クラウドコンピューティング導入における情報セキュリティ対策

抄録

Today, cloud computing is essential for our society.Cloud-based services such as mail, calendar or document production provided by Google, Yahoo!, Microsoft, etc. are already common infrastructure.However, it is important to investigate both merit and demerit of introduction of the cloud computing.In this research, we focus our interest to the security of the cloud computing since it is the most concerned topic when end-user plans to introduce the cloud computing to its business.Cloud service provider should include security related terms in their Service Level Agreements (SLA).One of their guidelines is provided by METI in April, 2011.However, the guideline does not mention the difference of standpoint between vendor and end-user, or technical or economical rationality.We claim that vendor and end-user should file a "win-win" SLA to develop healthy cloud computing market.
From security point of view, there are items that can be covered by SLA and hardly can be.For example, data divulgation is hardly covered, since it is difficult to estimate the affection once it happens, while data corruption or lost can be covered since it is possible to estimate the amount of damage.However, to protect end-user, it is still preferable that the SLA mentions not only limited items to protect vendor for example cyber-attacks, but also all security related requirements in order to balance end-user's convenience, cost and risk of cloud service use.