A Security Framework to Protect Data in Cloud Storage

Abstract

According to Cisco Global Cloud Index, cloud storage users will store 1.6 Gigabytes data per month by 2019, compared to 992 megabytes data per month in 2014. With this trend, it has been shown that more and more data will reside in cloud storage and it is expected to grow further. As cloud storage is becoming an option for users for keeping their data online, it comes with security concerns for protecting data from threats. This thesis addresses the need to investigate the security factors that will enable efficient security protection for data in cloud storage and the relationships that exist between the different security factors. Consequently, this research has developed a conceptual framework that supports security in cloud storage. The main contribution of this research is the development of a Cloud Storage Security Framework (CSSF) to support an integrative approach to understanding and evaluating security in cloud storage. The framework enables understanding of the makeup of security in cloud storage and measures the understanding of security in cloud storage. Drawing upon established theories and prior research findings, the framework indicates that security in cloud storage can be determined by nine factors: (1) security policies implementation in cloud storage, security measure that relates to (2) protecting the data accessed in cloud storage; (3) modifications of data stored; (4) accessibility of data stored in cloud storage; (5) non-repudiation to the data stored; (6) authenticity of the original data; (7) reliability of the cloud storage services; (8) accountability of service provision; and (9) auditability of the data accessed and stored in cloud storage. An example of CSSF application has been demonstrated through the development of a measuring instrument called Security Rating Score (SecRaS) and through a series of experiments, SecRaS has been validated and used in a research scenario. The instrument consists of several items generated using goal-question-metric approach. These potential items were evaluated by a series of experiments; the security experts assessed using content validity ratio while the security practitioners took part in the validation study. The validation study completed two experiments that look into the correlation analyses and internal reliability. SecRaS instrument was later applied in a research scenario; the validated instrument was distributed and a number of 218 usable responses were received. Using structural equation modelling, the data has revealed a good fit of the measurement analyses and structural model. The key findings were as follow: the relationships between factors were found to have both direct and indirect effects in the result. While establishing the relationship(s) among the factors, the structural model proposes three types of causal relationships in terms of how the security implementation in cloud storage could be affected by the security factors. This thesis presents a detailed discussion of the CSSF development, confirmation, and application in a research scenario. For security managers, CSSF offers a new paradigm on how stakeholders can make cloud storage security implementation successful in some depth. For security practitioners, the CSSF enables deconstruction of the concept of security in cloud storage into smaller, conceptually distinct and manageable factors to guide the design of security in cloud storage. For researchers, the CSSF provides a common framework in which to conceptualise their research and make it easier to see how the security factors fit into the larger picture.