Utilizing Third Party Auditing to Manage Trust in the Cloud

Syed S. Rizvi, Kelsey Karpinski, Brennen Kelly, Taryn Walker

Research output: Contribution to journalConference article

9 Scopus citations

Abstract

Recent trends within the IT industry have led to a tectonic shift in the way organizations utilize information systems to yield maximum efficiency. Cloud computing is the cornerstone of the aforementioned paradigm permutation. Information security, however, continues to dominate discussion on how organizations can utilize the efficiency of the cloud, while simultaneously maintaining end-user privacy and trust. The advent of cloud computing has likewise brought with it a multitude of new and exciting concepts that can complicate security demands exponentially. These security demands must be met to ensure user trust. Multi-tenancy is a cloud computing concept that is at the forefront of information security concerns in the 21st century computing environment. Current Multi-tenancy models fail to provide adequate security measures by blindly multiplexing various unknown users, whose intentions can be hostile, with reputable cloud service users. In this paper, we propose a novel security auditing framework to establish the user trust by (a) allowing the cloud service users (CSUs) to provide their security preferences with the desired cloud services, (b) providing a conceptual mechanism to validate the security controls and internal security policies of cloud service providers (CSPs) published in the CSA's (Cloud Security Alliance) Security Trust and Assurance Registry (STAR) database, and (c) maintaining a database of CSPs along with their responses to the Consensus Assessments Initiative Questionnaire (CAIQ) as well as the certificates issued by the certificate authorities. Thus, our proposed framework facilitates the CSUs in choosing a trustworthy CSP by empowering them to select an appropriate security preferences and services.

Original languageEnglish (US)
Pages (from-to)191-197
Number of pages7
JournalProcedia Computer Science
Volume61
DOIs
StatePublished - Jan 1 2015
EventComplex Adaptive Systems, 2015 - San Jose, United States
Duration: Nov 2 2015Nov 4 2015

All Science Journal Classification (ASJC) codes

  • Computer Science(all)

Fingerprint Dive into the research topics of 'Utilizing Third Party Auditing to Manage Trust in the Cloud'. Together they form a unique fingerprint.

  • Cite this