Data Analysis of Cloud Security Alliance's Security, Trust & Assurance Registry

The security of clients' applications on the cloud platforms has been of great interest. Security concerns associated with cloud computing are improving in both the domains; security issues faced by cloud providers and security issues faced by clients. However, security concerns still remain in domains like cloud auditing and migrating application components to cloud to make the process more secure and cost-efficient. To an extent, this can be attributed to a lack of detailed information being publicly present about the cloud platforms and their security policies. A resolution in this regard can be found in Cloud Security Alliance's Security, Trust, and Assurance Registry (STAR) which documents the security controls provided by popular cloud computing offerings. In this paper, we perform some descriptive analysis on STAR data in an attempt to comprehend the information publicly presented by different cloud providers. It is to help clients in more effectively searching and analyzing the required security information they need for the decision making process for hosting their applications on cloud. Based on the analysis, we outline some augmentations that can be made to STAR as well as certain specific design improvements for a cloud migration risk assessment framework.

[1]  Ali Sunyaev,et al.  Trust is Good, Control is Better: Creating Secure Clouds by Continuous Auditing , 2016, IEEE Transactions on Cloud Computing.

[2]  Max Mühlhäuser,et al.  Towards a trust management system for cloud computing marketplaces: using CAIQ as a trust information source , 2014, Secur. Commun. Networks.

[3]  Sanjay Kumar Madria,et al.  Off-Line Risk Assessment of Cloud Service Provider , 2014, 2014 IEEE World Congress on Services.

[4]  Sr. Principal Analyst IoT platforms : enabling the Internet of Things , 2016 .

[5]  Eduardo B. Fernández,et al.  Misuse patterns for cloud computing , 2011, AsianPLoP '11.

[6]  Valentina Casola,et al.  Automatically Enforcing Security SLAs in the Cloud , 2017, IEEE Transactions on Services Computing.

[7]  Frank Gens,et al.  Cloud Computing Benefits, risks and recommendations for information security , 2010 .

[8]  Muthu Ramachandran,et al.  Towards Achieving Data Security with the Cloud Computing Adoption Framework , 2016, IEEE Transactions on Services Computing.

[9]  Dimitris Plexousakis,et al.  Towards Knowledge-Based Assisted IaaS Selection , 2016, 2016 IEEE International Conference on Cloud Computing Technology and Science (CloudCom).

[10]  Neeraj Suri,et al.  Novel efficient techniques for real-time cloud security assessment , 2016, Comput. Secur..

[11]  Sanjay Kumar Madria,et al.  A secure data sharing and query processing framework via federation of cloud computing , 2015, Inf. Syst..

[12]  Jiqiang Liu,et al.  Selecting a trusted cloud service provider for your SaaS program , 2015, Comput. Secur..

[13]  Luigi Coppolino,et al.  Cloud security: Emerging threats and current solutions , 2017, Comput. Electr. Eng..

[14]  Anderson Santana de Oliveira,et al.  A risk assessment model for selecting cloud service providers , 2016, Journal of Cloud Computing.

[15]  Lillian. Rostad An extended misuse case notation: Including vulnerabilities and the insider threat , 2006 .

[16]  Ernesto Damiani,et al.  From Security to Assurance in the Cloud , 2015, ACM Comput. Surv..

[17]  Han-Chieh Chao,et al.  Privacy-Preserving Multikeyword Similarity Search Over Outsourced Cloud Data , 2017, IEEE Systems Journal.

[18]  Neeraj Suri,et al.  AHP-Based Quantitative Approach for Assessing and Comparing Cloud Security , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[19]  David M. Eyers,et al.  Twenty Security Considerations for Cloud-Supported Internet of Things , 2016, IEEE Internet of Things Journal.