TY - GEN
T1 - A stakeholder-oriented assessment index for cloud security auditing
AU - Rizvi, Syed
AU - Ryoo, Jungwoo
AU - Kissell, John
AU - Aiken, Bill
N1 - Copyright:
Copyright 2015 Elsevier B.V., All rights reserved.
PY - 2015/1/8
Y1 - 2015/1/8
N2 - Cloud computing is an emerging computing model that provides numerous advantages to organizations (both service providers and customers) in terms of massive scalability, lower cost, and flexibility, to name a few. Despite these technical and economical advantages of cloud computing, many potential cloud consumers are still hesitant to adopt cloud computing due to security and privacy concerns. This paper describes some of the unique cloud computing security factors and subfactors that play a critical role in addressing cloud security and privacy concerns. To mitigate these concerns, we develop a security metric tool to provide information to cloud users about the security status of a given cloud vendor. The primary objective of the proposed metric is to produce a security index that describes the security level accomplished by an evaluated cloud computing vendor. The resultant security index will give confidence to different cloud stakeholders and is likely to help them in decision making, increase the predictability of the quality of service, and allow appropriate proactive planning if needed before migrating to the cloud. To show the practicality of the proposed metric, we provide two case studies based on the available security information about two well-known cloud service providers (CSP). The results of these case studies demonstrated the effectiveness of the security index in determining the overall security level of a CSP with respect to the security preferences of cloud users.
AB - Cloud computing is an emerging computing model that provides numerous advantages to organizations (both service providers and customers) in terms of massive scalability, lower cost, and flexibility, to name a few. Despite these technical and economical advantages of cloud computing, many potential cloud consumers are still hesitant to adopt cloud computing due to security and privacy concerns. This paper describes some of the unique cloud computing security factors and subfactors that play a critical role in addressing cloud security and privacy concerns. To mitigate these concerns, we develop a security metric tool to provide information to cloud users about the security status of a given cloud vendor. The primary objective of the proposed metric is to produce a security index that describes the security level accomplished by an evaluated cloud computing vendor. The resultant security index will give confidence to different cloud stakeholders and is likely to help them in decision making, increase the predictability of the quality of service, and allow appropriate proactive planning if needed before migrating to the cloud. To show the practicality of the proposed metric, we provide two case studies based on the available security information about two well-known cloud service providers (CSP). The results of these case studies demonstrated the effectiveness of the security index in determining the overall security level of a CSP with respect to the security preferences of cloud users.
UR - http://www.scopus.com/inward/record.url?scp=84926177163&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84926177163&partnerID=8YFLogxK
U2 - 10.1145/2701126.2701226
DO - 10.1145/2701126.2701226
M3 - Conference contribution
AN - SCOPUS:84926177163
T3 - ACM IMCOM 2015 - Proceedings
BT - ACM IMCOM 2015 - Proceedings
PB - Association for Computing Machinery, Inc
T2 - 9th International Conference on Ubiquitous Information Management and Communication, ACM IMCOM 2015
Y2 - 8 January 2015 through 10 January 2015
ER -