TOWARDS GREEN INFORMATION TECHNOLOGY USING RISK

MANAGEMENT MODEL FOR CLOUD SECURITY: A SURVEY STUDY

A Research Proposal

Presented to the

Senior High School Department

St. Louis College of Valenzuela

In Partial Fulfillment of Requirements

For the Research Project

Christian Emmanuel Ayag

Reinier Joseph De Vera

Adrian Matthew Antonio

12-POPE JULIUS

January 28, 2022

 CHAPTER 1

THE PROBLEM AND LITERATURE REVIEW

This chapter is the background information of this study that further explain problem

and presenting facts behind the context of the theoretical and conceptual framework

establishing the foundation of this research.

Background of the Study

Cloud storage became the new domain and it became the bank safe for data giving

flexibility for office workers, teachers, and student to store data with ease. However, the

biggest controversy surrounding cloud storage are data privacy, cloud risk management, and

Cyber security on clod. Throughout the modern technology era, there are studies and tools for

unexpected errors creating a foundation for sustainable and green cloud environment for all

users.

The concept of managing risk critical for sustainable cloud environment challenges

and advise to create a realistic plan for risk control. (Abdul Rahman, et al, 2017). Risk

management in cloud storage is a major thing to tackle considering the amount of stress and

money the company has to lose. Over the year there are attempts, and plans for risk controls

that can lessen threats of global crisis.

The cloud is an already well-known and untested technology that is being developed

and upgraded for many years and has been used by many big companies to do may IT-related

services (Almond, 2009). Although the ways that define it today are undeniably different for

what defined it years before and it’s in the process of being becoming mainstream for

consumers to store their data daily. Even if security remains a concern for many users,

experts already know how to quickly deal with some of the security issues that have been the

main concern of users making them reluctant to us it.

 Security of the cloud is already fairly robust and reliable always adapting technologies

that have been proven to be safe to avoid many security holes that have been discovered in an

old system (Barron, et al, 2013). Yet adopting new technologies is not enough to protect

against these holes as they are new and the holes in then are still hidden. Once of these holes

is stumbled upon it can severely compromise the security structure that the cloud relies on

and may result in harming its consumers. This may result in distrust of the technology and

may encourage consumers to just invest in their own data storage that they can perfectly

control. These users may miss out on many helpful features that the cloud provides and the

cost of investing in a local server may be devastating as it requires a lot of resources and

specialist to build and operate.

To have cloud that doesn’t worry its consumers if their data will be stollen of leaked,

it needs to overcome may complicated problems and obstacles in terms of its security because

it needs many technologies that are working with each other continuously for it to property

run and be usable (Padhy, et al, 2011). The security of these technologies needs to be

addressed first with may take many resources to research and implement. But the results that

have been acquired may yield interesting outcomes to use in other fields in technology that

can be further be researched to help identify future threats and how to prevent them in the

future.

The prince needed for safe and user-friendly cloud data storage may be large but its benefits

out scale the cost for its security. Business both compete with and overtake larger businesses

with this technology. It largely makes everything need-based and on-demand, from data

security to storage, thus giving them freedom form the burden of huge investments.
 Because many encryptors are attempting to breach our data, ensuring privacy in our

data has become difficult that are the known in force the security of our data; we employ both

modern and traditional ways for preserving data and maintaining security (Jain et al, 2016).

The cloud media landscape that is currently evolving and adapting to new development as

time passes by. Still, we must not be complacent. Each year companies are developing their

cloud and its security. In addition, they also add new features that are accessible to the

customers. Also, the reason why each year, each company is improving their security on the

cloud is that as the year passes by data breaching is evolving into a higher level. This is why

the consistency and dedication of improving cloud security are a must on data privacy.

Many initiatives have been done improve our security in recent years to safeguard

data privacy, such as two-factor authentication and so on (Abid et al, 2016). Evolution is one

of the major factors in the internet platform. Evolution is a critical key in terms of success,

because not only as time passes by, the security on the platform will also keep developing.

The most important part in improving the security on the cloud is Consistency. We must be

consistent and we must be dedicated to improving and developing as time moves onward.

With the introduction of modern technologies, there are also its ups and downs, its risks, and

its opportunity. The sole primary objective of this research is to expand the cloud in each

phase and explain the factors surrounding it, the cloud is a domain that is constantly

developing and this paper revolves around it for the fulfillment of the privacy of the users.

Data Privacy in Literature

The concept of data privacy is a complex, multi web like structure yet everyone is obligated

to know about these since privacy is a part of our rights, in their seminal essay enunciated

that the right to privacy was based on a principle of “inviolate personality”, thus laying the

foundation for a concept of privacy. (Warren and Brandeis et al., 2022) Since the concept of
privacy is complex, many of its components are easier to understand by breaking it down one

by one and categorizing it, as done by Roger Clarke in his previous publications. As stated in

the last statement Clarke categorized each privacy into four (4) parts.

1. Privacy of the person

2. Privacy of the behavior

3. Privacy of data

4. Privacy of communication

With this as the foundation, Roger Clarke’s taxonomy allows different types of

privacy to be handled differently with the assurance of having the user’s data protected while

also retaining privacy. But as the last statement said every kind of situation that resolves

around data privacy will be handled differently but not all kinds of data privacy issues can be

solved by protecting your data. Also, since each category will be treated differently, the user

must also know that protecting your data is not the only way to give security to your privacy.

Personal data is considered as an identification number to a person, since personal

data contains your information and this was defined by European convention on Human

Rights (ECHR). In Europe two major institutions are involving in performing and implanting

legal actions on if a person as violated on their institutional right (Ünver & Kim, 2016) With

the surge of social media, many privacies are at stakes and many laws were required to adapt

to these changes. Within the next paragraph contains each country that have their own laws

and the way they handle these situations.

The six (6) principles of privacy are transparency, purpose limitation minimization,

accuracy, storage limitation, integrity. This accomplished on giving the people basic section

also showed on what the necessary legal actions to be taken (Irwin, 2021). Researchers found
out on what certain countries established laws about privacy, and the last but not the least is

the principles of data meaning there are fundamentals and rules to be followed when privacy

is involved.

Cloud Risk Management in Literature

According to Anderson H. Wells (Current state of Cloud Practice Management 2017)

Majority of people from future would probably using cloud storage from the past mistakes,

the applying CPM it would gradually help the community to trust the Cloud furthermore and

people across the globe can share files from one another without worrying about data

breaches. But some will still question about how secure a cloud storage will specially for

lawyers who brings confidential documents and cases along with them, the following

concerns are:

1. Confidentiality and security

2. Loss of control of data

3. Being unfamiliar with the technology

4. Losing access and ownership of data

The current state of clouding Computing still uncertain and with the introduction o CPM

(Cloud Practice Management), 5 years from now CPM would be stable service and the

dominant legal practice management solution (Wells, 2017). There are still alternatives which

you can use if you are still hesitant on using CPM in Cloud Computing, like traditional based

software or local area network (LAN) in your office to transfer data computer by computer.

As fast as the technology is rapidly growing, uneasiness and question developing along with

it that we cannot control.

Traditional client configuration to as cloud computing will not gradually relieve federal

departments from a regulatory requirement to protect federal IT systems from intruders.

Therefore, an E-Government Act of 2002 which states measuring information security and

establishing NIST as the organization responsible (Dudash, 2016). Configuration of the cloud

client may help but the threat will still be there, creating laws and extra measures are

examples of options in order to sustain a healthy cloud environment in workspace.

IT Compliance, operational and financial mechanism by organizations spark concerns of

outsourcing the IT functions. Most of the cloud computing services are very wary on

particular security issues as technology grow forcing numerous organizations to stored their

backup data on a compartmentalized server (Kendrick, 2009). The fear surrounding on

malwares and data breaches are some examples that most organization are very prudent in

cloud computing forcing them constructing a backup/compartmentalized server.

Cloud Security in Literature

Security of the cloud has been one of the major concerns on using it. As the general

population is become more acquired and intertwined with the current technology, data o those

users is really valuable to many malicious agents who will take advantage of the data they

have stolen from the user to personal gain (Maurer & Hinck, 2020). The risk of attacks in the

cloud will de devastating to many users and is one of the global risks that will affect many

people and governance around the world.

These are some of the incidents that have happened in collected by Mr. Maurer and

Hinck (2020).

 November 2014 – A system update rolled out globally for Microsoft Azure’s Storage

services caused failure in virtual machines.

 May 2016 – A salesforce U.S. data center went down for about one day, tracing its

cause to be failed circuit break in another data center that cause of flood traffic.
  June 2017 – Security researchers warned chip manufacturer Intel and others about the

Spectre/Meltdown speculative exploitation vulnerabilities.

 June 2018 – Azure customers in Northern Europe experienced a five-hour outage due

to hot summer temperatures in a data center, leading to automated infrastructure

shutdowns.

 January 2019 – Issues with an external domain name service provider caused errors in

Internal Microsoft Azure system that led to the accidental dropping of customers

databases, which were later recovered.

Most of these operations are not publicly stated to their customers to avoid exploitation of

a known vulnerability that has yet to have fix. In order to further understand many procedures

cloud service providers, do in order to make cloud system safe (Mather et al, 2009).

Simplified the most important aspects of how data is moved and secured into five levels.

- Data in transit

- Data at rest

- Processing of the data

- Data lineage

- Data Provenance

- Data remanence

Cloud systems and services still a new paradigm, industries and groups mostly

outsourced security operations particularly I third-party system that manage through

contractual controls. There are many advantages that can comply with EU compliance

controls and some of them may benefit both user security and the system (Palmer et al, 2017).

These are the compliance controls listed below.

- Controls for limiting where data will be stored in cloud-based systems.

 - Contractual assurance of adequate GDPR and EU security controls and record

- Keeping by cloud provider to evidence controls are implemented adequately.

- Emphasis on collaboration between data processor, controller, and cloud client, on

threat information.

- Partnership with law enforcement and private sector where possible to share threat

intelligence between public and private sectors.

- Embedded privacy compliance onto politics and infrastructures at beginning

implemented.

- Redundancy and adequate back-up systems are scalable in the cloud.

- Focus on blockchain as a tool to bolster interoperability and better network tracing,

for auditing and compliance confirmation, may also be possible.

User behavior

Behavior of the user using the cloud will vary on their knowledge on how to work

around the cloud and the ease of use the user feel when using it. A company that has limited

infrastructure for example may adopt the use of google drive as a mean to transfer files

between departments efficiently as it saves them the cost of another non-cloud-based

alternative. While a student whose local storage system is full may only use the cloud as an

extension of that storage and the option to access them on different devices. Depending on

how the user will use the cloud they tend may miss some features and may develop

misconceptions on the technology about being unreliable and inferior to other practices and

result in problems adopting the technology despite the cost-savings potential and convenience

may cloud computing services offer to companies or end-users. Thus, we need a way to make

a simpler and more understandable user interface that not only educate the user on different

features on how to use them efficiently but also educate them on how other users in the same

cloud service can influence or change the files that is stored in the cloud to help users how to
deal with file conflicts and other problems that a shared cloud service may bring (Tang et al,

2013).

According to Kurdi (2014) suggest that in order for a welcome cloud environment for

whatever use the user wants, A cloud service provider should equip their product with user

interface that is:

- Seemingly interactive - because the more interactive a service is the user can

immediately respond to the program and it saves them time from loading screens.

- Natural when the user is interaction with it - to give users an option to be flexible

with the service and use it to their liking.

- Dynamic in visualizations - as navigating the cloud can be difficult at times and

dynamic visual can help a user find the file, they are looking for without checking

every folder.

User also focus on these aspects as it will determine their experience of the cloud and

not only on the security of the data in the cloud. Therefore, standardization of these

suggestions should be normalized in order to let users a consistent user interface throughout

different platforms rather than different types that service providers include different features

that only confuse the user and detest some features that may improve a practice they are

currently using.
 Martin Fishbein and Icek Azjen’s Theory of Reasoned
Action

Process Sample Output

Detail the consumer’s attitude Trusting Cloud storage

towards cloud storage technology as a form
of
behavior storing digital data

Validate the specific intention Using Cloud computing

of cloud storage user. storage as a storage
for
reserves digital data

Identify the consumer’s actual Using Cloud computing

behavior on using cloud storage as a primary source
of
storage. digital storage

Theoretical Framework

Figure 1, Theoretical Framework for Martin Fishbein and Icek Azjen’s Theory of

Reasoned Action

Theory of Reasoned Action needs to develop and test a model to further explain after

the adoption. Nevertheless, implementing TRA is one of the options and thus we recommend

that its power and applicability to other IT application need to be investigated and run more
 tests to evaluate the degree to which it could be universal to all IT domains (Moore et al,

1996). To create a model towards risk management on cloud storage, it should be examined
The pros and cons of specific
extremely
cloud storage and it must be identified carefully on consumer’s expectations and their actual
service

behavior.
Risk management approach in
case ofConceptual Framework
data loss or data breach

Applications and Tools that can

help secure cloud storage

Risk Green Information

management/application Technology
model for a cloud storage Sustainability

Figure 2, Conceptual Framework for Towards Risk Management Model for Cloud

Security: A Survey Study

The primary concern of this study is to develop security on the cloud system platform

through our policy which is making the cloud platform safer. To make the cloud platform

safer, we must conduct a lot if enhancement on its sole security whether it will get bypassed

or block the decryption by creating a risk management/application model. To ensure the

privacy of the receivers we will improve it in accord to the best of our ability. Since most

loud platforms today have many features to satisfy the receiver, in this research we will try to

minimize the complications regarding its features minimizing the effort to exert energy and

complications in the system.

Statement of the Problem

The study investigates the cloud storage consumer’s daily struggles with the cloud

domain malfunction, precisely for those casual users and using cloud storage as the number 1

option of storing data. The questions below represent the main goal of the research to achieve

risk-free cloud storage.

1. What would be the main effect on the cloud storage environment on adopting Martin

Fishbein and Icek Azjen’s Theory if Reasoned Action?

2. By researching the cloud platform, what kind of benefits will we acquire if supposed

this was successful?

3. How will the results of this research affect current cloud computing services and their

users?

Definition of Key Terms

The terms invoke and objectify is listed below further defined and assist for a better

understanding the problem in this research.

Cloud Computing – is a on-demand availability computer system allowing data storage and

power without user control.

Data – Any sequences of one or more symbols. Datum is a single symbol of data requires

interpretation is order to be an information.

Data Breach – a security violation which protected of confidential data either being copied,

stolen, transmitted or sed by unauthorized individual.

Malware – A software design to damage, disrupt or gain access to any computer, especially

targeting operating system files or user information on a computer.

Data Security – Process on protecting data from attackers or unauthorized user from gaining

access, it can be data encryption, hashing, tokenization, and key management practice.

Computer Virus- A malicious computer code crated to cause extend damage from one

computer to another.

Cloud Service – A platform which being hosted by third-party providers made available

across the internet. They can access from phone without any restrictions.

CHAPTER 2

METHODS

The Chapter 2 contains the explanation of the research design, sampling and

participants, instrumentation, data analysis, data collection and ethical consideration. These

are the research components are being provided to serve a pivotal role in sketching

conclusion and recommendation.

Research Design

The study examines the cloud storage habits as well as customers’ behavior towards

using the specific platform. This research aims to create a green cloud environment for all

users through quantitative data analysis. To distinguish the primary concerns, users’

expectations in every group and with the help of TRA to point out the best option to keep the

clous storage safe.

Using the correlational method, the study develops certain data for consumer’s action

towards cloud storage and possible solutions on user’s struggles by Fishbein’s Theory of

Reasoned Action. Therefore, analyze the age group, specifying the role, and identifying the

intention is the stepping stone towards the goal of the study. The study goes through 4

phase’s procedures to be followed.

Sampling and Participants

The researchers will use authoritative sampling, to specifically select the respondents

based on the needed data for the study.

a. Occupation

- Students of Valenzuela City

b. Age

- 12-20

c. Cloud Storage Platforms

- iCloud

- Google Drive

- OneDrive

- Dropbox Business

- MEGA

d. Intention

e. Expectations

Instrumentation

TRA or Theory of Reasoned Action is being used in this study to construct a

comprehensively analysis between a user and the cloud platform. The questionnaire will be

made through Google Forms.

Data Analysis
 The respondent’s cloud behaviors will be procured from the survey and will go

through in-depth analysis through expectations, criteria, mistakes and reality. Creating

patterns and clues to find answers that are related in the study.

Data Collection Procedure

Due to the ongoing pandemic, the questionnaires will be distributed through Google

Forms and other social media applications. The collected data will go through 4 phases of

data collection that follows.

Phase 1 – Identifying the participants’ Age Group, Occupation, Cloud Storage

Platform, Intention, and Expectation

To further analyze the collected data, survey forms should be used to inquire about

participants’ age group, occupation, intentions, and expectations. The researcher prepares

question that are being listed below.

Phase 2: Analysis breakdown on the data collected

After collecting the data by adopting Fishbein’s TRA shows significance on what to point

out. The researchers exhibit the consumer’s intention and expectation as well as their

behavior towards the cloud platform.

Phase 3 – A Breakdown and careful analysis of the cloud platform

A discussion will be held in a breakout room analyzing the pros, cons, uses, etc. of the cloud

platform to fulfill the main objective of the research. In the breakdown, the students must
analyze the cloud security and its function as this is fundamental in hopes of concluding the

research.

Phase 4 – Utilizing past researchers about the cloud system

In this research, the students will utilize the past research about cloud security to gain

knowledge about the platform and use it as leverage to widen the understandings and usage

of the cloud system.

Role of Researcher

The researchers act as analysis and interpreter. The researchers take note the given

providers upon observation and processing of data. Analyzing the data much deeper creates a

pattern between the clues and answers given by the participants, the researchers also compare

every response to every cluster group and age group in this research.

Method of Validation

Even though the study is concentrated in relation between the user and the provider by

using the Fishbein’s Theory of Reasoned Action based on the answers given by the

participants, the researchers also observing how CPA or Computer Practice Management may

help according to Anderson Wells. This will provide extensive understanding and analyzation

of relation between variables given.

Ethical Considerations

The study adhered to the following ethical considerations:

1. all data collected in this study are clearly explained and supported by related technologies

and applications

2. No conflict of interest is being created during the progression of the study

3. Any procedure involving technology and human must not be manipulated

4. Informed consent is being issued for participants in this study

5. The fulfillment of the study is to create an IT green environment.

References

Abdul Rahman, A, A., Islam, S., Kalloniatis, C., & Gritzalis, S. (2017) “A Risk Management

Approach for a Sustainable Cloud Migration” https://doi.org/10.3390/jrfm10040020

Elzamly, A., Hussin, B., Abu Naser, S., Khanfar, K., Doheir, M., Selamat, A., & Rashed, A.

(2016) “A New Conceptual Framework Modelling for Cloud Computing Risk

Management in Banking Organizations”

http://article.nadiapub.com/IJGDC/vol9_no9/13.pdf

Almond, C. (2009) A Practical Guide to Cloud Computing Security

http://book.itep.ru/depository/cloud/practicalguidetocloudcomputingsecurity681482.p

df

Barron, C., Yu H., Zhan J. (2013). Cloud Computing Security Case Studies and Research

http://www.iaeng.org/publication/WCE2013/WCE2013_pp1287-1291.pdf

Padhy, R. P., Patra, M. R., Satapathy, S. C. (2011). Cloud Computing: Security Issues and
 Research Challenges https://cloud.report/Resources/Whitepapers/4f90fdda-4042-

4035-97eb-1778dcf52f82_IRACST.pdf

Mehmood, A., Natgunanathan, I., Xiang, Y (2016), Protection of Big Data Privacy

https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7460114

Priyank, J., Manasi, G., Nilay, K(2016), Big Data Privacy: a technological perspective and

Review https://link.springer.com/article/10.1186/s40537-016-0059-y\

Moore, G. C., Benbasat, I(1996), Integrating Diffusion of Innovations and Theory of

Reasoned Action models to predict utilization of information technology by end-users.

https://link.springer.com/content/pdf/10.1007%2F978-0-387-34982-4_10.pdf

Irwin, L (2021), The GDPR: Understanding the 6 data protection principles

https://www.itgovernance.eu/blog/en/the-gdpr-understanding-the-6-data-

protectionprinciples

Ünver, H. A., & Kim, G. (2016). Data Privacy and Surveillance in Turkey: An Assessment of

the Draft Law on the Protection of Personal Data. Centre for Economics and Foreign

Policy

http://www.jstor.org/stable/resrep14052

Rastogi, N., Gloria, M. J. K., & Hendler, J. (2015). Security and Privacy of Performing Data

Analytics in the Cloud: A Three-way Handshake of Technology, Policy, and

Management. Journal of Information Policy, 5, 129–154.

https://doi.org/10.5325/jinfopoli.5.2015.0129

Cilluffo, F., Ritchey, R., & Tinker, T. (2010). Cloud Computing Risks and National Security
 Keeping Pace with Expanding Technology. http://www.jstor.org/stable/resrep21462.

Kendrick, R. (2009). Outsourcing IT: A governance guide. IT Governance Publishing.

http://www.jstor.org/stable/j.ctt5hh6kf

Anderson, W. H. (2017). Current State of Cloud Practice Management. GPSolo, 34(3), 22–

27. http://www.jstor.org/stable/26425816

Dudash, S. C. (2016). History of Department of Defense Cloud Computing. In The

Department of Defense and the Power of Cloud Computing: Weighing Acceptable

Cost versus Acceptable Risk (pp. 11–13). Air University Press.

http://www.jstor.org/stable/resrep13826.11

Palmer, A., Rickert, T., & Schlepper, J. (2017). Cloud Security: Challenges and Solutions in

the Context of the European Union. Center for Cyber and Homeland Security at

Auburn University. http://www.jstor.org/stable/resrep20740

Maurer, T., & Hinck, G. (2020). Cloud Security. In Cloud Security: A Primer for

Policymakers (pp. 22–37). Carnegie Endowment for International Peace.

http://www.jstor.org/stable/resrep25787.9

Mather, T., Kumaraswamy, S., Latif, S., (2009) Cloud Security and Privacy: An Enterprise

Perspective on Risks and Compliance

https://books.google.com.ph/books?hl=en&lr=&id=BHazecOuDLYC&oi=fnd&