Abstract
Cloud computing, internet of things (IoT), edge computing, and fog computing are gaining attention as emerging research topics and computing approaches in recent years. These computing approaches are rather conceptual and contextual strategies rather than being computing technologies themselves, and in practice, they often overlap. For example, an IoT architecture may incorporate cloud computing and fog computing. Cloud computing is a significant concept in contemporary computing and being adopted in almost every means of computing. All computing architectures incorporating cloud computing are termed as cloud-based computing (CbC) in general. However, cloud computing itself is the basis of CbC because it significantly depends on resources that are remote, and the remote resources are often under third-party ownership where the privacy of sensitive data is a big concern. This chapter investigates various privacy issues associated with CbC. The data privacy issues and possible solutions within the context of cloud computing, IoT, edge computing, and fog computing are also explored.
TopIntroduction
The emergence of few recent computing approaches bring new paradigm to computing world. Examples of such computing approaches are Cloud Computing, IoT, Edge Computing and Fog Computing. With numerous benefits and advantageous features, all these computing approaches come with a severe downside – that is, security. Security is a major concern for the above computing approaches from perspectives of business strategy as well as technological and Human Factors. These computing approaches use and/or transfer an organisation’s digital assets (i.e., digital information) off-site for various purposes.
Cloud Computing, IoT, Edge Computing and Fog Computing have become a hype. Organisations are submerging themselves in this hype and – in some cases, discussed later in this chapter– handing over digital assets to third parties. Using computing techniques like Cloud Computing may incorporate moving data into remote computers that are geographically dispersed and crossing political geographic boundaries. Besides, the aforementioned computing techniques use latest technologies, computing devices and gadgets (e.g., smart phone). Electronic end-user gadgets, when become part of a network as an end-user terminal or node, may pose security and privacy concerns. The infrastructural settings of recent computing approaches in terms of location of various elements (e.g., computers, data storage, processing) are crucial factors in information security and privacy. Based on the locations of architectural/infrastructural elements, Cloud Computing, Fog Computing and Edge Computing may introduce a very complex scenario for organisations in terms of Governance, Risk and Compliance (GRC).
Cloud Computing incorporates numerous security concerns (Ahmed & Hossain, 2014; Ahmed, Litchfield & Ahmed, 2014; Ahmed & Litchfield, 2016; Khalil, Khreishah & Azeem, 2014; Aljawarneh & Yassein, 2016; Kar & Mishra, 2016). From an information security and privacy viewpoint, this chapter investigates the computing techniques that use Cloud Computing. Cloud Computing, Fog Computing, Edge Computing, IoT – these are few recent computing techniques/approaches considered in this chapter.
All kinds of CbC uses remote resources and infrastructure that are owned and managed by third party vendors. This results in a situation where customers (individual or organisation) hand over their data to the vendors. Customers’ data and information reside in the vendors infrastructures and servers dispersed geographically around the globe. This results in various complex scenario that are considered as threat to information privacy and security in cyber space. The focal point in this chapter is how CbC may have an impact on the privacy of an organisation’s digital assets.
Key Terms in this Chapter
GRC: The aspects of information security that deals with integrated governance, risk manage, and compliance for an organisation from information security perspective.
Vendor: Normally a third party, vendor is an entity that provides (rents or sells) hard/software/infrastructure/service to customers.
Human Factor: In information security, human factors refer to those factors potential to result in information privacy and security breach due to human action/error/incompetence.
Cloud Computing: An architectural computing approach where users use remote computing resources (e.g., remote computers or computer networks) to carry out their computing needs.
Edge Computing: An architectural CbC approach where part of the processing is carried out within the end-users’ premises.
Fog Computing: An architectural computing approach that adds an extra intermediary cloud infrastructure for faster computing performance.
Perception Layer: In an IoT architecture, perception layer is where the computer servers reside that processes the data collected from end-users’ devices to interpret for various purposes.
Latency: Delay in computational processing due to various factors. Example of factors are distance data needs to travel, or excessive amount of data compared to processing capability of a computer resulting in processing bottlenecks.
Cloud Service Provider: Third parties who provide cloud computing infrastructure and rents the infrastructure to various users (individual or organisation).
Cloud Infrastructure: The network infrastructure used in a cloud computing architecture. This is the remote infrastructure from a user’s perspective.
Cloud-Based Computing: Any computing settings where cloud computing forms part of the infrastructure.
IoT: IoT refers to an architectural computing concept where every devices (smart phones, CCTV, sensors, household gadgets, TV, washing machine, microwave) have computational and communication capability and connected to the Internet to form a network of everything.
End-User Premise: The users’ own perimeter or organisational boundary where the users’ own infrastructure (owned and managed by the end-users) is situated.
End-Users' Devices: Devices used by the end-users or deployed within the end-users’ premises. Examples of such devices are users’ computers, CCTV, various sensors, smart phones.