A stakeholder-oriented assessment index for cloud security auditing

Syed S. Rizvi, Jungwoo Ryoo, John Kissell, Bill Aiken

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

Cloud computing is an emerging computing model that provides numerous advantages to organizations (both service providers and customers) in terms of massive scalability, lower cost, and flexibility, to name a few. Despite these technical and economical advantages of cloud computing, many potential cloud consumers are still hesitant to adopt cloud computing due to security and privacy concerns. This paper describes some of the unique cloud computing security factors and subfactors that play a critical role in addressing cloud security and privacy concerns. To mitigate these concerns, we develop a security metric tool to provide information to cloud users about the security status of a given cloud vendor. The primary objective of the proposed metric is to produce a security index that describes the security level accomplished by an evaluated cloud computing vendor. The resultant security index will give confidence to different cloud stakeholders and is likely to help them in decision making, increase the predictability of the quality of service, and allow appropriate proactive planning if needed before migrating to the cloud. To show the practicality of the proposed metric, we provide two case studies based on the available security information about two well-known cloud service providers (CSP). The results of these case studies demonstrated the effectiveness of the security index in determining the overall security level of a CSP with respect to the security preferences of cloud users.

Original languageEnglish (US)
Title of host publicationACM IMCOM 2015 - Proceedings
PublisherAssociation for Computing Machinery, Inc
ISBN (Electronic)9781450333771
DOIs
StatePublished - Jan 8 2015
Event9th International Conference on Ubiquitous Information Management and Communication, ACM IMCOM 2015 - Bali, Indonesia
Duration: Jan 8 2015Jan 10 2015

Publication series

NameACM IMCOM 2015 - Proceedings

Other

Other9th International Conference on Ubiquitous Information Management and Communication, ACM IMCOM 2015
CountryIndonesia
CityBali
Period1/8/151/10/15

Fingerprint

Cloud computing
Scalability
Quality of service
Decision making
Auditing
Stakeholders
Planning
Costs

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Control and Systems Engineering
  • Management Information Systems

Cite this

Rizvi, S. S., Ryoo, J., Kissell, J., & Aiken, B. (2015). A stakeholder-oriented assessment index for cloud security auditing. In ACM IMCOM 2015 - Proceedings [a55] (ACM IMCOM 2015 - Proceedings). Association for Computing Machinery, Inc. https://doi.org/10.1145/2701126.2701226
Rizvi, Syed S. ; Ryoo, Jungwoo ; Kissell, John ; Aiken, Bill. / A stakeholder-oriented assessment index for cloud security auditing. ACM IMCOM 2015 - Proceedings. Association for Computing Machinery, Inc, 2015. (ACM IMCOM 2015 - Proceedings).
@inproceedings{ac7e7d57c07848daa6a886495408afc2,
title = "A stakeholder-oriented assessment index for cloud security auditing",
abstract = "Cloud computing is an emerging computing model that provides numerous advantages to organizations (both service providers and customers) in terms of massive scalability, lower cost, and flexibility, to name a few. Despite these technical and economical advantages of cloud computing, many potential cloud consumers are still hesitant to adopt cloud computing due to security and privacy concerns. This paper describes some of the unique cloud computing security factors and subfactors that play a critical role in addressing cloud security and privacy concerns. To mitigate these concerns, we develop a security metric tool to provide information to cloud users about the security status of a given cloud vendor. The primary objective of the proposed metric is to produce a security index that describes the security level accomplished by an evaluated cloud computing vendor. The resultant security index will give confidence to different cloud stakeholders and is likely to help them in decision making, increase the predictability of the quality of service, and allow appropriate proactive planning if needed before migrating to the cloud. To show the practicality of the proposed metric, we provide two case studies based on the available security information about two well-known cloud service providers (CSP). The results of these case studies demonstrated the effectiveness of the security index in determining the overall security level of a CSP with respect to the security preferences of cloud users.",
author = "Rizvi, {Syed S.} and Jungwoo Ryoo and John Kissell and Bill Aiken",
year = "2015",
month = "1",
day = "8",
doi = "10.1145/2701126.2701226",
language = "English (US)",
series = "ACM IMCOM 2015 - Proceedings",
publisher = "Association for Computing Machinery, Inc",
booktitle = "ACM IMCOM 2015 - Proceedings",

}

Rizvi, SS, Ryoo, J, Kissell, J & Aiken, B 2015, A stakeholder-oriented assessment index for cloud security auditing. in ACM IMCOM 2015 - Proceedings., a55, ACM IMCOM 2015 - Proceedings, Association for Computing Machinery, Inc, 9th International Conference on Ubiquitous Information Management and Communication, ACM IMCOM 2015, Bali, Indonesia, 1/8/15. https://doi.org/10.1145/2701126.2701226

A stakeholder-oriented assessment index for cloud security auditing. / Rizvi, Syed S.; Ryoo, Jungwoo; Kissell, John; Aiken, Bill.

ACM IMCOM 2015 - Proceedings. Association for Computing Machinery, Inc, 2015. a55 (ACM IMCOM 2015 - Proceedings).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - A stakeholder-oriented assessment index for cloud security auditing

AU - Rizvi, Syed S.

AU - Ryoo, Jungwoo

AU - Kissell, John

AU - Aiken, Bill

PY - 2015/1/8

Y1 - 2015/1/8

N2 - Cloud computing is an emerging computing model that provides numerous advantages to organizations (both service providers and customers) in terms of massive scalability, lower cost, and flexibility, to name a few. Despite these technical and economical advantages of cloud computing, many potential cloud consumers are still hesitant to adopt cloud computing due to security and privacy concerns. This paper describes some of the unique cloud computing security factors and subfactors that play a critical role in addressing cloud security and privacy concerns. To mitigate these concerns, we develop a security metric tool to provide information to cloud users about the security status of a given cloud vendor. The primary objective of the proposed metric is to produce a security index that describes the security level accomplished by an evaluated cloud computing vendor. The resultant security index will give confidence to different cloud stakeholders and is likely to help them in decision making, increase the predictability of the quality of service, and allow appropriate proactive planning if needed before migrating to the cloud. To show the practicality of the proposed metric, we provide two case studies based on the available security information about two well-known cloud service providers (CSP). The results of these case studies demonstrated the effectiveness of the security index in determining the overall security level of a CSP with respect to the security preferences of cloud users.

AB - Cloud computing is an emerging computing model that provides numerous advantages to organizations (both service providers and customers) in terms of massive scalability, lower cost, and flexibility, to name a few. Despite these technical and economical advantages of cloud computing, many potential cloud consumers are still hesitant to adopt cloud computing due to security and privacy concerns. This paper describes some of the unique cloud computing security factors and subfactors that play a critical role in addressing cloud security and privacy concerns. To mitigate these concerns, we develop a security metric tool to provide information to cloud users about the security status of a given cloud vendor. The primary objective of the proposed metric is to produce a security index that describes the security level accomplished by an evaluated cloud computing vendor. The resultant security index will give confidence to different cloud stakeholders and is likely to help them in decision making, increase the predictability of the quality of service, and allow appropriate proactive planning if needed before migrating to the cloud. To show the practicality of the proposed metric, we provide two case studies based on the available security information about two well-known cloud service providers (CSP). The results of these case studies demonstrated the effectiveness of the security index in determining the overall security level of a CSP with respect to the security preferences of cloud users.

UR - http://www.scopus.com/inward/record.url?scp=84926177163&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84926177163&partnerID=8YFLogxK

U2 - 10.1145/2701126.2701226

DO - 10.1145/2701126.2701226

M3 - Conference contribution

AN - SCOPUS:84926177163

T3 - ACM IMCOM 2015 - Proceedings

BT - ACM IMCOM 2015 - Proceedings

PB - Association for Computing Machinery, Inc

ER -

Rizvi SS, Ryoo J, Kissell J, Aiken B. A stakeholder-oriented assessment index for cloud security auditing. In ACM IMCOM 2015 - Proceedings. Association for Computing Machinery, Inc. 2015. a55. (ACM IMCOM 2015 - Proceedings). https://doi.org/10.1145/2701126.2701226