A new methodology for security evaluation in cloud computing
Date Issued
2012-05-21
Author(s)
Abstract
Cloud service providers (CSPs) and cloud customers
(CCs) are not only exposed to existing security risks but to new
risks introduced by clouds, like multi-tenancy, virtualization and
data outsourcing. Several international and industrial standards
target information security and their conformity with cloud
computing security challenges. We give an overview of these
standards and evaluate their completeness. As a result we propose
a new extension to the ISO 27001:2005 standard including a
new control objective about virtualization applicable for cloud
systems. We also define a new quantitative metric and evaluate
the importance of existing ISO 27001:2005 control objectives
if customer services are hosted on-premise or in cloud. Our
conclusion is that obtaining the ISO 27001:2005 certificate is not
enough for CSP and CC information security systems, especially
in business continuity detriment that cloud computing produces
and propose new solutions that mitigate the risks.
(CCs) are not only exposed to existing security risks but to new
risks introduced by clouds, like multi-tenancy, virtualization and
data outsourcing. Several international and industrial standards
target information security and their conformity with cloud
computing security challenges. We give an overview of these
standards and evaluate their completeness. As a result we propose
a new extension to the ISO 27001:2005 standard including a
new control objective about virtualization applicable for cloud
systems. We also define a new quantitative metric and evaluate
the importance of existing ISO 27001:2005 control objectives
if customer services are hosted on-premise or in cloud. Our
conclusion is that obtaining the ISO 27001:2005 certificate is not
enough for CSP and CC information security systems, especially
in business continuity detriment that cloud computing produces
and propose new solutions that mitigate the risks.
Subjects
File(s)![Thumbnail Image]()
Loading...
Name
iss_002.pdf
Size
875.07 KB
Format
Adobe PDF
Checksum
(MD5):21d8e3f62b2805626fd12dafaec7723d