The Influence of Data Visibility on Cloud Computing Service Enterprise Customer's Perception of System Security

雲計算服務的數據可視性給企業客戶對資訊系統安全感的影響

Student thesis: Doctoral Thesis

View graph of relations

Author(s)

  • Wai Pang YUEN

Detail(s)

Awarding Institution
Supervisors/Advisors
Award date31 Oct 2018

Abstract

Cloud computing is a pervasive technology and platform in information technology (IT) today. Cloud service providers (CSPs) have developed and offer different service platforms to accommodate the needs of enterprise subscribers. Various surveys have shown that the trend of cloud computing has had rapid growth in the last 10 years. It seems that cloud computing has been embraced by everybody. However, some enterprise customers still hesitate to deploy their core information and communication technology (ICT) applications on public cloud service platforms. Marketing survey results from different industry events have repeatedly shown that some enterprises still do not fully trust public cloud-computing services due to various concerns, and security is the perceived major concern of existing and prospective enterprise customers of cloud services. This research is not to argue against the security of these cloud solutions/products nor to develop a new product to address any security hole in cloud services, but to investigate the security expectation gap between enterprise customers and CSPs and show that data visibility can be applied to address the gap to change the perception of the cloud security of enterprises. The characteristics and essential elements of data visibility in the ICT industry will be defined in this study. Then, the data visibility model and prototype will be proposed and applied to reduce the security expectation gap between CSPs and customers. This EngD research focuses on three areas:
• Cloud security issues, threats, and vulnerabilities addressed by both CSPs and customers;
• The definition and characteristics of data visibility; and
• Reducing the cloud security expectation gap between CSPs and customers via data visibility.

In addition to the foundation from the literature review, the views of 12 experienced professionals and practitioners with different technical and business backgrounds from different countries were also collected. Moreover, customer surveys from three ICT industry events in Singapore and Australia have also clearly indicated the importance of data visibility to customers.

Before any further work, the definitions and characteristics of data visibility are expanded to address the expectation gap, and a data-visibility conceptual model is developed and constructed to enable information flow on data visibility across different cloud service platforms. This is followed by the design of the architecture and the modular functional specifications of different components of the proposed model. Twenty-four industry experts were invited to participate in a detailed presentation of the proposed data-visibility concept and model, mockup demonstration, and open discussion.

These experts come from different sectors: 12 are chief information officers (CIO), IT managers, business managers, and accounting managers of different enterprises; four are in the areas of platform as a service (PaaS)/infrastructure as a service (IaaS) and software as a service (SaaS); and the other four are from consulting and professional ICT security standard organizations.

The feedback from them is very positive. The most important is that most interviewees agreed that they would use the data-visibility model as a reference to plan their future cloud-based projects. Three companies indicated their interest and would like to have further follow up to deploy the concept of data visibility in their businesses. The research achieved its main objectives. The result of the mockup demonstration shows that the proposed data-visibility model can become the best practice reference in the industry in the future.