Towards a Service Lifecycle Based Methodology for Risk Assessment in Cloud Computing

The principles of risk management have been introduced in grid computing to help document and anticipate certain risks and manage them to ensure job executions are successful. Clouds are more complex environments with further concerns like risk, trust, eco-efficiency, green, security or cost. In this paper we present ongoing research work to analyze and address the risk factor in clouds with the aim of optimizing cloud services. The main contribution of this work is the presentation of a methodology for performing risk assessment in cloud environments including the target use cases, risk identification, mitigation and monitoring. Together with the corresponding mitigation strategies, the methodology provides technological assurance that will lead to a high confidence of Cloud service consumers on one side, and a cost effective and reliable productivity of cloud Service/Infrastructure Providers on the other side. The design of the risk assessment framework and its software toolkit implementation are part of the research and development work of the OPTIMIS (Optimized Infrastructure Services) project whose objective is to enable an open and dependable Cloud Service Ecosystem that delivers IT services that are adaptable, reliable, auditable and sustainable both ecologically and economically. The paper presents some preliminary results on the risk assessment of a Service/Infrastructure Provider at the cloud service deployment stage.

[1]  Benoit Hudzia,et al.  Future Generation Computer Systems Optimis: a Holistic Approach to Cloud Service Provisioning , 2022 .

[2]  Xuejie Zhang,et al.  Information Security Risk Management Framework for the Cloud Computing Environments , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[3]  John A. Zachman,et al.  A Framework for Information Systems Architecture , 1987, IBM Syst. J..

[4]  Liang-Jie Zhang,et al.  An Insuanrance Model for Guranteeing Service Assurance, Integrity and QoS in Cloud Computing , 2010, 2010 IEEE International Conference on Web Services.

[5]  Roel Wieringa,et al.  Risk-based Confidentiality Requirements Specification for Outsourced IT Systems , 2010, 2010 18th IEEE International Requirements Engineering Conference.

[6]  Christer Carlsson,et al.  Risk Assessment of SLAs in Grid Computing with Predictive Probabilistic and Possibilistic Models , 2010, Preferences and Decisions.

[7]  Bernd Grobauer,et al.  Understanding Cloud Computing Vulnerabilities , 2011, IEEE Security & Privacy.

[8]  Karim Djemame,et al.  A Risk Assessment Framework and Software Toolkit for Cloud Service Ecosystems , 2011, CLOUD 2011.

[9]  Odej Kao,et al.  Risk Management in Grids , 2009 .

[10]  Mario Macías,et al.  Toward business-driven risk management for Cloud computing , 2010, 2010 International Conference on Network and Service Management.

[11]  Ben Walters,et al.  QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[12]  John A. Zachman,et al.  A Framework for Information Systems Architecture , 1987, IBM Syst. J..

[13]  R. Buyya,et al.  Market-Oriented Grid and Utility Computing , 2009 .

[14]  T. Grance,et al.  SP 800-144. Guidelines on Security and Privacy in Public Cloud Computing , 2011 .

[15]  Rajkumar Buyya,et al.  Integrated Risk Analysis for a Commercial Computing Service in Utility Computing , 2007, 2007 IEEE International Parallel and Distributed Processing Symposium.

[16]  Karim Djemame,et al.  Brokering of risk‐aware service level agreements in grids , 2011, Concurr. Comput. Pract. Exp..