Skip to main content
SpringerLink
Log in

Can a Cloud Be Really Secure? A Socratic Dialogue

  • Chapter
  • First Online:
Computers, Privacy and Data Protection: an Element of Choice

Abstract

Issues related to Cloud Computing security are emerging to be important and of concern to various stakeholders. However there is little consensus as to what the nature and scope of such challenges might be. Clearly there are multiple points of view with respect to management of Could Computing security. In this paper we adopt an innovative way – the Socratic Dialogue – as a means to present several perspectives and the discordances therein. One of the authors, a technology enthusiast, makes a case for technical security and the benefits of Cloud Computing. The other authors points to the systemic problems in Cloud Computing and warns of the looming dangers. As the dialogue progresses, both authors seems to agree that the answer resides in adopting a socio-technical perspective. In a final synthesis a set of conditions necessary for Cloud Computing security are presented.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    McCarthy, J. “Recursive Functions of Symbolic Expressions and their Computation by Machine, Part I,” Communications of the ACM 3, 4 (1960): 184.

  2. 2.

    Foster, I., at al., “Cloud Computing and Grid Computing 360-Degree Compared,” in Grid Computing Environments Workshop 2008, GCE ’08 (2008);Luis, V.M., at al., “A Break in the Clouds: Towards a Cloud Definition,” SIGCOMM Computer Communication Review 39, 1 (2009): 50.

  3. 3.

    Balachandra, R.K., R.V. Paturi, and A. Rakshit, “Cloud Security Issues,” in IEEE International Conference on Services Computing (IEEE, 2009).

  4. 4.

    Beaty, K., et al., “Desktop to Cloud Transormation Planning,” in 2009 IEEE International Symposium on Parallel & Distributed Processing (IEEE, 2009) ; Descher, M., et al., “Retaining Data Control to the Client in Infrastructure Clouds,” in 2009 International Conference on Availability, Reliability and Security (2009).

  5. 5.

    Kaufman, L.M. “Data Security in the World of Cloud Computing.” IEEE Security & Privacy Magazine 7, 4 (2009): 61.

  6. 6.

    Oliva, T.A., and C.M. Capdevielle. “Can Systems Really Be Taught: (A Socratic Dialogue).” Academy of Management Review 5, 2 (1980): 277; Mitroff, I.I. “The Tally: A Dialogue on Feyerabend and Ford.” Theory and Society 3, 4 (1976): 601. Among others.

  7. 7.

    CNN, “Info on 3.9 M Citigroup Customers Lost Computer Tapes with Information About Consumer Lending Lost by UPS in transit to Credit Bureau,” CNNMoney.com, 2005, http://money.cnn.com/2005/06/06/news/fortune500/security_citigroup/ (10 September 2010).

  8. 8.

    Best, J. “Lost Data Total Nears 30 million records,” (2008), http://www.silicon.com/publicsector/0,3800010403,39295167,00.htm (10 September 2010).

  9. 9.

    Armbrust, M., et al., Above the Clouds: A Berkeley View of Cloud Computing. Berkley, CA, 2009.

  10. 10.

    In June 2003 the US Federal Trade Commission opened the “Do Not Call Registry” to comply with the Do-Not-Call Implementation Act of 2003. The Act allows for companies to make calls up to 18 months where there is an existing business relationship. This period can easily be extended for any amount of time with a range of merger and acquisition tricks and other loopholes.

  11. 11.

    Conti, G. Googling Security: How Much Does Google Know About You? Addison-Wesley Professional, 2009.

  12. 12.

    Google privacy center, “Privacy Policy”, Last modified: March 11, 2009, http://www.google.com/privacypolicy.html (10 September 2010).

  13. 13.

    Kaufman, L.M. “Data Security in the World of Cloud Computing.” IEEE Security & Privacy Magazine 7, 4 (2009): 61.

  14. 14.

    Descher, M., et al., “Retaining Data Control to the Client in Infrastructure Clouds,” in 2009 International Conference on Availability, Reliability and Security (2009).

  15. 15.

    Tian, X., X. Wang, and A. Zhou, “DSP RE-Encryption: A Flexible Mechanism for Access Control Enforcement Management in DaaS,” in 2009 IEEE International Conference on Cloud Computing (2009).

  16. 16.

    Balachandra, R.K., R.V. Paturi, and A. Rakshit, “Cloud Security Issues,” in IEEE International Conference on Services Computing (IEEE, 2009).

  17. 17.

    Saikat G., K. Tang, and P. Francis. “NOYB: Privacy in Online Social Networks.” in Proceedings of the first workshop on Online social networks, Seattle, WA, USA (2008).

  18. 18.

    Pearson, S. “Taking Account of Privacy when Designing Cloud Computing Services,” in 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing (2009).

  19. 19.

    Balachandra, R.K., R.V. Paturi, and A. Rakshit, “Cloud Security Issues,” in IEEE International Conference on Services Computing (IEEE, 2009).

  20. 20.

    Europe’s Information Society, “eHealth” (2005) http://ec.europa.eu/information_society/activities/eten/library/about/themes/ehealth/index_en.htm (10 September 2010).

  21. 21.

    Nuttall, C. “US urged to probe Google’s ‘cloud’ services,” (2009), http://www.ft.com/cms/s/0/55572a2e-1425-11de-9e32-0000779fd2ac.html?nclick_check=1 (10 September 2010).

  22. 22.

    Armstrong, M.P., G. Rushton, and D.L. Zimmerman. “Geographically Masking Health Data to Preserve Confidentiality.” Statistics in Medicine 18, 5 (1999): 497.

  23. 23.

    Europe’s Information Society, “eHealth” (2005), http://ec.europa.eu/information_society/activities/eten/library/about/themes/ehealth/index_en.htm (10 September 2010)

  24. 24.

    Europe’s Information Society, “Information can save your life” (2007), http://ec.europa.eu/information_society/tl/qualif/health/index_en.htm (10 September 2010)

  25. 25.

    Baker, R.K. “Offshore IT Outsourcing and the 8/sup thsup/Data Protection Principle – Legal and Regulatory Requirements – with Reference to Financial Services.” International Journal of Law and Information Technology 14, 1 (2006): 1.

  26. 26.

    Halperin, R., and J. Backhouse. “A Roadmap for Research on Identity in the Information Society.” Identity in the Information Society 1, 1 (2008): 71.

  27. 27.

    Cavoukian, A. “Privacy in the Clouds, A White Paper on Privacy and Digital Identity: Implications for the Internet,” 2008, http://www.ipc.on.ca/images/Resources/privacyintheclouds.pdf (10 September 2010).

  28. 28.

    PRIME. “Privacy and Identity Management for Europe,” 2008, http://www.prime-project.eu/ (10 September 2010).

  29. 29.

    http://identityproject.lse.ac.uk/identityreport.pdf (26 May 2010).

  30. 30.

    Nurmi, D., et al., “The Eucalyptus Open-Source Cloud-Computing System,” Proceedings of the 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid (Volume 00, 2009).

  31. 31.

    http://groups.google.com/group/google-appengine/browse_thread/thread/e9237fc7b0aa7df5?pli=1 (26 May 2010).

  32. 32.

    BBC News, “Gmail down again for some users,” 2009, http://news.bbc.co.uk/2/hi/7934443.stm (10 September 2010).

  33. 33.

    De Waal, A. “Darfur and the Failure of the Responsibility to Protect,” International Affairs 83, 6 (2007): 1039.

  34. 34.

    Weick, K.E., and K.H. Roberts. “Collective Mind in Organizations: Heedful Interrelating on Flight Decks.” Administrative Science Quarterly 38, (1993): 357.

  35. 35.

    Dhillon, G. “Organizational Competence in Harnessing IT: A Case Study.” Information & Management 45, 5 (2008): 297.

  36. 36.

    http://www.trustguide.org/ (10 September 2010)

  37. 37.

    Ashforth, B.E., and F. Mael, “Socia Identity Theory and the Organization.” Academy of Management Review 14, 1 (1989): 20.

  38. 38.

    Dhillon, G. “Violation of Safeguards by Trusted Personnel and Understanding Related Information Security Concerns.” Computers & Security 20, 2 (2001): 165.

  39. 39.

    Ibid.

  40. 40.

    Shapiro, S.P. “The Social Control of Impersonal Trust.” The American Journal of Sociology 93, 3 (1987): 623.

  41. 41.

    Granovetter, M. “Economic Action and Social Structure: The Problem of Embeddedness.” The American Journal of Sociology 91, 3 (1985): 481.

  42. 42.

    We have had to make this assertion generic to maintain anonymity. It is however based on interview data collected by one of the authors in October 2009 of interpersonal relationships between Cloud Computing provides and their clients

  43. 43.

    Conti, G. Googling Security: How Much Does Google Know About You? Addison-Wesley Professional, 2009.

  44. 44.

    Parker, D. Computer Security Management. Reston, VA: Reston Publishing, 1981.

  45. 45.

    Baskerville, R. “Information Systems Security Design Methods: Implications for Information Systems Development.” ACM Computing Surveys 25, 4 (1993): 375; Wing, J.M. “A specifier’s Introduction to Formal Methods.” Computer 23, 9 (1990): 8.

  46. 46.

    Dhillon, G., and J. “Backhouse. Information System Security Management in the New Millennium.” Communications of the ACM 43, 7 (2000): 125.

  47. 47.

    Hedberg, B., and E. Mumford. “The Design of Computer Systems: Man’s Vision of Man as an Integral Part of the System Design Process. Human Choice and Computers,” in The IFIP Conference on Human Choice and Computers. Amsterdam: North-Holland Publishing Company, 1975; Mumford, E. “The Impact of Systems Change in Organisations. Results and Conclusions from a Multinational Study of Information Systems Development in Banks.” in Systems Design and Human Needs, edited by. N.-B. Andersen, B. Hedberg, D. Mercer, E. Mumford and A. Solé. Alphen aan den Rijn, Holland: Sijthoff & Noordhoff, 1979.

  48. 48.

    Stanton, J.M., at al., “Analysis of End User Security Behaviors.” Computers & Security 24, 2 (2005): 124.

  49. 49.

    Dhillon, G., and J. Backhouse. Information System Security Management in the New Millennium. Communications of the ACM 43, 7 (2000): 125.

References

  • Armstrong, M.P., G. Rushton, and D.L. Zimmerman. “Geographically Masking Health Data to Preserve Confidentiality.” Statistics in Medicine 18, 5 (1999): 497–525.

    Article  Google Scholar 

  • Armbrust, M., A. Fox, R. Griffith, A.D. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia. Above the Clouds: A Berkeley View of Cloud Computing. Berkley, CA, 2009.

    Google Scholar 

  • Ashforth, B.E., and F. Mael. “Socia Identity Theory and the Organization.” Academy of Management Review 14, 1 (1989): 20–39.

    Article  Google Scholar 

  • Baker, R.K. “Offshore IT Outsourcing and the 8/sup thsup/Data Protection Principle – Legal and Regulatory Requirements – with Reference to Financial Services.” International Journal of Law and Information Technology 14, 1 (2006): 1–27.

    Article  Google Scholar 

  • Balachandra, R.K., R.V. Paturi, and A. Rakshit, “Cloud Security Issues.” In IEEE International Conference on Services Computing (IEEE, 2009).

    Google Scholar 

  • Baskerville, R. “Information Systems Security Design Methods: Implications for Information Systems Development.” ACM Computing Surveys 25, 4 (1993): 375–414.

    Article  Google Scholar 

  • BBC News. Gmail Down Again for Some Users, 2009, http://news.bbc.co.uk/2/hi/7934443.stm. (10 September 2010).

  • Beaty, K., A. Kochut, and H. Shaikh. “Desktop to Cloud Transormation Planning.” In 2009 IEEE International Symposium on Parallel & Distributed Processing (IEEE, 2009).

    Google Scholar 

  • Best, J. “Lost Data Total Nears 30 million records,” (2008), http://www.silicon.com/publicsector/0,3800010403,39295167,00.htm (10 September 2010).

  • Cavoukian, A. “Privacy in the Clouds, A White Paper on Privacy and Digital Identity: Implications for the Internet,” 2008, http://www.ipc.on.ca/images/Resources/privacyintheclouds.pdf (10 September 2010).

  • CNN, “Info on 3.9 M Citigroup Customers Lost Computer Tapes with Information About Consumer Lending Lost by UPS in transit to Credit Bureau,” CNNMoney.com, 2005, http://money.cnn.com/2005/06/06/news/fortune500/security_citigroup/ (10 September 2010).

  • Conti, G. Googling Security: How Much Does Google Know About You? Addison-Wesley Professional, 2009.

    Google Scholar 

  • Descher, M., P. Masser, T. Feilhauer, A.M. Tjoa and D. Huemer, “Retaining Data Control to the Client in Infrastructure Clouds.” In 2009 International Conference on Availability, Reliability and Security (2009).

    Google Scholar 

  • De Waal, A. “Darfur and the Failure of the Responsibility to Protect.” International Affairs 83, 6 (2007): 1039–1054.

    Article  Google Scholar 

  • Dhillon, G. “Organizational Competence in Harnessing IT: A Case Study.” Information & Management 45, 5 (2008): 297–303.

    Article  Google Scholar 

  • Dhillon, G. “Violation of Safeguards by Trusted Personnel and Understanding Related Information Security Concerns.” Computers & Security 20, 2 (2001): 165–72.

    Article  Google Scholar 

  • Dhillon, G., and J. Backhouse. “Information System Security Management in the New Millennium.” Communications of the ACM 43, 7 (2000): 125–128.

    Article  Google Scholar 

  • Europe’s Information Society, “eHealth” (2005) http://ec.europa.eu/information_society/activities/eten/library/about/themes/ehealth/index_en.htm (10 September 2010).

  • Foster, I., Z. Yong, I. Raicu, and S. Lu. “Cloud Computing and Grid Computing 360-Degree Compared.” In Grid Computing Environments Workshop 2008, GCE ’08 (2008).

    Google Scholar 

  • Google privacy center, “Privacy Policy”, Last modified: March 11, 2009, http://www.google.com/privacypolicy.html (10 September 2010).

  • Granovetter, M. “Economic Action and Social Structure: The Problem of Embeddedness.” The American Journal of Sociology 91, 3 (1985): 481–510.

    Article  Google Scholar 

  • Halperin, R., and J. Backhouse. “A Roadmap for Research on Identity in the Information Society.” Identity in the Information Society 1, 1 (2008): 71–87.

    Article  Google Scholar 

  • Hedberg, B., and E. Mumford. “The Design of Computer Systems: Man’s Vision of Man as an Integral Part of the System Design Process. Human Choice and Computers.” In The IFIP Conference on Human Choice and Computers. Amsterdam: North-Holland Publishing Company, 1975.

    Google Scholar 

  • Kaufman, L.M. “Data Security in the World of Cloud Computing.” IEEE Security & Privacy Magazine 7, 4 (2009): 61–64.

    Article  Google Scholar 

  • Luis, V.M., R.M. Luis, C. Juan, and L. Maik. “A Break in the Clouds: Towards a Cloud Definition.” SIGCOMM Computer Communication Review 39, 1 (2009): 50–55.

    Google Scholar 

  • McCarthy, J. “Recursive Functions of Symbolic Expressions and their Computation by Machine, Part I.” Communications of the ACM 3, 4 (1960): 184–195.

    Article  Google Scholar 

  • Mitroff, I.I. “The Tally: A Dialogue on Feyerabend and Ford.” Theory and Society 3, 4 (1976): 601–609.

    Article  Google Scholar 

  • Mumford, E. “The Impact of Systems Change in Organisations. Results and Conclusions from a Multinational Study of Information Systems Development in Banks.” In Systems Design and Human Needs, edited by. N.-B. Andersen, B. Hedberg, D. Mercer, E. Mumford and A. Solé. Alphen aan den Rijn, Holland: Sijthoff & Noordhoff, 1979.

    Google Scholar 

  • Nurmi, D., R. Wolski, C. Grzegorczyk, G. Obertelli, S. Soman, L. Youseff and D. Zagorodnov, The Eucalyptus Open-Source Cloud-Computing System, Proceedings of the 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid (Volume 00, 2009).

    Google Scholar 

  • Nuttall, C. “US urged to probe Google’s ’cloud’ services” (2009), http://www.ft.com/cms/s/0/55572a2e-1425-11de-9e32-0000779fd2ac.html?nclick_check=1 (10 September 2010).

  • Oliva, T.A., and C.M. Capdevielle. “Can Systems Really Be Taught: (A Socratic Dialogue).” Academy of Management Review 5, 2 (1980): 277–279.

    Article  Google Scholar 

  • Parker, D. Computer Security Management. Reston, VA: Reston Publishing, 1981.

    Google Scholar 

  • Pearson, S. “Taking Account of Privacy when Designing Cloud Computing Services.” In 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing (2009).

    Google Scholar 

  • PRIME. “Privacy and Identity Management for Europe” 2008, http://www.prime-project.eu/ (10 September 2010).

  • Saikat G., K. Tang, and P. Francis. NOYB: Privacy in Online Social Networks. in Proceedings of the first workshop on Online social networks, Seattle, WA, USA (2008).

    Google Scholar 

  • Shapiro, S.P. “The Social Control of Impersonal Trust.” The American Journal of Sociology 93, 3 (1987): 623–658.

    Article  Google Scholar 

  • Stanton, J.M., K.R. Stam, P. Mastrangelo, and J. Jolton. “Analysis of End User Security Behaviors.” Computers & Security 24, 2 (2005): 124–133.

    Article  Google Scholar 

  • Tian, X., X. Wang, and A. Zhou. “DSP RE-Encryption: A Flexible Mechanism for Access Control Enforcement Management in DaaS.” In 2009 IEEE International Conference on Cloud Computing (2009).

    Google Scholar 

  • Weick, K.E., and K.H. Roberts. “Collective Mind in Organizations: Heedful Interrelating on Flight Decks.” Administrative Science Quarterly 38, (1993): 357–381.

    Article  Google Scholar 

  • Wing, J.M. “A specifier’s Introduction to Formal Methods.” Computer 23, 9 (1990): 8–24.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Virginia Commonwealth University, Richmond, VA, 23284-2512, USA

    Gurpreet Dhillon

  2. Orebro University, Orebro, Sweden

    Ella Kolkowska

Authors
  1. Gurpreet Dhillon
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ella Kolkowska
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gurpreet Dhillon .

Editor information

Editors and Affiliations

  1. Law, Science, Technology & Society, (LSTS), Vrije Universiteit Brussels, Pleinlaan 2, Bruxelles, 1050, Belgium

    Serge Gutwirth

  2. Research Centre for Information, Technology & Law, University of Namur, Rempart de la Vierge 5, Namur, 5000, Belgium

    Yves Poullet

  3. Center for Law, Science, Technology, and Society Studies (LSTS), Vrije Universiteit Brussel, Pleinlaan 2, Brussels, 1050, Belgium

    Paul De Hert

  4. , TILT, Tilburg University, Warandelaan 2, Tilburg, 5037 AB, Netherlands

    Ronald Leenes

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer Science+Business Media B.V.

About this chapter

Cite this chapter

Dhillon, G., Kolkowska, E. (2011). Can a Cloud Be Really Secure? A Socratic Dialogue. In: Gutwirth, S., Poullet, Y., De Hert, P., Leenes, R. (eds) Computers, Privacy and Data Protection: an Element of Choice. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-0641-5_16

Download citation

Publish with us

Policies and ethics

Search

Navigation