*3.3.2 Cloud security*

Based on NIST's cloud security definition [10], cloud provides one of the three fundamental services:


Regardless of the type of service cloud provides, security of the cloud should consider boundary security that builds itself on the layered architecture of hypervisors. Moreover, hardware boundary and abstraction boundary definitions are protections should be offered regarding whether the cloud itself is private or public.

It is dramatically important for cloud to isolate individual customers' data so that they will not interfere with other customers' data. So, anonymity is a primary concern. A straightforward technique to provide anonymity is by incorporating encryption.

Moreover, it should be computationally infeasible to extract summary data that will bring together multiple subscribers' data pool, as this may lead to unfair and unethical advantage. As an example, personal healthcare data stored for multiple healthcare providers should not be analyzed easily to extract a conclusion that persons inhabiting in a particular region are more prone to a particular disease as this may cause people from this region be charged higher by insurance companies.

Though security measures are classified and analyzed separately, due to the complex nature of information systems, handling information most of the time involves multiple aspects of security at the same time. For this reason, complex information security systems have been developed and are widely used. Some examples of such systems are Pretty Good Privacy (PGP) [11] for data encryption, integrity, and authentication, Kerberos for secure key distribution, and many more [12].

## **4. Conclusions**

This section introduces the three fundamental states of information, namely, information in transit, information in process, and information in storage, and then discusses the security measures pertaining to each state of information. In particular, network security methods to provide security of information in transit, computer security methods to provide security of information in process, and database/cloud security to provide security of information in storage are introduced and discussed in detail.

**77**

**Author details**

TX, USA

Ebru Celikel Cankaya

Department of Computer Science, University of Texas at Dallas, Richardson,

© 2020 The Author(s). Licensee IntechOpen. This chapter is distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/ by/3.0), which permits unrestricted use, distribution, and reproduction in any medium,

\*Address all correspondence to: exc067000@utdallas.edu

provided the original work is properly cited.

*Security and Privacy in Three States of Information DOI: http://dx.doi.org/10.5772/intechopen.91610*

the suit.

As the computer technology evolves in rapid speed, security measures will be extended by either improving the existing algorithms or adding more algorithms to *Security and Privacy in Three States of Information DOI: http://dx.doi.org/10.5772/intechopen.91610*

*Security and Privacy From a Legal, Ethical, and Technical Perspective*

Based on NIST's cloud security definition [10], cloud provides one of the three

• Infrastructure as a service (IaaS) allows subscribers to execute any application and OS on the hardware and resources (abstracted via hypervisors) made available by the cloud. Some examples of IaaS type are Amazon Web Services (AWS), Google Compute Engine (GCE), Microsoft Azure, Rackspace, and

• Platform as a service (PaaS) allows subscribers to create their custom applications on the cloud. The cloud makes itself available to its customers by providing tools such as a DBMS, OS, system software, and applications. The examples of PaaS type can be listed as Apache Stratos, Windows Azure, OpenShift,

• Software as a service (SaaS) subscribers sign a service agreement for this service to execute cloud-owned online applications. Some common examples of SaaS type of cloud service are listed as follows: GoToMeeting, Salesforce,

Regardless of the type of service cloud provides, security of the cloud should consider boundary security that builds itself on the layered architecture of hypervisors. Moreover, hardware boundary and abstraction boundary definitions are protections should be offered regarding whether the cloud itself is private or public. It is dramatically important for cloud to isolate individual customers' data so that they will not interfere with other customers' data. So, anonymity is a primary concern. A straightforward technique to provide anonymity is by incorporating

Moreover, it should be computationally infeasible to extract summary data that will bring together multiple subscribers' data pool, as this may lead to unfair and unethical advantage. As an example, personal healthcare data stored for multiple healthcare providers should not be analyzed easily to extract a conclusion that persons inhabiting in a particular region are more prone to a particular disease as this may cause people from this region be charged higher by insurance companies. Though security measures are classified and analyzed separately, due to the complex nature of information systems, handling information most of the time involves multiple aspects of security at the same time. For this reason, complex information security systems have been developed and are widely used. Some examples of such systems are Pretty Good Privacy (PGP) [11] for data encryption, integrity, and authentication, Kerberos for secure key distribution, and many more [12].

This section introduces the three fundamental states of information, namely, information in transit, information in process, and information in storage, and then discusses the security measures pertaining to each state of information. In particular, network security methods to provide security of information in transit, computer security methods to provide security of information in process, and database/cloud security to provide security of information in storage are introduced

Heroku, Google App Engine, and AWS Elastic Beanstalk.

Dropbox, Cisco WebEx, Google Apps, and Concur.

*3.3.2 Cloud security*

fundamental services:

Cisco Metapod.

encryption.

**4. Conclusions**

and discussed in detail.

**76**

As the computer technology evolves in rapid speed, security measures will be extended by either improving the existing algorithms or adding more algorithms to the suit.
