20-12-2012, 05:57 PM
A Business Model for Cloud Computing Based on a Separate Encryption and Decryption Service
A Business Model for Cloud.pdf (Size: 314.03 KB / Downloads: 29)
Abstract
Enterprises usually store data in internal storage and
install firewalls to protect against intruders to access the data.
They also standardize data access procedures to prevent insiders
to disclose the information without permission. In cloud
computing, the data will be stored in storage provided by service
providers. Service providers must have a viable way to protect
their clients’ data, especially to prevent the data from disclosure
by unauthorized insiders. Storing the data in encrypted form is a
common method of information privacy protection. If a cloud
system is responsible for both tasks on storage and
encryption/decryption of data, the system administrators may
simultaneously obtain encrypted data and decryption keys. This
allows them to access information without authorization and thus
poses a risk to information privacy. This study proposes a
business model for cloud computing based on the concept of
separating the encryption and decryption service from the
storage service. Furthermore, the party responsible for the data
storage system must not store data in plaintext, and the party
responsible for data encryption and decryption must delete all
data upon the computation on encryption or decryption is
complete. A CRM (Customer Relationship Management) service
is described in this paper as an example to illustrate the proposed
business model.
INTRODUCTION
In recent years, cloud computing has become a hot topic in
the global technology industry. The initiatives include
Google’s research project for building an infrastructure to
support research needs of top-tier American universities. Weiss
noted that cloud computing services include several existing
computing technologies [1], such as service-oriented utility
computing [2], grid computing with large amount of computing
resources [3], and that using data centers for data storage
services.
Prior to the development of the concept of cloud
computing, critical industrial data was stored internally on
storage media, protected by security measures including
firewalls to prevent external access to the data and including
organizational regulations to prohibit unauthorized internal
access. In the cloud computing environment, storage service
providers must have in place data security practices to ensure
that their clients’ data is safe from unauthorized access and
disclosure. More importantly, the regulations and measures for
preventing privileged users such as system administrators from
unauthorized access must be rigorously established and
implemented.
Cloud computing business models
The hardware and architecture required for providing cloud
computing environment services is similar to most computer
hardware and software systems. The hardware in a modern
personal computer (i.e., CPU, HDD, optical drive, etc.)
performs basic functions such as performing calculations and
storing data. The operating system (e.g., Windows XP) is the
platform for the operations of the basic infrastructure, and text
processing software such as MSWord and Excel are application
services which run on the platform.
The architecture of cloud services can be divided into three
levels: infrastructure, platform, and application software [7].
Application software constructs the user interface and presents
the application system’s functions. Through the functions of
the operations platform, the application can use the CPU and
other hardware resources to execute calculations and access
storage media and other equipment to store data.
User data privacy concerns in a cloud computing
environment
In a cloud computing environment, the equipment used for
business operations can be leased from a single service
provider along with the application, and the related business
data can be stored on equipment provided by the same service
provider. This type of arrangement can help a company save on
hardware and software infrastructure costs, but storing the
company’s data on the service provider’s equipment raises the
possibility that important business information may be
improperly disclosed to others[9].
Recommended Service Level Agreement Content
The above-mentioned example has multiple service
operators coordinating to provide a CRM Cloud Service. The
data handling flow and cooperation among operators will affect
the effectiveness with which users use the service. Unlike
conventional Service Level Agreements (SLA), any SLA
between the user and the service provider must consider the
rights and obligations of the collaborating operators, and
operators should sign contracts between themselves to establish
the division of responsibilities and cooperation model for
providing common services to clients.
The proposed example of a CRM Cloud Service includes a
template for a multi-party SLA for the user, CRM operator,
encryption/decryption service operator, storage service
operator. The content is based on policies for ensuring data
privacy, as shown in Fig. 7.
BENEFIT ANALYSIS AND DISCUSSION
Cloud computing environments include three types of
service: infrastructure, platform and software. To the user,
cloud computing virtualizes resources and, to access services,
the user only requires a means of accessing the Internet, e.g., a
smart phone or PDA, or even a Smart Card or other active
smart chip, thus reducing purchasing and maintenance costs for
software and hardware. Because key industrial data is stored on
the service provider’s equipment, the service provider must
protect the user’s data, for example by encrypting the user’s
data prior to storage. However, this leaves the service
provider’s high-privilege internal staff (e.g., system
administrators) with access to both the Decryption Key and the
user’s encrypted data, exposing the user’s data to risk of
potential disclosure.
For cloud computing to spread, users must have a high
level of trust in the methods by which service providers protect
their data. This study proposes a Business Model for Cloud
Computing Based on a Separate Encryption and Decryption
Service, emphasizing that authorization for the storage and
encryption/decryption of user data must be vested with two
different service providers. The privileges of Storage as Service
provider include storing user data which has already been
encrypted through an Encryption/Decryption Service System,
but does not allow this service provider access to the
Decryption Key or allow for the storage of decrypted data.