-guidance/
K. J. Lee, "The Study on the Issue of Cloud Computing Security and the Plans for the Personal Information Protection," Department of Information Security, The Graduate School of Information & Communications, Sungkyunkwan University, 2010. http://naver.nanet.go.kr/SearchDetailView.do?cnKDMT1201130607&sysidnhn
D. H. Kim, "A Study on the improvement and application of Information Security Management System for Cloud Computing Security," Department of Information Security, The Graduate School of Information and Communication, Sungkyunkwan University, 2011. http://www.riss.kr/search/detail/DetailView.do?p_mat_typebe54d9b8bc7cdb09&control_no2de2b4752a6b263dffe0bdc3ef48d419&naverYNY
K. E. Train, "Discrete Choice Methods with Simulation", Cambridge University Press 2 edition, USA, 2009.
W. E. Greene and D. A. Hensher, "Modeling Ordered Choices: A Primer and Recent Developments," Social Science Research Network, 2010.
Y. H. Cho, "Defect Management System Plan for ISMS Certification," Dept. of Information Security, The Graduate School of Information and Communications, Konkuk University, 2010. http://naver.nanet.go.kr/SearchDetailView.do?cnKDMT1201130607&sysidnhn
J. S. Oh,, Y. B. Yoon, J. R. Seo and B. G. Lee, "The Difference of Awareness between Public institutions and Private Companies for Cloud Computing Security", International Journal of Security and Its Applications, Vol.6, No.3, pp.1-10, 2012.http://www.sersc.org/journals/IJSIA/vol6_no3_2012/1.pdf
Y. B. Yoon, J. S. Oh and B. G. Lee, "The Important Factors in Security for Introducing the Cloud Services", Journal of Korean Society for Internet Information, Vol.13, No.6, pp.21-28, 2012. Article (CrossRef Link).
※ AI-Helper는 부적절한 답변을 할 수 있습니다.