A Conceptual Framework for Accountability in Cloud Computing Service Provision

📝 Abstract

This paper uses a comprehensive review of the academic and professional literature in relation to accountability in the area of cloud computing service provision. It identifies four key conceptual factors that are necessary for an organisation to be considered as accountable. The four factors were found to be: responsibility, assurance, transparency and remediation. A key finding of the paper is that in order to be considered as an accountable cloud service provider, all four factors need to be implemented and be demonstrable by the organisation.

💡 Analysis

This paper uses a comprehensive review of the academic and professional literature in relation to accountability in the area of cloud computing service provision. It identifies four key conceptual factors that are necessary for an organisation to be considered as accountable. The four factors were found to be: responsibility, assurance, transparency and remediation. A key finding of the paper is that in order to be considered as an accountable cloud service provider, all four factors need to be implemented and be demonstrable by the organisation.

📄 Content

Australasian Conference on Information Systems

                                                   Al Rashdi et al.  

2015, Adelaide, South Australia. Achieving Accountability in Cloud Computing

A Conceptual Framework for Accountability in Cloud Computing Service Provision

Research in Progress Zahir Al-Rashdi School of Business Information Technology and Logistics RMIT University Melbourne, Australia Email: zahir.al-rashdi@rmit.edu.au Dr Martin Dick School of Business Information Technology and Logistics RMIT University Melbourne, Australia Email: martin.dick@rmit.edu.au Dr Ian Storey School of Business Information Technology and Logistics RMIT University Melbourne, Australia Email: ian.storey@rmit.edu.au Abstract
This paper uses a comprehensive review of the academic and professional literature in relation to accountability in the area of cloud computing service provision. It identifies four key conceptual factors that are necessary for an organisation to be considered as accountable. The four factors were found to be: responsibility, assurance, transparency and remediation. A key finding of the paper is that in order to be considered as an accountable cloud service provider, all four factors need to be implemented and be demonstrable by the organisation.

Keywords Accountability, cloud computing, service provision, information security

1. Introduction The migration to the cloud has become a global phenomenon (Hobfeld, Schatz, Varela & Timmerer

2012. that has spread widely among government bodies and the private sector. Both sectors share a similar direction and vision for migrating to the cloud, and the issue has received growing attention by both academic and business communities (Zissis & Lekkas 2012). In addition, there is significant evidence that it achieves its goals of flexibility, cost-effectiveness and a proven delivery platform for providing business or consumer IT services over the internet(Pearson 2013). However, there is also a significant amount of agreement about the existence of information security issues prior, during and after cloud implementation, and thus concerns have been voiced about the security issues introduced through the adoption of a cloud computing model (Hashizume, Rosado, Fernández-Medina & Fernandez 2013). Many researchers have indicated that accountability should be given more attention and treated as a Australasian Conference on Information Systems

                                                   Al Rashdi et al.  
      

2015, Adelaide, South Australia. Achieving Accountability in Cloud Computing

high-priority issue in terms of security (Ko, Jagadpramana, Mowbray, Pearson, Kirchberg, Liang & Lee 2011; Pearson, Tountopoulos, Catteddu, Südholt, Molva, Reich, Fischer-Hübner, Millard, Lotz & Jaatun 2012; Pearson & Wainwright 2013; Rajani, Nagasindhu & Saikrishna 2013; Yao, Chen, Wang, Levy & Zic 2010), as it directly affects the quality of service (QoS) and the grade of service (GoS) (Lee, Tang, Chen & Chu 2012; Ye, Jain, Xia, Joshi, Yen, Bastani, Cureton & Bowler 2010). Most users are seeking assurance (Firdhous, Ghazali & Hassan 2012; Huang & Nicol 2013) that their QoS and GoS requirements are satisfied, and that their operations will not be hindered due to congested cloud resources. Providing the required assurances, measures and guarantees for both QoS and GoS are challenging tasks, and accountability and trust are two major concepts that need to be considered as foundational to potential users embracing cloud services (Chakraborty & Roy 2012; Ferrari 2013; Mouratidis, Islam, Kalloniatis & Gritzalis 2013). Even though technical aspects relating to cloud security and privacy have been actively researched, these conceptual issues have not been addressed in depth. This paper presents a conceptual framework for understanding accountability in the area of cloud computing service provision. Accountability is a core concern for information security in cloud computing, representing most importantly the trust in service relationships between clients and cloud service providers (CSPs) (Pearson & Wainwright 2013). Without evidence of accountability, a lack of trust and confidence in cloud computing often develops among business management (Ko et al. 2011; Muppala, Shukla & Patil 2012; Pearson 2013; Rashidi & Movahhedinia 2012). It is then considered an added level of risk (Cayirci 2013; Gellman 2012; Guitart, Macias, Djemame, Kirkham, Jiang & Armstrong 2013; Morin, Aubert & Gateau 2012; Rajani, Nagasindhu & Saikrishna 2013), since a client’s essential services will be controlled and managed by a third party. Consequently, this new method of outsourcing renders the process of maintaining data security and privacy, supporting data and service availability, and demonstrating complianc

This content is AI-processed based on ArXiv data.