Privacy Violation in the Cloud Computing Environment: Challenges and Coping Mechanisms

Cloud computing is a fertile environment for both organizations and individual users. However, this makes it also a fertile environment for violating the privacy of individuals, hence the importance of drawing attention to the challenges and mechanisms of facing the risks of violating privacy in the cloud-computing environment. This study aimed at shedding light on privacy data in cloud computing and the user's relationship with it, how that data can be managed, what are the most prominent threats it faces, and identifying the parties that threaten to expose the privacy of such data. This research provides a clear overview of the most important mechanisms to face data privacy violation or theft in cloud computing. Among the results, the most important ones are that the cloud-computing environment is not a completely secure environment for data privacy, due to the nature of the technology's vulnerability in general to tampering and penetration. Moreover, there are some types of cloud computing based on purely security principles that can be applied in any cloud system such as Security as a Service (SECaaS) and Monitoring as a Service (MaaS). These findings draw attention to future research on the importance of considering cloud computing technology adoption by large organizations that hold millions of sensitive data. We hope that the results of the study would contribute not only to draw more attention to the importance of cloud computing but also to adopt more applications that contribute to raising the level of protection for organizations. Indeed, it is worth paying more attention to the development of the cognitive aspect of individuals to adopt awareness ideas that contribute to protecting their privacy on the Internet in general and in the cloud-computing environment in particula

Privacy enhancing technologies (PETs) for connected vehicles in smart cities

This is an accepted manuscript of an article published by Wiley in Transactions on Emerging Telecommunications Technologies, available online: https://doi.org/10.1002/ett.4173 The accepted version of the publication may differ from the final published version.Many Experts believe that the Internet of Things (IoT) is a new revolution in technology that has brought many benefits for our organizations, businesses, and industries. However, information security and privacy protection are important challenges particularly for smart vehicles in smart cities that have attracted the attention of experts in this domain. Privacy Enhancing Technologies (PETs) endeavor to mitigate the risk of privacy invasions, but the literature lacks a thorough review of the approaches and techniques that support individuals' privacy in the connection between smart vehicles and smart cities. This gap has stimulated us to conduct this research with the main goal of reviewing recent privacy-enhancing technologies, approaches, taxonomy, challenges, and solutions on the application of PETs for smart vehicles in smart cities. The significant aspect of this study originates from the inclusion of data-oriented and process-oriented privacy protection. This research also identifies limitations of existing PETs, complementary technologies, and potential research directions.Published onlin

Safeguarding Employee Privacy in U.S.-Based Small and Midsized Businesses

AbstractEmployee privacy is a contentious concern between employees and employers in the United States. Terminating oversurveilled employees may result in sustained claim costs for a company. Grounded in complexity theory and complexity leadership theory, the purpose of this qualitative multiple case study was to explore strategies small business leaders/agents use to safeguard employee privacy. The participants included three privacy practitioners: one consultant, and two small business leaders/agents of small businesses in the Mid-Atlantic U.S. region who had successfully safeguarded employee privacy. A thematic analysis using primary and secondary sources identified three principal themes: (a) environmental privacy, (b) autonomy privacy, and (c) personal information privacy. A key recommendation is for business leaders to design a human-centric employee privacy program with defensive and offensive strategies that balance autonomy with accountability. This study has implications for positive social change in that it may inform efficacious strategy to promote employee privacy that catalyze employee innovation and improve business performance, enabling organizations to sustain their contributions to benefit the citizens of their local community

Military Breaking Boundaries Implementing Third-Party Cloud Computing Practices for Data Storage

Senior Information Technology (IT) military leadership cannot currently implement, maintain, and administer cloud data storage without the direct support of third-party vendors. This study explicitly impacts cloud practitioners, engineers, and architects requiring a most sophisticated and streamlined ability to safehouse invaluable data using third-party data storage. Grounded in the theory of planned behavior, the purpose of this qualitative single case study was to investigate strategies military leadership uses to implement third-party cloud computing for data storage. The participants (n = 22) consisted of cloud administrators, engineers, and architects within a sizeable midwestern city with a minimum of 3 years of cloud computing knowledge and 5 years of total IT experience. Data collection included semistructured interviews using Skype, face-to-face, and telephone interviews, and internal and external organizational documents (n = 17). Four themes were identified through thematic analysis: work relationships amongst AWS vendors and military technicians, the strength of newly created security practices, all training/learning curves are considered, and continuous safety and improvement. It is recommended that both AWS and military technicians continue to work together, promoting safety and security. The implications for positive social change include the potential for job creation and enhancing the community economically

Strategies for Reducing the Risk of Data Breach Within the Internet Cloud

Businesses are increasingly incorporating cloud computing into their current business models. With this increase, security breach exposure has also increased, causing business leaders to be concerned with financial hardship, operational disruption, customer turnover, and customer confidence loss due to personal data exposure. Grounded in the integrated system theory of information security management, the purpose of this qualitative multiple case study was to explore successful strategies some information security leaders in the aerospace and defense contractor industry use to protect cloud-based data from security breaches. The participants were 7 information security leaders from 7 different aerospace and defense contractor companies located in the United States mid-Atlantic region. Data from semistructured interviews were analyzed and compared with 8 publicly available data sources for data triangulation. Emergent themes narrowing this knowledge gap was extracted through an analysis technique such as coding and then triangulated. The recurring themes were (a) strong authentication methods, (b) encryption, and (c) personnel training and awareness. A key recommendation includes information security leaders implementing preventative security measures while improving an organization\u27s ability to protect data lost within the Internet cloud. The implications for positive social change include the potential to increase consumers confidence while protecting confidential consumer data and organizational resources, protecting customers from the costs, lost time, and recovery efforts associated with identity theft

Security Strategies of Electronic Health Record Systems

Users of electronic health record (EHR) systems lack data security mechanisms and are at risk of patient data breaches. Grounded in routine activities theory, the purpose of this qualitative case study was to explore strategies information technology security managers in the health care industry use to minimize electronic health record data breaches. The participants were nine information security managers of large, medium, and small health care organizations in the Midwest United States. Data collection included semistructured interviews and organizational documents. Through methodological triangulation, three themes emerged: (a) requirements based on government and organizational regulations, (b) implementation of best practice industry-standard security measures, and (c) emerging interoperability with a security and privacy program. A key recommendation is for information security managers to understand the motivations and triggers of positive behavior change that minimizes organizations\u27 external and internal data breaches. The implications for positive social change include the potential to enhance the security presence and reputation of the health care organizations

European Privacy by Design [védés előtt]

Three competing forces are shaping the concept of European Privacy by Design (PbD): laws and regulations, business goals and architecture designs. These forces carry their own influence in terms of ethics, economics, and technology. In this research we undertook the journey to understand the concept of European PbD. We examined its nature, application, and enforcement. We concluded that the European PbD is under-researched in two aspects: at organizational level (compared to the individual level); and mainly in the way it is enforced by authorities. We had high hopes especially with regards to the latter, and eager to bring significant scientific contribution on this field. We were interested to learn if data protection authorities are having such impacts looking at European PbD, that can pioneer new approaches to privacy preservation. This is why we elaborated on possible ways to measure their activity, in a manner that both legal and non-legal experts can understand our work. We promised a response to the research question can the enforcement of European PbD be measured and if yes, what are possible ways to do so? We conducted data analytics on quantitative and qualitative data to answer this question the best way possible. Our response is a moderate yes, the enforcement of PbD can be measured. Although, at this point, we need to settle with only good-enough ways of measure and not dwell into choosing the most optimal or best ways. One reason for this is that enforcement of PbD cases are highly customized and specific to their own circumstances. We have shown this while creating models to predict the amount of administrative fines for infringement of GDPR. Clustering these cases was a daunting task. Second reason for not delivering what could be the best way of measure is lack of data availability in Europe. This problem has its roots in the philosophical stance that the European legislator is taking on the topic of data collection within the EU. Lawmakers in Europe certainly dislike programs that collect gigantic amounts of personal data from EU citizens. Third reason is a causal link between the inconsistent approach between the data protection authorities’ practices. This is due to the different levels of competencies, reporting structures, personnel numbers, and experience in the work of data protection authorities. Looking beyond the above limitations, there are certainly ways to measure the enforcement of European PbD. Our measurements helped us formulate the following statements: a. The European PbD operates in ‘data saver’ mode: we argue that analogous to the data saving mode on mobile phones, where most applications and services get background data only via Wi-Fi connection, in Europe data collection and data processing is kept to minimal. Therefore, we argue that European PbD is in essence about data minimization. Our conviction that this concept is more oriented towards data security have been partially refuted. b. The European PbD is platform independent: we elaborated in the thesis on various infrastructures and convergent technologies that found compatibility with the PbD principles. We consider that the indeed the concept is evolutionary and technology –neutral. c. The European PbD is a tool obligation: we argue that the authorities are looking at PbD as a tool utilization obligation. In a simple language, companies should first perform a privacy impact assessment in order to find out which tools are supporting their data processing activities and then implement these, as mandated PbD. d. The European PbD is highly territorial: we reached the conclusion that enforcement of PbD is highly dependent on geographical indicators (i.e. countries and counties). The different level of privacy protection cultures are still present in Europe. On a particular level, what is commonly true across all countries is that European PbD mandates strong EU data sovereignty