Ahmet EFE, İsamettin OMAK

11245

BULUT HİZMET SAĞLAYICILARININ HÜKÜM VE KOŞULLARINDA SİBER GÜVENLİKLE İLGİLİ HUSUSLAR

Güvenlik, bulut bilişim dünyasındaki en büyük sorunlardan biridir. Müşteriler bulut hizmetleriyle ilgili hassas bilgileri tutarlarken servis sağlayıcılarana tam güvenmek durumunda kalmaktadırlar. Bulut servis sağlayıcıları, veri koruma yasaları gibi mevzuatlara uymalı ve güvenlik politikaları hakkında güven tam vermelidir. Şartlar ve koşullar belgesi, sağlayıcıların güvenlik politikaları hakkında bazı ipuçları verebilmektedir. Bu nedenle, bu çalışmada, bulut ortamındaki ihlallere karşı kilit önlemler almak için bazı bulut servis sağlayıcılarının T&C belgelerini güvenlik yönünden inceledik.
Anahtar Kelimeler:

Bulut bilgi işlem güvenliği, BT dış kaynak kullanımı, GDPR, şartlar ve koşullar, gizlilik politikası

SECURITY CONSIDERATIONS REGARDING TERMS AND CONDITIONS OF CLOUD SERVICE PROVIDERS

Security is one of the biggest issues in the cloud-computing world. The customers may keep sensitive information on the cloud services and should trust to the service providers. Cloud service providers should comply with the legislations like data protection laws and should give confidence about their security policy. The terms and conditions document could give some clues about the security policies of the providers. Therefore, in this study we reviewed the T&C documents of some cloud service providers from security aspect in order to provide key measures against breaches in the cloud environment.
Keywords:

Cloud computing security, IT outsourcing, GDPR, terms and conditions, privacy policy,

PDF

___

  • [1] P. Mell and T. Grance, "The NIST Definition of Cloud Computing," September 2011. [Online]. Available: https://csrc.nist.gov/publications/detail/sp/800-145/final .
  • [2] “What is IDaaS? Understanding Identity as a Service and Its Applications,” Okta Inc., [Online]. Available: https://www.okta.com/identity-101/idaas/ . [Accessed 28 March 2018].
  • [3] Cloud Computing Compliance Controls Catalogue (C5), Federal Office for Information Security, Germany, 2016.
  • [4] D. Sun, G. Chang, L. Sun and X. Wang, “Surveying and Analyzing Security, Privacy and Trust Issues in Cloud Computing Environments,” Procedia Engineering, no. 15, 2011.
  • [5] I. Khalil, A. Khreishah and M. Azeem, “Cloud Computing Security: A Survey,” Computers, no. 3, pp. 1-35, 2014.
  • [6] D. Zissis and D. Lekkas, "Addressing cloud computing security issues," Future Generation Computer Systems, no. 28, 2012.
  • [7] M. H. Parekh and D. R. Sridaran, “An Analysis of Security Challenges in Cloud Computing,” International Journal of Advanced Computer Science and Applications(IJACSA), vol. 1, no. 4, 2013.
  • [8] "Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives," ISACA, 2009.
  • [9] D. Verma and R. Kumar Tyagi, "Cloud computing security: A Review," 2018.
  • [10] L. Wei, H. Zhu, Z. Cao, X. Dong, W. Jia, Y. Chen and A. V. Vasilakos, "Security and privacy for storage and computation in cloud computing," Information Sciences, no. 258, 2014.
  • [11] C. Westphall, C. Merkle Westphall, R. Weingärtner, D. dos Santos, P. Fernando da Siva, P. Vitti and K. Vieira, Challenges in Cloud Computing Security, 2014.
  • [12] B. Derksen, Impact of IT outsourcing on Business & IT alignment, Amsterdam: Vrije Universiteit Amsterdam, 2013.
  • [13] I. Alessio and B. Rebecca, "The 18C's model for a successful longterm," Industrial Marketing Management, no. 41, 2012.
  • [14] F. Schlosser, H.-T. Wagner, D. Beimborn and T. Weitzel, “The Role of Internal Business/IT Alignment and IT Governance for Service Quality in IT Outsourcing Arrangements,” in Proceedings of the 43rd Hawaii International Conference on System Sciences, 2010.
  • [15] J. Goo, R. Kishore, H. Raghav Rao and K. Nam, “The Role of Service Level Agreements in Relational Management of Information Technology Outsourcing: An Empirical Study,” MIS Quarterly, no. 33, pp. 119-145, 2009.
  • [16] J. McKendrick, “Cloud May Be The New Outsourcing, But The Same Due Diligence Must Apply,” Forbes Media, 18 October 2014. [Online]. Available: https://www.forbes.com/sites/joemckendrick/2014/10/18/cloud-may-be-the-new-outsourcing-but-the-same-due-diligence-must-apply/#360d88dd1079 . [Accessed 30 March 2018].
  • [17] “EU GDPR,” [Online]. Available: https://www.eugdpr.org/. [Accessed 2 April 2018].
  • [18] “General Data Protection Regulation GDPR - Final text neatly arranged,” Intersoft Consulting, [Online]. Available: https://gdpr-info.eu/ . [Accessed 31 May 2018].
  • [19] “FINAL REPORT ON RECOMMENDATIONS ON CLOUD OUTSOURCING,” Europian Banking Authority, 20 December 2017. [Online]. Available: http://www.eba.europa.eu/documents/10180/2170121/Final+draft+Recommendations+on+Cloud+Outsourcing+%28EBA-Rec-2017-03%29.pdf . [Accessed 31 May 2018].
  • [20] “EBA Publishes Final Report on Recommendations on Cloud Outsourcing,” Moody's Analytics, 20 December 2017. [Online]. Available: https://www.moodysanalytics.com/regulatory-news/dec-20-eba-publishes-final-report-on-recommendations-on-cloud-outsourcing . [Accessed 31 May 2018].
  • [21] “Privacy Shield Framework,” [Online]. Available: https://www.privacyshield.gov . [Accessed 2 April 2018].
  • [22] “KİŞİSEL VERİLERİN KORUNMASI KANUNU,” 7 April 2016. [Online]. Available: http://www.mevzuat.gov.tr/MevzuatMetin/1.5.6698.pdf . [Accessed 31 May 2018].
  • [23] S. Bradshaw, C. Millard and I. Walden, “Contracts for Clouds: Comparison and Analysis of the Terms and Conditions of Cloud Computing Services,” Queen Mary University of London, 2010.
  • [24] “Category:Cloud computing providers,” Wikipedia, 2017. [Online]. Available: https://en.wikipedia.org/wiki/Category:Cloud_computing_providers . [Accessed 5 April 2018].
  • [25] Baker, McLean, (2016), "Five key legal considerations when negotiating cloud contracts", Computerworld, https://www.computerworlduk.com/cloud-computing/5-key-legal-considerations-when-negotiating-cloud-contracts-3637604/
  • [26] CRISP, (2017) “Cloud Computing Vendor & Service Provider Comparison”, Vendor Universe, https://www.reply.com/Documents/Crisp_Vendor_Universe_Cloud%20Computing_250118_REPLY_englischeVersion_FINAL.pdf
İleri Teknoloji Bilimleri Dergisi-Cover
  • ISSN: 2147-3455
  • Başlangıç: 2015
  • Yayıncı: Düzce Üniversitesi
Arşiv
Sayıdaki Diğer Makaleler

Mamografi görüntülerinin sınıflandırılması için yeni bir özellik çıkarımı yaklaşımı

Nebi GEDİK

KOMPLEKS YAPILAR VE KOŞULLAR İÇİN YAPIŞTIRMA TASARIMININ TEMELLERİ

Ali GÜRSEL

BULUT HİZMET SAĞLAYICILARININ HÜKÜM VE KOŞULLARINDA SİBER GÜVENLİKLE İLGİLİ HUSUSLAR

Ahmet EFE, İsamettin OMAK

TEK SİLİNDİRLİ BİR DİZEL MOTORA DİREKT SU ENJEKSİYONUNUN PERFORMANS VE EMİSYONLARA ETKİSİNİN İNCELENMESİ

Yılmaz Mert ECE