A risk management framework for cloud computing

Although cloud computing has the advantages of cost-saving, efficiency and scalability, it also brings about many security issues. Because almost all software, hardware, and application data are deployed and stored in the cloud platforms, there is often the distrust between users and cloud suppliers. To resolve the problem, this paper proposes a risk management framework on the basis of the previous work. The framework consists of five components: user requirement self-assessment, cloud service providers desktop assessment, risk assessment, third-party agencies review, and continuous monitoring. By means of the framework, the cloud service suppliers can better understand the user's requirements, and the trust between the users and the suppliers is more easily acquired.

[1]  Hiroyuki Sato,et al.  Risk Management on the Security Problem in Cloud Computing , 2011, 2011 First ACIS/JNU International Conference on Computers, Networks, Systems and Industrial Engineering.

[2]  Jin Tong,et al.  US Government Cloud Computing Technology Roadmap , 2014 .

[3]  Hong Zhao,et al.  Data Security and Privacy Protection Issues in Cloud Computing , 2012, 2012 International Conference on Computer Science and Electronics Engineering.

[4]  Daniele Catteddu and Giles Hogben Cloud Computing. Benefits, risks and recommendations for information security , 2009 .

[5]  Xuejie Zhang,et al.  Information Security Risk Management Framework for the Cloud Computing Environments , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[6]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[7]  Xiaohong Yuan,et al.  Cloud computing and security challenges , 2012, ACM-SE '12.