TOWARDS GREEN INFORMATION TECHNOLOGY USING RISK MANAGEMENT

MODEL FOR CLOUD SECURITY: A SIMULATION STUDY

A Research Proposal

Presented to the

Senior High School Department

St. Louis College of Valenzuela

In Partial Fulfillment of Requirements

For the Research Project

Christian Emmanuel Ayag

Reinier Joseph De Vera

Adrian Matthew Antonio

12-POPE JULIUS

January 28, 2022

 CHAPTER 1

THE PROBLEM AND LITERATURE REVIEW

This chapter is the background information of this study that further explain the problem

and presenting facts behind the context of the theoretical and conceptual framework establishing

the foundation of this research.

Background of the Study

Cloud storage became the new domain and it became the bank safe for data giving

flexibility for office workers, teachers, and student to store data with ease. However, the biggest

controversy surrounding cloud storage are data privacy, cloud risk management, and Cyber

security on clod. Throughout the modern technology era, there are studies and tools for

unexpected errors creating a foundation for sustainable and green cloud environment for all

users.

The concept of managing risk critical for sustainable cloud environment challenges and

advise to create a realistic plan for risk control. (Abdul Rahman, et al, 2017). Risk management

in cloud storage is a major thing to tackle considering the amount of stress and money the

company has to lose. Over the years there are attempts and plans for risk controls that can lessen

threats of global crisis.

Cloud environments are more complex and due to the rising concerns around security

issues, cloud risk management has become a thing for successful software projects (Elzamly et al

2016). The monitoring projects became on demand for IT companies because of the emerging

issues across global cloud. Nevertheless, risk can attribute both negative or positive long-term

effects that can shape the entire cloud environment.

The cloud is an already well-known and untested technology that is being developed and

upgraded for many years and has been used by many big companies to do many IT-related

services (Almond, 2009). Although the ways that define it today are undeniably different for

what defined it years before and it’s in the process of being becoming mainstream for consumers

to store their data daily. Even if security remains a concern for many users, experts already know

how to quickly deal with some of the security issues that have been the main concern of users

making them reluctant to use it.

 Security of the cloud is already fairly robust and reliable always adapting technologies

that have been proven to be safe to avoid many security holes that have been discovered in an old

system (Barron, et al, 2013). Yet adopting new technologies is not enough to protect against

these holes as they are new and the holes in them are still hidden. Once o of these holes is

stumbled upon it can severely compromise the security structure that the cloud relies on and may

result in harming its consumers. This may result in distrust of the technology and may encourage

consumers to just invest in their own data storage that they can perfectly control. These users

may miss out on many helpful features that the cloud provides and the cost of investing in a local

server may be devastating as it requires a lot of resources and specialist to build and operate.

To have cloud that doesn’t worry its consumers if their fata will be stollen of leaked, it

needs to overcome many complicated problems and obstacles in terms of its security because it

needs many technologies that are working with each other continuously for it to properly run and

be usable (Padhy, et al, 2011). The security of these technologies needs to be addressed first

which may take many resources to research and implement. But the results that have been

acquired may yield interesting outcomes to use in other fields in technology that can be further

be researched to help identify future threats and how to prevent them in the future.

The prince needed for safe and user-friendly cloud data storage may be large but its benefits out

scale the cost for its security. Business both compete with and overtake larger businesses with

this technology. It largely makes everything need-based and on-demand, from data security to

storage, thus giving them freedom from the burden of huge investments.

Because many encryptors are attempting to breach our data, ensuring privacy in our data

has become difficult that are the known in force the security of our data; we employ both modern

and traditional ways for preserving data and maintaining security (Jain et al, 2016). The cloud is

a media landscape that is currently evolving and adapting to new development as time passes by.

Still, we must not be complacent. Each year companies are developing their cloud and its

security. In addition, they also add new features that are accessible to the costumers. Also, the

reason why each year, each company is improving their security on the cloud is that as the year

passes by data breaching is evolving into a higher level. This is why the consistency and

dedication of improving cloud security are a must on data privacy.

 Many initiatives have been done to improve our security in recent years to safeguard data

privacy, such as two-factor authentication and so on (Abid et al, 2016). Evolution is one of the

major factors in the internet platform. Evolution is a critical key in terms of success, because not

only as time passes by, the security on the platform will also keep developing. The most

important part in improving the security on the cloud is Consistency. We must be consistent and

we must be dedicated to improving and developing as time moves onward.

With the introduction of modern technologies, there are also its ups and downs, its risks, and its

opportunity. The sole primary objective of this research is to expand the cloud in each phase and

explain the factors surrounding it, the cloud is a domain that is constantly developing and this

paper revolves around it for the fulfillment of the privacy of the users.

Data Privacy in Literature

The concept of data privacy is a complex, multi web like structure yet everyone is obligated to know

about these since privacy is a part of our rights. in their seminal essay enunciated that the right to privacy

was based on a principle of “inviolate personality”, thus laying the foundation for a concept of privacy,

(Warren and Brandeis et al., 2022) Since the concept of privacy is complex, many of its components are

easier to understand by breaking it down one by one and categorizing it, as done by Roger Clarke in his

previous publications. As stated in the last statement Clarke categorized each privacy into four (4) parts.

1. Privacy of the person

2. Privacy of the behavior

3. Privacy of data

4. Privacy of communication

With this as the foundation, Roger Clarke’s taxonomy allows different types of privacy to

be handled differently with the assurance of having the user’s data protected while also retaining

privacy. But as the last statement said every kind of situation that revolves around data privacy

will be handled differently but not all kinds of data privacy issues can be solved by protecting

your data. Also, since each category will be treated differently, the user must also know that

protecting your data is not the only way to give security to your privacy.

Personal data is considered as an identification number to a person, since personal data

contains your information and this was defined by the European Convention on Human Rights

(ECHR). In Europe two major institutions are involved in performing and implementing legal
actions on if a person was violated on their institutional rights ( Ünver & Kim, 2016) With the

surge of social media, many privacies are at stakes and many laws were required to adapt to

these changes. Within the next paragraph contains each country that have their own laws and the

way they handle these situations.

The six (6) principles of privacy specifically are transparency, purpose limitation,

minimization, accuracy, storage limitation, integrity. This accomplished on giving the people

basic knowledge about privacy. This also tackled that our privacy is a part of our Human Rights,

this section also showed on what the necessary legal actions to be taken (Irwin, 2021).

Researchers found out on what certain countries established laws about privacy, and the last but

not the least is the principles of data meaning there are fundamentals and rules to be followed

when privacy is involved.

Cloud Risk Management in Literature

According to Anderson H. Wells (Current state of Cloud Practice Management 2017) Majority

of people from future would probably using cloud storage more often and it will become a stable

virtual folder cabinet because of the improvements from the past mistakes. The applying CPM it

would gradually help the community to trust the Cloud furthermore and people across the globe

can share files from one another without worrying about data breaches. But some will still

question about how secure a cloud storage will specially for lawyers who brings confidential

documents and cases along with them, the following concerns are.

1. Confidentiality and Security

2. Loss of control of data

3. Being unfamiliar with the technology

4. Losing access and ownership of data

The current state of Cloud Computing still uncertain and with the introduction of CPM (Cloud

Practice Management), 5 years from now CPM would be the stable service and the dominant

legal practice management solution (Wells, 2017). There are still alternatives which you can use

if you are still hesitant on using CPM in Cloud Computing, like traditional based software or

local area network (LAN) in your office to transfer data computer by computer. As fast as the

technology is rapidly growing, uneasiness and question developing along with it that we cannot

control.
Traditional client configuration to a cloud computing will not gradually relieve federal

departments from a regulatory requirement to protect federal IT systems from intruders.

Therefore, an E-Government Act of 2002 which states measuring information security and

establishing NIST as the organization responsible (Dudash, 2016). Configuration of the cloud

client may help but the threat will still be there, creating laws and extra measures are examples of

options in order to sustain a healthy cloud environment in workspace.

IT Compliance, operational and financial mechanism by organizations spark concerns of

outsourcing the IT function. Most of the cloud computing services are very wary on particular

security issues as technology grow forcing numerous organizations to stored their backup data on

a compartmentalized server (Kendrick, 2009). The fear surrounding on malwares and data

breaches are some examples that most organization are very prudent in cloud computing forcing

them constructing a backup/compartmentalized server.

The emergence of advance technology can also lead to higher security risk depending on what

data would exist, concepts on privacy concerns changes overtime. Given the fact that cloud

computing allows organization and individuals a self-service model which can mark both

positive and negative impact beyond implementing (Cilluffo et al, 2010). The risk surrounding

the rapid rising of new technology is reflecting to the rise of cloud computing, it shouldn’t be

ignored thus by creating a risk management.

Cloud Security in Literature

Security of the cloud has been one of the major concerns on using it. As the general

population is become more acquired and intertwined with the current technology, data of those

users is really valuable to many malicious agents who will take advantage of the data they have

stolen from the user to personal gain (Maurer & Hinck, 2020). The risk of attacks in the cloud

will be devastating to many users and is one of the global risks that will affect many people and

governance around the world.

These are some of the incidents that have happened in collected by Mr. Maurer and

Hinck (2020).
  November 2014 - A system update rolled out globally for Microsoft Azure’s Storage

services caused failure in virtual machines.

 May 2016 – A Salesforce U.S. data center went down for about one day, tracing its cause

to be failed circuit breaker in another data center that cause a flood traffic.

 June 2017 – Security researchers warned chip manufacturer Intel and others about the

Spectre/Meltdown speculative exploitation vulnerabilities.

 June 2018 – Azure customers in Northern Europe experienced a five-hour outage due to

hot summer temperatures in a data center, leading to automated infrastructure shutdowns.

 January 2019 – Issues with an external domain name service provider caused errors in

Internal Microsoft Azure system that led to the accidental dropping of customer

databases, which were later recovered.

Most of these operations are not publicly stated to their customers to avoid exploitation of

a known vulnerability that has yet to have fix. In order to further understand many procedures

cloud service providers, do in order to make cloud system safe (Mather et al, 2009). Simplified

the most important aspects of how data is moved and secured into five levels.

- Data in transit

- Data at rest

- Processing of the data

- Data lineage

- Data Provenance

- Data remanence

Cloud systems and services still a new paradigm, industries and groups mostly

outsourced security operations particularly in third-party system that managed through

contractual controls. There are many advantages that can comply with EU compliance controls

and some of them may benefit both user security and the system (Palmer et al, 2017). These are

the compliance controls listed below.

- Controls for limiting where data will be stored in cloud-based systems.

- Contractual assurance of adequate GDPR and EU security controls and record

- keeping by cloud provider to evidence controls are implemented adequately.

- Emphasis on collaboration between data processor, controller, and cloud

 - client, on threat information.

- Partnership with law enforcement and private sector where possible to share

- threat intelligence between public and private sectors.

- Embedded privacy compliance into policies and infrastructure at beginning

- of cloud operations.

- Although not a total solution, encryption of data by default should be

- implemented.

- Redundancy and adequate back-up systems are scalable in the cloud.

- Focus on blockchain as a tool to bolster interoperability and better network

- tracing, for auditing and compliance confirmation, may also be possible.

Theoretical Framework

Martin Fishbein and Icek Azjen’s Theory of Reasoned

Action
 Process Sample Output
The pros and cons of specific cloud
storage service
Detail the consumer’s attitude Trusting Cloud storage
towards cloud storage technology as a form of
behavior storing digital data
Risk management approach in case
of data loss or data breach

Validate the specific intention Using Cloud computing

of cloud storage user. storage as a storage for
reserves digital data
Applications and Tools that can
help secure cloud storage

Identify the consumer’s actual Using Cloud computing

behavior on using cloud storage as a primary source of
storage. digital storage

Figure 1, Theoretical Framework for Martin Fishbein and Icek Azjen’s Theory of Reasoned

Action

Theory of Reasoned Action needs to develop and test a model to further explain after the

adoption. Nevertheless, implementing TRA is one of the options and thus we recommend that its

power and applicability to other IT applications need to be investigated and run more tests to

evaluate the degree to which it could be universal to all IT domains (Moore et al, 1996). To

create a model towards risk management on cloud storage, it should be examined extremely and

it must be identified carefully on consumer’s expectations and their actual behavior.

Conceptual Framework
 Risk Green Information
management/application Technology
model for a cloud storage Sustainability

FIGURE 2, Conceptual Framework for Towards Risk Management Model for Cloud

Security: A Simulation Study

The primary concern of this study is to develop security on the cloud system platform

through our policy which is making the cloud platform safer. To make the cloud platform safer,

we must conduct a lot of enhancement on its sole security whether it will get bypassed or block

the decryption by creating a risk management/application model. To ensure the privacy of the

receivers we will improve it in accords to the best of our ability. Since most cloud platforms

today have many features to satisfy the receiver, in this research we will try to minimize the

complications regarding its features minimizing the effort to exert energy and complications in

the system.

Statement of the Problem

The study investigates the cloud storage consumer’s daily struggles with the cloud

domain malfunction, precisely for those casual users and using cloud storage as the number 1

option of storing data. The questions below represent the main goal of the research to achieve

risk-free cloud storage.

1. What would be the main effect on the cloud storage environment in adopting Martin Fishbein

and Icek Azjen’s Theory of Reasoned Action?

2. By researching the cloud platform, what kind of benefits will we acquire if supposed this was

successful?

3. How will the results of this research affect current cloud computing services and their users?
Definition of Key Terms

The terms invoke and objectify is listed below to further defined and assist for a better

understanding the problem in this research.

Cloud Computing - is a on-demand availability of computer system allowing data storage and

power without user control.

Data – Any sequence of one or more symbols. Datum is a single symbol of data requires

interpretation in order to be an information.

Data Breach – a security violation which protected or confidential data either being copied,

stolen, transmitted or used by unauthorized individual.

Malware – A software design to damage, disrupt or gain access to any computer, especially

targeting operating system files or user information on a computer.

Data Security – Process on protecting data from attackers or unauthorized user from gaining

access, it can be data encryption, hashing, tokenization, and key management practice.

Computer Virus – A malicious computer code created to cause extent damage from one

computer to another.

Cloud Service – A platform which being hosted by third-party providers made available across

the internet. They can access from phone to computer without any restrictions.

CHAPTER 2

METHODS
 The Chapter 2 contains the explanation of the research design, sampling and participants,

instrumentation, data analysis, data collection procedures and ethical consideration. These are the

research components are being provided to serve a pivotal role in sketching conclusion and

recommendation.

Research Design

The study examines the cloud storage habits as well as consumers’ behavior towards

using the specific platform. This research aims to create a green cloud environment for all users

through quantitative data analysis. To distinguish the primary concerns, users’ expectations in

every group and with the help of TRA to point out the best option to keep the cloud storage safe.

Using the correlational method, the study develops certain data for consumer’s action

towards cloud storage and possible solutions on user’s struggles by Fishbein’s Theory of

Reasoned Action. Therefore, analyze the age group, specifying the role, and identifying the

intention is the stepping stone towards the goal of the study. The study goes through 4 phase’s

procedures to be followed.

Sampling and Participants

Handing out surveys for students, teachers and office workers to found out what are the

intentions and what platforms are they using.

a. Occupation

- Student

- Teacher

- Office Worker

b. Age

- 12-17

- 18-23

- 23-28

- 28-35

- 36 above
c. Cloud Storage Platforms

- iCloud

- Google Drive

- OneDrive

- Dropbox Business

- MEGA

d. Intention

e. Expectations

Instrumentation

TRA or Theory of Reasoned Action is being used in this study to construct a

comprehensively analysis between a user and the cloud platform. The identification correctly

what risk and solution to create a safe cloud platform.

Data Analysis

The cloud behaviors that users talked about in our survey will go under in-depth analysis

through expectations, criteria, mistakes and reality. Creating patterns and clues to find out

answers that related in the study.

Data Collection Procedure

The study go through 4 phases of data collection that follow.

Phase 1- Identifying the participants’ Age Group, Occupation, Cloud Storage Platform,

Intention, and Expectations

To further analyze the collected data, survey forms should be used to inquire about participants’

age group, occupation, intentions, and expectations. The researcher prepares questions that are

being listed below

Phase 2: Analysis breakdown on the data collected

After collecting the data by adopting Fishbein’s TRA shows significance on what to point out.

The researchers exhibit the consumer’s intention and expectations as well as their behavior

towards the cloud platform.

Phase 3 – A Breakdown and careful analysis of the cloud platform

A discussion will be held in a breakout room analyzing the pros, cons, uses, etc. of the cloud

platform to fulfill the main objective of the research. In the breakdown, the students must

analyze the cloud security system and its functions as this is fundamental in hopes of concluding

the research.

Phase 4 – Utilizing past researches about the cloud system

In this research, the students will utilize the past research about cloud security to gain knowledge

about the platform and use it as leverage to widen the understandings and usage of the cloud

system.

Role of Researcher

The researchers act as analyst and interpreter. The researchers take note the given

providers upon observation and processing of data. Analyzing the data much deeper creates a

pattern between the clues and answers given by the participants, the researchers also compare

every response to every cluster group and age group in this research.

Method of Validation

Even though the study is concentrated in relation between the user and the provider by

using the Fishbein’s Theory of Reasoned Action based on the answers given by the participants,

the researchers also observing how CPA or Computer Practice Management may help according

to Anderson Wells. This will provide extensive understanding and analyzation of relation

between variables given.

Ethical Considerations

The study adhered to the following ethical considerations:

1. All data collected in this study are clearly explained and supported by related

technologies and applications

2. No conflict of interest is being created during the progression of the study

3. Any procedure involving technology and human must not be manipulated

4. Informed consent is being issued for participants in this study

5. The fulfillment of the study is to create an IT green environment.

References

Abdul Rahman, A, A., Islam, S., Kalloniatis, C., & Gritzalis, S. (2017) “A Risk Management

Approach for a Sustainable Cloud Migration” https://doi.org/10.3390/jrfm10040020

Elzamly, A., Hussin, B., Abu Naser, S., Khanfar, K., Doheir, M., Selamat, A., & Rashed, A.

(2016) “A New Conceptual Framework Modelling for Cloud Computing Risk

Management in Banking Organizations”

http://article.nadiapub.com/IJGDC/vol9_no9/13.pdf

Almond, C. (2009) A Practical Guide to Cloud Computing Security

http://book.itep.ru/depository/cloud/practicalguidetocloudcomputingsecurity681482.p

df

Barron, C., Yu H., Zhan J. (2013). Cloud Computing Security Case Studies and Research

http://www.iaeng.org/publication/WCE2013/WCE2013_pp1287-1291.pdf

Padhy, R. P., Patra, M. R., Satapathy, S. C. (2011). Cloud Computing: Security Issues and

Research Challenges https://cloud.report/Resources/Whitepapers/4f90fdda-4042-4035-

97eb-1778dcf52f82_IRACST.pdf

Mehmood, A., Natgunanathan, I., Xiang, Y(2016), Protection of Big Data Privacy

https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7460114

Priyank, J., Manasi, G., Nilay, K(2016), Big Data Privacy: a technological perspective and

Review

https://link.springer.com/article/10.1186/s40537-016-0059-y\

Moore, G. C., Benbasat, I(1996), Integrating Diffusion of Innovations and Theory of

Reasoned Action models to predict utilization of information technology by end-users.

 https://link.springer.com/content/pdf/10.1007%2F978-0-387-34982-4_10.pdf

Irwin, L (2021), The GDPR: Understanding the 6 data protection principles

https://www.itgovernance.eu/blog/en/the-gdpr-understanding-the-6-data-protection-

principles

Ünver, H. A., & Kim, G. (2016). Data Privacy and Surveillance in Turkey: An Assessment of the

Draft Law on the Protection of Personal Data. Centre for Economics and Foreign Policy

http://www.jstor.org/stable/resrep14052

Rastogi, N., Gloria, M. J. K., & Hendler, J. (2015). Security and Privacy of Performing Data

Analytics in the Cloud: A Three-way Handshake of Technology, Policy, and

Management. Journal of Information Policy, 5, 129–154.

https://doi.org/10.5325/jinfopoli.5.2015.0129

Cilluffo, F., Ritchey, R., & Tinker, T. (2010). Cloud Computing Risks and National Security

Keeping Pace with Expanding Technology. http://www.jstor.org/stable/resrep21462.

Kendrick, R. (2009). Outsourcing IT: A governance guide. IT Governance Publishing.

http://www.jstor.org/stable/j.ctt5hh6kf

Anderson, W. H. (2017). Current State of Cloud Practice Management. GPSolo, 34(3), 22–27.

http://www.jstor.org/stable/26425816

Dudash, S. C. (2016). History of Department of Defense Cloud Computing. In The Department

of Defense and the Power of Cloud Computing: Weighing Acceptable Cost versus

Acceptable Risk (pp. 11–13). Air University Press.

http://www.jstor.org/stable/resrep13826.11

Palmer, A., Rickert, T., & Schlepper, J. (2017). Cloud Security: Challenges and Solutions in the

Context of the European Union. Center for Cyber and Homeland Security at Auburn

University. http://www.jstor.org/stable/resrep20740

Maurer, T., & Hinck, G. (2020). Cloud Security. In Cloud Security: A Primer for Policymakers

(pp. 22–37). Carnegie Endowment for International Peace.

http://www.jstor.org/stable/resrep25787.9

Mather, T., Kumaraswamy, S., Latif, S., (2009) Cloud Security and Privacy: An Enterprise

Perspective on Risks and Compliance https://books.google.com.ph/books?

hl=en&lr=&id=BHazecOuDLYC&oi=fnd&pg=PR7