=Paper=
{{Paper
|id=Vol-1743/paper6
|storemode=property
|title=Cloud Risk Communication on Social Media: The Case of Premera Blue Cross
|pdfUrl=https://ceur-ws.org/Vol-1743/paper6.pdf
|volume=Vol-1743
|authors=Jean Pierre Guy Gashami,Christian Fernando Libaque-Saenz,Myeong-Cheol Park,Jae Jeung Rho
|dblpUrl=https://dblp.org/rec/conf/simbig/GashamiSPR16
}}
==Cloud Risk Communication on Social Media: The Case of Premera Blue Cross==
https://ceur-ws.org/Vol-1743/paper6.pdf
Cloud risk communication on social media: The case of
Premera Blue Cross
Jean Pierre Guy Gashami1 Christian Fernando Libaque-Saenz2
Myeong-Cheol Park1 Jae Jeung Rho1
1
Korea Advanced Institute of Science and Technology
N22, 291 Daehak-ro, Yusong-Gu, Daejon 34141, Republic of Korea
2
Universidad del Pacı́fico
Avenida Salaverry # 2020, Jesús Marı́a, Lima 11, Peru
jp.gashami@gmail.com cf.libaques@up.edu.pe
imcpark@kaist.ac.kr jjrho111@kaist.ac.kr
Abstract computing services by both enterprises and indi-
vidual users is driven by benefits such as cost re-
Cloud computing has been growing at a duction, mobility, and convenience (Gashami et
fast pace. This growth has been fueled al., 2015). Indeed, users are increasingly rely-
by this technology's inherent benefits such ing on cloud providers to run hardware, software,
as cost reduction and convenience. How- and also to properly handle their data. However,
ever, the increasing amount and variety of having more data in the cloud, including sensi-
data processed on the cloud have raised tive data such as personal, financial, research, and
the number of security breaches. Although health information means high potential risks for
cloud providers were responsible for data users (Zhou et al., 2010). Not surprisingly, data
security in the past, the new threats require risk has been identified as a high threat to cloud
that both cloud providers and users coordi- computing (King and Raja, 2012). For instance,
nate efforts to minimize losses and ensure costs associated with data security breaches in
data recovery. Our study aims to explore the healthcare industry alone could reach US$5.6
how cloud providers and users can lever- billion annually (Experian, 2015). Undoubtedly,
age social media to mitigate data security security breaches may occur in spite of cloud
breaches through effective risk communi- providers efforts to ensure data safety (Armbrust et
cation. We analyzed public data collected al., 2010). Some research even argues that data se-
from Twitter regarding the security breach curity breaches are inevitable in the cloud (Staten
faced by the Premera Blue Cross web ap- et al., 2014). To face such security challenges,
plication between January and April 2015. cloud providers have developed risk management
Preliminary results indicate that Premera frameworks which mainly focus on risk analy-
Blue Cross (cloud provider) acted as an sis, risk assessment, and risk mitigation (Zhang
information source for Twitterers seeking et al., 2010). These frameworks address techni-
relevant and accurate information during cal and managerial issues; however, it is still un-
this security breach. Future steps for this clear how cloud providers treat users throughout
study are discussed. the analysis, assessment, and mitigation of secu-
rity breaches. Existing research suggests that risk
1 Introduction communication with all stakeholders is an impor-
Cloud computing is disrupting consumption mod- tant element of risk management in various con-
els of information technology (IT) across indus- texts (Aguirre, 2004; Lagadec, 2002). On the
tries. For example, around 65% of all major en- cloud front, communication with users may play a
terprises in USA are using some form of cloud crucial role in limiting potential damages by rais-
computing (Verizon, 2014), while general spend- ing user awareness of data practices and protec-
ing on public cloud computing services is ex- tion. Indeed, communicating potential security
pected to grow by US$921 billion by 2017 (Gart- breaches to users can lead to actions such as re-
ner, 2011). The rapid increase in the use of cloud inforcing weak passwords, using private keys, or
55
�enabling local backup of data (Rainie and Dug- types of cloud computing come not only with ben-
gan, 2014). On the other hand, social media such efits but also with potential risks for users (Ko et
as Facebook and Twitter have been signaled as the al., 2011).
new avenues for channeling information during Prior studies recognized data security risk as
risk management due to their low-or no-cost pol- a serious threat to cloud computing (Jaeger et
icy and their worldwide usage (Wright and Hin- al., 2008). For example, research by Belian and
son, 2009). Natural and health disasters are clear Hess (2011) and Wu et al. (2011) found that se-
examples of populations and organizations relying curity risks were negatively affecting SaaS use
on social media to alert, organize, or manage res- in enterprises. Zhang et al. (2010), on the other
cue efforts (Theocharis, 2013). hand, developed an information security frame-
Despite the relevance of risk communication in work for cloud computing that emphasizes the
the context of cloud computing and the potential role of risk analysis, assessment, and mitigation.
of social media for information dissemination dur- Whereas Chan et al. (2012) proposed a risk frame-
ing a security breach, to the best of our knowledge work made up of event identification, risk assess-
there is no research on the usage of social media ment, risk response, information and communi-
for risk communication during security breaches cation and monitoring. These studies, however,
in the cloud. The objective of our study is to fill do not consider the involvement of users in data-
this gap in the literature. In this first step, we at- protection initiatives.
tempt to address the following research question:
RQ: Who are the key players disseminating
information of cloud computing data security 2.2 Risk Communication on Social Media
breaches on social media?
Risk communication can be defined as a process of
2 Literature Review
exchanging information among interested parties
2.1 Cloud Computing about the nature, magnitude, significance and con-
Cloud computing emerged as a computing model trol of a risk (Covello et al., 1998). Risk communi-
rooted in various technology innovations such cation has become highly important in risk mitiga-
as virtualization and web services (Foster et al., tion and damage control in areas such as homeland
2008). Cloud computing can be defined as a com- security (Jung and Park, 2014), and earthquake oc-
puting model that enables the provision of ubiq- currence (Nigg, 2006).
uitous, network-based, and on-demand services to With the rapid evolution of IT, risk commu-
users (Armbrust et al., 2010). With cloud comput- nication is shifting towards social network sites
ing, services and infrastructure that were tradition- (SNS). SNS can be defined as applications based
ally provided locally are remotely accessed, con- on Web 2.0 that serve as platforms where users
sumed and paid for through a web browser or an create and distribute content (Kaplan and Haen-
application interface (Marston et al., 2011). Cloud lein, 2010). These platforms facilitate sharing in-
computing can be classified as: private model, formation in real time for a rapid diffusion. For ex-
where the cloud is solely operated by a single or- ample, Yates and Paquette (2011) studied the use
ganization; public model, where it is open to the of social media during the earthquake in Haiti in
general public; community model, which allows 2010. Likewise, Bird et al. (2012) addressed how
organizations with common interests to set up and citizens and rescue organizations relied on social
access the same cloud; and hybrid model, which media during the Queensland and Victorian floods.
is a combination of any of the three previous mod- Goolsby (2010) also highlighted the heavy use of
els (Mell and Grance, 2011). Additionally, cloud Twitter in communicating the areas to avoid dur-
computing services can be categorized as: Soft- ing the Mumbai attack in 2009. In short, prior re-
ware as a Service (SaaS), encompassing web ap- search focuses on the use of social media in high-
plications; Platform as a Service (PaaS), which of- risk environments with potential human or prop-
fers software development environments over the erty loss. However, to the best of our knowledge,
web; and Infrastructure as a Service (IaaS), which no study has been conducted to understand how
provides users with access to storage and compu- this same channel can be used to prevent or miti-
tational power (Youseff et al., 2008). All these gate data security risks.
56
�2.3 The Premera Blue Cross Data Security and duplicate edges. Second, we analyzed ver-
Breach tices degrees, centrality measures, and page rank.
Premera Blue Cross is a health insurance company Third, we plotted vertices metrics to identify in-
based in Mountlake Terrace, Washington, USA. formation sources and brokers. Table 1 shows
On March 17th, 2015, the company announced the definitions of the key terminologies related to
that it had suffered a security breach and that data SNA.
from 11 million users might have been compro- Metrics Definitions
mised (Matthews and Yadron, 2015). The Pre- Vertex A single element count of the
mera Blue Cross data security breach is an exam- primary entity of a network. In
ple of a typical cyber attack through a web appli- the case of Twitter, a vertex rep-
cation. Web applications and services are among resents a Twitter user
cloud computing key core technologies (Marston Edge An element that connects two
et al., 2011). Hence, understanding data security vertices. In the Twitter context,
breaches in this technology and the associated risk an edge could be a tweet, a re-
mitigation can accurately reflect cloud computing tweet (RT) or a mention (@)
vulnerabilities (Grobauer et al., 2011). Degree This element measures the to-
3 Data Collection and Analysis tal number of edges connected
to a particular vertex. In-degree
3.1 Data Collection measures the connections point-
We collected public data from Twitter based on ing inward to a vertex. Out-
the keyword Premera from March 18th, 2015 degree measures the connections
to March 31st, 2015, spanning a 14-day period. originating from a vertex
Twitter is a microblogging SNS that allows users Betweenness A metric that indicates how
to send 140-characters messages known as tweets, Centrality or much disruption to other con-
respond to tweets using Retweets (RT), men- Bridge Score nections can cause the removal
tions (@user), and hashtags (#word) (Kwak et of a vertex in the network
al., 2010). Twitter was chosen in our study be- Eigenvector A metric that measures the qual-
cause recent studies found that organizations and Centrality ity of connections of a vertex. A
individuals rely heavily on Twitter for risk com- vertex with higher connections
munication during protests, environmental disas- yields a higher eigenvector value
ters, homeland security risks, or political cam- (PageRank is a variant of this
paigns (Achrekar et al., 2011; Jung and Park, metric)
2014). We used NodeXL for data collection.
Node XL, developed by the Social Media Re- Table 1: Definitions for metrics in SNA.
search Foundation, is a plugin for Microsoft Excel
that allows the collection and analysis of multiple NodeXL calculates graph metrics related to
social media data (Smith et al., 2010). NodeXL SNS by using an algorithm developed by the So-
was used in our study because it serves as a robust cial Network Analysis Project (SNAP) at Stanford
tool for data analysis and for deriving knowledge University (Leskovec et al., 2011).
from complex social media interactions (Kim and
4 Results and Discussion
Park, 2012).
Data collection yielded a total of 15 592 tweets
3.2 Data Analysis from 8 689 unique Twitter accounts. Aver-
We relied on Social Network Analysis (SNA), a age geodesic distance is 6.16, with a maximum
useful and reliable methodology for data analysis geodesic distance of 17, and a graph density of
and visualization. Based on Perer and Shneider- 0.00005451 (see Table 2). These results suggest
mans (2008) research, we measured various net- low-affinity relationships between Twitter users in
work indicators for the collected data. First, we the Premera data security breach network. Table 3
examined social network graph metrics for the and Table 4 show that top five words and hashtags
overall Premera Blue Cross data security breach, were related to Premera Blue Cross data security
including number of vertices, edges, unique edges, breach, suggesting reliability of the collected data.
57
� Graph Metric Value Top Hashtags in Entire Graph
Graph Type Directed Tweet in Entire Count
Vertices 8689 Graph
Unique Edges 7309 infosec 701
Edges with Duplicates 8283 premera 657
Total Edges 15592 security 397
Maximum Geodesic 17 healthcare 357
Distance (Diameter) databreach 308
Average Geodesic 6.161185
Distance Table 4: Top hashtags in ”premera” network
Graph Density 5.5451E-05 graph.
Table 2: Overall graph metrics.
magazine), hereinafter referred to as the tech
community, represent IT security specialists or
Top Words in Entire Graph
technology-specific news media. As Twitter par-
Tweet in Entire Count
ticipants recognize the tech community to be spe-
Graph
cialists in information security and hence a reliable
premera 10211
source of information, they relayed information
blue 4115
coming from their accounts, making them pivotal
cross 3638
bridges during the Premera Blue Cross data secu-
breach 3367
rity breach.
data 3287
In other words, Premera Blue Cross (@Pre-
mera) acted as a source of information on Twit-
Table 3: Top words counts in ”premera” network
ter, while other key actors became intermediaries
graph.
in relaying information about this data security
breach. These findings are in line with previous
From an inspection of Figure 1, results indicate research suggesting: (1) problem recognition and
that Premera Blue Cross (@premera) took the lead level of involvement predict information seeking
on Twitter during communication of the crisis (Be- and dissemination behavior (Yates and Paquette,
tweenness Centrality = 1753201.512, PageRank = 2011; Bird et al., 2012), and (2) a limited number
63.020546, In-degree = 205). This result suggests of actors such as public figures, journalists, and
that the institution that received the attack (i.e., mass media play an intermediary role during cri-
Premera) became the source of information for in- sis communications (Perko, 2011).
formation seekers. Twitterers concerned about this
data security breach turned to the Premera Blue
5 Implications
Cross Twitter account to gather relevant and accu- Our study presents a new perspective that shows
rate information. that data security is a cloud stakeholders issue
The Seattle Times (@Seattletimes) is a provider rather than cloud providers responsibility. Also,
of news and information established in Seattle our findings indicate that social media populations
(Washington, USA), the same city in where Pre- turned toward the application provider for accurate
mera Blue Cross Headquarters is located. The information during these events. Cloud providers
geographical proximity between both institutions should be prepared to take the lead, and this can
may explain the bridging role played by the former be achieved by creating and reinforcing their so-
during the crisis. Considering that a great number cial media presence. For instance, cloud providers
of Premeras stakeholders are located in the Seattle could engage actively in risk communication by
area, results suggest that these stakeholders turned raising risk awareness on social media and edu-
to this channel of local news for information about cating their followers on security procedures.
the Premera Blue Cross crisis. Second, considering that the tech community
Dark Reading (@darkreading), Brian Krebs and local news media play an intermediary role
(@briankrebs), TechCrunch (@techcrunch), Gary during risk communication on social media, cloud
Davis (@garyjdavis), and SC Magazine (@sc- providers can engage in partnerships with IT secu-
58
�59
Figure 1: Vertex properties graph (PageRank on X-Axis and Betweenness Centrality on Y-Axis.
�rity firms and specialists, local news media based V. T. Covello, P. M. Sandman, and P. Slovic. 1998.
on clients and partners location and recommend Risk communication, risk statistics and risk com-
parisons: A manual for plant managers. Chemical
that all stakeholders follow those accounts for rel-
Manufacturers Association, Washington D.C.
evant and accurate information to safeguard data
and mitigate damages. Experian. 2015. Data breach industry forecast. Expe-
rian Data Breach Resolution.
6 Conclusions
I. Foster, Y. Zhao, I. Raicu, and S. Lu. 2008. Cloud
This study highlights the need for a good risk com- computing and grid computing 360-degree com-
munication during a security breach, which should pared. In Proc. Grid Computing Environments
Workshop 2008 (GCE 2008).
involve all cloud-computing stakeholders. Our
study makes recommendations on the steps to be Gartner. 2011. Gartner identifies the top 10 strategic
taken by cloud providers to ensure that clients and technologies for 2012. Gartner.
partners remain reliably informed before and after
J. P. G. Gashami, Y. Chang, J. J. Rho, and M.-C.
any data security breach. Nevertheless, this study Park. 2015. Privacy concerns and benefits in
presents some limitations. First, the present study SaaS adoption by individual users: A trade-off ap-
only analyzes risk communication for a data se- proach. Information Development. doi:10.1177/
curity breach coming from web applications, one 0266666915571428.
of the core technologies of cloud computing. Sec- R. Goolsby. 2010. Social media as crisis platform.
ond, the present study only considers risk commu- ACM Transactions on Intelligent Systems and Tech-
nication on Twitter, a single popular social media. nology, 1(1):1–11.
Future steps in our study include the analysis of
B. Grobauer, T. Walloschek, and E. Stcker. 2011. Un-
communication patterns and the inclusion of theo- derstanding cloud computing vulnerabilities. IEEE
ries that may help to explain the phenomenon un- Security and Privacy, 9(2):50–57.
der study.
P. T. Jaeger, J. Lin, and J. M. Grimes. 2008. Cloud
computing and information policy: Computing in a
policy cloud? Journal of Information Technology
References and Politics, 5(3):269–283.
H. Achrekar, A. Gandhe, R. Lazarus, S. H. Yu, and
B. Liu. 2011. Predicting flu trends using Twitter K. Jung and H. W. Park. 2014. Citizens social me-
data. In Proc. 2011 IEEE Conference on Computer dia use and homeland security information policy:
Communications Workshops (INFOCOM WKSHPS Some evidences from twitter users during the 2013
2011). North Korea nuclear test. Government Information
Quarterly, 31(4):563–573.
B. E. Aguirre. 2004. Homeland security warnings:
Lessons learned and unlearned. International Jour- A. M. Kaplan and M. Haenlein. 2010. Users of the
nal of Mass Emergencies and Disasters, 22(2):103– world, unite! the challenges and opportunities of so-
115. cial media. Business Horizons, 53(1):59–68.
M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, M. Kim and H. W. Park. 2012. Measuring twitter-
R. Katz, A. Konwinski, G. Lee, D. Patterson, based political participation and deliberation in the
A. Rabkin, I. Stoica, and M. Zahaira. 2010. Clear- South Korean context by using social network and
ing the clouds away from the true potential and ob- Triple Helix indicators. Scientometrics, 90(1):121–
stacles posed by this computing capability. Commu- 140.
nications of the ACM, 53(4):50–58.
N. J. King and V. T. Raja. 2012. Protecting the privacy
A. Benlian and T. Hess. 2011. Opportunities and
and security of sensitive customer data in the cloud.
risks of software-as-a-service: Findings from a sur-
Computer Law and Security Review, 28(3):308–319.
vey of IT executives. Decision Support Systems,
52(1):232–246. R. K. L. Ko, P. Jagadpramana, M. Mowbray, S. Pear-
D. Bird, M. Ling, and K. Haynes. 2012. Flooding face- son, M. Kirchberg, Q. Liang, and B. S. Lee. 2011.
book: The use of social media during the queensland TrustCloud: A framework for accountability and
and victorian floods. Australian Journal of Emer- trust in cloud computing. In Proc. 2011 IEEE World
gency Management, 27(1):27–33. Congress on Services (SERVICES 2011).
W. Chan, E. Leung, and H. Pili. 2012. Enterprise H. Kwak, C. Lee, H. Park, and S. Moon. 2010. What
risk management for cloud computing. Committee is Twitter: A Social Network or a News Media?
of Sponsoring Organizations of the Treadway Com- In Proc. International World Wide Web Conference
mission. Committee (IW3C2).
60
�P. Lagadec. 2002. Crisis management in france: D. Wright and M. Hinson. 2009. An analysis of the
Trends, shifts and perspectives. Journal of Contin- increasing impact of social and other new media on
gencies and Crisis Management, 10(4):159–172. public relations practice. In Proc. 12th Annual In-
ternational Public Relations Research Conference.
J. Leskovec, K. J. Lang, A. Dasgupta, and M. W. Ma-
honey. 2011. Community structure in large net- W.-W. Wu, L. W. Lan, and Y.-T. Lee. 2011. Explor-
works: Natural cluster sizes and the absence of ing decisive factors affecting an organizations saas
large well-defined clusters. Internet Mathematics, adoption: A case study. International Journal of In-
6(1):29–123. formation Management, 31(6):556–563.
S. Marston, Z. Li, S. Bandyopadhyay, J. Zhang, and D. Yates and S. Paquette. 2011. Emergency knowledge
A. Ghalsasi. 2011. Cloud computing the business management and social media technologies: A case
perspective. Decision Support Systems, 51(1):176– study of the 2010 haitian earthquake. International
189. Journal of Information Management, 31(1):6–13.
A. W. Matthews and D. Yadron. 2015. Premera Blue L. Youseff, M. Butrico, and D. Silva. 2008. Toward a
Cross says cyberattack could affect 11 million mem- unified ontology of cloud computing. In Proc. Grid
bers. http://www.wsj.com. [Online; accessed Computing Environments Workshop (GCE 2008).
15-November-2015].
X. Zhang, N. Wuwong, H. Li, and X. Zhang. 2010. In-
P. Mell and T. Grance. 2011. The NIST def- formation security risk management framework for
inition of cloud computing [Recommenda- the cloud computing environments. In Proc. IEEE
tions of the National Institute of Standards 10th International Conference on Computer and In-
and Technology-Special Publication 800-145]. formation Technology (CIT 2010).
http://csrc.nist.gov/publications/
nistpubs/800-145/SP800-145.pdf. M. Zhou, R. Zhang, W. Xie, W. Qian, and A. Zhou.
[Online; accessed 15-November-2015]. 2010. Security and privacy in cloud computing: A
survey. In Proc. 6th International Conference on
J. M. Nigg. 2006. Communication under conditions of Semantics, Knowledge and Grids.
uncertainty: Understanding earthquake forecasting.
Journal of Communication, 32(1):27–36.
A. Perer and B. Shneiderman. 2008. Integrating statis-
tics and visualization: Case Studies of gaining clar-
ity during exploratory data analysis. In Proc. Hu-
man Factors in Computing Systems (CHI’08).
T. Perko. 2011. Importance of risk communication
during and after a nuclear accident. Integrated Envi-
ronmental Assessment and Management, 7(3):388–
392.
L. Rainie and M. Duggan. 2014. Heartbleeds
Impact. http://www.pewinternet.org/
2014/04/30/heartbleeds-impact/. [On-
line; accessed 15-March-2016].
M. Smith, B. Shneiderman, N. Milic-Frayling, E. M.
Rodrigues, V. Barash, C. Dunne, T. Capone,
A. Perer, and E. Gleave. 2010. NodeXL: A free and
open network overview, discovery and exploration
add-in for Excel 2007/2010. http://nodexl.
codeplex.com/. [Online; accessed 15-March-
2016].
J. Staten, L. E. Nelson, D. Bartoletti, L. Herbert,
W. Martorelli, and H. Baltazar. 2014. Predictions
2015: The days of fighting the cloud are over. For-
rester.
Y. Theocharis. 2013. The wealth of (occupation)
networks? communication patterns and information
distribution in a twitter protest network. Journal of
Information Technology and Politics, 10(1):35–56.
Verizon. 2014. 2014 data breach investigations report.
Verizon Business Journal, 2014(1):1–60.
61
�