Cloud SSDLC: Cloud Security Governance Deployment Framework in Secure System Development Life Cycle

With the emergence of cloud computing, an increasingly greater number of innovative applications are being built on cloud computing platforms (e.g., Elastic Compute Cloud by Amazon, Windows Azure by Microsoft, and Cloud Foundry by VMware). However, these cloud applications are also prone to risks and potential vulnerabilities in their system life cycle. In this study, a cloud security self-governance deployment framework is proposed from the system development life cycle perspective (Cloud SSDLC), and especially from government and industry perspectives. The cloud SSDLC incorporates the secure system development life cycle (SSDLC), cloud security critical domain guidelines, and risk considerations. According to the SSDLC, there are five main phases in Cloud SSDLC: initiation, development, implementation, operation, and destruction. Furthermore, critical cloud security domains and corresponding risks are integrated into each phase. From the industry and government perspective, different cases are used to demonstrate practical usage and legal issues in the proposed Cloud SSDLC. The main contribution is the provision of a framework to connect the SSDLC and cloud computing paradigm for enhancing cloud applications.