An Analysis of Cloud Certifications’ Performance on Privacy Protections

Tian Wang, Masooda Bashir

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Cloud computing is an evolving paradigm that changes the way humans share, store, and access their information in digital form. Although cloud computing offers tremendous benefits, it also brings security and privacy challenges. Certifications have been developed by governments and authorized organizations as a new approach to protecting users’ information in the cloud. While the security controls in the certifications have been well established and widely applied, the privacy protections provided by certifications are still ambiguous and yet to be examined. In this study, we identified and selected four cloud certifications that are commonly used for certifying the security and privacy of cloud computing, and we evaluated their performance on privacy protections specifically to understand how privacy is treated in these certifications according to their existing controls. Our research reveals a lack of privacy controls in the current certifications and inadequate privacy-related content; even when present, such content is not clear or is difficult to distinguish from security controls. Results demonstrate that without having a set of baseline privacy protection criteria or standards, it is very challenging to determine cloud certifications’ performance and adequacy for privacy protections. It also points to the urgent need for the development of a consistent and comprehensive privacy framework that can be utilized for such evaluations.

Original languageEnglish (US)
Title of host publicationICISSP 2022 - Proceedings of the 8th International Conference on Information Systems Security and Privacy
EditorsPaolo Mori, Gabriele Lenzini, Steven Furnell
PublisherScience and Technology Publications, Lda
Pages299-306
Number of pages8
ISBN (Print)9789897585531
DOIs
StatePublished - 2022
Event8th International Conference on Information Systems Security and Privacy, ICISSP 2022 - Virtual, Online
Duration: Feb 9 2022Feb 11 2022

Publication series

NameInternational Conference on Information Systems Security and Privacy
ISSN (Electronic)2184-4356

Conference

Conference8th International Conference on Information Systems Security and Privacy, ICISSP 2022
CityVirtual, Online
Period2/9/222/11/22

Keywords

  • Cloud Certifications
  • Cloud Computing
  • Privacy Protections

ASJC Scopus subject areas

  • Computer Science (miscellaneous)
  • Information Systems

Fingerprint

Dive into the research topics of 'An Analysis of Cloud Certifications’ Performance on Privacy Protections'. Together they form a unique fingerprint.

Cite this