Title :
An assessment of security requirements compliance of cloud providers
Author :
Bhensook, N. ; Senivongse, T.
Author_Institution :
Dept. of Comput. Eng., Chulalongkorn Univ. Bangkok, Bangkok, Thailand
Abstract :
Cloud provider assessment is important for cloud consumers to determine, when outsourcing computing work, which providers can serve their business and system requirements. This paper presents an initial attempt to assess security requirements compliance of cloud providers by following the Goal Question Metric approach and defining a weighted scoring model for the assessment. The security goals and questions that address the goals are taken from Cloud Security Alliance´s Cloud Controls Matrix and Consensus Assessments Initiative Questionnaire. We then transform such questions into more detailed ones and define metrics that help provide quantitative answers to the transformed questions based on evidence of security compliance provided by the cloud providers. The scoring is weighted by quality of evidence, i.e. its compliance with the associated questions and its completeness. We propose a scoring system architecture which utilizes CloudAudit and assess Amazon Web Services as an example.
Keywords :
cloud computing; outsourcing; security of data; Amazon Web services; CloudAudit; cloud provider assessment; cloud security alliance cloud controls matrix; consensus assessments initiative questionnaire; goal question metric approach; outsourcing computing work; scoring system architecture; security requirements compliance assessment; weighted scoring model; Best practices; Cloud computing; Computational modeling; Computer architecture; Industries; Measurement; Security; assessment; cloud computing; security;
Conference_Titel :
Cloud Computing Technology and Science (CloudCom), 2012 IEEE 4th International Conference on
Conference_Location :
Taipei
Print_ISBN :
978-1-4673-4511-8
Electronic_ISBN :
978-1-4673-4509-5
DOI :
10.1109/CloudCom.2012.6427484
