TY - JOUR
T1 - Utilizing Third Party Auditing to Manage Trust in the Cloud
AU - Rizvi, Syed
AU - Karpinski, Kelsey
AU - Kelly, Brennen
AU - Walker, Taryn
N1 - Publisher Copyright:
© 2015 The Authors. Published by Elsevier B.V.
PY - 2015
Y1 - 2015
N2 - Recent trends within the IT industry have led to a tectonic shift in the way organizations utilize information systems to yield maximum efficiency. Cloud computing is the cornerstone of the aforementioned paradigm permutation. Information security, however, continues to dominate discussion on how organizations can utilize the efficiency of the cloud, while simultaneously maintaining end-user privacy and trust. The advent of cloud computing has likewise brought with it a multitude of new and exciting concepts that can complicate security demands exponentially. These security demands must be met to ensure user trust. Multi-tenancy is a cloud computing concept that is at the forefront of information security concerns in the 21st century computing environment. Current Multi-tenancy models fail to provide adequate security measures by blindly multiplexing various unknown users, whose intentions can be hostile, with reputable cloud service users. In this paper, we propose a novel security auditing framework to establish the user trust by (a) allowing the cloud service users (CSUs) to provide their security preferences with the desired cloud services, (b) providing a conceptual mechanism to validate the security controls and internal security policies of cloud service providers (CSPs) published in the CSA's (Cloud Security Alliance) Security Trust and Assurance Registry (STAR) database, and (c) maintaining a database of CSPs along with their responses to the Consensus Assessments Initiative Questionnaire (CAIQ) as well as the certificates issued by the certificate authorities. Thus, our proposed framework facilitates the CSUs in choosing a trustworthy CSP by empowering them to select an appropriate security preferences and services.
AB - Recent trends within the IT industry have led to a tectonic shift in the way organizations utilize information systems to yield maximum efficiency. Cloud computing is the cornerstone of the aforementioned paradigm permutation. Information security, however, continues to dominate discussion on how organizations can utilize the efficiency of the cloud, while simultaneously maintaining end-user privacy and trust. The advent of cloud computing has likewise brought with it a multitude of new and exciting concepts that can complicate security demands exponentially. These security demands must be met to ensure user trust. Multi-tenancy is a cloud computing concept that is at the forefront of information security concerns in the 21st century computing environment. Current Multi-tenancy models fail to provide adequate security measures by blindly multiplexing various unknown users, whose intentions can be hostile, with reputable cloud service users. In this paper, we propose a novel security auditing framework to establish the user trust by (a) allowing the cloud service users (CSUs) to provide their security preferences with the desired cloud services, (b) providing a conceptual mechanism to validate the security controls and internal security policies of cloud service providers (CSPs) published in the CSA's (Cloud Security Alliance) Security Trust and Assurance Registry (STAR) database, and (c) maintaining a database of CSPs along with their responses to the Consensus Assessments Initiative Questionnaire (CAIQ) as well as the certificates issued by the certificate authorities. Thus, our proposed framework facilitates the CSUs in choosing a trustworthy CSP by empowering them to select an appropriate security preferences and services.
UR - http://www.scopus.com/inward/record.url?scp=84962649163&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84962649163&partnerID=8YFLogxK
U2 - 10.1016/j.procs.2015.09.192
DO - 10.1016/j.procs.2015.09.192
M3 - Conference article
AN - SCOPUS:84962649163
SN - 1877-0509
VL - 61
SP - 191
EP - 197
JO - Procedia Computer Science
JF - Procedia Computer Science
T2 - Complex Adaptive Systems, 2015
Y2 - 2 November 2015 through 4 November 2015
ER -