Differentiated management strategies on cloud computing data security driven by data value

ABSTRACT Data security is a primary concern for the enterprise moving data to cloud. This study attempts to match the data of different values with the different security management strategies from the perspective of the enterprise user. With the help of core ideas on data value evaluation in information lifecycle management, this study extracts usage features and user features from the operating data of the enterprise information system, and applies K-means to cluster the data according to its value. A total of 39,348 records of logon log and 120 records of users from the information system of a ship-fitting manufacturer in China were collected for an empirical study. The functional modules of the manufacturer’s information system are divided into five classes according to their value, which is proven reasonable by the discriminant function obtained via discriminant analysis. The differentiated data security management strategies on cloud computing are formulated for a case study with five types of data to enhance the enterprise’s active cloud computing data security defense.

[1]  Mário M. Freire,et al.  Security issues in cloud environments: a survey , 2014, International Journal of Information Security.

[2]  Daniel Mellado,et al.  A Systematic Review of Information Security Governance Frameworks in the Cloud Computing Environment , 2012, J. Univers. Comput. Sci..

[3]  José Luis Fernández Alemán,et al.  Security in cloud computing: A mapping study , 2015, Comput. Sci. Inf. Syst..

[4]  John C. Henderson,et al.  Preparing for the Future: Understanding the Seven Capabilities of Cloud Computing , 2010, MIS Q. Executive.

[5]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[6]  Prashant Palvia,et al.  Towards An Understanding of Cloud Computing's Impact on Organizational it Strategy , 2013, AMCIS.

[7]  Heshan Sun,et al.  A Longitudinal Study of Herd Behavior in the Adoption and Continued Use of Technology , 2013, MIS Q..

[8]  Peter Buxmann,et al.  Cloud Computing Providers' Unrealistic Optimism regarding IT Security Risks: A Threat to Users? , 2013, ICIS.

[9]  Low Tang Jung,et al.  Data security rules/regulations based classification of file data using TsF-kNN algorithm , 2016, Cluster Computing.

[10]  Thomas Hess,et al.  Opportunities and risks of software-as-a-service: Findings from a survey of IT executives , 2011, Decis. Support Syst..

[11]  David Vengerov,et al.  A reinforcement learning framework for online data migration in hierarchical storage systems , 2007, The Journal of Supercomputing.

[12]  Ralf Steinmetz,et al.  A Method for File Valuation in Information Lifecycle Management , 2007, AMCIS.

[13]  Ian Sommerville,et al.  The Cloud Adoption Toolkit: supporting cloud adoption decisions in the enterprise , 2010, Softw. Pract. Exp..

[14]  Mache Creeger,et al.  CTO Roundtable , 2009, Commun. ACM.

[15]  Lawrence W. Lan,et al.  Exploring decisive factors affecting an organization's SaaS adoption: A case study , 2011, Int. J. Inf. Manag..

[16]  Paul Hyman Augmented-reality glasses bring cloud security into sharp focus , 2013, CACM.

[17]  Olatz Arbelaitz,et al.  An extensive comparative study of cluster validity indices , 2013, Pattern Recognit..

[18]  Seung-Hoon Chae,et al.  Drivers and inhibitors of SaaS adoption in Korea , 2013, International Journal of Information Management.

[19]  Samuel Sambasivam,et al.  Advanced Data Clustering Methods of Mining Web Documents , 2006 .

[20]  Michael K. Ng,et al.  An Entropy Weighting k-Means Algorithm for Subspace Clustering of High-Dimensional Sparse Data , 2007, IEEE Transactions on Knowledge and Data Engineering.

[21]  Anil K. Jain Data clustering: 50 years beyond K-means , 2008, Pattern Recognit. Lett..

[22]  Jiye Liang,et al.  Determining the number of clusters using information entropy for mixed data , 2012, Pattern Recognit..

[23]  Andreas Eckhardt,et al.  Organizational cloud service adoption: a scientometric and content-based literature analysis , 2014, Journal of Business Economics.

[24]  Angela Lin,et al.  Cloud computing as an innovation: Percepetion, attitude, and adoption , 2012, Int. J. Inf. Manag..

[26]  S. Srinivasan Cloud Computing Basics , 2014 .

[27]  Joseph S. Valacich,et al.  An Alternative to Methodological Individualism: A Non-Reductionist Approach to Studying Technology Adoption by Groups , 2010, MIS Q..

[28]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[29]  J. Brocke,et al.  Make or Buy? Factors that Impact the Adoption of Cloud Computing on the Content Level , 2014 .

[30]  Indrit Troshani,et al.  Cloud Nine? An Integrative Risk Management Framework for Cloud Computing , 2011, Bled eConference.

[31]  Murat Kantarcioglu,et al.  Risk Aware Approach to Data Confidentiality in Cloud Computing , 2013, ICISS.

[32]  Israel Spiegler,et al.  Investigating diversity of clustering methods: An empirical comparison , 2007, Data Knowl. Eng..

[33]  Arumugam Seetharaman,et al.  The usage and adoption of cloud computing by small and medium businesses , 2013, Int. J. Inf. Manag..

[34]  Zhifeng Xiao,et al.  Security and Privacy in Cloud Computing , 2013, IEEE Communications Surveys & Tutorials.

[35]  Zahir Tari,et al.  Security and Privacy in Cloud Computing , 2014, IEEE Cloud Computing.

[36]  Youngja Park,et al.  Estimating Asset Sensitivity by Profiling Users , 2013, ESORICS.

[37]  Markus Jakobsson,et al.  Controlling data in the cloud: outsourcing computation without outsourcing control , 2009, CCSW '09.

[38]  Aleksandre Asatiani,et al.  Why Cloud? - A Review of Cloud Adoption Determinants in Organizations , 2015, ECIS.

[39]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[40]  Chinyao Low,et al.  Understanding the determinants of cloud computing adoption , 2011, Ind. Manag. Data Syst..

[41]  Subhas C. Misra,et al.  Identification of a company's suitability for the adoption of cloud computing and modelling its corresponding Return on Investment , 2011, Math. Comput. Model..

[42]  Ayten Öksüz,et al.  Turning Dark into White Clouds - A Framework on Trust Building in Cloud Providers via Websites , 2014, AMCIS.

[43]  Ying Chen,et al.  Information Valuation for Information Lifecycle Management , 2005, Second International Conference on Autonomic Computing (ICAC'05).

[44]  Niall Maher,et al.  A Vendor Perspective on Issues with Security, Governance and Risk for Cloud Computing , 2013, Bled eConference.

[45]  Mary Lacity,et al.  Cloud Services Practices for Small and Medium-Sized Enterprises , 2014, MIS Q. Executive.

[46]  Haralambos Mouratidis,et al.  Empirical evaluation of a cloud computing information security governance framework , 2015, Inf. Softw. Technol..

[47]  Pierangela Samarati Security and Privacy in the Cloud , 2016, CLOSER.

[48]  Nabil Ahmed Sultan,et al.  International Journal of Information Management , 2010 .

[49]  Muthu Ramachandran,et al.  Towards performance evaluation of cloud service providers for cloud data security , 2016, Int. J. Inf. Manag..

[50]  Muttukrishnan Rajarajan,et al.  A survey on security issues and solutions at different layers of Cloud computing , 2013, The Journal of Supercomputing.