图书情报工作

图书情报工作 >

2020 , Vol. 64 >Issue 12: 38 - 48

DOI: https://doi.org/10.13266/j.issn.0252-3116.2020.12.005

理论研究

云服务协议引发的信息安全风险及图情机构的应对措施

  • 黄国彬 ,
  • 郑霞 ,
  • 王婷
展开
  • 1. 北京师范大学政府管理学院 北京 100875;
    2. 首都医科大学图书馆 北京 100069
黄国彬(ORCID:0000-0001-9059-8285),副教授,博士,硕士生导师;王婷(ORCID:0000-0001-5110-7893),馆员,硕士。

收稿日期: 2019-06-16

  修回日期: 2019-12-23

  网络出版日期: 2020-06-20

收起

Information Security Risks Caused by Cloud Service Agreement and Suggestions for Library and Information Community

  • Huang Guobin ,
  • Zheng Xia ,
  • Wang Ting
Expand
  • 1. School of Government, Beijing Normal University, Beijing 100875;
    2. Capital Medical University Library, Beijing 100069

Received date: 2019-06-16

  Revised date: 2019-12-23

  Online published: 2020-06-20

Fold

摘要

[目的/意义] 云服务在图书馆的应用可有效提升图书馆的数据存储与计算能力,但也为图书馆带来众多信息资源安全问题,而云计算服务协议的不规范性更加剧了图书馆面临的信息安全风险。[方法/过程] 选取8家云服务代表运营商的服务协议作为样本,聚焦云服务协议中有关信息安全的条款,从数据收集、数据存储、数据传输、数据访问和服务安全等5个方面深入分析当前云服务协议条款中存在的信息安全风险。[结果/结论] 图书馆应用云服务可能面临的信息安全风险包括:云服务协议内容缺失,用户信息安全难以得到确切保护;云服务协议表述模糊,尚未建立健全的安全保障机制;云服务协议的制定更有利于云提供商,用户权利易受侵犯。在此环境下,图书馆应当进一步明确图书馆用户数据的所有权,强调图书馆信息资源的安全性。

关键词: 云服务; 服务协议; 信息安全

本文引用格式

黄国彬 , 郑霞 , 王婷 . 云服务协议引发的信息安全风险及图情机构的应对措施[J]. 图书情报工作, 2020 , 64(12) : 38 -48 . DOI: 10.13266/j.issn.0252-3116.2020.12.005

Abstract

[Purpose/significance] The application of cloud service in the library can effectively improve the data storage and computing capacity of the library, but it also brings a lot of information resource security problems, and the non-standard cloud computing service agreement aggravates the information security risks faced by the library.[Method/process] This paper focused on the information security clauses in the cloud service agreement, selected 8 cloud services on behalf of the operator's service agreement as a sample, and analyzed the information security risks that exist in the current cloud service agreement terms in depth from data collection, data storage, data transmission, data access and service security.[Result/conclusion] The information security risks that library application cloud services may face include:the lack of cloud service agreement content, the difficulty of obtaining accurate protection of user information security; the vague description of cloud service agreement, the establishment of a sound security guarantee mechanism; the formulation of cloud service agreement are more conducive to cloud providers, so user rights are vulnerable. In this environment, the library should further clarify the ownership of library user data and emphasize the security of library information resources.

Key words: cloud service; service agreement; information security risk

参考文献

[1] 中国通信院. 中国信通院发布2018年云计算发展白皮书——行业云时代全面开启[EB/OL].[2019-08-26].http://www.caict.ac.cn/kxyj/qwfb/bps/201808/t20180813_181718.htm.
[2] 代田凤.基于计算机云服务的数据信息安全体系构建[J].数字技术与应用,2017(11):188-190.
[3] 毕健欢.基于计算机云服务的政府政务数据信息安全体系创设研究[J].数字技术与应用,2016(2):203.
[4] 陈洁.基于计算机云服务的政府政务数据信息安全体系构建研究[J].山东工业技术,2016(3):116-117.
[5] 刘琴.基于计算机云服务的政务数据信息安全体系建设研究[J].中国管理信息化,2018,21(12):138-139.
[6] 冀枫.数字图书馆云服务平台的架构与信息安全探讨[J].内蒙古科技与经济,2018(20):49-51.
[7] 刘平,刘春.基于云服务的图书馆建设与信息安全策略研究[J].兰台世界,2015(8):126-127.
[8] 黄国彬,郑琳.基于服务协议的云服务提供商信息安全责任剖析[J].图书馆,2015(7):61-65.
[9] PARK S T, PARK E M, SEO J H, et al. Factors affecting the continuous use of cloud service:focused on security risks[J]. Cluster computing, 2016, 19(1):485-495.
[10] MADRIA S K. Security and risk assessment in the cloud[J].Computer,2016, 49(9):110-113.
[11] KANG A N, BAROLLI L, PARK J H, et al. A strengthening plan for enterprise information security based on cloud computing[J]. Cluster computing, 2014,17(3):703-710.
[12] HALABI T, BELLAICHE M. Towards quantification and evaluation of security of cloud service providers[J] Journal of information security and applications, 2017, 33:55-65.
[13] VASANTHA R N. Cloud computing for college library automation[EB/OL].[2019-12-14]. https://www.slideshare.net/Vasanthrz/cloud-computing-for-college-library-automation.
[14] JUTA S. Digitizing and cataloging the Boekentoren[EB/OL].[2019-12-15].https://blog.ml6.eu/digitizing-and-cataloging-the-boekentoren-book-tower-ffc0070793ac.
[15] ZAINAB A, CHONG C, CHAW L. Moving a repository of scholarly content to a cloud[J] Library Hi Tech, 2013, 31(2):201-215.
[16] AMAZON. New York Public Library's cloud journey[EB/OL].[2019-12-16]. https://amazonAmazon-china.com/cn/blogs/enterprise-strategy/new-york-public-librarys-cloud-journey/.
[17] OSU.EDU. Ohio State AMAZON now includes enterprise support[EB/OL].[2019-12-16].https://it.osu.edu/news/2019/03/04/ohio-state-Amazon-now-includes-enterprise-support.
[18] Today in APIs:AMAZON Announces EC2 Spotathon[EB/OL].[2019-12-16].https://www.programmableweb.com/news/today-apis-Amazon-announces-ec2-spotathon-nasdaq-music-to-your-ears-and-11-new-apis/2012/11/09.
[19] Microsoft Azure[EB/OL].[2019-12-17].http://www.mi-crosoft.com/windowsazure/.
[20] DuraSpace. DuraCloud[EB/OL].[2019-12-17].https://duraspace.org/duracloud/.
[21] Library technology guides[EB/OL].[2019-12-18].http://librarytechnology.org/.
[22] Google cloud platform agreement[EB/OL].[2019-12-18].https://cloud.google.com/terms/#google-cloud-platform-agreement.
[23] AMAZON customer agreement[EB/OL].[2019-12-18].https://www.amazon.com/gp/help/customer/display.html?nodeId=468496.
[24] Microsoft Azure legal information[EB/OL].[2019-12-18].https://azure.microsoft.com/en-au/support/legal/.
[25] License.DuraCloud[EB/OL].[2019-12-18].https://duraspace.org/duracloud/license/.
[26] OCLC. WorldShare platform terms and conditions[EB/OL].[2019-12-18]. https://www.oclc.org/content/dam/developernetwork/PDFs/platform_general_TCs_0%20(1).pdf.
[27] Terms of Use. Ex Libris Knowledge Center[EB/OL].[2019-12-18]. https://knowledge.exlibrisgroup.com/TERMS_OF_USE.
[28] Apollo integrated library system subscription purchase agreement. Biblionix[EB/OL].[2019-12-18]. https://seguin.biblionix.com/agreements/subscription/?agreed=2019-02-15%2015%3A45%3A27.
[29] Terms of Use. Innovative[EB/OL].[2019-12-18].https://www.iii.com/terms-of-use/.
Options
文章导航

/