Cloud privacy objectives a value based approach
Information and Computer Security
ISSN: 2056-4961
Article publication date: 14 February 2019
Issue publication date: 28 May 2019
Abstract
Purpose
To effectively develop privacy policies and practices for cloud computing, organizations need to define a set of guiding privacy objectives that can be applied across their organization. It is argued that it is important to understand individuals’ privacy values with respect to cloud computing to define cloud privacy objectives.
Design/methodology/approach
For the purpose of this study, the authors adopted Keeney’s (1994) value-focused thinking approach to identify privacy objectives with respect to cloud computing.
Findings
The results of this study identified the following six fundamental cloud privacy objectives: to increase trust with cloud provider, to maximize identity management controls, to maximize responsibility of information stewardship, to maximize individual’s understanding of cloud service functionality, to maximize protection of rights to privacy, and to maintain the integrity of data.
Research limitations/implications
One limitation is generalizability of the cloud privacy objectives, and the second is research bias. As this study focused on cloud privacy, the authors felt that the research participants’ increased knowledge of technology usage, including that of cloud technology, was a benefit that outweighed risks associated with not having a random selection of the general population. The newness and unique qualities of privacy issues in cloud computing are better fitted to a qualitative study where issues can emerge naturally through a holistic approach opposed to trying to force fit an existing set of variables or constructs into the context of privacy and cloud computing.
Practical implications
The findings of this research study can be used to assist management in the process of formulating a cloud privacy policy, develop cloud privacy evaluation criteria as well as assist auditors in developing their privacy audit work plans.
Originality/value
Currently, there is little to no guidance in the literature or in practice as to what organizations need to do to ensure they protect their stakeholders privacy in a cloud computing environment. This study works at closing this knowledge gap by identifying cloud privacy objectives.
Keywords
Citation
Coss, D.L. and Dhillon, G. (2019), "Cloud privacy objectives a value based approach", Information and Computer Security, Vol. 27 No. 2, pp. 189-220. https://doi.org/10.1108/ICS-05-2017-0034
Publisher
:Emerald Publishing Limited
Copyright © 2019, Emerald Publishing Limited