Research output: Contribution to Journal/Magazine › Journal article › peer-review
Research output: Contribution to Journal/Magazine › Journal article › peer-review
}
TY - JOUR
T1 - Leveraging the Potential of Cloud Security Service-Level Agreements through Standards
AU - Luna, J.
AU - Suri, Neeraj
AU - Iorga, M.
AU - Karmel, A.
PY - 2015/5/1
Y1 - 2015/5/1
N2 - Despite the undisputed advantages of cloud computing, customers-in particular, small and medium enterprises (SMEs)-still need meaningful understanding of the security and risk-management changes that the cloud entails so they can assess whether this new computing paradigm meets their security requirements. This article presents a fresh view on this problem by surveying and analyzing, from the standardization and risk assessment perspective, the specification of security in cloud service-level agreements (secSLA) as a promising approach to empower customers in assessing and understanding cloud security. Apart from analyzing the proposed risk-based approach and surveying the relevant landscape, this article presents a real-world scenario to support the creation and adoption of secSLAs as enablers for negotiating, assessing, and monitoring the achieved security levels in cloud services.
AB - Despite the undisputed advantages of cloud computing, customers-in particular, small and medium enterprises (SMEs)-still need meaningful understanding of the security and risk-management changes that the cloud entails so they can assess whether this new computing paradigm meets their security requirements. This article presents a fresh view on this problem by surveying and analyzing, from the standardization and risk assessment perspective, the specification of security in cloud service-level agreements (secSLA) as a promising approach to empower customers in assessing and understanding cloud security. Apart from analyzing the proposed risk-based approach and surveying the relevant landscape, this article presents a real-world scenario to support the creation and adoption of secSLAs as enablers for negotiating, assessing, and monitoring the achieved security levels in cloud services.
KW - cloud
KW - metrics
KW - risk management
KW - security assessment
KW - SLA
KW - standards
KW - Clouds
KW - Distributed database systems
KW - Outsourcing
KW - Risk management
KW - Risk perception
KW - Standards
KW - Surveying
KW - Surveys
KW - Computing paradigm
KW - Real-world scenario
KW - Risk based approaches
KW - Security assessment
KW - Security requirements
KW - Small and medium enterprise
KW - Risk assessment
U2 - 10.1109/MCC.2015.52
DO - 10.1109/MCC.2015.52
M3 - Journal article
VL - 2
SP - 32
EP - 40
JO - IEEE Cloud Computing
JF - IEEE Cloud Computing
SN - 2325-6095
IS - 3
ER -