SECURITY CONSIDERATIONS REGARDING TERMS AND CONDITIONS OF CLOUD SERVICE PROVIDERS

Ahmet Efe; İsamettin Omak

Research Article

BULUT HİZMET SAĞLAYICILARININ HÜKÜM VE KOŞULLARINDA SİBER GÜVENLİKLE İLGİLİ HUSUSLAR

Year 2019, Volume: 8 Issue: 1, 22 - 44, 20.05.2019

Ahmet Efe İsamettin Omak

Abstract

Güvenlik, bulut bilişim dünyasındaki en büyük
sorunlardan biridir. Müşteriler bulut hizmetleriyle ilgili hassas bilgileri
tutarlarken servis sağlayıcılarana tam güvenmek durumunda kalmaktadırlar. Bulut
servis sağlayıcıları, veri koruma yasaları gibi mevzuatlara uymalı ve güvenlik
politikaları hakkında güven tam vermelidir. Şartlar ve koşullar belgesi,
sağlayıcıların güvenlik politikaları hakkında bazı ipuçları verebilmektedir. Bu
nedenle, bu çalışmada, bulut ortamındaki ihlallere karşı kilit önlemler almak
için bazı bulut servis sağlayıcılarının T&C belgelerini güvenlik yönünden
inceledik.

Keywords

Bulut bilgi işlem güvenliği, BT dış kaynak kullanımı, GDPR, şartlar ve koşullar, gizlilik politikası

References

[1] P. Mell and T. Grance, "The NIST Definition of Cloud Computing," September 2011. [Online]. Available: https://csrc.nist.gov/publications/detail/sp/800-145/final .
[2] “What is IDaaS? Understanding Identity as a Service and Its Applications,” Okta Inc., [Online]. Available: https://www.okta.com/identity-101/idaas/ . [Accessed 28 March 2018].
[3] Cloud Computing Compliance Controls Catalogue (C5), Federal Office for Information Security, Germany, 2016.
[4] D. Sun, G. Chang, L. Sun and X. Wang, “Surveying and Analyzing Security, Privacy and Trust Issues in Cloud Computing Environments,” Procedia Engineering, no. 15, 2011.
[5] I. Khalil, A. Khreishah and M. Azeem, “Cloud Computing Security: A Survey,” Computers, no. 3, pp. 1-35, 2014.
[6] D. Zissis and D. Lekkas, "Addressing cloud computing security issues," Future Generation Computer Systems, no. 28, 2012.
[7] M. H. Parekh and D. R. Sridaran, “An Analysis of Security Challenges in Cloud Computing,” International Journal of Advanced Computer Science and Applications(IJACSA), vol. 1, no. 4, 2013.
[8] "Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives," ISACA, 2009.
[9] D. Verma and R. Kumar Tyagi, "Cloud computing security: A Review," 2018.
[10] L. Wei, H. Zhu, Z. Cao, X. Dong, W. Jia, Y. Chen and A. V. Vasilakos, "Security and privacy for storage and computation in cloud computing," Information Sciences, no. 258, 2014.
[11] C. Westphall, C. Merkle Westphall, R. Weingärtner, D. dos Santos, P. Fernando da Siva, P. Vitti and K. Vieira, Challenges in Cloud Computing Security, 2014.
[12] B. Derksen, Impact of IT outsourcing on Business & IT alignment, Amsterdam: Vrije Universiteit Amsterdam, 2013.
[13] I. Alessio and B. Rebecca, "The 18C's model for a successful longterm," Industrial Marketing Management, no. 41, 2012.
[14] F. Schlosser, H.-T. Wagner, D. Beimborn and T. Weitzel, “The Role of Internal Business/IT Alignment and IT Governance for Service Quality in IT Outsourcing Arrangements,” in Proceedings of the 43rd Hawaii International Conference on System Sciences, 2010.
[15] J. Goo, R. Kishore, H. Raghav Rao and K. Nam, “The Role of Service Level Agreements in Relational Management of Information Technology Outsourcing: An Empirical Study,” MIS Quarterly, no. 33, pp. 119-145, 2009.
[16] J. McKendrick, “Cloud May Be The New Outsourcing, But The Same Due Diligence Must Apply,” Forbes Media, 18 October 2014. [Online]. Available: https://www.forbes.com/sites/joemckendrick/2014/10/18/cloud-may-be-the-new-outsourcing-but-the-same-due-diligence-must-apply/#360d88dd1079 . [Accessed 30 March 2018].
[17] “EU GDPR,” [Online]. Available: https://www.eugdpr.org/. [Accessed 2 April 2018].
[18] “General Data Protection Regulation GDPR - Final text neatly arranged,” Intersoft Consulting, [Online]. Available: https://gdpr-info.eu/ . [Accessed 31 May 2018].
[19] “FINAL REPORT ON RECOMMENDATIONS ON CLOUD OUTSOURCING,” Europian Banking Authority, 20 December 2017. [Online]. Available: http://www.eba.europa.eu/documents/10180/2170121/Final+draft+Recommendations+on+Cloud+Outsourcing+%28EBA-Rec-2017-03%29.pdf . [Accessed 31 May 2018].
[20] “EBA Publishes Final Report on Recommendations on Cloud Outsourcing,” Moody's Analytics, 20 December 2017. [Online]. Available: https://www.moodysanalytics.com/regulatory-news/dec-20-eba-publishes-final-report-on-recommendations-on-cloud-outsourcing . [Accessed 31 May 2018].
[21] “Privacy Shield Framework,” [Online]. Available: https://www.privacyshield.gov . [Accessed 2 April 2018].
[22] “KİŞİSEL VERİLERİN KORUNMASI KANUNU,” 7 April 2016. [Online]. Available: http://www.mevzuat.gov.tr/MevzuatMetin/1.5.6698.pdf . [Accessed 31 May 2018].
[23] S. Bradshaw, C. Millard and I. Walden, “Contracts for Clouds: Comparison and Analysis of the Terms and Conditions of Cloud Computing Services,” Queen Mary University of London, 2010.
[24] “Category:Cloud computing providers,” Wikipedia, 2017. [Online]. Available: https://en.wikipedia.org/wiki/Category:Cloud_computing_providers . [Accessed 5 April 2018].
[25] Baker, McLean, (2016), "Five key legal considerations when negotiating cloud contracts", Computerworld, https://www.computerworlduk.com/cloud-computing/5-key-legal-considerations-when-negotiating-cloud-contracts-3637604/
[26] CRISP, (2017) “Cloud Computing Vendor & Service Provider Comparison”, Vendor Universe, https://www.reply.com/Documents/Crisp_Vendor_Universe_Cloud%20Computing_250118_REPLY_englischeVersion_FINAL.pdf