[Purpose/significance] In recent years, the technical security problems of personal cloud storage service are common, which severely hinders users' continuous usage of personal cloud storage service. It is of great practical significance to identify and analyze the key factors that affect the technical security risk of personal cloud storage service for personal cloud storage service providers to offer secure cloud storage service as well as increase user engagement with personal cloud storage service.[Method/process] Based on literature surveys, expert interviews, cloud computing security reports put forward by Gartner, and cloud computing security frameworks and standards (ENISA, CSA, FedRAMP, MTCS), the technical security risk factors indicator system of personal cloud storage service is constructed. The direct influence matrix between the influencing factors of technical security risk evaluation indicator system of personal cloud storage service is obtained through questionnaire survey with experts. This paper analyzes the causal category and the degree of importance of the influencing factors of personal cloud storage service technical security risks by applying Fuzzy-DEMATEL method, and identifies the key influencing factors of personal cloud storage service technical security risk.[Result/conclusion] The critical influencing factors of personal cloud storage service technical security risk are:access control, service/account hijacking, software security risk, virtualization vulnerability, and data transmission security. Finally, according to the empirical conclusions, it provides feasible technical advice for building a secure cloud storage service for personal cloud storage service providers. This study enriches the theoretical research results of personal cloud storage service security risk, and provides practical references for the personal cloud storage service providers to guarantee user data security.
Cheng Huiping
,
Peng Qi
. Identification and Analysis of the Key Influencing Factors on Technical Security Risk of Personal Cloud Storage Service[J]. Library and Information Service, 2019
, 63(16)
: 43
-53
.
DOI: 10.13266/j.issn.0252-3116.2019.16.005
[1] HASHIZUME K, ROSADO D G, FERNÁNDEZ-MEDINA E, et al. An analysis of security issues for cloud computing[J]. Journal of internet services & applications,2013,4(1):1-13.
[2] 艾媒咨询.2016年中国个人云盘行业研究报告[EB/OL].[2018-07-05].http://www.iimedia.cn/45865.html.
[3] ENISA. Cloud computing benefits, risks and recommendations for information security:cloud computing security risk assessment[EB/OL].[2018-07-17].https://www.enisa.europa.eu/publications/cloud-computing-risk-assessment.
[4] ZISSIS D, LEKKAS D. Addressing cloud computing security issues[J].Future generation computer systems,2012,28(3):583-592.
[5] SINGH A, CHATTERJEE K. Cloud security issues and challenges:a survey[J]. Journal of network & computer applications,2017,79(2):88-115.
[6] Gartner Group. Assessing the security risks of cloud computing[EB/OL].[2018-07-17]. https://s3.amazonaws.com/academia.edu.documents/33355553/Gartner_Security_Risks_of_Cloud.pdf?AWSAccessKeyId=AKIAIWOWYYGZ2Y53UL3A&Expires=1531800717&Signature=9iWiV8np8Hv%2BSVw5cvl8sRGqzVw%3D&response-content-disposition=inline%3B%20filename%3DAssessing_the_Security_Risks_of_Cloud_Co.pdf.
[7] CSA. ‘The treacherous twelve’ cloud computing top threats in 2016[EB/OL].[2018-07-05]. https://www.prnewswire.com/news-releases/cloud-security-alliance-releases-the-treacherous-twelve-cloud-computing-top-threats-in-2016-300227806.html.
[8] KHAN N, AL-YASIRI A. Identifying cloud security threats to strengthen cloud computing adoption framework[J]. Procedia computer science,2016,94:485-490.
[9] RAMACHANDRA G, IFTIKHAR M, KHAN F A. A comprehensive survey on security in cloud computing[J]. Procedia computer science,2017,110:465-472.
[10] SHAMELI-SENDI A, CHERIET M. Cloud computing:a risk assessment model[C]//IEEE International Conference on Cloud Engineering. Washington:IEEE, 2014:147-152.
[11] LIU J, GUO Z. Research on cloud security risk assessment based on fuzzy entropy weight model[J]. Electrics, electronics, and computer science,2016,139:390-395.
[12] LIN G T R, LIN C C, CHOU C J, et al. Fuzzy modeling for information security management issues in cloud computing[J]. International journal of fuzzy systems,2014,16(4):529-540.
[13] LIN F, ZENG W, YANG L, et al. Cloud computing system risk estimation and service selection approach based on cloud focus theory[J]. Neural computing and applications,2017,28(1):1863-1876.
[14] ISO/IEC 27017, Code of practice for information security controls based on ISO/IEC 27002 for cloud services[EB/OL].[2018-07-17]. https://www.iso.org/standard/43757.html.
[15] BSI Group. ISO/IEC 27017, Extending ISO/IEC 27001 into the Cloud[EB/OL].[2018-07-17]. https://www.bsigroup.com/LocalFiles/EN-AU/_Brochures/ISO%2027017%20Whitepaper-JULY2016.pdf.
[16] FedRAMP. Security assessment framework[EB/OL].[2018-07-17]. https://s3.amazonaws.com/sitesusa/wp-content/uploads/sites/482/2015/01/FedRAMP-Security-Assessment-Framework-v2-1.pdf.
[17] Singapore MTCS. SS584(2016), Specification for multi-tiered cloud computing security[EB/OL].[2018-07-17]. https://www.singaporestandardseshop.sg/Product/Product.aspx?id=88be024c-cead-4a59-801d-9fcedbbab88f.
[18] CSA. Security guidance for critical areas of focus in cloud computingV2.1[EB/OL].[2018-07-17]. https://www.rationalsurvivability.com/blog/2009/12/cloud-security-alliance-v2-1-security-guidance-for-critical-areas-of-focus-in-cloud-computing-available/.
[19] ENISA. A guide to monitoring of security level in cloud contracts[EB/OL].[2018-07-17]. https://www.enisa.europa.eu/publications/procure-secure-a-guide-to-monitoring-of-security-service-levels-in-cloud-contracts.
[20] SHAHZAD F. State-of-the-art survey on cloud computing security challenges, approaches and solutions[J]. Procedia computer science,2014,37:357-362.
[21] SHIRVANI M H, RAHMANI A M, SAHAFI A. An iterative mathematical decision model for cloud migration:a cost and security risk approach[J]. Software practice & experience, 2018,48(6):449-485.
[22] MACKAY M, BAKER T, AL-YASIRI A. Security-oriented cloud computing platform for critical infrastructures[J]. Computer law & security review the international journal of technology & practice,2012,28(6):679-686.
[23] KANG W M, DONG-LEE J, JEONG Y S, et al. VCC-SSF:service-oriented security framework for vehicular cloud computing[J].Sustainability,2015,7(2):2028-2044.
[24] WALTERBUSCH M, FIETZ A, TEUTEBERG F. Missing cloud security awareness:investigating risk exposure in shadow IT[J]. Journal of enterprise information management,2017,30(4):644-665.
[25] 姜茸,杨明,马自飞,等.云计算安全风险度量评估与管理[M].北京:科学出版社,2016.
[26] COPPOLINO L, D'ANTONIO S, MAZZEO G, et al. Cloud security:emerging threats and current solutions[J]. Computers & electrical engineering,2017,59:126-140.
[27] CHOI M, LEE C. Information security management as a bridge in cloud systems from private to public organizations[J]. Sustainability,2015,7(9):12032-12051.
[28] SINGH S, JEONG Y S, PARK J H. A survey on cloud computing security:issues, threats, and solutions[J]. Journal of network & computer applications,2016,75(9):200-222.
[29] 阮树骅,瓮俊昊,毛麾,等.云安全风险评估度量模型[J].山东大学学报:理学版,2018,53(3):71-76.
[30] RONG C, NGUYEN S T, JAATUN M G. Beyond lightning:a survey on security challenges in cloud computing[J]. Computers & electrical engineering,2013,39(1):47-54.
[31] BRENDER N, MARKOV I. Risk perception and risk management in cloud computing:results from a case study of Swiss companies[J]. International journal of information management, 2013,33(5):726-733.
[32] LIN R J. Using fuzzy dematel to evaluate the green supply chain management practice[J]. Journal of cleaner production,2013,40(7):32-39.
[33] OPRICOVIC S, TZENG G H. Defuzzification within a multi-criteria decision model[J]. Uncertain fuzzy,2003,11(5):635-652.
[34] GUEST G, BUNCE A, JOHNSON L. How many interviews are enough?:an experiment with data saturation and variability[J]. Field methods,2006,18(18):59-82.
[35] GHAFFARI K, LAGZIAN M. Exploring users' experiences of using personal cloud storage services:a phenomenological study[J]. Behaviour & information technology,2018,37(3):295-309.
