Yıl 2017, Cilt 3, Sayı 2, Sayfalar 122 - 130 2017-12-24

AN ASSESSMENT OF RECENT CLOUD SECURITY MEASURE PROPOSALS IN COMPARISON TO THEIR SUPPORT BY WIDELY USED CLOUD SERVICE PROVIDERS
YAYGIN OLARAK KULLANILAN BULUT SERVİS SAĞLAYICILARININ YENİ BULUT GÜVENLİK ÖNLEMİ ÖNERİLERİ AÇISINDAN DEĞERLENDİRİLMESİ

Mohamad Soubra [1] , Ömer Özgür Tanrıöver [2]

74 127

In this paper, we aim to present the recent security approaches and solutions proposed for cloud service providers and those provided by widely used cloud service providers. Through a review, recent cloud security mechanisms are discussed with respect to their mode of operation, their structure and the techniques to offer security services. Then five widely used cloud service providers namely Microsoft 365, Cisco WebEx messenger, Force.com, Yammer, Servicenow are assessed in terms of their security services. The provided information by the assessment may be potentially used by organizations in order to align their security policies with those of cloud service providers.


Bu yazıda, bulut servis sağlayıcıları için önerilen ve yaygın olarak kullanılan bulut servis sağlayıcıları tarafından sağlanan son güvenlik yaklaşımlarını ve çözümlerini sunmayı amaçlıyoruz. Önce, yeni bulut güvenlik mekanizmaları, çalışma tarzları, yapıları ve güvenlik hizmetleri sunma teknikleri özetlenmiştir. Sonra beş yaygın olarak kullanılan bulut servis sağlayıcısı yani Microsoft 365, Cisco WebEx Messenger, Force.com, Yammer, Servicenow güvenlik hizmetleri açısından ve yeni güvenlik mekanizmaları desteği açısından değerlendirilmiştir. Sağlanan bilgiler, kuruluşlar tarafından, güvenlik politikalarını bulut servis sağlayıcılarınkilerle uyumlu hale getirmek için kullanılabilir.

  • A. Apostu, F. Puican, G. Ularu, and G. Suciu, Study on advantages and disadvantages of Cloud Computing – the advantages of Telemetry Applications in the Cloud 2 Cloud Computing, pp. 118–123, (2014).
  • Ahmed, A. Using COBIT to Manage the Benefits, Risks and Security of Outsourcing Cloud Computing. COBIT Focus, 2011(2), 13–16. (2011).
  • Bernal Bernabe, J., Marin Perez, J. M., Alcaraz Calero, J. M., Garcia Clemente, F. J., Martinez Perez, G., & Gomez Skarmeta, A. F. Semantic-aware multi-tenancy authorization system for cloud architectures. Future Generation Computer Systems, 32(1), 154–167, (2014).
  • Challenges for IT Based Cloud Computing Governance Yassine BOUNAGUla, Hatim HAFIDDIab, AbdellatifMEZRIOUla aISL Team, STRS Lab, (2010).
  • Cloud Security Alliance. Top Threats to Cloud Computing. Security, (March), 1–14, (2010).
  • F. Huang, H. Li, Z. Yuan and X. Li. An Application Deployment Approach Based on Hybrid Cloud ieee 3rd international conference on big data security on cloud (bigdatasecurity), ieee international conference on high performance and smart computing (hpsc), and ieee international conference on intelligent data and security (ids), Beijing, 2017, pp. 74-79. (2017).
  • Flood, J. & Keane, A. A Proposed Framework for the Active Detection of Security Vulnerabilities in Multi-tenancy Cloud Systems., in 'EIDWT’, pp. 231-235, (2012).
  • Gill, K. S., & Sharma, A. IDPS based Framework for Security in Green Cloud Computing and Comprehensive Review on Existing Frameworks and Security Issues. (2015).
  • Grundy, J., & Ibrahim, A. S. Collaboration-Based Cloud Computing Security Management Framework Collaboration-Based Cloud Computing Security Management Framework, (2011).
  • H.-Y. Lee and Y.-S. Tao, Chapter 4 - Multitiered cloud security model. Elsevier Inc., (2015).
  • Cloud computing types http://blog.marconet.com/blog/a-breakdown-of-the-3-types-of-cloud-computing Accessed 1st Nov 2017
  • Amazon official site http://www.amazon.com Accessed 1st Nov 2017
  • Google engine official site http://www.code.google.com/appengine Accessed 1st Nov 2017
  • Hadoop Apache official site http://www.hadoop.apache.org Accessed 1st Nov 2017
  • Topics about flexible computing http://www.hp.com/services/flexiblecomputing Accessed 1st Nov 2017
  • Big table official site http://www.labs.google.com/papers/bigtable.html Accessed 1st Nov 2017
  • Azure official site http://www.microsoft.com/azure/data.mspx Accessed 1st Nov 2017
  • Top five services 2016 https://www.skyhighnetworks.com/cloud-security-blog/the-20-totally-most-popular-cloud-services-in-todays-enterprise/ Accessed 1st Nov 2017
  • Topics about services architecture https://www.xml.com/pub/a/2001/01/24/rdf.html Accessed 1st Nov 2017
  • Khrisna, A. Risk Management Framework With COBIT 5 And Risk Management Framework for Cloud Computing Integration, 103–108, (2014).
  • King, N. J., & Raja, V. T. Protecting the privacy and security of sensitive customer data in the cloud. Computer Law and Security Review, 28(3), 308–319, (2012). A., Task, J., & Transformation, F. Guide for Applying the Risk Management Framework to Federal Information Systems, 1, (2016).
  • Rebollo, O., Mellado, D., Fernendez-Medina, E., & Mouratidis, H. Empirical evaluation of a cloud computing information security governance framework. Information and Software Technology, 58, 44–57. (2015).
  • Rohitash Kumar Banyal, Pragya Jain, and Vijendra Kumar Jain. Multi-factor Authentication Framework for Cloud Computing. Washington, DC, USA, 105-110. (2013).
  • Ryan, M. D. Cloud computing security: The scientific challenge, and a survey of solutions. Journal of Systems and Software, 86(9), 2263–2268. (2013).
  • S. Bertram, M. Boniface, M. Surridge, N. Briscombe and M. Hall-May, (2010) On-Demand Dynamic Security for Risk-Based Secure Collaboration in Clouds, pp. 518-525.
  • Sood, S. K. A combined approach to ensure data security in cloud computing. Journal of Network and Computer Applications, 35(6), 1831–1838. (2012).
  • V. Chang and M. Ramachandran, “07299312,” vol. 9, no. 1, pp. 138–151, (2016).
  • Virtualization and Cloud Computing, Security Threats To Evolving Data Centers, Data Center Security, (2011)
  • Zhang, X. Z. X., Wuwong, N., Li, H. L. H., & Zhang, X. Z. X. (2010). Information Security Risk Management Framework for the Cloud Computing Environments. Computer and Information Technology (CIT), 2010 IEEE 10th International Conference on, 1328–1334. (2007).
  • Topics about security architectures http://searchnetworking.techtarget.com/definition/stateful-inspection Accessed 1st Nov 2017
  • Disadvantages of force.com http://stackoverflow.com/questions/1664503/disadvantages-of-the-force-com-platform Accessed 1st Nov 2017
  • Topics about online protection https://technet.microsoft.com/library/exchange-online-protection-service-description.aspx Accessed 1st Nov 2017
  • Microsoft 365 service official; site download.microsoft.com/.../Operational-Security-for-Online-Services-Overview.pdf Accessed 1st Nov 2017
  • Topics about data loss prevention http://whatis.techtarget.com/definition/data-loss-prevention-DLP Accessed 1st Nov 2017
  • Microsoft 365 support site https://support.office.com/en-us/article/IPv6-support-in-Office-365-services-c08786fb-298e-437c-8222-dab7625fc815?ui=en-US&rs=en-US&ad=US&fromAR=1 Accessed 1st Nov 2017
  • Disadvantages of Microsoft 365 service https://threatpost.com/office-365-vulnerability-exposed-any-federated-account/117716/ Accessed 1st Nov 2017
  • Disadvantages about Microsoft 365 service http://www.securityweek.com/serious-flaw-exposed-microsoft-office-365-accounts Accessed 1st Nov 2017
  • Advantages of ServiceNow service http://searchdatacenter.techtarget.com/definition/configuration-management-database Accessed 1st Nov 2017
  • ServiceNow architecture http://searchsecurity.techtarget.com/definition/security-information-and-event-management-SIEM Accessed 1st Nov 2017
  • Disadvantages of ServiceNow http://seekingalpha.com/article/1111961-after-interviewing-more-industry-insiders-i-am-even-more-bearish-on-servicenow Accessed 1st Nov 2017
  • Yammer architecture https://www.trustradius.com/products/servicenow/reviews Accessed 1st Nov 2017
  • Disadvantages of Yammer http://www.securityfocus.com/archive/1/530292 Accessed 1st Nov 2017
  • Disadvantage of Yammer http://searchsecurity.techtarget.com/definition/Secure-Sockets-Layer-SSL Accessed 1st Nov 2017
  • M. Almorsy, J. Grundy and A. S. Ibrahim, "Collaboration-Based Cloud Computing Security Management Framework," Cloud Computing (CLOUD), 2011 IEEE International Conference on, Washington, DC, pp. 364-371. (2011).
  • Cisco WebEx official site https://www.google.com/search?q=vulnerability+of+cisco+webex+messenger Accessed 1st Nov 2017
  • Information about Logical Unit Numbers [LIU] http://searchstorage.techtarget.com/definition/SCSI Accessed 1st Nov 2017
  • Information about Small System Computer Interface (SCSI) http://searchnetworking.techtarget.com/definition/stateful-inspection Accessed 1st Nov 2017
  • Disadvantages of Cisco WebEx messenger service https://www.google.com/search?q=vulnerability+of+cisco+webex+messenger&ie=utf-8&oe=utf-8&client=firefox-b-ab&gfe_rd=cr&ei=TshIV- Accessed 1st Nov 2017
  • Force.com architecture https://developer.salesforce.com/page/Multi_Tenant_Architecture Accessed 1st Nov 2017
Konular Mühendislik ve Temel Bilimler
Dergi Bölümü Bilgisayar Mühendisliği
Yazarlar

Orcid: 0000-0002-5195-9540
Yazar: Mohamad Soubra
E-posta: mhd.m.soubra@gmail.com
Ülke: Lebanon


Orcid: 0000-0003-0833-3494
Yazar: Ömer Özgür Tanrıöver
E-posta: ozgurtanriover@yahoo.com
Ülke: Turkey


Bibtex @araştırma makalesi { muglajsci355273, journal = {Mugla Journal of Science and Technology}, issn = {2149-3596}, address = {Mugla Sitki Kocman University}, year = {2017}, volume = {3}, pages = {122 - 130}, doi = {10.22531/muglajsci.355273}, title = {AN ASSESSMENT OF RECENT CLOUD SECURITY MEASURE PROPOSALS IN COMPARISON TO THEIR SUPPORT BY WIDELY USED CLOUD SERVICE PROVIDERS}, key = {cite}, author = {Tanrıöver, Ömer Özgür and Soubra, Mohamad} }
APA Soubra, M , Tanrıöver, Ö . (2017). AN ASSESSMENT OF RECENT CLOUD SECURITY MEASURE PROPOSALS IN COMPARISON TO THEIR SUPPORT BY WIDELY USED CLOUD SERVICE PROVIDERS. Mugla Journal of Science and Technology, 3 (2), 122-130. DOI: 10.22531/muglajsci.355273
MLA Soubra, M , Tanrıöver, Ö . "AN ASSESSMENT OF RECENT CLOUD SECURITY MEASURE PROPOSALS IN COMPARISON TO THEIR SUPPORT BY WIDELY USED CLOUD SERVICE PROVIDERS". Mugla Journal of Science and Technology 3 (2017): 122-130 <http://dergipark.gov.tr/muglajsci/issue/32374/355273>
Chicago Soubra, M , Tanrıöver, Ö . "AN ASSESSMENT OF RECENT CLOUD SECURITY MEASURE PROPOSALS IN COMPARISON TO THEIR SUPPORT BY WIDELY USED CLOUD SERVICE PROVIDERS". Mugla Journal of Science and Technology 3 (2017): 122-130
RIS TY - JOUR T1 - AN ASSESSMENT OF RECENT CLOUD SECURITY MEASURE PROPOSALS IN COMPARISON TO THEIR SUPPORT BY WIDELY USED CLOUD SERVICE PROVIDERS AU - Mohamad Soubra , Ömer Özgür Tanrıöver Y1 - 2017 PY - 2017 N1 - doi: 10.22531/muglajsci.355273 DO - 10.22531/muglajsci.355273 T2 - Mugla Journal of Science and Technology JF - Journal JO - JOR SP - 122 EP - 130 VL - 3 IS - 2 SN - 2149-3596- M3 - doi: 10.22531/muglajsci.355273 UR - http://dx.doi.org/10.22531/muglajsci.355273 Y2 - 2017 ER -
EndNote %0 Mugla Journal of Science and Technology AN ASSESSMENT OF RECENT CLOUD SECURITY MEASURE PROPOSALS IN COMPARISON TO THEIR SUPPORT BY WIDELY USED CLOUD SERVICE PROVIDERS %A Mohamad Soubra , Ömer Özgür Tanrıöver %T AN ASSESSMENT OF RECENT CLOUD SECURITY MEASURE PROPOSALS IN COMPARISON TO THEIR SUPPORT BY WIDELY USED CLOUD SERVICE PROVIDERS %D 2017 %J Mugla Journal of Science and Technology %P 2149-3596- %V 3 %N 2 %R doi: 10.22531/muglajsci.355273 %U 10.22531/muglajsci.355273