Problems of protection of informational resources when using cloud technologies
DOI:
https://doi.org/10.20535/2411-1031.2019.7.2.190565Keywords:
Cloud technologies, cloud repositories, information security, service models, standards, methods of information security.Abstract
The solution to the problem of secure data centers for storage of information and state electronic information resources is offered through the implementation of cloud technologies. State regulatory acts don`t solve the problem of providing security status during the remote processing of information in data centers using cloud technologies, so the experience of international standards and best practices in this field are analyzed. The purpose of the article is to analyze the problem of information resources protection when using cloud technologies. To achieve this goal, cloud computing technologies are analyzed and comparative analysis of regulatory documents on information security when using cloud technologies is conducted. Unique definitions and characteristics of cloud computing which differentiate them from other types of computing technologies are also described, including such terms as on-demand self-service, resource pooling, instant resilience of resources, measured service. The classification and analysis of organizations and authorities that develop regulatory documents in the sphere of cloud computing is provided and described. These establishments work on making international standards and have the following hierarchy of levels: international (ISO / IEC), interstate (forums and consortia (Cisco, CSA)), regional (European ETSI, CEN / CENELEC), national (laws and national standards, departmental regulations) , guides, instructions, for example: (NIST). The great consortia's role in standardizing and developing both cloud technologies and information protection issues when using them is highlighted. The description of these consortia and their activity vectors are outlined. The documents, created by them, in the field of cloud security are reviewed and compared to ISO 17788, NIST SP 500-299, Security Guidelines for Critical Cloud Computing CSAs and GOST R "Information Protection. Requirements for the protection of information, processed with using the technology of "cloud computing". Basic provisions". Basing on the conducted analysis, the reflection of service models in the regulatory documents is presented and the information on the methods of data protection in the field of cloud computing, which is available in the documents, is summarized.References
President of Ukraine. (2017, Febr. 13). Decree of the President of Ukraine № 32/2017, On the decision of the National Security and Defense Council of December 29, 2016 “On cyber security threats to the state and urgent measures to neutralize them”. [Online]. Available: https://zakon.rada.gov.ua/laws/show/32/2017. Accessed on: Aug. 25, 2019.
DSTSIP SS of Ukraine. (2005, Nov. 8). ND TZІ 3.7-003, The order of carrying out works on creation of the complex system of information protection in the information and telecommunication system. [Online]. Available: http://www.dsszzi.gov.ua/control/uk/ publish/article?art_id=46074&cat_id=38835. Accessed on: Aug. 25, 2019.
International Organization for Standardization. (2014, Okt. 15). ISO/IEC 17789, Information technology. Cloud computing. Reference architecture [Online]. Available: https://www.iso.org/standard/60545.html. Accessed on: Aug. 25, 2019.
I.F. Abulov, and I.D. Gorbenko, “Cloud computing and analysis of information security issues in the cloud”, Applied Radio Electronics, vol. 12, no. 2, pp. 194-201, 2013.
T.G. Bilova, and V.O. Yarutova, “Data encryption problems in cloud computing. Information processing systems”, no. 10, pp. 79-81, 2015.
U. Shnaider, “Cloud computing and analysis of information security issues in the cloud”. Applied Radio Electronics/LAN, no. 4. [Online]. Available: http://www.osp.ru/lan. Accessed on: Aug. 25, 2019.
Cloud platforms De Novo. [Online]. Available: https://www.de-novo.biz/about. Accessed on: Aug. 25, 2019.
International Organization for Standardization. (2013, Okt. 1). ISO/IEC 27001, Information technology. Information security management systems. Requirements. [Online]. Available: https://www.iso.org/standard/54534.html. Accessed on: Aug. 25, 2019.
International Organization for Standardization. (2014, Okt. 10). ISO/IEC 17788, Information technology. Cloud computing. Overview and vocabulary. [Online]. Available https://www.iso.org/standard/60544.html. Accessed on: Aug. 25, 2019.
National Institute of Standards and Technology. (2011, Sept. 28). NIST Special Publication 800-145, NIST Definition of Cloud Computing. [Online]. Available https://csrc.nist.gov/ publications/detail/sp/800-145/final. Accessed on: 25.08.2019. DOI: 10.6028/NIST.SP.800-145.
National Institute of Standards and Technology. (2013, May 24). NIST Special Publication 500-299 (Draft), NIST Cloud Computing Security Reference Architecture. Working Document. [Online]. Available: https://csrc.nist.gov/publications/detail/sp/500-299/draft. Accessed on: Aug. 25, 2019.
National Institute of Standards and Technology. (2011, Aug. 10). NIST Special Publication 500-291, NIST Cloud Computing Standards Roadmap. [Online]. Available: https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=909024. Accessed on: 25.08.2019.
Cloud Data Management Interface. SNIA. [Online]. Available: https://www.snia.org/sites/ default/files/CDMI_Spec_v1.1.1.pdf. Accessed on: Aug. 25, 2019.
International Organization for Standardization. (2015, Dec. 8). ISO/IEC TS 27017, Information technology. Security techniques. Information security management. Guidelines on information security controls for the use of cloud computing services based on ISO / IEC 27002. [Online]. Available: https://www.iso.org/standard/43757.html. Accessed on: Aug. 25, 2019.
International Organization for Standardization. (2019, Jan. 24). ISO/IEC 27018, Information technology. Security techniques. Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. [Online]. Available: https://www.iso.org/standard/76559.html. Accessed on: Aug. 25, 2019.
Federal Agency on Technical Regulating and Metrology. GOST R, Project Information protection. Requirements for the protection of information processed using “Cloud computing” technologies. Basic provisions. [Online]. Available: http://docs.cntd.ru/document/1200102839. Accessed on: Aug. 25, 2019.
Cloud Security Alliance’s Security Guidance for Critical Areas of Focus in Cloud Computing v4.0. [Online]. Available: https://downloads.cloudsecurityalliance.org/assets/research/security- guidance/security-guidance-v4-FINAL.pdf. Accessed on: Aug. 25, 2019.
Downloads
How to Cite
Issue
Section
License
Copyright (c) 2020 Collection "Information technology and security"
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors that are published in this collection, agree to the following terms:
- The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
- The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
- Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).