Impact of Critical Infrastructure Requirements on Service Migration Guidelines to the Cloud

A high level of information security in critical infrastructure IT systems and services has to be preserved when migrating their IT services to the cloud. Often various legislative and security constraints have to be met in line with best practice guidelines and international standards to perform the migration. To support the critical infrastructure providers in migrating their services to the cloud we are developing a process based migration guideline for critical infrastructure providers focusing on information security. First of all we investigate, via questionnaires, how the importance of individual security topics covered in such guidelines differentiates between industry stakeholders and critical infrastructure providers. This supports the selection of relevant security topics and the considered guidelines and standards, which we survey in search for common relevant security topics. Subsequently we present the analysis of the above-mentioned security requirements and how they affect a here developed taxonomy for a process-based security guideline. Furthermore we present potential service migration use cases and how our methodology would affect the migration of secure critical infrastructure services.

[1]  Andrzej Bialas,et al.  IT Security Development , 2005 .

[2]  Jean-Henry Morin,et al.  Towards Cloud Computing SLA Risk Management: Issues and Challenges , 2012, 2012 45th Hawaii International Conference on System Sciences.

[3]  Balachandra Reddy Kandukuri,et al.  Cloud Security Issues , 2009, 2009 IEEE International Conference on Services Computing.

[4]  Christian Wagner,et al.  Categorization of Standards, Guidelines and Tools for Secure System Design for Critical Infrastructure IT in the Cloud , 2014, 2014 IEEE 6th International Conference on Cloud Computing Technology and Science.

[5]  T. Grance,et al.  SP 800-144. Guidelines on Security and Privacy in Public Cloud Computing , 2011 .

[6]  Richard Piggin,et al.  Are industrial control systems ready for the cloud? , 2015, Int. J. Crit. Infrastructure Prot..

[7]  Dominic Betts,et al.  Moving Applications to the Cloud on Windows Azure , 2013 .

[8]  Frank Leymann,et al.  Service Migration Patterns -- Decision Support and Best Practices for the Migration of Existing Service-Based Applications to Cloud Environments , 2013, 2013 IEEE 6th International Conference on Service-Oriented Computing and Applications.

[9]  Steve Lipner,et al.  Security development lifecycle , 2010, Datenschutz und Datensicherheit - DuD.

[10]  Rajkumar Buyya,et al.  Article in Press Future Generation Computer Systems ( ) – Future Generation Computer Systems Cloud Computing and Emerging It Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility , 2022 .

[11]  Rajkumar Buyya,et al.  Market-Oriented Cloud Computing: Vision, Hype, and Reality of Delivering Computing as the 5th Utility , 2009, 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid.

[12]  Ying Li,et al.  Effort Estimation in Cloud Migration Process , 2013, 2013 IEEE Seventh International Symposium on Service-Oriented System Engineering.

[13]  Madjid Merabti,et al.  Secure Cloud Computing for Critical Infrastructure: A Survey , 2012 .

[14]  Raouf Boutaba,et al.  Cloud computing: state-of-the-art and research challenges , 2010, Journal of Internet Services and Applications.

[15]  Ian Sommerville,et al.  Decision Support Tools for Cloud Migration in the Enterprise , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[16]  Hong Zhao,et al.  Data Security and Privacy Protection Issues in Cloud Computing , 2012, 2012 International Conference on Computer Science and Electronics Engineering.

[17]  Gregory A. Witte,et al.  Framework for Improving Critical Infrastructure Cybersecurity | NIST , 2014 .

[18]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[19]  Sherali Zeadally,et al.  Critical infrastructure protection: Requirements and challenges for the 21st century , 2015, Int. J. Crit. Infrastructure Prot..

[20]  M. A. C. Dekker Critical Cloud Computing. A CIIP perspective on cloud computing services , 2013 .

[21]  Richard Kissel,et al.  SP 800-64 Rev. 2. Security Considerations in the System Development Life Cycle , 2008 .

[22]  Jörg Schwenk,et al.  On Technical Security Issues in Cloud Computing , 2009, 2009 IEEE International Conference on Cloud Computing.

[23]  Claus Pahl,et al.  Cloud Migration Research: A Systematic Review , 2013, IEEE Transactions on Cloud Computing.

[24]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[25]  Cumberland Emergency,et al.  Framework for Improving Critical Infrastructure Cybersecurity News From Down Under , 2014 .

[26]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[27]  William H. Money,et al.  Service Migration in a Cloud Architecture , 2011, 2011 44th Hawaii International Conference on System Sciences.

[28]  Ian Sommerville,et al.  Cloud Migration: A Case Study of Migrating an Enterprise IT System to IaaS , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[29]  Tharam S. Dillon,et al.  Cloud Computing: Issues and Challenges , 2010, 2010 24th IEEE International Conference on Advanced Information Networking and Applications.

[30]  Andrew Warfield,et al.  Cloud security: a gathering storm , 2014, CACM.

[31]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.