Advertisement

Security Issues to Cloud Computing

  • Cyril Onwubiko
Chapter
Part of the Computer Communications and Networks book series (CCN)

Abstract

With the growing adoption of cloud computing as a viable business proposition to reduce both infrastructure and operational costs, an essential requirement is to provide guidance on how to manage information security risks in the cloud. In this chapter, security risks to cloud computing are discussed, including privacy, trust, control, data ownership, data location, audits and reviews, business continuity and disaster recovery, legal, regulatory and compliance, security policy and emerging security threats and attacks. Finally, a cloud computing framework and information asset classification model are proposed to assist cloud users when choosing cloud delivery services and deployment models on the basis of cost, security and capability requirements.

Keywords

Cloud Computing Cloud Service Security Requirement Cloud Provider Public Cloud 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Mell P, Grance T (2009) Draft NIST working definition of cloud computing. http://csrc.nist.gov/groups/SNS/cloud-computing/index.html. Accessed 16 Sept 2009Google Scholar
  2. 2.
    Mell P, Grance T (2009, August 12) Effectively and securely using the cloud computing paradigm, NISTGoogle Scholar
  3. 3.
    Kaufman LM (2009 July/August) Data security in the world of cloud computing. IEEE Sec Priv 7(4):61–64CrossRefGoogle Scholar
  4. 4.
    Greenfield T (2009) Cloud computing in a military context – Beyond the Hype, Defense Information Systems Agency (DISA), DISA Office of the CTO. http://www.govinfosecurity.com/regulations.php?reg_id = 1432. Accessed 20 Sept 2009Google Scholar
  5. 5.
    NBC Federal Cloud Playbook (2009) National business center, Department of the Interior, Washington DC. http://cloud.nbc.gov/PDF/NBC%20Cloud%20White%20Paper%20Final%20(Web%20Res).pdf. Accessed 23 Sept 2009Google Scholar
  6. 6.
    Microsoft Azure Services, http://www.microsoft.com/azure/services.mspx. Accessed 23 Sept 2009
  7. 7.
    Gellman R (2009) Privacy in the clouds: risks to privacy and confidentiality from cloud computing. http://www.worldprivacyforum.org/pdf/WPF_Cloud_Privacy_Report.pdf. Accessed 17 Sept 2009Google Scholar
  8. 8.
    Claburn T (2009) Google Apps contract in LA hits security Headwind, http://www.informationweek.com/news/showArticle.jhtml?articleID=218501443. InformationWeek. Accessed 20 July 2009Google Scholar
  9. 9.
    Onwubiko C, Lenaghan A (2009, March) Challenges and complexities of managing information security. Int J Elect Sec Digit Forensic IJESDF 3(2). ISSN (Online): 1751-9128 – ISSN (Print): 1751-911XGoogle Scholar
  10. 10.
    Safe Harbour (1998) European commission’s directive on data privacy and protection legislation, http://www.export.gov/safeharbor/SafeHarborInfo.htm. Accessed 17 Sept 2009Google Scholar
  11. 11.
    Onwubiko C (2008) Security framework for attack detection in computer networks. VDM Verlag, GermanyGoogle Scholar
  12. 12.
    Cloud Security Alliance (2009), http://www.cloudsecurityalliance.org/. Accessed 19 Sept 2009
  13. 13.
    Cloud Computing Interoperability Forum (2009), http://www.cloudforum.org/. Accessed 17 Sept 2009
  14. 14.
    SB-1386, The California Security Breach Information Act (2002) SB1386 amending civil codes 1798.29, 1798.82 and 1798.84. http://en.wikipedia.org/wiki/SB_1386. Accessed 20 Sept 2009
  15. 15.
    Onwubiko C (2009), A security audit framework for security management in the enterprise. Commun Inform Sci 45:9–17, Springer. ISSN 1865-0929 (Print) 1865-0937 (Online)CrossRefGoogle Scholar
  16. 16.
    Chaput SR (2009) Compliance and audit, security guidance for critical areas of focus in cloud computing, Cloud Security AllianceGoogle Scholar
  17. 17.
    Cohen R (2009) Lightning knocks out amazon’s compute cloud. Cloud Comput J. http://cloudcomputing.sys-con.com/node/998582. Accessed 11 June 2009Google Scholar
  18. 18.
    Viega J (August 2009) Cloud computing and the common man. IEEE Comput 42(8):106–108CrossRefGoogle Scholar
  19. 19.
    Ristenpart T, Tromer E, Shacham H, Savage S (2009) Hay, you, get off of my cloud: exploring information leakage in third-party compute clouds. ACM Computer Communications Security Conference CCS’09, November 2009Google Scholar
  20. 20.
    Cheesbrough P (2008, Dec) Into the cloud, lessons from the early adopters of cloud computing. Information AgeGoogle Scholar
  21. 21.
    Youseff L et al. (2009) Toward a unified ontology of cloud computing. http://www.cs.ucsb.edu/~lyouseff/CCOntology/CloudOntology.pdf Accessed 15 Sept 2009Google Scholar
  22. 22.
    OpenCrowd (2009) The OpenCrowd cloud taxonomy. http://www.opencrowd.com/views/cloud.php. Accessed 26 Sept 2009Google Scholar
  23. 23.
    Pfleeger SL (May/June 2009) Useful cybersecurity metrics. IEE IT Pro J 11(3):38–45CrossRefGoogle Scholar

Copyright information

© Springer London 2010

Authors and Affiliations

  1. 1.Security & Information AssuranceResearch Series LimitedEssexUK

Personalised recommendations