Abstract
Security is a crucial issue in cloud computing especially since a lot of stakeholders worldwide are involved. Achieving an acceptable security level in cloud environments is much harder when compared to other traditional IT systems due to specific cloud characteristics like: architecture, openness, multi-tenancy etc. Conventional security mechanisms are no longer suitable for applications and data in the cloud, since new security requirements have emerged. Furthermore, there is a clear need for a trusted security audit method for cloud providers.
This paper identifies the security requirements that are specific to cloud computing and highlights how these requirements link to the cloud security policy while illustrating the structure of a General Security Policy Model. Furthermore, it proposes a method that can be adopted by cloud providers for auditing the security of their systems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
ISACA: Cloud computing: business benefits with security, governance and assurance perspectives. In: White Paper Information Systems Audit and Control Association (2009)
Brunette, G., Mogull, R.: Security guidance for critical areas of focus in cloud computing. Technical report, Cloud Security Alliance (2009)
Reddy, R.K., Reddy, S.P.K., Sireesha, G., Seshadri, U.: The security issues of cloud computing over normal & IT sector. Int. J. Adv. Res. Comput. Sci. Softw. Eng. 2(3), 62–69 (2012)
Ramgovid, S., Eloff, M.M., Smith, E.: The management of security in cloud computing. In: Proceedings of 2010 IEEE International Conference on Cloud Computing (2010)
Brodkin, J: Gartner: seven cloud-computing security risks. In: Infoworld (2008)
Georgiou, D., Lambrinoudakis, C.: A security policy for cloud providers the software-as-a-service-problem. In: The Ninth International Conference on Internet Monitoring and Protection ICIMP (2014)
Cloud Security Alliance: The notorious nine: cloud computing top threats in 2013 (2013). http://www.cloudsecurityalliance.org/topthreats/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Georgiou, D., Lambrinoudakis, C. (2015). Cloud Computing Security Requirements and a Methodology for Their Auditing. In: Katsikas, S., Sideridis, A. (eds) E-Democracy – Citizen Rights in the World of the New Computing Paradigms. e-Democracy 2015. Communications in Computer and Information Science, vol 570. Springer, Cham. https://doi.org/10.1007/978-3-319-27164-4_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-27164-4_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27163-7
Online ISBN: 978-3-319-27164-4
eBook Packages: Computer ScienceComputer Science (R0)