DOI: https://doi.org/10.20535/2411-1031.2019.7.2.190565

Problems of protection of informational resources when using cloud technologies

Artem Zhylin, Andrii Divitskyi, Anna Kozachok

Abstract


The solution to the problem of secure data centers for storage of information and state electronic information resources is offered through the implementation of cloud technologies. State regulatory acts don`t solve the problem of providing security status during the remote processing of information in data centers using cloud technologies, so the experience of international standards and best practices in this field are analyzed. The purpose of the article is to analyze the problem of information resources protection when using cloud technologies. To achieve this goal, cloud computing technologies are analyzed and comparative analysis of regulatory documents on information security when using cloud technologies is conducted. Unique definitions and characteristics of cloud computing which differentiate them from other types of computing technologies are also described, including such terms as on-demand self-service, resource pooling, instant resilience of resources, measured service. The classification and analysis of organizations and authorities that develop regulatory documents in the sphere of cloud computing is provided and described. These establishments work on making international standards and have the following hierarchy of levels: international (ISO / IEC), interstate (forums and consortia (Cisco, CSA)), regional (European ETSI, CEN / CENELEC), national (laws and national standards, departmental regulations) , guides, instructions, for example: (NIST). The great consortia's role in standardizing and developing both cloud technologies and information protection issues when using them is highlighted. The description of these consortia and their activity vectors are outlined. The documents, created by them, in the field of cloud security are reviewed and compared to ISO 17788, NIST SP 500-299, Security Guidelines for Critical Cloud Computing CSAs and GOST R "Information Protection. Requirements for the protection of information, processed with using the technology of "cloud computing". Basic provisions". Basing on the conducted analysis, the reflection of service models in the regulatory documents is presented and the information on the methods of data protection in the field of cloud computing, which is available in the documents, is summarized.

Keywords


Cloud technologies; cloud repositories; information security; service models; standards; methods of information security.

References


President of Ukraine. (2017, Febr. 13). Decree of the President of Ukraine № 32/2017, On the decision of the National Security and Defense Council of December 29, 2016 “On cyber security threats to the state and urgent measures to neutralize them”. [Online]. Available: https://zakon.rada.gov.ua/laws/show/32/2017. Accessed on: Aug. 25, 2019.

DSTSIP SS of Ukraine. (2005, Nov. 8). ND TZІ 3.7-003, The order of carrying out works on creation of the complex system of information protection in the information and telecommunication system. [Online]. Available: http://www.dsszzi.gov.ua/control/uk/ publish/article?art_id=46074&cat_id=38835. Accessed on: Aug. 25, 2019.

International Organization for Standardization. (2014, Okt. 15). ISO/IEC 17789, Information technology. Cloud computing. Reference architecture [Online]. Available: https://www.iso.org/standard/60545.html. Accessed on: Aug. 25, 2019.

I.F. Abulov, and I.D. Gorbenko, “Cloud computing and analysis of information security issues in the cloud”, Applied Radio Electronics, vol. 12, no. 2, pp. 194-201, 2013.

T.G. Bilova, and V.O. Yarutova, “Data encryption problems in cloud computing. Information processing systems”, no. 10, pp. 79-81, 2015.

U. Shnaider, “Cloud computing and analysis of information security issues in the cloud”. Applied Radio Electronics/LAN, no. 4. [Online]. Available: http://www.osp.ru/lan. Accessed on: Aug. 25, 2019.

Cloud platforms De Novo. [Online]. Available: https://www.de-novo.biz/about. Accessed on: Aug. 25, 2019.

International Organization for Standardization. (2013, Okt. 1). ISO/IEC 27001, Information technology. Information security management systems. Requirements. [Online]. Available: https://www.iso.org/standard/54534.html. Accessed on: Aug. 25, 2019.

International Organization for Standardization. (2014, Okt. 10). ISO/IEC 17788, Information technology. Cloud computing. Overview and vocabulary. [Online]. Available https://www.iso.org/standard/60544.html. Accessed on: Aug. 25, 2019.

National Institute of Standards and Technology. (2011, Sept. 28). NIST Special Publication 800-145, NIST Definition of Cloud Computing. [Online]. Available https://csrc.nist.gov/ publications/detail/sp/800-145/final. Accessed on: 25.08.2019. DOI: 10.6028/NIST.SP.800-145.

National Institute of Standards and Technology. (2013, May 24). NIST Special Publication 500-299 (Draft), NIST Cloud Computing Security Reference Architecture. Working Document. [Online]. Available: https://csrc.nist.gov/publications/detail/sp/500-299/draft. Accessed on: Aug. 25, 2019.

National Institute of Standards and Technology. (2011, Aug. 10). NIST Special Publication 500-291, NIST Cloud Computing Standards Roadmap. [Online]. Available: https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=909024. Accessed on: 25.08.2019.

Cloud Data Management Interface. SNIA. [Online]. Available: https://www.snia.org/sites/ default/files/CDMI_Spec_v1.1.1.pdf. Accessed on: Aug. 25, 2019.

International Organization for Standardization. (2015, Dec. 8). ISO/IEC TS 27017, Information technology. Security techniques. Information security management. Guidelines on information security controls for the use of cloud computing services based on ISO / IEC 27002. [Online]. Available: https://www.iso.org/standard/43757.html. Accessed on: Aug. 25, 2019.

International Organization for Standardization. (2019, Jan. 24). ISO/IEC 27018, Information technology. Security techniques. Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. [Online]. Available: https://www.iso.org/standard/76559.html. Accessed on: Aug. 25, 2019.

Federal Agency on Technical Regulating and Metrology. GOST R, Project Information protection. Requirements for the protection of information processed using “Cloud computing” technologies. Basic provisions. [Online]. Available: http://docs.cntd.ru/document/1200102839. Accessed on: Aug. 25, 2019.

Cloud Security Alliance’s Security Guidance for Critical Areas of Focus in Cloud Computing v4.0. [Online]. Available: https://downloads.cloudsecurityalliance.org/assets/research/security- guidance/security-guidance-v4-FINAL.pdf. Accessed on: Aug. 25, 2019.




Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

ISSN 2411-1031 (Print), ISSN 2518-1033 (Online)