Enhanced mechanism to prioritize the cloud data privacy factors using AHP and TOPSIS: a hybrid approach

Cloud computing is a new paradigm in this new cyber era. Nowadays, most organizations are showing more reliability in this environment. The increasing reliability of the Cloud also makes it vulnerable. As vulnerability increases, there will be a greater need for privacy in terms of data, and utilizing secure services is highly recommended. So, data on the Cloud must have some privacy mechanisms to ensure personal and organizational privacy. So, for this, we must have an authentic way to increase the trust and reliability of the organization and individuals The authors have tried to create a way to rank things that uses the Analytical Hieratical Process (AHP) and the Technique for Order Preference by Similarity to the Ideal Solution (TOPSIS). Based on the result and comparison, produce some hidden advantages named cost, benefit, risk and opportunity-based outcomes of the result. In this paper, we are developing a cloud data privacy model; for this, we have done an intensive literature review by including Privacy factors such as Access Control, Authentication, Authorization, Trustworthiness, Confidentiality, Integrity, and Availability. Based on that review, we have chosen a few parameters that affect cloud data privacy in all the phases of the data life cycle. Most of the already available methods must be revised per the industry’s current trends. Here, we will use Analytical Hieratical Process and Technique for Order Preference by Similarity to the Ideal Solution method to prove that our claim is better than other cloud data privacy models. In this paper, the author has selected the weights of the individual cloud data privacy criteria and further calculated the rank of individual data privacy criteria using the AHP method and subsequently utilized the final weights as input of the TOPSIS method to rank the cloud data privacy criteria.


Introduction
Cloud Computing is an internet-enabled technology that allows access and manipulates information stored on remote servers.Computing resources and related applications are now available for us as a service via the internet, which is increasing daily.This concept is familiar; we have already used cloud services such as Google Mail, Microsoft Office 365, and Google Docs.It is a well-known and undeniable fact that shortly, most government offices, business enterprises, and even individuals will increasingly rely on Cloud technologies.The cloud computing paradigm has vastly changed the way of information management, particularly in personal data processing.It is quite exciting for End customers to use cloud services without being experts in the underlying technology.This is one of the crucial features of cloud services, which has the advantage of lowering costs by sharing processing and storage resources in conjunction with an on-demand provisioning mechanism based on a pay-per-use business model [1].These new capabilities heavily impacted the budget of IT infra and the related costs, but it is also a matter of concern for traditional security, privacy, and trust-related measures.In this study, privacy is referred to as the right of an individual, which is totally self-defined, or the right of an individual to "know what is known about them", be aware of publicly available information about them, and control over the communication of that information and to prevent its abuse.In other words, the right to privacy is linked to the right to self-determination, which is the right to preserve personal information.Every person has the right to be in charge of his or her data, whether it is personal, public, or work-related.End customers who utilize cloud services need to learn where the server is physically located or how personal data is processed.They also need to learn about the processes involved.The privilege of modifying data in the cloud services comes with the risk of losing access to it.For instance, putting personal data on a server someplace on the web may be a big problem for Privacy [2].So, cloud computing brings up many privacy and security problems.Can one trust cloud providers?Can you count on cloud servers?What are the consequences of data loss?What about security and privacy?Will it be hard to switch from one cloud to another?In the online world, privacy issues are becoming more and more significant.Most people agree that taking privacy issues seriously boosts user confidence and economic growth [3].However, putting personal information in the Cloud in a way that is safe, easy to maintain, and under control is a significant task for everyone involved, with both legal and business pressures [4].The paper has been organized in following sections: 1. Introduction and its sub sections, 2. Literature Review: Cloud Privacy Issues, and its sub-sections "Weighted normalized decision matrix.Each condition must weight to add up to 1

Importance of cloud computing
Cloud computing plays a crucial role in revolutionizing the structure of contemporary IT infrastructure.The significance of this resides in its ability to offer flexible and readily available access to a communal collection of computer resources, such as servers, storage, and applications, via the internet.Organizations' gain cost efficiency by only paying for the resources they utilise, so eliminating the necessity of making significant upfront investments.The versatility of cloud services facilitates adaptability, enabling enterprises to swiftly implement and expand applications.Real-time data availability promotes collaboration, stimulating innovation and facilitating global connectivity.Cloud computing enhances resilience and disaster recovery by redundantly storing data across numerous servers and geographic locations.Furthermore, it enables the implementation of cutting-edge technology such as artificial intelligence and big data analytics.In summary, cloud computing plays a crucial role in updating IT infrastructure, fostering innovation, and allowing organisations to quickly adjust to changing business needs.Cloud Computing could also be used in different sections of Current Cutting edge technolopgies of Modern era such as Smart Cities [5,6], Smart Home Solutions [7], Traffic Security and Management [8], Firms those are working on Big Data technologies [9], etc.

Motivation
The requirement to protect sensitive data and ensure the confidentiality, integrity, and availability of cloud data drives cloud data privacy.Several considerations drive cloud data privacy emphasis: 1. Security Concerns: Cloud computing stores and processes data using third-party servers.This raises security worries regarding unauthorized access, data breaches, and more.Cloud data privacy is essential to reduce risks and protect sensitive data.Cloud data privacy is driven by security, compliance, trust, control, business continuity, reputation, and technology.Organizations and cloud service providers must actively address these aspects to store and process sensitive data securely and privately in the cloud.

Literature review: cloud privacy issues
The current body of literature on cloud data privacy places significant emphasis on the difficulties presented by advancing technologies such as edge computing and artificial intelligence.Researchers stress the importance of implementing strong encryption methods and sophisticated access restrictions to protect sensitive data in cloud environments [10].The use of privacy-preserving machine learning models is increasing in order to address issues around data analytics and processing.Furthermore, regulatory advancements, such as revised data protection legislation and global benchmarks, significantly influence the discussion on the privacy of cloud data [11].With the rising trend of organizations adopting multi-cloud environments, there is a growing demand for standardized privacy frameworks to guarantee consistent security across various platforms.Continuous research and innovation in encryption techniques and privacyenhancing technologies are crucial for dealing with the ever-changing nature of cloud data privacy [12].
With cloud computing, customers are provided with on-demand access to various computational tasks through the Internet, which is performed by a combination of hardware and software [13].Cloud providers build massive server infrastructures and allow their customers to pool their resources [14].Cloud computing refers to the on-demand availability of computing resources such as data storage and processing, without having physical instance of it in customer premises [15].It's common parlance to refer to the multiple online labor markets that cater to different customers by using this term.Cloud computing [16] refers to the use of multiple sites throughout the web to complete a single task.Data storage, human resources, data collecting, and the ability to associate structures are only some of these assets' tools and resources.Cloud computing is a viable choice for customers and companies due to its low cost, numerous benefits, rapidity, productivity, efficiency, and security [2].The right kind of math may be done in public or private.Public cloud services charge customers for access to a variety of online support resources.Private cloud companies restrict their support to a select clientele and offer only limited services.Organizations like this have shown to be valuable structures for enterprises.There is also a hybrid model that combines aspects of both public and private firms.Appropriate processing is an umbrella term for anything defined as the online dissemination of valuable information [17].Three types of cloud computing companies are known by their acronyms: IaaS, PaaS, and SaaS [18].
The image of a cloud, often used to represent the Internet at the time, gave rise to the term "cloud computing".
No matter what cloud organization is chosen, people will have different preferences.When a company uses a cloud service, it usually does not accept or maintain its accounting system [19].Even though security problems are rare, many companies worry about cloud organizations [4].How safe you think cloud computing is will depend on how safe your current systems are [20].In-house structures managed by various people with different duties are more likely to leak than systems that a professional manages at a cloud provider dedicated to ensuring that the framework works.Customers who choose services sent over the Cloud can drastically cut the IT resources they need for their connections and get access to intelligent filtering and flexible effort-level working connections during the process.
As yet, there is no one definition of "cloud computing" that everyone agrees on.The National Institute of Standards and Technology (NIST, http:// csrc.nist.gov) in the United States has this to say about it: "Cloud computing is a model for providing easy, on-demand network access to a shared pool of configurable computing resources (such as networks, servers, storage, applications, and services) that can be quickly set up and taken down with minimal management effort or service provider interaction".As per the above quoted definition, the cloud bas model increases availability of resources and comprises three delivery models and four deployment models [13,21].It also has five fundamental features.The five most essential things in cloud computing are self-service ondemand, network access everywhere, location-independent resource pooling, quick elasticity, and measured service.All of these things are designed to make Cloud use smooth and clear.Rapid elasticity lets resources grow (or shrink) quickly [14,16].Measured services are primarily based on how the business model works.Cloud service providers control and optimize computer resources using automated technologies for resource allocation, load balancing, and metering.Application/ Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service are the three ways that Cloud services are delivered (see Fig. 1).(IaaS).In March 2009, ITU Technology Watch assessed the cloud computing trend [20].People protect personal information in these three standard cloud service types [18].Each model has its own benefits and risks, and it need to be selected on case to case basis on the type of cloud services as requested by consumer.

Lack of confidentiality as threats
It includes a threat to customer data from within the company, the risk of an assault from the outside, and worries about data security [22].The second is the risk of an assault from the outside, which is becoming increasingly crucial for cloud apps in an open environment.This danger includes assaults on cloud users and apps through remote programming or attacks on their hardware.The third risk is that information could get out because of a problem with protected access.Once that happens, anything could happen from there.

Lack of integrity as threats
Data separation risks, powerless customer access management, and data quality risks are included [23].Most importantly, data segregation risks, which combine the incorrect importance of secure borders, foolish Virtual Machine designs, and of-customer-side-based hypervisors.This is a complex problem in the cloud environment because it provides resources to clients, and if those resources change, data dependability may suffer.The helpless consumer access control comes next.It transmits many concerns and threats due to wasted access and character control, opening doors for aggressors who can destroy data resources.

Lack of availability as threats
It brings to mind the board's impact on development, the lack of connections, actual resource interference, and ineffective recovery processes.The first is advancement on the board, which includes client entry testing for different customers and institution adjustments.Any type of change in the Cloud infrastructure, content, and apps could make it harder to join the Cloud to its consumer.Next, companies reject structure data transfer restrictions, DNS affiliation enrolling the product, and assets [4].Third, it bothers IT departments in large businesses, cloud users, and WAN expert associations.Fourth, the time and effectiveness with which a scene's event can be rebuilt are affected by recovery processes that do not operate properly (also known as "Deficient disappointment recovery").

Lack of authentication and identity as threats
Although there are various methods for client authentication and framework distribution, cryptography is by far the most well-known [1,2].Clients can be verified in several ways, including using a secret phrase, a security token, or a measurable identifier like a fingerprint.Using several cloud service providers (CSPs) might challenge enterprises relying on conventional cloud identity management approaches [2].In this scenario, the flexibility of synchronizing character data with the mission is compromised.However, as the organization shifts toward a cloud-based strategy, several problems arise between traditional identification and the Cloud [3].

Lack of access control as threat
Access control allows cloud data owners to offer restrictive consent to reclaim their data.Only authorized users of a cloud service can access its contents.Information stored in the cloud for access control purposes is protected against modification and exposure to unauthorized users.Strong, unique passwords should be created for each client and should be changed often [4].

Lack of information integrity as a threat
Integrity in distributed computing guarantees the authenticity and completeness of the data.The integrity of information is not just related to the accuracy of information but also if it is trusted and relied upon [6].Cloud services provide clients with data and associated resources.A standard level of trust between providers and clients is a beneficial approach to the issue of information reliability.Another line of action is eligible for approval, permission, and accounting oversight.To ensure fair use of resources, information access must undergo multiple checks.

Lack of availability of information in SLA as a threat
The unavailability of information is a severe issue in cloud systems.The Service Level Agreement (SLA) provides information about whether or not system assets are available to users.SLA management is essential for cloud services; it is helpful for both parties [7].It is basically a negotiation between clients and service providers that helps to build trust.One approach to resource availability is to develop a support strategy for local resources similar to the most important information [8].As a result, even after the resources are unavailable, the consumer can still get information about them.

Challenges to privacy in the cloud ecosystem
The promise of delivering resources as a service has different types of customers, ranging from small-sized to large-sized organizations and government authorities to end-users.Cloud services are expected to increase rapidly in the ICT sector, according to industry analysts [17].Users generate an increasing amount of personal data.According to International Data Corporation, the "digital universe", or the amount of information and content created and stored digitally, will increase from approximately two zettabytes (ZB) in 2011 to more than seven ZB by 2015 [19].This massive demand for personal data will boost the demand for cloud services, especially if cloud computing lives up to its promises of decreased prices for clients and the introduction of new business models for providers [15].Among the most significant privacy issues for cloud computing are the following:

Privacy criteria and its effect chart
Table 1 is used to decide the weight of privacy criteria of the Cloud.List of authors who have emphasized the criteria of Privacy one over another.In this table, the author has tried to gather all the most prominent privacy criteria from the recent literature and included articles in the last decade from different major databases.
Table 2, In this mentioned table we have tried to articulate the latest and significant contribution done in the field of Cloud data privacy.

Proposed model of cloud data privacy
The proposed model of cloud data privacy is based on the multi-criteria decision-making methodology.Here, we have used AHP and TOPSIS together to strengthen our claim.As the first step, we used AHP steps to set up assumed weights and check their consistency index and used the final weights of selected criteria in TOPSIS to correlate the model further.The figure below (Fig. 1) shows the relationship between different data privacy criteria and their relationship with the Cloud [33,34].
Figure 1 shows the relationship between Cloud Data Privacy and its subsequent factors [35,36]: Access control, Authentication, Authorization, Trustworthiness, Confidentiality, Integrity, and Availability.Here, the author has proposed a joint method, AHP-TOPSIS, to choose and rank the best service in a cloud environment to provide Data Privacy on the above-listed parameters [37,38].The below figure (Fig. 2) shows the Graphical Representation of Hybrid CP-AHP_TOPSIS model.

Cloud privacy using Analytical Hierarchy Process (CP_AHP)
Saaty's [21] Analytical Hierarchy Process is a powerful technique for handling qualitative and quantitative multi-criteria decision-making elements.The analytical Hierarchy Process (AHP) model is used as the decisionmaking process using sensitivity analysis on the following criteria and benchmarks.Pairing comparisons simplify computations and judgments.Multi-criteria decisionmaking yields compatibility and incompatibility conclusions [39].The Analytical Hierarchy Process is one of the most inclusive systems for making decisions with various criteria since it formulates the problem hierarchically and considers quantitative and qualitative factors.Prioritize

Goal of decision-making
We are hierarchically presenting the decision issue and goal.Indicators and choices make decisions.
Figure 3 shows the group's hierarchy for the understudied problem.

Pair-wise comparison
In order to conduct a paired comparison, a questionnaire or literature review should be used to collect opinions and/or feedback from researchers, engineers, Fig. 2 Representation CP_AHP and CP_TOPSIS method consumers, Etc.Each decision maker input their preferred amount for each member and then used their geometrical average to turn individual assessments into group judgments for each paired comparison.One indicates that the two elements are equal.However, number nine indicates that one member in a pair-wise matrix is essential.Table 3 shows the pair-wise scale and numerical importance.How critical are the following security criteria in comparison.
Data analysis involves these processes.Review data is used to extract matrix A, the pair-wise comparison matrix.M's major right Eigenvector is w.
If m ik .m kj = m ij is not validated for every k, j, and i, Eigenvector is chosen [19].
The pair comparisons matrix cannot be used to normalize Wi if the matrix is incompatible or inconsistent.AHP formula normalized the expected weights.
Eigenvector approach for positive and reversed matrices: To decide on an incompatible matrix, the calculation must be repeated numerous times to get a convergence among the set of results.Then, the following formula converts raw data into understandable absolute values and normalized weight w = (w1, w2, w3… wn): A: pair-wise comparison w: normalized weight vector λmax: A's matrix eigen value aij: numerical comparison between i and j.Next, to validate the AHP results, the consistency ratio (CR) is determined using the formula CR = CI/RI, where the consistency index (CI) is assessed using the following formula:

Cloud privacy using TOPSIS (CP_TOPSIS)
TOPSIS is one of the popular multi-criteria decision analysis methods.It compares options using a pre-specified criterion.TOPSIS uses multi-criteria decision-making.TOPSIS picks between the least Euclidean distance from the ideal answer and the most significant distance from the negative ideal solution.
1. Make an M-by-N matrix."Evaluation matrix" describes this matrix.Choose the best and worst for each criterion.
Calculate the Euclidean distance between the target and best/worst alternatives.
Compare each possibility against the worst.TOPSIS-rank alternatives.
6. Compare each possibility against the worst.
We compute a score for each cloud privacy alternative based on distances obtained in fifth step.

Rank the cloud privacy alternatives according to
the obtained TOPSIS score in descending order.
The best one will score the lowest and top our list.

Evaluation and discussion
The table below (Table 4) shows the assumed weights given by the author in the proposed model based on the reviews and the effectiveness of the relationship among different privacy criteria.
The table below (Table 5) is used to Normalize the assumed weights based on the AHP formula below.
Below Table 6 is a Revised Normalization Matrix Employ pair-wise comparisons.Compare pairs.Pairwise comparisons compare the relative relevance, preference, or likelihood of two elements (objectives) to another.(the goal).Pair-wise comparisons determine priority.Decision items at each hierarchy level are compared pair-wise, and the reciprocal matrix is completed; The matrix dimension affects RI (1.69).

TOPSIS implementation
The above table (Table 8) is used to establish the relationships In the table (Table 8), Fuzzy criteria weight has been decided on pre-calculated AHP weights.Table 9 helps determine each metric j for each privacy criteria i is normalized between 0 and 1.Higher values are better metrics.
Table 10: After weighting each metric, we must normalize them to sum to 1. Next, produce the multiplication of each normalized metric from the second step by its weight.In Table 11, We wish to identify the maximum and minimum criterion metrics for all privacy factors.
Table 12 shows the geometric distance between each cloud privacy for different criteria and the best/worst value of such metrics.
The above table (Table 13) compares both CP_AHP and CP_TOPSIS ranking based on criteria final weights obtained by the computation.The minimum weights have a low ranking, and the maximum weights have a high ranking.
Figure 4, is used to show the comparative graph of the original score of all the criteria named Access control, Authentication, Authorization, Trust Worthiness, Confidentiality, Integrity, and Availability with Si+ and Si-comparison of all the seven criteria, Si+ is to find the optimal result by checking in a maximum of individual criteria     3. AHP establishes the relative relevance of the criteria.In cloud data privacy, some criteria may be more important than others.For instance, regulatory compliance may be more important than other aspects, and AHP reflects this. 4. AHP and TOPSIS enable a thorough assessment of cloud data privacy model elements.This comprises technological, cost, scalability, and usability factors.This holistic review can improve decision-making and balance. 5. AHP effectively handles subjective judgments by involving specialists in decision-making.This is crucial in data privacy since criteria may be subjective.AHP permits these opinions to influence decisionmaking.6. AHP and TOPSIS offer sensitivity analysis to determine how changes in criteria weights or evaluations affect the conclusion.This helps modify the cloud data privacy paradigm to changing needs.7. AHP ensures logical consistency in the decision matrix.This prevents decision model discrepancies, making decision-making more dependable.8. AHP and TOPSIS simplify communication by providing a systematic and visual approach to complex decision-making processes.This helps stakeholders comprehend and accept decisions.9. AHP and TOPSIS improve cloud data privacy model decision-making by providing a systematic, quantitative, and complete approach.It supports prioritization, subjective judgments, and adaptation in a fastchanging context.

Conclusion and future directive
We built a model using the chosen criteria and showed that CP_AHP and CP_TOSIS are the one of the finest ways to rank each criterion based on their assumed weights.This lets the user or organization look at each cloud privacy criterion's risks, costs, and benefits before choosing one.This could be beneficial for the industry to obtain the best-suited criteria matrix for the scale of the proposed work.We can also give generic guidelines for designing privacy-oriented cloud services with features such as optimal cost, least risk, and maximum benefit per the industry's and users' requirements.The guidelines will be the new benchmark for industry personnel.After this claim, anyone can further prepare the framework using the above-suggested parameters to address an organization's individual or customized needs.The framework extension could be based on one or more of the following benchmarks: risk, cost, and benefit.
a) Providing Access Control on the available data in a cloud environment.b) Providing Authorization for the set of user groups or individual c) Achieving Authentication of each user d) Cloud risk assessment complexity e) Existence of New business models and enforcement of consumer privacy policies; f ) Regulatory compliance for all the parties.

Fig. 3
Fig. 3 General correlation among goals, alternatives, and criteria

2. Normalize evaluation matrix: 3 .
Weighted normalized decision matrix.Each condition must weight to add up to 1. Expertise and literature review can determine weights.4. Each criterion's best and worst alternatives: 5. Computing the Euclidean distance between the target and best/worst alternatives of cloud privacy: . Expertise and literature review can determine weights.".Challenges to Privacy in the Cloud Ecosystem, 4. Proposed Model of Cloud Data Privacy, 5. Evaluation and Discussion, 6.Major Contributions, 7. Effectiveness of Using AHP and TOPSIS in Proposed work, 8. Conclusion and Future directive

Ownership and Control: Cloud
customers must retain ownership and control over their data on third-party servers.Using strong data privacy controls, users have control over who sees, uses, and deletes their data.

Table 1
Weighted chart of different criteria of cloud privacy

Table 2
Major contributions in field of cloud privacy in past decade

Table 3
Sample AHP questionnaires

Table 4
Assumed weights of different criteria

Table 5
Normalized pair-wise matrix

Table 6
Reversed normalization matrix

Table 7
The acceptance matrix

Table 9
Normalization matrix

Table 10
Weighted normalized decision matrix

Table 11
Max and min values of each criterion

Table 12
The Euclidean distance

Table 13
Comparison of AHP and TOPSIS ranking