Cloud computing is a revolutionary breakthrough in computing technology. It allows businesses to supply their customers with a seemingly endless amount of resources on demand, so long as they are willing to pay for it. From a business perspective, cloud computing is revolutionizing profitability. From a security standpoint, cloud computing presents an alarming amount of risk to customer data. When customers make purchases, they transfer data to a Cloud Service Provider (CSP), but are unable to evaluate which CSP has sufficient security controls to protect their sensitive data. The Cloud Security Alliance (CSA) is an organization whose mission is to suggest best practice security controls and guidelines for CSPs to follow. The CSA provides a questionnaire or risk assessment, known as the Consensus Assessment Initiative Questionnaire (CAIQ) for CSPs to fill out in order to gauge their level of security within their organization. The CSPs access these questionnaires from the CSA's STAR (Security Trust and Assurance Registry) database. This allows for CSUs to base their level of trust in a specific organization on these assessments. However, there is no way for the CSA to validate that the CSP's responses to the questionnaire are accurate. This paper presents a framework that uses a third-party auditor (TPA) to review, audit, and validate the CAIQ responses stored in the STAR repository. Our framework provides a specific group of auditors that can be used to evaluate and validate the security controls of CSPs. Therefore, the primary objective of this research is to formulate the mechanism by which the appropriate auditor(s) can be chosen by the TPA and create a verification system in which CSUs may finally put their trust in.
[1]
Harry G. Perros,et al.
A novel trust management framework for multi-cloud environments based on trust service providers
,
2014,
Knowl. Based Syst..
[2]
Yury Chemerkin.
Increasing Security Guidelines' Framework Efficiency
,
2013
.
[3]
Max Mühlhäuser,et al.
Towards a trust management system for cloud computing marketplaces: using CAIQ as a trust information source
,
2014,
Secur. Commun. Networks.
[4]
Reijo Savola,et al.
Trust and Cloud Services - An Interview Study
,
2010,
2010 IEEE Second International Conference on Cloud Computing Technology and Science.
[5]
Max Mühlhäuser,et al.
A Trust-Aware Framework for Evaluating Security Controls of Service Providers in Cloud Marketplaces
,
2013,
2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.
[6]
Guiran Chang,et al.
Surveying and Analyzing Security, Privacy and Trust Issues in Cloud Computing Environments
,
2011
.
[7]
Jungwoo Ryoo,et al.
A centralized trust model approach for cloud computing
,
2014,
2014 23rd Wireless and Optical Communication Conference (WOCC).
[8]
Bing Zeng,et al.
Information Technology and Quantitative Management ( ITQM 2013 ) A trust evaluation model for cloud computing
,
2013
.
[9]
Jemal H. Abawajy,et al.
Enhancing trust management in cloud environment
,
2014
.