TY - GEN
T1 - An Analysis of Cloud Certifications’ Performance on Privacy Protections
AU - Wang, Tian
AU - Bashir, Masooda
N1 - Publisher Copyright:
© 2022 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved.
PY - 2022
Y1 - 2022
N2 - Cloud computing is an evolving paradigm that changes the way humans share, store, and access their information in digital form. Although cloud computing offers tremendous benefits, it also brings security and privacy challenges. Certifications have been developed by governments and authorized organizations as a new approach to protecting users’ information in the cloud. While the security controls in the certifications have been well established and widely applied, the privacy protections provided by certifications are still ambiguous and yet to be examined. In this study, we identified and selected four cloud certifications that are commonly used for certifying the security and privacy of cloud computing, and we evaluated their performance on privacy protections specifically to understand how privacy is treated in these certifications according to their existing controls. Our research reveals a lack of privacy controls in the current certifications and inadequate privacy-related content; even when present, such content is not clear or is difficult to distinguish from security controls. Results demonstrate that without having a set of baseline privacy protection criteria or standards, it is very challenging to determine cloud certifications’ performance and adequacy for privacy protections. It also points to the urgent need for the development of a consistent and comprehensive privacy framework that can be utilized for such evaluations.
AB - Cloud computing is an evolving paradigm that changes the way humans share, store, and access their information in digital form. Although cloud computing offers tremendous benefits, it also brings security and privacy challenges. Certifications have been developed by governments and authorized organizations as a new approach to protecting users’ information in the cloud. While the security controls in the certifications have been well established and widely applied, the privacy protections provided by certifications are still ambiguous and yet to be examined. In this study, we identified and selected four cloud certifications that are commonly used for certifying the security and privacy of cloud computing, and we evaluated their performance on privacy protections specifically to understand how privacy is treated in these certifications according to their existing controls. Our research reveals a lack of privacy controls in the current certifications and inadequate privacy-related content; even when present, such content is not clear or is difficult to distinguish from security controls. Results demonstrate that without having a set of baseline privacy protection criteria or standards, it is very challenging to determine cloud certifications’ performance and adequacy for privacy protections. It also points to the urgent need for the development of a consistent and comprehensive privacy framework that can be utilized for such evaluations.
KW - Cloud Certifications
KW - Cloud Computing
KW - Privacy Protections
UR - http://www.scopus.com/inward/record.url?scp=85176335809&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85176335809&partnerID=8YFLogxK
U2 - 10.5220/0010783200003120
DO - 10.5220/0010783200003120
M3 - Conference contribution
AN - SCOPUS:85176335809
SN - 9789897585531
T3 - International Conference on Information Systems Security and Privacy
SP - 299
EP - 306
BT - ICISSP 2022 - Proceedings of the 8th International Conference on Information Systems Security and Privacy
A2 - Mori, Paolo
A2 - Lenzini, Gabriele
A2 - Furnell, Steven
PB - Science and Technology Publications, Lda
T2 - 8th International Conference on Information Systems Security and Privacy, ICISSP 2022
Y2 - 9 February 2022 through 11 February 2022
ER -