Concepts of Cloud Computing and Protection of Data in Cloud Computing

The internet has changed the world in a strong way.it has traveled from the concept of parallel computing to distributed computing to grid computing and recently to cloud computing. Cloud computing is a recent trend in Information Technology that moves computing and data away from desktop and portable personal computers into large data center. The main advantage of cloud computing is the user cannot pay for infrastructure, its installation, required man power to handle such infrastructure and maintenance. Cloud computing technology is collecting success stories of savings, ease of use, ease of access and increased flexibility in controlling how resources are used at any given time to deliver computing capability. Cloud providers who can demonstrate that they protect personal information may be more truthful and therefore more attractive to potential Cloud users. The cloud service can be implemented in three different service models, such as Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS). Data security and privacy protection issues are relevant to both hardware and software in the cloud architecture. This study is to review the concepts of cloud computing and different security techniques and protecting data in the cloud. Keywords: Cloud computing, Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), Infrastructure-as-a-Service (IaaS). DOI: 10.7176/CEIS/10-4-01 Publication date:May 31st 201

The regulation of privacy on cloud computing services in terms of the Protection of Personal Information Act 4 of 2013

There is a relatively new development in Information Technology (IT) space known as cloud computing, software and service delivered remotely through the Internet without installing software on a computer. Cloud computing has quickly gathered steam as one of the most prominent topics in IT, and indeed within the business sector as a whole. Cloud computing is one such development associated with opportunities and benefits, especially in the commercial sector. Due to the development of IT and many businesses adopting e-commerce business-related strategies, cloud computing has revolutionised how personal information is processed. The advent of cloud computing as a mechanism to process personal information has brought many legal challenges for protecting the right to privacy enshrined under section 14 of the South African Constitution, which is a vulnerable part of one’s personality right. The right to privacy has long been protected even before adopting the Constitution under the common law of delict (actio iniuriarumn). As the adoption rate of cloud computing services by businesses continues to increase, the legal considerations and risks become more prevalent. The lawmakers struggle to keep pace with the rapidly changing technological advancements, at least for now. Both the common law and the Constitution could not address all the legal aspects of data protection and the adoption of cloud computing services hence the promulgation of the Protection of Personal Information Act 4 of 2013 (POPI Act). The POPI Act’s main objective is to protect the personal information of both natural and juristic persons. Personal information about an individual forms part of privacy. Unlawful processing of such personal information is a violation of the right to privacy of an individual. It is now widely recognised that the unregulated processing of personal information significantly impacts fundamental human rights like privacy, personality, and autonomy. A close analysis of cloud computing regulation is necessary, as legal protection mechanisms must safeguard the processing of personal information and establish extraterritorial jurisdiction to regulate the use of cloud computing within national legislation as cloud computing provides a transnational characteristic on the cross-border flow of personal information. In this thesis, a question is asked on whether the current data protection laws in South Africa on protecting the right to privacy in the cloud computing services context are adequate. The analysis will determine whether the overlaps between these pieces of data protection laws are competent to deal with the ever-increasing threats on the right to privacy and if they meet the international data protection standards set by the European Union’s General Data Protection Regulation (GDPR). The research seeks to analyse and reveal the shortcomings under the Constitution and the common law that led to adopting the POPI Act by studying the regulation of cloud computing services. This analysis will determine the shortcomings of the POPI Act as well in the context of cloud computing. The research will then follow a comparative analysis of the POPI Act and the GDPR to determine the application of the GDPR on international data breaches and compare its provisions with the POPI Act in the context of cloud computing. Finally, the research will address the question as to whether a multi-faceted approach, which includes a Model Law on cloud computing, would be an appropriate starting point setting out requirements for the use of this technology can be sufficient in protecting data subjects. And as cloud computing risks are not only a national but also a global problem, South Africa needs to look at the option of entering into mutual agreements with other countries and organisations to regulate cloud computing at an international level.Thesis (LLM) -- Faculty of Law, Law, 202

The regulation of privacy on cloud computing services in terms of the Protection of Personal Information Act 4 of 2013

There is a relatively new development in Information Technology (IT) space known as cloud computing, software and service delivered remotely through the Internet without installing software on a computer. Cloud computing has quickly gathered steam as one of the most prominent topics in IT, and indeed within the business sector as a whole. Cloud computing is one such development associated with opportunities and benefits, especially in the commercial sector. Due to the development of IT and many businesses adopting e-commerce business-related strategies, cloud computing has revolutionised how personal information is processed. The advent of cloud computing as a mechanism to process personal information has brought many legal challenges for protecting the right to privacy enshrined under section 14 of the South African Constitution, which is a vulnerable part of one’s personality right. The right to privacy has long been protected even before adopting the Constitution under the common law of delict (actio iniuriarumn). As the adoption rate of cloud computing services by businesses continues to increase, the legal considerations and risks become more prevalent. The lawmakers struggle to keep pace with the rapidly changing technological advancements, at least for now. Both the common law and the Constitution could not address all the legal aspects of data protection and the adoption of cloud computing services hence the promulgation of the Protection of Personal Information Act 4 of 2013 (POPI Act). The POPI Act’s main objective is to protect the personal information of both natural and juristic persons. Personal information about an individual forms part of privacy. Unlawful processing of such personal information is a violation of the right to privacy of an individual. It is now widely recognised that the unregulated processing of personal information significantly impacts fundamental human rights like privacy, personality, and autonomy. A close analysis of cloud computing regulation is necessary, as legal protection mechanisms must safeguard the processing of personal information and establish extraterritorial jurisdiction to regulate the use of cloud computing within national legislation as cloud computing provides a transnational characteristic on the cross-border flow of personal information. In this thesis, a question is asked on whether the current data protection laws in South Africa on protecting the right to privacy in the cloud computing services context are adequate. The analysis will determine whether the overlaps between these pieces of data protection laws are competent to deal with the ever-increasing threats on the right to privacy and if they meet the international data protection standards set by the European Union’s General Data Protection Regulation (GDPR). The research seeks to analyse and reveal the shortcomings under the Constitution and the common law that led to adopting the POPI Act by studying the regulation of cloud computing services. This analysis will determine the shortcomings of the POPI Act as well in the context of cloud computing. The research will then follow a comparative analysis of the POPI Act and the GDPR to determine the application of the GDPR on international data breaches and compare its provisions with the POPI Act in the context of cloud computing. Finally, the research will address the question as to whether a multi-faceted approach, which includes a Model Law on cloud computing, would be an appropriate starting point setting out requirements for the use of this technology can be sufficient in protecting data subjects. And as cloud computing risks are not only a national but also a global problem, South Africa needs to look at the option of entering into mutual agreements with other countries and organisations to regulate cloud computing at an international level.Thesis (LLM) -- Faculty of Law, Law, 202

PERLINDUNGAN HUKUM MENGENAI KEBOCORAN DATA PRIBADI TERHADAP AKUN MICROSOFT OFFICE 365 YANG DIBELI MELALUI SHOPEE

In the new era, commonly referred to as big data, online-based storage is increasingly needed to accommodate data and information obtained and sent. The problem is that many users of Microsoft 365 series accounts are purchased illegally from sellers on the Shopee site and do not realize sellers have access to synchronize user data. The data is connected online and automatically, especially in data storage applications from the Microsoft 365 series, namely OneDrive so it can pose a significant threat to personal information leakage. This article aims to dissect and obtain an ideal concept regarding protecting the personal data of Microsoft Office 365 users purchased through the Shopee site. A legal study is a normative study of applicable legal provisions or statutory regulations. The result shows that the explicit rules in the new Personal Data Protection Law related to Cloud Computing Systems, as well as preventive measures to avoid leakage of personal data using self-literacy on the importance of protecting personal data. For example, customers should use a secure site for online transactions, stop buying products or application accounts online illegally, and use security antivirus software

Cloud Privacy Audit Framework: A Value-Based Design

The rapid expansion of cloud technology provides enormous capacity, which allows for the collection, dissemination and re-identification of personal information. It is the cloud’s resource capabilities such as these that fuel the concern for privacy. The impetus of these concerns are not too far removed from those expressed by Mason in 1986, when he identified privacy as one of the biggest ethical issues facing the information age. There seems to be continuous ebb and flow relationship with respect to privacy concerns and the development of new information communication technologies such as cloud computing. Privacy issues are a concern to all types of stakeholders in the cloud. Individuals using the cloud are exposed to privacy threats when they are persuaded to provide personal information unwantedly. An Organization using a cloud service is at risk of non-compliance to internal privacy policies or legislative privacy regulations. The cloud service provider has a privacy risk of legal liability and credibility concerns if sensitive information is exposed. The data subject is at risk of having personal information exposed. In essence everyone who is involved in cloud computing has some level of privacy risk that needs to be evaluated before, during and after they or an organization they interact with adopts a cloud technology solution. This resonates a need for organizations to develop privacy practices that are socially responsible towards the protection of their stakeholders’ information privacy. This research is about understanding the relationship between individual values and their privacy objectives. There is a lack of clarity in organizations as to what individuals consider privacy to be. Therefore, it is essential to understand an individual’s privacy values. Individuals seem to have divergent perspectives on the nature and scope of how their personal information is to be kept private in different modes of technologies. This study is concerned with identifying individual privacy objectives for cloud computing. We argue that privacy is an elusive concept due to the evolving relationship between technology and privacy. Understanding and identifying individuals’ privacy objectives are an influential step in the process of protecting the privacy in cloud computing environments. The aim of this study is to identify individual privacy values and develop cloud privacy objectives, which can be used to design a privacy audit for cloud computing environments. We used Keeney’s (1992) value focused thinking approach to identify individual privacy values with respect to emerging cloud technologies, and to develop an understanding of how cloud privacy objectives are shaped by the individual’s privacy values. We discuss each objective and how they relate to privacy concerns in cloud computing. We also use the cloud privacy objectives in a design science study to design a cloud privacy audit framework. We then discuss the how this research helps privacy managers develop a cloud privacy strategy, evaluate cloud privacy practices and develop a cloud privacy audit to ensure privacy. Lastly, future research directions are proposed

Privacy in Cooperative Distributed Systems: Modeling and Protection Framework

A new form of computation is emerging rapidly with cloud computing, mobile computing, wearable computing and the Internet-of-Things. All can be characterized as a class of “Cooperative Distributed Systems” (CDS) in open environment. A major driver of the growth is the exponential adoption by people and organizations within all aspects of their day-to-day matters. In this context, users’ requirements for privacy protection are becoming essential and complex beyond the traditional approaches. This requires a formal treatment of “privacy” as a fundamental computation concept in CDS paradigm. The objective is to develop a comprehensive formal model for “privacy” as base to build a CDS based framework and platform in which various applications allow users to enjoy the comprehensive services in open environments while protecting their privacy seamlessly. To this end, this thesis presents a novel way of understudying, modeling and analyzing privacy concerns in CDS. A formal foundations and model of privacy is developed within the context of information management. This served as a base for developing a privacy protection management framework for CDS. It includes a privacy-aware agent model for CDS platform with the ability to support interaction-based privacy protection. The feasibility of the proposed models has been demonstrated by developing an agent-based CDS platform using JIAC framework and a privacy-based Contract Net Protocol. It also included the application scenarios for the framework for privacy protection is Internet-of-Tings, cloud-based resource scheduling and personal assistance

Secure and Reliable Data Outsourcing in Cloud Computing

The many advantages of cloud computing are increasingly attracting individuals and organizations to outsource their data from local to remote cloud servers. In addition to cloud infrastructure and platform providers, such as Amazon, Google, and Microsoft, more and more cloud application providers are emerging which are dedicated to offering more accessible and user friendly data storage services to cloud customers. It is a clear trend that cloud data outsourcing is becoming a pervasive service. Along with the widespread enthusiasm on cloud computing, however, concerns on data security with cloud data storage are arising in terms of reliability and privacy which raise as the primary obstacles to the adoption of the cloud. To address these challenging issues, this dissertation explores the problem of secure and reliable data outsourcing in cloud computing. We focus on deploying the most fundamental data services, e.g., data management and data utilization, while considering reliability and privacy assurance. The first part of this dissertation discusses secure and reliable cloud data management to guarantee the data correctness and availability, given the difficulty that data are no longer locally possessed by data owners. We design a secure cloud storage service which addresses the reliability issue with near-optimal overall performance. By allowing a third party to perform the public integrity verification, data owners are significantly released from the onerous work of periodically checking data integrity. To completely free the data owner from the burden of being online after data outsourcing, we propose an exact repair solution so that no metadata needs to be generated on the fly for the repaired data. The second part presents our privacy-preserving data utilization solutions supporting two categories of semantics - keyword search and graph query. For protecting data privacy, sensitive data has to be encrypted before outsourcing, which obsoletes traditional data utilization based on plaintext keyword search. We define and solve the challenging problem of privacy-preserving multi- keyword ranked search over encrypted data in cloud computing. We establish a set of strict privacy requirements for such a secure cloud data utilization system to become a reality. We first propose a basic idea for keyword search based on secure inner product computation, and then give two improved schemes to achieve various stringent privacy requirements in two different threat models. We also investigate some further enhancements of our ranked search mechanism, including supporting more search semantics, i.e., TF × IDF, and dynamic data operations. As a general data structure to describe the relation between entities, the graph has been increasingly used to model complicated structures and schemaless data, such as the personal social network, the relational database, XML documents and chemical compounds. In the case that these data contains sensitive information and need to be encrypted before outsourcing to the cloud, it is a very challenging task to effectively utilize such graph-structured data after encryption. We define and solve the problem of privacy-preserving query over encrypted graph-structured data in cloud computing. By utilizing the principle of filtering-and-verification, we pre-build a feature-based index to provide feature-related information about each encrypted data graph, and then choose the efficient inner product as the pruning tool to carry out the filtering procedure