New Governance Framework to Secure Cloud Computing

Cloud computing is enabling proper, on-demand network access to a shared pool of computing resources that is elastic in reserve and release with minimal interaction from cloud service provider. As cloud gains maturity, cloud service providers are becoming more competitive, which increase the percentage of cloud adoption. But security remains the most cited challenge in Cloud. So, while we are progressing in cloud adoption, we have to define key elements of our cloud strategy and governance. Governance is about applying policies relating to used services. Therefore, it has to include the techniques and policies that measure and control how we manage cloud. In this paper, we develop an innovative governance model. We changed and tuned the Guo, Z., Song, M. and Song, J governance model from theoretical model into practical model using Cloud Control Matrix (CCM). But, governance model alone will not allow us to bridge the gap between control requirements, technical issues and business risks. As a result, we introduce a new Cloud governance framework using the processes on the new Cloud governance model and controls in CCM. The Framework focuses on using business drivers to guide cloud governance activities while considering cloud risks as part of the organization’s risk management processes.

[1]  Borko Furht,et al.  Handbook of Cloud Computing , 2010 .

[2]  Jean-Henry Morin,et al.  Towards Cloud Computing SLA Risk Management: Issues and Challenges , 2012, 2012 45th Hawaii International Conference on System Sciences.

[3]  Shamsul Sahibuddin,et al.  Combining ITIL, COBIT and ISO/IEC 27002 in Order to Design a Comprehensive IT Framework in Organizations , 2008, 2008 Second Asia International Conference on Modelling & Simulation (AMS).

[4]  Meina Song,et al.  Notice of Retraction A Governance Model for Cloud Computing , 2010, MASS 2010.

[5]  Gadadhar Sahoo,et al.  Cloud Computing: Future Framework for e-Governance , 2010 .

[6]  Yong Zhao,et al.  Cloud Computing and Grid Computing 360-Degree Compared , 2008, GCE 2008.

[7]  Yu Guo,et al.  A trusted computing environment model in cloud architecture , 2010, 2010 International Conference on Machine Learning and Cybernetics.

[8]  Hans P. Borgman,et al.  Cloudrise: Exploring Cloud Computing Adoption and Governance with the TOE Framework , 2013, 2013 46th Hawaii International Conference on System Sciences.

[9]  Teodor-Florin Fortis,et al.  From Cloud Governance to IoT Governance , 2013, 2013 27th International Conference on Advanced Information Networking and Applications Workshops.

[10]  K. Popovic,et al.  Cloud computing security issues and challenges , 2010, The 33rd International Convention MIPRO.

[11]  Isaca IT Control Objectives for Cloud Computing: Controls and Assurance in the Cloud , 2011 .

[12]  Hans P. Borgman,et al.  Cloudrise: Opportunities and Challenges for IT Governance at the Dawn of Cloud Computing , 2012, 2012 45th Hawaii International Conference on System Sciences.

[13]  Marin Litoiu,et al.  Deployment of Services in a Cloud Subject to Memory and License Constraints , 2009, 2009 IEEE International Conference on Cloud Computing.

[14]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[15]  Lech J. Janczewski,et al.  Governance Life Cycle Framework for Managing Security in Public Cloud: From User Perspective , 2011, 2011 IEEE 4th International Conference on Cloud Computing.