BULUT HİZMET SAĞLAYICILARININ HÜKÜM VE KOŞULLARINDA SİBER GÜVENLİKLE İLGİLİ HUSUSLAR
Yıl 2019,
Cilt: 8 Sayı: 1, 22 - 44, 20.05.2019
Ahmet Efe
,
İsamettin Omak
Öz
Güvenlik, bulut bilişim dünyasındaki en büyük
sorunlardan biridir. Müşteriler bulut hizmetleriyle ilgili hassas bilgileri
tutarlarken servis sağlayıcılarana tam güvenmek durumunda kalmaktadırlar. Bulut
servis sağlayıcıları, veri koruma yasaları gibi mevzuatlara uymalı ve güvenlik
politikaları hakkında güven tam vermelidir. Şartlar ve koşullar belgesi,
sağlayıcıların güvenlik politikaları hakkında bazı ipuçları verebilmektedir. Bu
nedenle, bu çalışmada, bulut ortamındaki ihlallere karşı kilit önlemler almak
için bazı bulut servis sağlayıcılarının T&C belgelerini güvenlik yönünden
inceledik.
Kaynakça
- [1] P. Mell and T. Grance, "The NIST Definition of Cloud Computing," September 2011. [Online]. Available: https://csrc.nist.gov/publications/detail/sp/800-145/final .
- [2] “What is IDaaS? Understanding Identity as a Service and Its Applications,” Okta Inc., [Online]. Available: https://www.okta.com/identity-101/idaas/ . [Accessed 28 March 2018].
- [3] Cloud Computing Compliance Controls Catalogue (C5), Federal Office for Information Security, Germany, 2016.
- [4] D. Sun, G. Chang, L. Sun and X. Wang, “Surveying and Analyzing Security, Privacy and Trust Issues in Cloud Computing Environments,” Procedia Engineering, no. 15, 2011.
- [5] I. Khalil, A. Khreishah and M. Azeem, “Cloud Computing Security: A Survey,” Computers, no. 3, pp. 1-35, 2014.
- [6] D. Zissis and D. Lekkas, "Addressing cloud computing security issues," Future Generation Computer Systems, no. 28, 2012.
- [7] M. H. Parekh and D. R. Sridaran, “An Analysis of Security Challenges in Cloud Computing,” International Journal of Advanced Computer Science and Applications(IJACSA), vol. 1, no. 4, 2013.
- [8] "Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives," ISACA, 2009.
- [9] D. Verma and R. Kumar Tyagi, "Cloud computing security: A Review," 2018.
- [10] L. Wei, H. Zhu, Z. Cao, X. Dong, W. Jia, Y. Chen and A. V. Vasilakos, "Security and privacy for storage and computation in cloud computing," Information Sciences, no. 258, 2014.
- [11] C. Westphall, C. Merkle Westphall, R. Weingärtner, D. dos Santos, P. Fernando da Siva, P. Vitti and K. Vieira, Challenges in Cloud Computing Security, 2014.
- [12] B. Derksen, Impact of IT outsourcing on Business & IT alignment, Amsterdam: Vrije Universiteit Amsterdam, 2013.
- [13] I. Alessio and B. Rebecca, "The 18C's model for a successful longterm," Industrial Marketing Management, no. 41, 2012.
- [14] F. Schlosser, H.-T. Wagner, D. Beimborn and T. Weitzel, “The Role of Internal Business/IT Alignment and IT Governance for Service Quality in IT Outsourcing Arrangements,” in Proceedings of the 43rd Hawaii International Conference on System Sciences, 2010.
- [15] J. Goo, R. Kishore, H. Raghav Rao and K. Nam, “The Role of Service Level Agreements in Relational Management of Information Technology Outsourcing: An Empirical Study,” MIS Quarterly, no. 33, pp. 119-145, 2009.
- [16] J. McKendrick, “Cloud May Be The New Outsourcing, But The Same Due Diligence Must Apply,” Forbes Media, 18 October 2014. [Online]. Available: https://www.forbes.com/sites/joemckendrick/2014/10/18/cloud-may-be-the-new-outsourcing-but-the-same-due-diligence-must-apply/#360d88dd1079 . [Accessed 30 March 2018].
- [17] “EU GDPR,” [Online]. Available: https://www.eugdpr.org/. [Accessed 2 April 2018].
- [18] “General Data Protection Regulation GDPR - Final text neatly arranged,” Intersoft Consulting, [Online]. Available: https://gdpr-info.eu/ . [Accessed 31 May 2018].
- [19] “FINAL REPORT ON RECOMMENDATIONS ON CLOUD OUTSOURCING,” Europian Banking Authority, 20 December 2017. [Online]. Available: http://www.eba.europa.eu/documents/10180/2170121/Final+draft+Recommendations+on+Cloud+Outsourcing+%28EBA-Rec-2017-03%29.pdf . [Accessed 31 May 2018].
- [20] “EBA Publishes Final Report on Recommendations on Cloud Outsourcing,” Moody's Analytics, 20 December 2017. [Online]. Available: https://www.moodysanalytics.com/regulatory-news/dec-20-eba-publishes-final-report-on-recommendations-on-cloud-outsourcing . [Accessed 31 May 2018].
- [21] “Privacy Shield Framework,” [Online]. Available: https://www.privacyshield.gov . [Accessed 2 April 2018].
- [22] “KİŞİSEL VERİLERİN KORUNMASI KANUNU,” 7 April 2016. [Online]. Available: http://www.mevzuat.gov.tr/MevzuatMetin/1.5.6698.pdf . [Accessed 31 May 2018].
- [23] S. Bradshaw, C. Millard and I. Walden, “Contracts for Clouds: Comparison and Analysis of the Terms and Conditions of Cloud Computing Services,” Queen Mary University of London, 2010.
- [24] “Category:Cloud computing providers,” Wikipedia, 2017. [Online]. Available: https://en.wikipedia.org/wiki/Category:Cloud_computing_providers . [Accessed 5 April 2018].
- [25] Baker, McLean, (2016), "Five key legal considerations when negotiating cloud contracts", Computerworld, https://www.computerworlduk.com/cloud-computing/5-key-legal-considerations-when-negotiating-cloud-contracts-3637604/
- [26] CRISP, (2017) “Cloud Computing Vendor & Service Provider Comparison”, Vendor Universe, https://www.reply.com/Documents/Crisp_Vendor_Universe_Cloud%20Computing_250118_REPLY_englischeVersion_FINAL.pdf
SECURITY CONSIDERATIONS REGARDING TERMS AND CONDITIONS OF CLOUD SERVICE PROVIDERS
Yıl 2019,
Cilt: 8 Sayı: 1, 22 - 44, 20.05.2019
Ahmet Efe
,
İsamettin Omak
Öz
Security is one of the biggest issues in the cloud-computing world. The
customers may keep sensitive information on the cloud services and should trust to the
service providers. Cloud service providers should comply with the legislations like data
protection laws and should give confidence about their security policy. The terms and
conditions document could give some clues about the security policies of the providers.
Therefore, in this study we reviewed the T&C documents of some cloud service providers
from security aspect in order to provide key measures against breaches in the cloud
environment.
Kaynakça
- [1] P. Mell and T. Grance, "The NIST Definition of Cloud Computing," September 2011. [Online]. Available: https://csrc.nist.gov/publications/detail/sp/800-145/final .
- [2] “What is IDaaS? Understanding Identity as a Service and Its Applications,” Okta Inc., [Online]. Available: https://www.okta.com/identity-101/idaas/ . [Accessed 28 March 2018].
- [3] Cloud Computing Compliance Controls Catalogue (C5), Federal Office for Information Security, Germany, 2016.
- [4] D. Sun, G. Chang, L. Sun and X. Wang, “Surveying and Analyzing Security, Privacy and Trust Issues in Cloud Computing Environments,” Procedia Engineering, no. 15, 2011.
- [5] I. Khalil, A. Khreishah and M. Azeem, “Cloud Computing Security: A Survey,” Computers, no. 3, pp. 1-35, 2014.
- [6] D. Zissis and D. Lekkas, "Addressing cloud computing security issues," Future Generation Computer Systems, no. 28, 2012.
- [7] M. H. Parekh and D. R. Sridaran, “An Analysis of Security Challenges in Cloud Computing,” International Journal of Advanced Computer Science and Applications(IJACSA), vol. 1, no. 4, 2013.
- [8] "Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives," ISACA, 2009.
- [9] D. Verma and R. Kumar Tyagi, "Cloud computing security: A Review," 2018.
- [10] L. Wei, H. Zhu, Z. Cao, X. Dong, W. Jia, Y. Chen and A. V. Vasilakos, "Security and privacy for storage and computation in cloud computing," Information Sciences, no. 258, 2014.
- [11] C. Westphall, C. Merkle Westphall, R. Weingärtner, D. dos Santos, P. Fernando da Siva, P. Vitti and K. Vieira, Challenges in Cloud Computing Security, 2014.
- [12] B. Derksen, Impact of IT outsourcing on Business & IT alignment, Amsterdam: Vrije Universiteit Amsterdam, 2013.
- [13] I. Alessio and B. Rebecca, "The 18C's model for a successful longterm," Industrial Marketing Management, no. 41, 2012.
- [14] F. Schlosser, H.-T. Wagner, D. Beimborn and T. Weitzel, “The Role of Internal Business/IT Alignment and IT Governance for Service Quality in IT Outsourcing Arrangements,” in Proceedings of the 43rd Hawaii International Conference on System Sciences, 2010.
- [15] J. Goo, R. Kishore, H. Raghav Rao and K. Nam, “The Role of Service Level Agreements in Relational Management of Information Technology Outsourcing: An Empirical Study,” MIS Quarterly, no. 33, pp. 119-145, 2009.
- [16] J. McKendrick, “Cloud May Be The New Outsourcing, But The Same Due Diligence Must Apply,” Forbes Media, 18 October 2014. [Online]. Available: https://www.forbes.com/sites/joemckendrick/2014/10/18/cloud-may-be-the-new-outsourcing-but-the-same-due-diligence-must-apply/#360d88dd1079 . [Accessed 30 March 2018].
- [17] “EU GDPR,” [Online]. Available: https://www.eugdpr.org/. [Accessed 2 April 2018].
- [18] “General Data Protection Regulation GDPR - Final text neatly arranged,” Intersoft Consulting, [Online]. Available: https://gdpr-info.eu/ . [Accessed 31 May 2018].
- [19] “FINAL REPORT ON RECOMMENDATIONS ON CLOUD OUTSOURCING,” Europian Banking Authority, 20 December 2017. [Online]. Available: http://www.eba.europa.eu/documents/10180/2170121/Final+draft+Recommendations+on+Cloud+Outsourcing+%28EBA-Rec-2017-03%29.pdf . [Accessed 31 May 2018].
- [20] “EBA Publishes Final Report on Recommendations on Cloud Outsourcing,” Moody's Analytics, 20 December 2017. [Online]. Available: https://www.moodysanalytics.com/regulatory-news/dec-20-eba-publishes-final-report-on-recommendations-on-cloud-outsourcing . [Accessed 31 May 2018].
- [21] “Privacy Shield Framework,” [Online]. Available: https://www.privacyshield.gov . [Accessed 2 April 2018].
- [22] “KİŞİSEL VERİLERİN KORUNMASI KANUNU,” 7 April 2016. [Online]. Available: http://www.mevzuat.gov.tr/MevzuatMetin/1.5.6698.pdf . [Accessed 31 May 2018].
- [23] S. Bradshaw, C. Millard and I. Walden, “Contracts for Clouds: Comparison and Analysis of the Terms and Conditions of Cloud Computing Services,” Queen Mary University of London, 2010.
- [24] “Category:Cloud computing providers,” Wikipedia, 2017. [Online]. Available: https://en.wikipedia.org/wiki/Category:Cloud_computing_providers . [Accessed 5 April 2018].
- [25] Baker, McLean, (2016), "Five key legal considerations when negotiating cloud contracts", Computerworld, https://www.computerworlduk.com/cloud-computing/5-key-legal-considerations-when-negotiating-cloud-contracts-3637604/
- [26] CRISP, (2017) “Cloud Computing Vendor & Service Provider Comparison”, Vendor Universe, https://www.reply.com/Documents/Crisp_Vendor_Universe_Cloud%20Computing_250118_REPLY_englischeVersion_FINAL.pdf