Abstract
Building customer trust is a huge problem in the cloud computing paradigm. Today, hundreds of companies around the world are offering cloud services in major or minor scale with global or local reach. In spite of the availability of numerous establishments for cloud services, there is a critical link missing with the customers—and that is the lack of appropriate customer trust in the cloud provider’s services. The issue of trust in clouds has already been addressed from multiple technical perspectives where the researchers suggested solutions based on existing knowledge in other computing and communications systems. In this paper, we suggest a different concept of ensuring trust in cloud services by using the power of Information and Communications Technology. The basic idea lies in the fact that there should be a global standardization authority which would certify trusted cloud providers which in turn would earn customer trust. Novelty in this concept is mainly in its operational details presented in the paper. The main objective is to analyze various aspects of this proposed model from the policy making issues alongside slightly addressing technical issues. To make our work easily accessible to general readers and the experts, we also present the backgrounds of cloud computing and analyze the conceptual model with real-life challenges and issues.
Similar content being viewed by others
Notes
The terms “user” and “customer” are used interchangeably throughout this paper.
References
Computing Curricula 2005. (2005). The overview report. The joint task force for computing curricula 2005 by ACM, AIS, IEEE-CS, 30 September 2005. http://www.acm.org/education/curric_vols/CC2005-March06Final.pdf. Last accessed July 18, 2014.
Mell, P., & Grance, T. (2011). The NIST definition of cloud computing. NIST Special Publication 800-145, September 2011.
Pathan, A.-S. K. (2013). Fi-Wi network for future cloud. International Journal of Applied Research on Information Technology and Computing, 4(3), 122–132.
Pathan, A.-S. K. (2013). When the cloud computing becomes mobile! International Journal of Internet and Distributed Systems, 1(3), 17. doi:10.4236/ijids.2013.13003.
Potential and Impacts of Cloud Computing Services and Social Network Websites. In Science and technology options assessment report, PE 513.546, European Parliamentary Research Service, January 2014.
Abdalla, A.-K. A., & Pathan, A.-K. A. (2014). On protecting data storage in mobile cloud computing paradigm. IETE Technical Review, 31(1), 82–91. doi:10.1080/02564602.2014.891382.
Viriyasitavat, W., & Martin, A. (2010). Formal trust specification in service workflows. In 2010 IEEE/IFIP 8th international conference on embedded and ubiquitous computing (EUC), 11–13 December, 2010, pp. 703–710.
Viriyasitavat, W., & Martin, A. (2012). A survey of trust in workflows and relevant contexts. IEEE Communications Surveys & Tutorials, 14(3), 911–940.
Pathan, A.-S. K. (2014). On the boundaries of trust and security in computing and communications systems. International Journal of Trust Management in Computing and Communications, 2(1), 1–6.
Grandison, T., & Sloman, M. (2000). A survey of trust in internet applications. IEEE Communications Surveys and Tutorials, 3(4), 2–16.
Quercia, D., Hailes, S., & Capra, L. (2006). B-Trust: Bayesian trust framework for pervasive computing. In Proceedings of the 4th international conference on Trust (iTrust’06), 2006, LNCS 3986, Springer, pp. 298–312.
Tabaki, H., Joshi, J. B. D., & Ahn, G.-J. (2010). Security and privacy challenges in cloud computing environments. IEEE Security and Privacy, 8(6), 24–31.
Khan, K. M., & Malluhi, Q. (2010). Establishing trust in cloud computing. IT Professional, 12(5), 20–27.
Ranchal, R., Bhargava, B., Othmane, L. B., Kim, A., Kang, M., & Linderman, M. (2010). Protection of identity information in cloud computing without trusted third party. In 2010 29th IEEE symposium on reliable distributed systems, October 31 2010–November 3 2010, pp. 368–372.
Lin, K.-J., Lu, H., Yu, T., & Tai, C.-E. (2005). A reputation and trust management broker framework for web applications. In The 2005 IEEE international conference on e-technology, e-Commerce and e-Service, 2005 (EEE ‘05), 29 March–1 April 2005, pp. 262–269.
Li, X., & Du, J. (2013). Adaptive and attribute-based trust model for servicelevel agreement guarantee in cloud computing. IET Information Security, 7(1), 39–50.
Goyal, M. K., Gupta, P., Aggarwal, A., & Kumar, P. (2012). QoS based trust management model for Cloud IaaS. In 2012 2nd IEEE international conference on parallel distributed and grid computing (PDGC), 6–8 December 2012, pp. 843–847.
Raghebi, Z., & Hashemi, M. R., (2013). A new trust evaluation method based on reliability of customer feedback for cloud computing. In 2013 10th international ISC conference on information security and cryptology (ISCISC), 29–30 August 2013, pp. 1–6.
Barsoum, A., & Hasan, A. (2013). Enabling dynamic data and indirect mutual trust for cloud computing storage systems. IEEE Transactions on Parallel and Distributed Systems, 24(12), 2375–2385.
Lin, G., Wang, D., Bie, Y., & Lei, M. (2014). MTBAC: A mutual trust based access control model in cloud computing. China Communications, 11(4), 154–162.
Pal, S., Khatua, S., Chaki, N., & Sanyal, S. (2012). A new trusted and collaborative agent based approach for ensuring cloud security. Annals of Faculty Engineering Hunedoara—International Journal of Engineering, 10(1), 71–78.
Manuel, P. D., Selvi, S. T., & Barr, M. I. A.-E. (2009). Trust management system for grid and cloud resources. In First international conference on advanced computing, 2009 (ICAC 2009), 13–15 December 2009, pp. 176–181.
Somasundaram, T. S., Amarnath, B. R., Kumar, R., Balakrishnan, P., Rajendar, K., Rajiv, R., et al. (2010). CARE resource broker: A framework for scheduling and supporting virtual resource management. Future Generation Computer Systems, 26, 337–347.
Habib, S. M., Hauke, S., Ries, S., & Mühlhäuser, M. (2012). Trust as a facilitator in cloud computing: a survey. Journal of Cloud Computing: Advances, Systems and Applications,. doi:10.1186/2192-113X-1-19.
Pathan, A.-S. K., & Kindy, D. A. (2014). Lethality of SQL injection against current and future internet-technologies. International Journal of Computational Science and Engineering, 9(4), 386–394.
Building customer trust—A perspective on Service Organization Controls reporting options. In Technical report. PwC network, Canada. http://www.pwc.com/en_CA/ca/controls/performance-assurance/publications/pwc-building-customer-trust-2013-10-en.pdf. Last accessed July 26, 2014.
Kindy, D. A., & Pathan, A.-S. K. (2013). A detailed survey on various aspects of SQL injection in web applications: Vulnerabilities, innovative attacks and remedies. International Journal of Communication Networks and Information Security, 5(2), 80–92.
Shin, J., Kim, Y., Park, W., & Park, C., (2012). DFCloud: A TPM-based secure data access control method of cloud storage in mobile devices. In Proceedings of 2012 IEEE CloudCom, 3–6 December 2012, pp. 551–556.
Jia, W., Zhu, H., Cao, Z., Wei, L., & Lin, X., (2011). SDSM: A secure data service mechanism in mobile cloud computing. In 2011 IEEE INFOCOM workshops, 1015 April 2011, pp. 1060–1065.
Parann-Nissany, G. (2014). Top cloud computing security issues and solutions. May 5, 2014. http://www.cloudave.com/34670/top-cloud-computing-security-issues-solutions/. Last accessed July 26, 2014.
Khalil, I. M., Khreishah, A., & Azeem, M. (2014). Cloud computing security: A survey. Computers, 3, 1–35.
Adams, M. (2014). Three ways to build customer trust. Forbes Magazine, 22 April, 2014. http://www.forbes.com/sites/yec/2014/04/22/three-ways-to-build-customer-trust/. Last accessed July 26, 2014.
General information on ISO. http://www.iso.org/iso/support/faqs/faqs_general_information_on_iso.htm. Last accessed July 26, 2014.
Brenner, M., Wiebelitz, J., Voigt, G. V., & Smith, M. (2011). Secret program execution in the cloud applying homomorphic encryption. In 2011 Proceedings of 5th IEEE DEST, 31 May–3 June 2011, pp. 114–119.
Mohammed, M. M. Z. E., & Pathan, A.-S. K.. (2014). International center for monitoring cloud computing providers (ICMCCP) for ensuring trusted clouds. In The 11th IEEE international conference on autonomic and trusted computing (ATC-2014), December 9–12, 2014, Ayodya Resort, Bali, Indonesia.
Focus Group on Cloud Computing Technical Report. Version 1.0, parts 1 to 7. ITU-T (for Telecommunication Standardization Sector of the International Telecommunications Union), 2012.
Cloud for Europe. http://ec.europa.eu/digital-agenda/en/news/cloud-europe-stage. Last accessed December 20, 2014.
US Government Cloud Computing Technology Roadmap, Volume I, Release 1.0 (Draft), NIST, USA, November 2011. http://www.nist.gov/itl/cloud/upload/SP_500_293_volumeI-2.pdf. Last accessed December 26, 2014.
US Government Cloud Computing Technology Roadmap Volume I: High-Priority Requirements to Further USG Agency Cloud Computing Adoption, NIST, USA, October 2014. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.500-293.pdf. Last accessed December 26, 2014.
Acknowledgments
The authors would like to thank the anonymous reviewer(s) for the insightful comments which have helped improve the paper greatly. This work was fully supported by NDC Lab (Networking and Distributed Computing Laboratory), KICT, IIUM. Al-Sakib Khan Pathan is the corresponding author.
Conflict of interest
The authors declare that there is no conflict of interest of this work.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Pathan, AS.K., Mohammed, M.M.Z.E. Building Customer Trust in Cloud Computing with an ICT-Enabled Global Regulatory Body. Wireless Pers Commun 85, 77–99 (2015). https://doi.org/10.1007/s11277-015-2729-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-015-2729-z