Cloud Security Assessment: Practical Method for Organization’s Assets Migration to the Cloud

  • Ronivon CostaEmail author
  • Carlos Serrão
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 454)


New organizations wanting to surf the Cloud wave face one big challenge, which is how to evaluate how its business will be impacted. Currently, there is no mutually accepted methodology to allow the verification of this information, or to compare security between the organization’s systems before and after migrating their resources to a Cloud. In this paper the authors discuss the implications of assessing Cloud security and how to compare two different environment’s security in a way to provide enough resources for management to take decisions about migrating or not their systems to a remote datacenter. A practical method is proposed to assess and compare the organization system security before and after migration to a Cloud.


Cloud security Security assessment OSSTMM 3 Rav 


  1. 1.
    Reuters: Amazon wins key cloud security clearance from government.
  2. 2.
    Herzog, P.: OSSTMM 3 – The Open Source Security Testing Methodology Manual – Contemporary Security Test and Analysis. Institute for Security and Open Methodologies (ISECOM) (2010)Google Scholar
  3. 3.
    European Network and Information Security Agency (ENISA): Cloud: Benefits, risks and recommendations for information security.
  4. 4.
    Yildiz, M., Abawajy, J., Ercan, T., Bernoth, A.: A layered security approach for cloud computing infrastructure. In: 2009 10th International Symposium on Pervasive Systems Algorithms, and Networks, pp. 763–767. IEEE 978-0-7695-3908-9/09 (2009)Google Scholar
  5. 5.
    Cloud Security Alliance: Security Guidance for Critical Areas of Focus in Cloud Computing V2.1.
  6. 6.
    U.S. Chief Information Officer: Proposed Security Assessment and Authorization for U.S. Government Cloud Computing.
  7. 7.
  8. 8.
    Herzog, P.: Analyzing the Biggest Bank Robbery in History: Lessons in OSSTMM Analysis. Banking Magazine, 2/2011.
  9. 9.
    Grobauer, B., Walloschek, T., Stöcker, E.: Understanding cloud computing vulnerabilities. IEEE Secur. Priv. 9(2), 50–57 (2011). doi: 10.1109/MSP.2010.115 CrossRefGoogle Scholar
  10. 10.
    Hiroyuki, S., Shigeaki, T., Atsushi, K.: Building a security aware cloud by extending internal control to cloud. In: 2011 Tenth International Symposium on Autonomous Decentralized Systems, pp. 323–326. IEEE 978-0-7695-4349-9/11 (2011)Google Scholar
  11. 11.
    CERT: 2011 CyberSecurityWatch Survey - How Bad Is the Insider Threat? Carnegie Mellon University.
  12. 12.
    Krutz, R., Vines, R.: Cloud Security: A Comphrehensive Guide to Secure Cloud Computing. Wiley Publishing, Indianápolis (2010)Google Scholar
  13. 13.
    Wilhelm, T.: Professional Penetration Testing. Elsevier Inc, Burlington (2010)Google Scholar
  14. 14.
    MacClure, S., Scambray, J., Kurtz, G.: Hacking Exposed: Network Security Secrets and Solutions. Oxborne, California (1999)Google Scholar
  15. 15.
    Cloud Security Alliance: Consensus Assessments Initiative.
  16. 16.
    Mell, P., Grance, T.: The NIST Definition of Cloud Computing. NIST Special Publication 800–145. National Institute of Standards and Technology – U.S Department of Commerce. (2011)

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  1. 1.VANTISPorto SalvoPortugal
  2. 2.ISCTE-IUL/ADETTI-IULLisbonPortugal

Personalised recommendations