[Purpose/significance] The application of cloud service in the library can effectively improve the data storage and computing capacity of the library, but it also brings a lot of information resource security problems, and the non-standard cloud computing service agreement aggravates the information security risks faced by the library.[Method/process] This paper focused on the information security clauses in the cloud service agreement, selected 8 cloud services on behalf of the operator's service agreement as a sample, and analyzed the information security risks that exist in the current cloud service agreement terms in depth from data collection, data storage, data transmission, data access and service security.[Result/conclusion] The information security risks that library application cloud services may face include:the lack of cloud service agreement content, the difficulty of obtaining accurate protection of user information security; the vague description of cloud service agreement, the establishment of a sound security guarantee mechanism; the formulation of cloud service agreement are more conducive to cloud providers, so user rights are vulnerable. In this environment, the library should further clarify the ownership of library user data and emphasize the security of library information resources.
Huang Guobin
,
Zheng Xia
,
Wang Ting
. Information Security Risks Caused by Cloud Service Agreement and Suggestions for Library and Information Community[J]. Library and Information Service, 2020
, 64(12)
: 38
-48
.
DOI: 10.13266/j.issn.0252-3116.2020.12.005
[1] 中国通信院. 中国信通院发布2018年云计算发展白皮书——行业云时代全面开启[EB/OL].[2019-08-26].http://www.caict.ac.cn/kxyj/qwfb/bps/201808/t20180813_181718.htm.
[2] 代田凤.基于计算机云服务的数据信息安全体系构建[J].数字技术与应用,2017(11):188-190.
[3] 毕健欢.基于计算机云服务的政府政务数据信息安全体系创设研究[J].数字技术与应用,2016(2):203.
[4] 陈洁.基于计算机云服务的政府政务数据信息安全体系构建研究[J].山东工业技术,2016(3):116-117.
[5] 刘琴.基于计算机云服务的政务数据信息安全体系建设研究[J].中国管理信息化,2018,21(12):138-139.
[6] 冀枫.数字图书馆云服务平台的架构与信息安全探讨[J].内蒙古科技与经济,2018(20):49-51.
[7] 刘平,刘春.基于云服务的图书馆建设与信息安全策略研究[J].兰台世界,2015(8):126-127.
[8] 黄国彬,郑琳.基于服务协议的云服务提供商信息安全责任剖析[J].图书馆,2015(7):61-65.
[9] PARK S T, PARK E M, SEO J H, et al. Factors affecting the continuous use of cloud service:focused on security risks[J]. Cluster computing, 2016, 19(1):485-495.
[10] MADRIA S K. Security and risk assessment in the cloud[J].Computer,2016, 49(9):110-113.
[11] KANG A N, BAROLLI L, PARK J H, et al. A strengthening plan for enterprise information security based on cloud computing[J]. Cluster computing, 2014,17(3):703-710.
[12] HALABI T, BELLAICHE M. Towards quantification and evaluation of security of cloud service providers[J] Journal of information security and applications, 2017, 33:55-65.
[13] VASANTHA R N. Cloud computing for college library automation[EB/OL].[2019-12-14]. https://www.slideshare.net/Vasanthrz/cloud-computing-for-college-library-automation.
[14] JUTA S. Digitizing and cataloging the Boekentoren[EB/OL].[2019-12-15].https://blog.ml6.eu/digitizing-and-cataloging-the-boekentoren-book-tower-ffc0070793ac.
[15] ZAINAB A, CHONG C, CHAW L. Moving a repository of scholarly content to a cloud[J] Library Hi Tech, 2013, 31(2):201-215.
[16] AMAZON. New York Public Library's cloud journey[EB/OL].[2019-12-16]. https://amazonAmazon-china.com/cn/blogs/enterprise-strategy/new-york-public-librarys-cloud-journey/.
[17] OSU.EDU. Ohio State AMAZON now includes enterprise support[EB/OL].[2019-12-16].https://it.osu.edu/news/2019/03/04/ohio-state-Amazon-now-includes-enterprise-support.
[18] Today in APIs:AMAZON Announces EC2 Spotathon[EB/OL].[2019-12-16].https://www.programmableweb.com/news/today-apis-Amazon-announces-ec2-spotathon-nasdaq-music-to-your-ears-and-11-new-apis/2012/11/09.
[19] Microsoft Azure[EB/OL].[2019-12-17].http://www.mi-crosoft.com/windowsazure/.
[20] DuraSpace. DuraCloud[EB/OL].[2019-12-17].https://duraspace.org/duracloud/.
[21] Library technology guides[EB/OL].[2019-12-18].http://librarytechnology.org/.
[22] Google cloud platform agreement[EB/OL].[2019-12-18].https://cloud.google.com/terms/#google-cloud-platform-agreement.
[23] AMAZON customer agreement[EB/OL].[2019-12-18].https://www.amazon.com/gp/help/customer/display.html?nodeId=468496.
[24] Microsoft Azure legal information[EB/OL].[2019-12-18].https://azure.microsoft.com/en-au/support/legal/.
[25] License.DuraCloud[EB/OL].[2019-12-18].https://duraspace.org/duracloud/license/.
[26] OCLC. WorldShare platform terms and conditions[EB/OL].[2019-12-18]. https://www.oclc.org/content/dam/developernetwork/PDFs/platform_general_TCs_0%20(1).pdf.
[27] Terms of Use. Ex Libris Knowledge Center[EB/OL].[2019-12-18]. https://knowledge.exlibrisgroup.com/TERMS_OF_USE.
[28] Apollo integrated library system subscription purchase agreement. Biblionix[EB/OL].[2019-12-18]. https://seguin.biblionix.com/agreements/subscription/?agreed=2019-02-15%2015%3A45%3A27.
[29] Terms of Use. Innovative[EB/OL].[2019-12-18].https://www.iii.com/terms-of-use/.
