An Evaluation Methodology for the Usability and Security of Cloud-based File Sharing Technologies

Abstract

To operate effectively and maintain national security, the DoD relies on the ability to ensure authorized access to information, while protecting that information from unauthorized users. Non-malicious insider threats involving information leakage typically receive little attention, though their impact is significant. This thesis focuses on how the act of file sharing contributes to non-malicious insider threats. Current file sharing methods provide neither the usability users require nor the security the organization requires. Security without usability results in users bypassing securing features, and systems that are usable but not secure are invariably compromised. Therefore, usability and security must be properly aligned to attain true security. Cloud-based file sharing technologies provide promising alternatives for both usable and secure file sharing. As the federal government moves toward the cloud, new programs assess the back-end security of commercially available cloud-based technologies. Building on prior research, this thesis develops a methodology for evaluating the usability and security of cloud-based file sharing technologies from the end-user perspective. This methodology adapts and combines the concepts of heuristics evaluation and cognitive walkthrough. Specifically, the heuristics evaluation assesses whether a cloud-based file sharing technology implements critical usability and security principles, and the cognitive walkthrough determines how usably the principles are implemented. The thesis concludes with a demonstration of how the methodology is conducted. The results of this methodology will assist organizations in properly assessing a technology for official use by DoD.

Document Details

Document Type

Technical Report

Publication Date

Sep 01, 2012

Accession Number

ADA567429

Entities

Tags