A Security Risk Assessment Model for Business Process Deployment in the Cloud

Managing security risks on information systems is essential to guarantee their security while handling costs. However, the complexity of risk assessments is greatly increased when data is spread on multiple environments. In this paper we present a security risk assessment model for distributing business processes in a multi-cloud environment. We aim at offering the full power of cloud computing to composite applications while shielding companies from the complexity related to security risk assessments in the Cloud. We also want to give them the capability to automatically generate secure and cost-effective applications across multiple clouds. Our approach is based on existing risk assessment methodologies, while using the industry recognized IT standards.

[1]  James A. Thom,et al.  Cloud Computing Security: From Single to Multi-clouds , 2012, 2012 45th Hawaii International Conference on System Sciences.

[2]  Raimundas Matulevicius,et al.  A taxonomy for assessing security in business process modelling , 2013, IEEE 7th International Conference on Research Challenges in Information Science (RCIS).

[3]  Jin Tong,et al.  NIST Cloud Computing Reference Architecture , 2011, 2011 IEEE World Congress on Services.

[4]  Claude Godart,et al.  Partitioning and Cloud Deployment of Composite Web Services under Security Constraints , 2013, 2013 IEEE International Conference on Cloud Engineering (IC2E).

[5]  Jan Jürjens,et al.  Securing Processes for Outsourcing into the Cloud , 2012, CLOSER.

[6]  Claude Godart,et al.  A Flexible Approach for Automatic Process Decentralization Using Dependency Tables , 2009, 2009 IEEE International Conference on Web Services.

[7]  Andreas Wespi,et al.  Elevating the Discussion on Security Management: The Data Centric Paradigm , 2007, 2007 2nd IEEE/IFIP International Workshop on Business-Driven IT Management.

[8]  Frank Teuteberg,et al.  Costing of Cloud Computing Services: A Total Cost of Ownership Approach , 2012, 2012 45th Hawaii International Conference on System Sciences.

[9]  Insup Lee,et al.  Towards a data-centric view of cloud security , 2010, CloudDB '10.

[10]  Lutz Lowis,et al.  A Risk Based Approach for Selecting Services in Business Process Execution , 2009, Wirtschaftsinformatik.

[11]  Nicolas Mayer,et al.  Model-based Management of Information System Security Risk , 2012 .

[12]  Nicolas Mayer,et al.  A general approach for a trusted deployment of a business process in clouds , 2013, MEDES.

[13]  Frank Leymann,et al.  Moving Applications to the Cloud: an Approach Based on Application Model Enrichment , 2011, Int. J. Cooperative Inf. Syst..

[14]  Daniele Catteddu and Giles Hogben Cloud Computing. Benefits, risks and recommendations for information security , 2009 .

[15]  Jörg Schwenk,et al.  Security Prospects through Cloud Computing by Adopting Multiple Clouds , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[16]  Raimundas Matulevicius,et al.  Towards Definition of Secure Business Processes , 2012, CAiSE Workshops.

[17]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[18]  Paul Watson A multi-level security model for partitioning workflows over federated clouds , 2011, 2011 IEEE Third International Conference on Cloud Computing Technology and Science.

[19]  François Charoy,et al.  Alignment and Change Propagation between Business Processes and Service-Oriented Architectures , 2013, 2013 IEEE International Conference on Services Computing.

[20]  Wil M. P. van der Aalst,et al.  Supporting Risk-Informed Decisions during Business Process Execution , 2013, CAiSE.

[21]  Marlon Dumas,et al.  Optimized decentralization of composite web services , 2010, 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2010).