- 530 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
About this book
This handbook offers a comprehensive overview of cloud computing security technology and implementation while exploring practical solutions to a wide range of cloud computing security issues. As more organizations use cloud computing and cloud providers for data operations, the need for proper security in these and other potentially vulnerable areas has become a global priority for organizations of all sizes. Research efforts from academia and industry, as conducted and reported by experts in all aspects of security related to cloud computing, are gathered within one reference guide.
Features
• Covers patching and configuration vulnerabilities of a cloud server
• Evaluates methods for data encryption and long-term storage in a cloud server
• Demonstrates how to verify identity using a certificate chain and how to detect inappropriate changes to data or system configurations
John R. Vacca is an information technology consultant and internationally known author of more than 600 articles in the areas of advanced storage, computer security, and aerospace technology. John was also a configuration management specialist, computer specialist, and the computer security official (CSO) for NASA's space station program (Freedom) and the International Space Station Program from 1988 until his retirement from NASA in 1995.
Frequently asked questions
Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
- Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
- Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Cloud Computing Security by John R. Vacca in PDF and/or ePUB format, as well as other popular books in Computer Science & Computer Engineering. We have over one million books available in our catalogue for you to explore.
Information
V
Meeting Compliance Requirements
CHAPTER 19
Negotiating Cloud Security Requirements with Vendors
Daniel S. Soper
California State University
Fullerton, California
Contents
19.1 Introduction
19.2 Structure-Centric Negotiation
19.3 Strategy-Centric Negotiation
19.4 Process-Centric Negotiation
19.5 Behavior-Centric Negotiation
19.6 Bad-Faith Negotiation
19.7 Integrative Negotiation
19.8 Summary
References
19.1 Introduction
Organizations of all kinds are increasingly adopting cloudsourcing in order to meet their information technology needs. Under this procurement strategy, needed IT products and services are acquired on a utility billing basis from a vendor, with the vendor retaining the responsibility of maintaining the underlying IT infrastructure. In the wake of many very visible and embarrassing information security breaches, organizations are also increasingly aware of security-related issues with respect to their information assets. The simultaneous rise of these two phenomena has led to a sharp increase in the frequency with which customer organizations must negotiate with cloud service providers in order to ensure that their information security requirements are being met. As such, knowledge of negotiation theory and negotiation strategies is more important than ever to the success of an organization’s cloud-based information technology initiatives. This chapter will therefore review several different orientations toward negotiation, and will examine the implications of these orientations in the context of organizational security requirements for information technology products and services that are acquired via a cloudsourcing relationship with the service provider.
While the information technology literature contributes greatly to the technical and managerial foundations of cloudsourcing negotiations, the theoretical framework that undergirds the paradigm has its origins in the negotiation literature. Among English language speakers, the term negotiation has come to be used in many different situations, including in the contexts of politics (Ikle & Leites, 1962), international relations (Nikolaev, 2007), commerce (Kaufmann, 1987), labor relations (Walton, 1991), the practice of law (Gifford, 2007), haggling (Raiffa, 1985), and interpersonal relationships (Thompson, 2007), among others. This diversity of application has engendered several distinct theoretical traditions with respect to the negotiation process. While the typology of theoretical orientations toward negotiation originally contained seven schools of thought (Zartman, 1976), more recent scholarship has reduced this set to five distinct theoretical perspectives: (1) the structural perspective, (2) the strategic perspective, (3) the processual perspective, (4) the behavioral perspective, and (5) the integrative perspective (Zartman, 1988). Here a sixth perspective shall also be considered – that of bad-faith negotiation (Cox, 1958) – as it, along with the preceding five perspectives, can have important practical implications for cloudsourcing negotiations in a security context. These six theoretical perspectives on negotiation are depicted in Figure 19.1.
In the sections that follow, each of the theoretical perspectives shown above is considered in turn, with particular attention being paid to the implications of each perspective for the negotiation of cloud security requirements. For the sake of simplicity, these schools of thought shall be considered in the milieu of a bilateral (i.e., two-party) negotiation. This orientation is not only convenient, but it is also appropriate given that two-party negotiations (e.g., negotiations involving a vendor and a customer) are by far the most common type of cloudsourcing negotiation. Although each theoretical perspective on negotiation is considered independently, it is important to note that experienced negotiators will typically use more than one approach while negotiating (Zartman, 2008).
19.2 Structure-Centric Negotiation
In this theoretical orientation, the outcome of a negotiation is considered to be a function of the structural characteristics that uniquely define that particular negotiation, such as the issues being negotiated or the comparative power of each party involved (Raiffa, 1985). If sufficient ex ante knowledge of these characteristics exists, then structural models of negotiation can be constructed with a view toward predicting the outcome of a given negotiation scenario before the parties even arrive at the negotiating table. Interparty power dynamics play a central role in structural negotiation (Bell, 1977; Kim, Pinkley, & Fragale, 2005; Zartman & Rubin, 2000), and from this perspective, parties can be expected to engage in a negotiation “when neither party in a conflict is strong enough to impose its will or to resolve the conflict unilaterally” (Zartman, 1997). When viewed through this lens, each party is seen as possessing strengths and weaknesses that either contribute to or limit the party’s ability to influence the negotiation (Fisher, Ury, & Patton, 1993). Depending upon each party’s characteristics, the distribution of power between the parties may be either symmetrical or asymmetrical (Dwyer & Orville, & Walker, 1981), and perceptions of power may change as the negotiation process unfolds (Zartman & Rubin, 2000).
The nature of the terms codified in the final negotiated agreement is hence expected to be a function of the power dynamics among the negotiating parties (Mannix & Neale, 1993). Consider, for example, the negotiation of a peace treaty aimed at ending a war. If one party has clearly established its military dominance, then that party would be viewed as having a highly asymmetrical power advantage over the other party. This structure-centric theoretical lens would thus predict that the final negotiated agreement would contain terms that disproportionately favor the more powerful party. If, on the other hand, the conflict had produced a military stalemate, then the distribution of power in the negotiation process would be more symmetrical, thus leading to the expectation of a more balanced final agreement. While appealing, the structural predictive model gives rise to what has been called the structuralist dilemma (Zartman, 1997).
The structuralist dilemma addresses the irrationality of engaging in negotiations under conditions of power asymmetry. Quoting Zartman on this topic (1997), “Expecting to lose, a weaker party should want to avoid negotiation with a stronger party at all costs, but it cannot; and, expecting to win, a stronger party should have no need to negotiate to get what it wants, but it must.” The current theory on this dilemma implicates the constraining effect of the relationship for parties’ mutual willingness to negotiate (Zartman & Rubin, 2000). The more powerful party cannot simply crush and dominate its weaker counterpart if it expects to preserve the relationship in anticipation of future benefits. Neither can the weaker party refuse to participate in the negotiation if it believes that negotiating might yield a better outcome than could otherwise be obtained. This theoretical proposition has important implications with respect to the negotiation of cloud security requirements, inasmuch as the market for non-...
Table of contents
- Cover
- Half-Title
- Title
- Copyright
- Dedication
- Contents
- Foreword
- Preface
- Acknowledgments
- About the Editor
- Contributors
- SECTION I Introduction
- SECTION II Risk Analysis and Division of Responsibility
- SECTION III Securing the Cloud Infrastructure
- SECTION IV Operating System and Network Security
- SECTION V Meeting Compliance Requirements
- SECTION VI Preparing for Disaster Recovery
- SECTION VII Advanced Cloud Computing Security
- SECTION VIII Appendices
- APPENDIX A: LIST OF TOP CLOUD COMPUTING SECURITY IMPLEMENTATION AND DEPLOYMENT COMPANIES
- APPENDIX B: LIST OF CLOUD COMPUTING SECURITY PRODUCTS AND SERVICES
- INDEX