Cloud Computing Security
eBook - ePub

Cloud Computing Security

Foundations and Challenges

John R. Vacca, John R. Vacca

Compartir libro
  1. 530 páginas
  2. English
  3. ePUB (apto para móviles)
  4. Disponible en iOS y Android
eBook - ePub

Cloud Computing Security

Foundations and Challenges

John R. Vacca, John R. Vacca

Detalles del libro
Vista previa del libro
Índice
Citas

Información del libro

This handbook offers a comprehensive overview of cloud computing security technology and implementation while exploring practical solutions to a wide range of cloud computing security issues. As more organizations use cloud computing and cloud providers for data operations, the need for proper security in these and other potentially vulnerable areas has become a global priority for organizations of all sizes. Research efforts from academia and industry, as conducted and reported by experts in all aspects of security related to cloud computing, are gathered within one reference guide.

Features

• Covers patching and configuration vulnerabilities of a cloud server

• Evaluates methods for data encryption and long-term storage in a cloud server

• Demonstrates how to verify identity using a certificate chain and how to detect inappropriate changes to data or system configurations

John R. Vacca is an information technology consultant and internationally known author of more than 600 articles in the areas of advanced storage, computer security, and aerospace technology. John was also a configuration management specialist, computer specialist, and the computer security official (CSO) for NASA's space station program (Freedom) and the International Space Station Program from 1988 until his retirement from NASA in 1995.

Preguntas frecuentes

¿Cómo cancelo mi suscripción?
Simplemente, dirígete a la sección ajustes de la cuenta y haz clic en «Cancelar suscripción». Así de sencillo. Después de cancelar tu suscripción, esta permanecerá activa el tiempo restante que hayas pagado. Obtén más información aquí.
¿Cómo descargo los libros?
Por el momento, todos nuestros libros ePub adaptables a dispositivos móviles se pueden descargar a través de la aplicación. La mayor parte de nuestros PDF también se puede descargar y ya estamos trabajando para que el resto también sea descargable. Obtén más información aquí.
¿En qué se diferencian los planes de precios?
Ambos planes te permiten acceder por completo a la biblioteca y a todas las funciones de Perlego. Las únicas diferencias son el precio y el período de suscripción: con el plan anual ahorrarás en torno a un 30 % en comparación con 12 meses de un plan mensual.
¿Qué es Perlego?
Somos un servicio de suscripción de libros de texto en línea que te permite acceder a toda una biblioteca en línea por menos de lo que cuesta un libro al mes. Con más de un millón de libros sobre más de 1000 categorías, ¡tenemos todo lo que necesitas! Obtén más información aquí.
¿Perlego ofrece la función de texto a voz?
Busca el símbolo de lectura en voz alta en tu próximo libro para ver si puedes escucharlo. La herramienta de lectura en voz alta lee el texto en voz alta por ti, resaltando el texto a medida que se lee. Puedes pausarla, acelerarla y ralentizarla. Obtén más información aquí.
¿Es Cloud Computing Security un PDF/ePUB en línea?
Sí, puedes acceder a Cloud Computing Security de John R. Vacca, John R. Vacca en formato PDF o ePUB, así como a otros libros populares de Ciencia de la computación y Programación de juegos. Tenemos más de un millón de libros disponibles en nuestro catálogo para que explores.

Información

Editorial
CRC Press
Año
2020
ISBN
9780429619649

V

Meeting Compliance Requirements

CHAPTER 19

Negotiating Cloud Security Requirements with Vendors

Daniel S. Soper
California State University
Fullerton, California
Contents
19.1 Introduction
19.2 Structure-Centric Negotiation
19.3 Strategy-Centric Negotiation
19.4 Process-Centric Negotiation
19.5 Behavior-Centric Negotiation
19.6 Bad-Faith Negotiation
19.7 Integrative Negotiation
19.8 Summary
References

19.1 Introduction

Organizations of all kinds are increasingly adopting cloudsourcing in order to meet their information technology needs. Under this procurement strategy, needed IT products and services are acquired on a utility billing basis from a vendor, with the vendor retaining the responsibility of maintaining the underlying IT infrastructure. In the wake of many very visible and embarrassing information security breaches, organizations are also increasingly aware of security-related issues with respect to their information assets. The simultaneous rise of these two phenomena has led to a sharp increase in the frequency with which customer organizations must negotiate with cloud service providers in order to ensure that their information security requirements are being met. As such, knowledge of negotiation theory and negotiation strategies is more important than ever to the success of an organization’s cloud-based information technology initiatives. This chapter will therefore review several different orientations toward negotiation, and will examine the implications of these orientations in the context of organizational security requirements for information technology products and services that are acquired via a cloudsourcing relationship with the service provider.
While the information technology literature contributes greatly to the technical and managerial foundations of cloudsourcing negotiations, the theoretical framework that undergirds the paradigm has its origins in the negotiation literature. Among English language speakers, the term negotiation has come to be used in many different situations, including in the contexts of politics (Ikle & Leites, 1962), international relations (Nikolaev, 2007), commerce (Kaufmann, 1987), labor relations (Walton, 1991), the practice of law (Gifford, 2007), haggling (Raiffa, 1985), and interpersonal relationships (Thompson, 2007), among others. This diversity of application has engendered several distinct theoretical traditions with respect to the negotiation process. While the typology of theoretical orientations toward negotiation originally contained seven schools of thought (Zartman, 1976), more recent scholarship has reduced this set to five distinct theoretical perspectives: (1) the structural perspective, (2) the strategic perspective, (3) the processual perspective, (4) the behavioral perspective, and (5) the integrative perspective (Zartman, 1988). Here a sixth perspective shall also be considered – that of bad-faith negotiation (Cox, 1958) – as it, along with the preceding five perspectives, can have important practical implications for cloudsourcing negotiations in a security context. These six theoretical perspectives on negotiation are depicted in Figure 19.1.
Figure 19.1 Theoretical perspectives on negotiation.
In the sections that follow, each of the theoretical perspectives shown above is considered in turn, with particular attention being paid to the implications of each perspective for the negotiation of cloud security requirements. For the sake of simplicity, these schools of thought shall be considered in the milieu of a bilateral (i.e., two-party) negotiation. This orientation is not only convenient, but it is also appropriate given that two-party negotiations (e.g., negotiations involving a vendor and a customer) are by far the most common type of cloudsourcing negotiation. Although each theoretical perspective on negotiation is considered independently, it is important to note that experienced negotiators will typically use more than one approach while negotiating (Zartman, 2008).

19.2 Structure-Centric Negotiation

In this theoretical orientation, the outcome of a negotiation is considered to be a function of the structural characteristics that uniquely define that particular negotiation, such as the issues being negotiated or the comparative power of each party involved (Raiffa, 1985). If sufficient ex ante knowledge of these characteristics exists, then structural models of negotiation can be constructed with a view toward predicting the outcome of a given negotiation scenario before the parties even arrive at the negotiating table. Interparty power dynamics play a central role in structural negotiation (Bell, 1977; Kim, Pinkley, & Fragale, 2005; Zartman & Rubin, 2000), and from this perspective, parties can be expected to engage in a negotiation “when neither party in a conflict is strong enough to impose its will or to resolve the conflict unilaterally” (Zartman, 1997). When viewed through this lens, each party is seen as possessing strengths and weaknesses that either contribute to or limit the party’s ability to influence the negotiation (Fisher, Ury, & Patton, 1993). Depending upon each party’s characteristics, the distribution of power between the parties may be either symmetrical or asymmetrical (Dwyer & Orville, & Walker, 1981), and perceptions of power may change as the negotiation process unfolds (Zartman & Rubin, 2000).
The nature of the terms codified in the final negotiated agreement is hence expected to be a function of the power dynamics among the negotiating parties (Mannix & Neale, 1993). Consider, for example, the negotiation of a peace treaty aimed at ending a war. If one party has clearly established its military dominance, then that party would be viewed as having a highly asymmetrical power advantage over the other party. This structure-centric theoretical lens would thus predict that the final negotiated agreement would contain terms that disproportionately favor the more powerful party. If, on the other hand, the conflict had produced a military stalemate, then the distribution of power in the negotiation process would be more symmetrical, thus leading to the expectation of a more balanced final agreement. While appealing, the structural predictive model gives rise to what has been called the structuralist dilemma (Zartman, 1997).
The structuralist dilemma addresses the irrationality of engaging in negotiations under conditions of power asymmetry. Quoting Zartman on this topic (1997), “Expecting to lose, a weaker party should want to avoid negotiation with a stronger party at all costs, but it cannot; and, expecting to win, a stronger party should have no need to negotiate to get what it wants, but it must.” The current theory on this dilemma implicates the constraining effect of the relationship for parties’ mutual willingness to negotiate (Zartman & Rubin, 2000). The more powerful party cannot simply crush and dominate its weaker counterpart if it expects to preserve the relationship in anticipation of future benefits. Neither can the weaker party refuse to participate in the negotiation if it believes that negotiating might yield a better outcome than could otherwise be obtained. This theoretical proposition has important implications with respect to the negotiation of cloud security requirements, inasmuch as the market for non-...

Índice