Internal Threats from CSPs and the Continuance Intention to Use Cloud Computing

Kunle Elebute^1,

¹Department of Computer Science, University of Maryland University College, Largo, Maryland, USA

Cite this paper:
Kunle Elebute. Internal Threats from CSPs and the Continuance Intention to Use Cloud Computing. International Transaction of Electrical and Computer Engineers System. 2019; 6(1):1-7. doi: 10.12691/iteces-6-1-1

Abstract

There is a growing concern among organizations using cloud computing about the alarming rate of internal attacks on private cloud-stored data such as unauthorized exposure, disclosure, and sale of customer’s confidential information by employees or associates of a cloud service provider (CSP). These unprofessional practices conducted accidentally or intentionally within the infrastructure of a service provider are internal threats. While studies have shown consistently that these unauthorized practices constitute an internal threat to data confidentiality and privacy, researchers are yet to empirically substantiate how these breaches by insiders of CSPs affect an organization’s continuance intention to use cloud computing. Furthermore, available studies on data security have not fully explored the perception of IT managers about how internal threats affect their strategy while making the decision to continue using cloud computing. Using a multinomial logistic regression, this study analyzed data collected from IT managers with cloud experience. Findings of this study indicated that internal threats such as unauthorized exposure, disclosure, and sale of customer’s data to third-party firms by employees of CSPs significantly influence the continuance intention to use cloud computing. This study benefits IT stakeholders by exploring the impacts of internal security lapses from the CSP on the decision of organizations to continue using cloud computing.

Keywords:
internal threat insider cloud computing data breach intrusion malware

This work is licensed under a Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

References:

[1]	Kajiyama, T., Jennex, M., & Addo, T. (2017). To cloud or not to cloud: How risks and threats are affecting cloud adoption decisions. Information and Computer Security, 25(5), 634-659.
[2]	Elebute, K. (2018). Trust and Continuous Deployment of Cloud Computing: A Quantitative Analysis. Journal of Computer Sciences and Applications, 6(2), 69-74.
[3]	Yusop, Z. M., & Abawajy, J. (2014). Analysis of insiders attack mitigation strategies. Procedia-Social and Behavioral Sciences, 129, 581-591.
[4]	Rao, R. V., & Selvamani, K. (2015). Data security challenges and its solutions in cloud computing. Procedia Computer Science, 48, 204-209.
[5]	Babu, B. M., & Bhanu, M. S. (2015). Prevention of insider attacks by integrating behavior analysis with risk based access control model to protect cloud. Procedia Computer Science, 54, 157-166.
[6]	Hawedi, M., Talhi, C., & Boucheneb, H. (2018). Security as a Service for Public Cloud Tenants (SaaS). Procedia Computer Science, 130, 1025-1030.
[7]	Wu, K., Vassileva, J., & Zhao, Y. (2017). Understanding users' intention to switch personal cloud storage services: Evidence from the Chinese market. Computers in Human Behavior, 68, 300-314.
[8]	Sadooghi et al. (2017). Understanding the performance and potential of cloud computing for scientific applications. IEEE Transactions on Cloud Computing, 5(2), 358-371.
[9]	Phaphoom, N., Wang, X., Samuel, S., Helmer, S., & Abrahamsson, P. (2015). A survey study on major technical barriers affecting the decision to adopt cloud services. Journal of Systems and Software, 103, 167-181.
[10]	Alsmadi, D., & Prybutok, V. (2018). Sharing and storage behavior via cloud computing: Security and privacy in research and practice. Computers in Human Behavior, 85, 218-226.
[11]	Mell, P., & Grance, T. (2011). The NIST definition of cloud computing. NIST Special Publication, 800(145), 7.
[12]	Mishra, P., Pilli, E. S., Varadharajan, V., & Tupakula, U. (2017). Intrusion Detection Techniques in Cloud Environment: A Survey. Journal of Network and Computer Applications, 77, 18-47.
[13]	Liu, L., De Vel, O., Han, Q. L., Zhang, J., & Xiang, Y. (2018). Detecting and Preventing Cyber Insider Threats: A Survey. IEEE Communications Surveys & Tutorials, 20(2), 1397-1417.
[14]	Callegati, F., Giallorenzo, S., Melis, A., & Prandini, M. (2018). Cloud-of-Things meets Mobility-as-a-Service: An insider threat perspective. Computers & Security, 74, 277-295.
[15]	Ambre, A., & Shekokar, N. (2015). Insider threat detection using log analysis and event correlation. Procedia Computer Science, 45, 436-445.
[16]	Sticha, P. J., & Axelrad, E. T. (2016). Using dynamic models to support inferences of insider threat risk. Computational and Mathematical Organization Theory, 22(3), 350-381.
[17]	Kaptur, M. E., Fisher, S. D., Robinson, D., & Fisher, C. D. (2018). Big Data and the Bigger Picture. European Journal of Economics, 2(2).
[18]	Creswell, J. W., & Creswell, J. D. (2017). Research design: Qualitative, quantitative, and mixed methods approaches. Sage publications.
[19]	Field, A. (2013). Discovering statistics using IBM SPSS Statistics (4th ed.). Thousand Oaks, CA: Sage.
[20]	Yang, H., & Lin, S. (2015). User continuance intention to usecloud storage service. Computers in Human Behavior, 52, 219-232.