Formulation of data privacy protection strategies in the national cloud infrastructure employing a risk-based approach

Document Type : Original Article

Authors

1 P.H.D. s.n.d.u

2 Dept. of Computer Science, Shahed University

3 Malek Ashtar University

4 Assistant Professor

Abstract

The emergence of cloud computing with features such as multi-tenancy, scalability, and cost reduction has led many IT providers to use this technology. However, this technology faces challenges in maintaining data privacy. Information leakage can lead to violations of individual privacy and even national security. Given the paucity of the country's strategic documents in this field, this study has examined and formulated strategies for maintaining privacy in the country's cloud infrastructure. To this end, in addition to examining the concepts of cloud computing and privacy, the effects of cloud computing exploitation on privacy were examined. By studying international documents and upstream documents of the country as well as using the theme network and based on the PESTLS approach, 250 challenges were identified and after classification, 54 major challenges were identified and prioritized with the opinions of experts, and 10 challenges with the highest risks were finalized. To address these challenges, based on the ITU framework, 6 main strategies were finalized, including promoting culture, knowledge, and public awareness, designing and implementing a comprehensive system, enhancing infrastructure security, establishing law enforcement mechanisms, promoting international cooperation, and activating the privacy economy. Finally, 49 solutions were developed to preserve privacy in cloud infrastructure.

Keywords

Main Subjects

References

  •  فهرست منابع و مآخذ

    الف. منابع فارسی

     دفتر حفظ و نشر آثار آیت الله خامنه ای. (۱۳۹۷). دیدار جمعی از مسئولان و مدیران نظام با رهبر انقلاب. بازیابی 26 آبان 2021، از ‪https://farsi.khamenei.ir/news-content?id=39362‎

    • ‏‫رئوفی، علی­اصغر؛ راد، محمد صادق جمشیدی و بافرانی، علیرضاپور. (۱۳۹۹) اصول حاکم بر لایحه حریم خصوصی. مبانی فقهی حقوق اسلامی، 25(13)، 135-160.
    • ‏‫عبداللهی، علی؛ سیادت، سید حسین و اطهری فرد، علیرضا. (۱۳۹۴) رویکردی جامع برای بهبود امنیت سایبری زیرساخت­های حیاتی کشور. مقاله ارائه شده در پژوهش­های کاربردی در مدیریت و حسابداری. دانشگاه شهید بهشتی.
    • ‏‫قاسمی، سجاد؛ کیومرثی، فرشاد و زمانی دهکردی، بهزاد. (۱۳۹۶) مروری بر ذخیره­سازی و انتقال امن پیام در شبکه­های مبتنی بر رایانش ابری. مطالعات علوم کاربردی در مهندسی، 6(3)، 172-179.
    • ‏‫قناد، فاطمه و علیقلی، امیره. (۱۳۹۹) مفهوم و اهمیت داده‌های شخصی و حریم خصوصی و انواع حمایت از آن در فضای مجازی. حقوق فناوری‌های نوین، 1(1)، 297-322.
    • ‏‫کریمی قهرودی، محمدرضا؛ محمدی، حافظ و سعادتمند، امیر مسعود. (۱۴۰۱) ارائه مدلی برای ارزیابی امنیت سایبری جمهوری اسلامی ایران. امنیت ملی، 12(45)، 69-100.
    • ‏‫مهریزی، مهدی. (۱۳۷۸) دولت دینى و حریم خصوصى (بازخوانى فرمان هشت ماده اى امام خمینى(ره)). پرتال جامع علوم انسانی، 12(4)، 45-69.

     

     

    ب. منابع انگلیسی

     

    • Akremi, Aymen; & Rouached, Mohsen. (2021). A comprehensive and holistic knowledge model for cloud privacy protection. The Journal of Supercomputing, 77(8), 7956-7988. https://doi.org/10.1007/s11227-020-03594-3
    • (2021). What is data privacy? | Privacy definition. Retrieved May 14, 2021, from https://www.cloudflare.com/learning/privacy/what-is-data-privacy/
    • (2017). RISKS TO CRITICAL INFRASTRUCTURE THAT USE CLOUD SERVICES. Department of Homeland Security, Office of Cyber and Infrastructure Analysis.
    • (2020). ENISA Threat Landscape 2020 - Information Leakage. european union agency for cybersecurity.
    • ‏‫ European Parliament. Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation) (2016).
    • Hinds, Joanne; Williams, Emma J.; & Joinson, Adam N. (2020). “It wouldn’t happen to me”: Privacy concerns and perspectives following the Cambridge Analytica scandal. International Journal of Human-Computer Studies, 143, 102498. https://doi.org/10.1016/j.ijhcs.2020.102498
    • (2014). ISO/IEC 17788 :Information technology — Cloud computing — Overview and vocabulary. the International Organization for Standardization.
    • (2024). ISO/IEC 29100 :Information technology — Security techniques — Privacy framework. the International Organization for Standardization.
    • (2021). Guide to Developing a National Cybersecurity Strategy. The International Telecommunication Union (ITU).
    • Mell, Peter; & Grance, Tim. (2011, September 28). The NIST Definition of Cloud Computing. National Institute of Standards and Technology. https://doi.org/https://doi.org/10.6028/NIST.SP.800-145
    • (2020). NIST PRIVACY FRAMEWORK: A TOOL FOR IMPROVING PRIVACY THROUGH ENTERPRISE RISK MANAGEMENT, VERSION 1.0. Gaithersburg, MD: National Institute of Standards and Technology.
    • Paulsen, Celia; & Byers, Robert. (2019). Glossary of key information security terms. Gaithersburg, MD: National Institute of Standards and Technology.
    • Quemard, Jean-Pierre; Schallabök, Jan; & Kamara, Irene. (2019). Guidance and gaps analysis for European standardisation Privacy standards in the information security. ENISA.
    • (2021). What is Data privacy? Retrieved May 14, 2021, from https://secure.livechatinc.com/
    • Skendžić, A.; Kovačić, B.; & Tijan, E. (2018). General data protection regulation — Protection of personal data in an organisation. In 2018 41st International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). 1370-1375. https://doi.org/10.23919/MIPRO.2018.8400247
    • Sun, PanJun. (2020). Security and privacy protection in cloud computing: Discussions and challenges. Journal of Network and Computer Applications, 160, 102642. https://doi.org/10.1016/j.jnca.2020.102642
    • Taghavi Zargar, Saman; Takabi, Hassan; & Iyer, Jay. (2019). Security‐as‐a‐Service (SECaaS) in the Cloud. In Security, Privacy, and Digital Forensics in the Cloud ( 189-200). John Wiley & Sons, Ltd.

     

National Security
Volume 15, spring
June 2025
Pages 151-180

Files

History

  • Receive Date: 04 June 2023
  • Revise Date: 21 April 2025
  • Accept Date: 20 January 2024

Share

How to cite

Statistics