TY - JOUR
T1 - Trust = Utility + Security: Designing for that Elusive Quality in Cloud Computing
AU - Waguespack, Leslie J.
AU - Schiano, Bill
AU - Yates, David
N1 - Publisher Copyright:
© Common Ground Publishing, Leslie J. Waguespack, William T. Schiano, David J. Yates, All Rights Reserved.
PY - 2016
Y1 - 2016
N2 - Cloud computing presents formidable design challenges. Although the utility of cloud computing drove its rapid adoption, its deployment has revealed security shortcomings. These shortcomings, in turn, have created a lack of trust in cloud-based services. We argue that cloud computing must consider security as spanning and responding to the evolving requirements of stakeholder communities, e.g., designers, developers, users, owners, partners, customers, and suppliers . This perspective on security supplants a focus on what must be allowed and disallowed in an information system with a holistic focus on designing and connecting trustworthy services. Specifically, the central goal of achieving quality design is providing peace of mind to stakeholders in the cloud as Trust = Utility + Security. We demonstrate framing design specific to security based on Thriving Systems Theory (TST). TST's properties provide a vocabulary and taxonomy to inform the alignment of design choices with stakeholders' intentions. Our demonstration classifies protection mechanisms and protocols that characterize aspects of cloud security based upon the TST design properties they entail. Each aspect is a lens through which stakeholders can clarify their intentions with respect to security and subsequently assess the quality of design and of implementation.
AB - Cloud computing presents formidable design challenges. Although the utility of cloud computing drove its rapid adoption, its deployment has revealed security shortcomings. These shortcomings, in turn, have created a lack of trust in cloud-based services. We argue that cloud computing must consider security as spanning and responding to the evolving requirements of stakeholder communities, e.g., designers, developers, users, owners, partners, customers, and suppliers . This perspective on security supplants a focus on what must be allowed and disallowed in an information system with a holistic focus on designing and connecting trustworthy services. Specifically, the central goal of achieving quality design is providing peace of mind to stakeholders in the cloud as Trust = Utility + Security. We demonstrate framing design specific to security based on Thriving Systems Theory (TST). TST's properties provide a vocabulary and taxonomy to inform the alignment of design choices with stakeholders' intentions. Our demonstration classifies protection mechanisms and protocols that characterize aspects of cloud security based upon the TST design properties they entail. Each aspect is a lens through which stakeholders can clarify their intentions with respect to security and subsequently assess the quality of design and of implementation.
UR - https://drive.google.com/file/d/1djsJO0pz9h5yG7Ru1-qBx-aAnKJXoOzX/view?usp=sharing
M3 - Article
VL - 10
SP - 25
EP - 40
JO - Design Principles and Practices — Annual Review
JF - Design Principles and Practices — Annual Review
ER -