Yıl 2019, Cilt 8 , Sayı 1, Sayfalar 22 - 44 2019-05-20

SECURITY CONSIDERATIONS REGARDING TERMS AND CONDITIONS OF CLOUD SERVICE PROVIDERS
BULUT HİZMET SAĞLAYICILARININ HÜKÜM VE KOŞULLARINDA SİBER GÜVENLİKLE İLGİLİ HUSUSLAR

Ahmet EFE [1] , İsamettin OMAK [2]


Security is one of the biggest issues in the cloud-computing world. The customers may keep sensitive information on the cloud services and should trust to the service providers. Cloud service providers should comply with the legislations like data protection laws and should give confidence about their security policy. The terms and conditions document could give some clues about the security policies of the providers. Therefore, in this study we reviewed the T&C documents of some cloud service providers from security aspect in order to provide key measures against breaches in the cloud environment.

Güvenlik, bulut bilişim dünyasındaki en büyük sorunlardan biridir. Müşteriler bulut hizmetleriyle ilgili hassas bilgileri tutarlarken servis sağlayıcılarana tam güvenmek durumunda kalmaktadırlar. Bulut servis sağlayıcıları, veri koruma yasaları gibi mevzuatlara uymalı ve güvenlik politikaları hakkında güven tam vermelidir. Şartlar ve koşullar belgesi, sağlayıcıların güvenlik politikaları hakkında bazı ipuçları verebilmektedir. Bu nedenle, bu çalışmada, bulut ortamındaki ihlallere karşı kilit önlemler almak için bazı bulut servis sağlayıcılarının T&C belgelerini güvenlik yönünden inceledik.

  • [1] P. Mell and T. Grance, "The NIST Definition of Cloud Computing," September 2011. [Online]. Available: https://csrc.nist.gov/publications/detail/sp/800-145/final .
  • [2] “What is IDaaS? Understanding Identity as a Service and Its Applications,” Okta Inc., [Online]. Available: https://www.okta.com/identity-101/idaas/ . [Accessed 28 March 2018].
  • [3] Cloud Computing Compliance Controls Catalogue (C5), Federal Office for Information Security, Germany, 2016.
  • [4] D. Sun, G. Chang, L. Sun and X. Wang, “Surveying and Analyzing Security, Privacy and Trust Issues in Cloud Computing Environments,” Procedia Engineering, no. 15, 2011.
  • [5] I. Khalil, A. Khreishah and M. Azeem, “Cloud Computing Security: A Survey,” Computers, no. 3, pp. 1-35, 2014.
  • [6] D. Zissis and D. Lekkas, "Addressing cloud computing security issues," Future Generation Computer Systems, no. 28, 2012.
  • [7] M. H. Parekh and D. R. Sridaran, “An Analysis of Security Challenges in Cloud Computing,” International Journal of Advanced Computer Science and Applications(IJACSA), vol. 1, no. 4, 2013.
  • [8] "Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives," ISACA, 2009.
  • [9] D. Verma and R. Kumar Tyagi, "Cloud computing security: A Review," 2018.
  • [10] L. Wei, H. Zhu, Z. Cao, X. Dong, W. Jia, Y. Chen and A. V. Vasilakos, "Security and privacy for storage and computation in cloud computing," Information Sciences, no. 258, 2014.
  • [11] C. Westphall, C. Merkle Westphall, R. Weingärtner, D. dos Santos, P. Fernando da Siva, P. Vitti and K. Vieira, Challenges in Cloud Computing Security, 2014.
  • [12] B. Derksen, Impact of IT outsourcing on Business & IT alignment, Amsterdam: Vrije Universiteit Amsterdam, 2013.
  • [13] I. Alessio and B. Rebecca, "The 18C's model for a successful longterm," Industrial Marketing Management, no. 41, 2012.
  • [14] F. Schlosser, H.-T. Wagner, D. Beimborn and T. Weitzel, “The Role of Internal Business/IT Alignment and IT Governance for Service Quality in IT Outsourcing Arrangements,” in Proceedings of the 43rd Hawaii International Conference on System Sciences, 2010.
  • [15] J. Goo, R. Kishore, H. Raghav Rao and K. Nam, “The Role of Service Level Agreements in Relational Management of Information Technology Outsourcing: An Empirical Study,” MIS Quarterly, no. 33, pp. 119-145, 2009.
  • [16] J. McKendrick, “Cloud May Be The New Outsourcing, But The Same Due Diligence Must Apply,” Forbes Media, 18 October 2014. [Online]. Available: https://www.forbes.com/sites/joemckendrick/2014/10/18/cloud-may-be-the-new-outsourcing-but-the-same-due-diligence-must-apply/#360d88dd1079 . [Accessed 30 March 2018].
  • [17] “EU GDPR,” [Online]. Available: https://www.eugdpr.org/. [Accessed 2 April 2018].
  • [18] “General Data Protection Regulation GDPR - Final text neatly arranged,” Intersoft Consulting, [Online]. Available: https://gdpr-info.eu/ . [Accessed 31 May 2018].
  • [19] “FINAL REPORT ON RECOMMENDATIONS ON CLOUD OUTSOURCING,” Europian Banking Authority, 20 December 2017. [Online]. Available: http://www.eba.europa.eu/documents/10180/2170121/Final+draft+Recommendations+on+Cloud+Outsourcing+%28EBA-Rec-2017-03%29.pdf . [Accessed 31 May 2018].
  • [20] “EBA Publishes Final Report on Recommendations on Cloud Outsourcing,” Moody's Analytics, 20 December 2017. [Online]. Available: https://www.moodysanalytics.com/regulatory-news/dec-20-eba-publishes-final-report-on-recommendations-on-cloud-outsourcing . [Accessed 31 May 2018].
  • [21] “Privacy Shield Framework,” [Online]. Available: https://www.privacyshield.gov . [Accessed 2 April 2018].
  • [22] “KİŞİSEL VERİLERİN KORUNMASI KANUNU,” 7 April 2016. [Online]. Available: http://www.mevzuat.gov.tr/MevzuatMetin/1.5.6698.pdf . [Accessed 31 May 2018].
  • [23] S. Bradshaw, C. Millard and I. Walden, “Contracts for Clouds: Comparison and Analysis of the Terms and Conditions of Cloud Computing Services,” Queen Mary University of London, 2010.
  • [24] “Category:Cloud computing providers,” Wikipedia, 2017. [Online]. Available: https://en.wikipedia.org/wiki/Category:Cloud_computing_providers . [Accessed 5 April 2018].
  • [25] Baker, McLean, (2016), "Five key legal considerations when negotiating cloud contracts", Computerworld, https://www.computerworlduk.com/cloud-computing/5-key-legal-considerations-when-negotiating-cloud-contracts-3637604/
  • [26] CRISP, (2017) “Cloud Computing Vendor & Service Provider Comparison”, Vendor Universe, https://www.reply.com/Documents/Crisp_Vendor_Universe_Cloud%20Computing_250118_REPLY_englischeVersion_FINAL.pdf
Birincil Dil en
Konular Mühendislik
Bölüm Makaleler
Yazarlar

Yazar: Ahmet EFE
Ülke: Turkey


Yazar: İsamettin OMAK

Tarihler

Yayımlanma Tarihi : 20 Mayıs 2019

Bibtex @araştırma makalesi { duzceitbd507061, journal = {İleri Teknoloji Bilimleri Dergisi}, issn = {2147-3455}, address = {}, publisher = {Düzce Üniversitesi}, year = {2019}, volume = {8}, pages = {22 - 44}, doi = {}, title = {SECURITY CONSIDERATIONS REGARDING TERMS AND CONDITIONS OF CLOUD SERVICE PROVIDERS}, key = {cite}, author = {EFE, Ahmet and OMAK, İsamettin} }
APA EFE, A , OMAK, İ . (2019). SECURITY CONSIDERATIONS REGARDING TERMS AND CONDITIONS OF CLOUD SERVICE PROVIDERS. İleri Teknoloji Bilimleri Dergisi , 8 (1) , 22-44 . Retrieved from https://dergipark.org.tr/tr/pub/duzceitbd/issue/45344/507061
MLA EFE, A , OMAK, İ . "SECURITY CONSIDERATIONS REGARDING TERMS AND CONDITIONS OF CLOUD SERVICE PROVIDERS". İleri Teknoloji Bilimleri Dergisi 8 (2019 ): 22-44 <https://dergipark.org.tr/tr/pub/duzceitbd/issue/45344/507061>
Chicago EFE, A , OMAK, İ . "SECURITY CONSIDERATIONS REGARDING TERMS AND CONDITIONS OF CLOUD SERVICE PROVIDERS". İleri Teknoloji Bilimleri Dergisi 8 (2019 ): 22-44
RIS TY - JOUR T1 - SECURITY CONSIDERATIONS REGARDING TERMS AND CONDITIONS OF CLOUD SERVICE PROVIDERS AU - Ahmet EFE , İsamettin OMAK Y1 - 2019 PY - 2019 N1 - DO - T2 - İleri Teknoloji Bilimleri Dergisi JF - Journal JO - JOR SP - 22 EP - 44 VL - 8 IS - 1 SN - 2147-3455- M3 - UR - Y2 - 2019 ER -
EndNote %0 İleri Teknoloji Bilimleri Dergisi SECURITY CONSIDERATIONS REGARDING TERMS AND CONDITIONS OF CLOUD SERVICE PROVIDERS %A Ahmet EFE , İsamettin OMAK %T SECURITY CONSIDERATIONS REGARDING TERMS AND CONDITIONS OF CLOUD SERVICE PROVIDERS %D 2019 %J İleri Teknoloji Bilimleri Dergisi %P 2147-3455- %V 8 %N 1 %R %U
ISNAD EFE, Ahmet , OMAK, İsamettin . "SECURITY CONSIDERATIONS REGARDING TERMS AND CONDITIONS OF CLOUD SERVICE PROVIDERS". İleri Teknoloji Bilimleri Dergisi 8 / 1 (Mayıs 2019): 22-44 .
AMA EFE A , OMAK İ . SECURITY CONSIDERATIONS REGARDING TERMS AND CONDITIONS OF CLOUD SERVICE PROVIDERS. İleri Teknoloji Bilimleri Dergisi. 2019; 8(1): 22-44.
Vancouver EFE A , OMAK İ . SECURITY CONSIDERATIONS REGARDING TERMS AND CONDITIONS OF CLOUD SERVICE PROVIDERS. İleri Teknoloji Bilimleri Dergisi. 2019; 8(1): 44-22.