A Study of Risk Assessment Quantification in Cloud Computing

ICT systems have been investigated for achieving flexible systems configuration, systems operation cost reduction, environmental impact reduction, etc. Cloud computing has attracted attention as technology that solves these. In the U.S., business cloud services, such as Amazon EC2/S3, Google Apps, Force.com, and Windows Azure, are gaining more and more users. Additionally, study on cloud computing, such as a governmental i-Japan strategy and the start of the smart cloud study group of the Ministry of Internal Affairs and Communications, is progressing rapidly in Japan. However, investigation on the present cloud computing is mainly focused on the service side, while the security side has not been sufficiently looked at. Especially, the security perception from the social viewpoint of the unease of users toward cloud security has especially been insufficiently investigated. In this paper, we look into the various risks that can occur when a company uses cloud computing. That is, security from the viewpoint of the user in cloud computing is investigated. Concretely, the risk factors from this viewpoint in such cloud computing are comprehensively extracted with the risk breakdown structure (RBS) method. Furthermore, the risk factors that were extracted are analyzed and evaluated quantitatively. These will be used to promote public cloud use, strengthen competitiveness by cost reduction, and increase the efficiency of corporate management.