Cloud Security Risk Management: A Critical Review

Cloud computing has created a remarkable paradigm shift in the IT industry and brought several advantages such as on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. These advantages enabled cloud to have significant impact on different sectors of smart cites. However, cloud adoption has increased the sophistication of the ever changing security risks which frustrate enterprises on expanding their on-premises infrastructure towards cloud horizons. These risks have the potential of being a major concern for smart cities due to the increasing impact of cloud on them. Managing these security risks requires adopting effective risk management method which involve both the cloud service provider and the customer. The risk management frameworks currently applied to manage enterprise IT risks do not readily fit the cloud environment and the dynamic nature of clouds, which are characterized by on demand self-service and rapid elasticity. Therefore, researchers have proposed different cloud security risk management methods and frameworks. This paper critically reviews these risk management methods and frameworks. In addition, it conducts critical analysis on two of them using qualitative content analysis technique, and evaluates their effectiveness for assessing and mitigating cloud security risks.

[1]  Johan Van Niekerk,et al.  Assessing information security culture: A critical analysis of current approaches , 2012, 2012 Information Security for South Africa.

[2]  Xuejie Zhang,et al.  Information Security Risk Management Framework for the Cloud Computing Environments , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[3]  Katina Michael Securing the Cloud: Cloud Computer Security Techniques and Tactics , 2012, Comput. Secur..

[4]  Daniel E. Geer,et al.  Information security is information risk management , 2001, NSPW '01.

[5]  Karim Djemame,et al.  A Risk Assessment Framework and Software Toolkit for Cloud Service Ecosystems , 2011, CLOUD 2011.

[6]  Hans Schaffers,et al.  Developing a Policy Roadmap for Smart Cities and the Future Internet , 2011 .

[7]  S Drissi,et al.  Survey: Risk Assessment for Cloud Computing , 2013 .

[8]  Hala Alrumaih,et al.  A Comparison Study of Information Security Risk Management Frameworks in Cloud Computing , 2015, IEEE CLOUD 2015.

[9]  Li Zhao,et al.  A Cloud-Based Car Parking Middleware for IoT-Based Smart Cities: Design and Implementation , 2014, Sensors.

[10]  Jordi Guitart,et al.  Business-driven management of infrastructure-level risks in Cloud providers , 2014, Future Gener. Comput. Syst..

[11]  Kristian Beckers,et al.  Pattern-Based Support for Context Establishment and Asset Identification of the ISO 27000 in the Field of Cloud Computing , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[12]  Jean-Henry Morin,et al.  Towards Cloud Computing SLA Risk Management: Issues and Challenges , 2012, 2012 45th Hawaii International Conference on System Sciences.

[13]  Norbik Bashah Idris,et al.  Security risk assessment framework for cloud computing environments , 2014, Secur. Commun. Networks.

[14]  Tim Mather,et al.  Cloud Security and Privacy - An Enterprise Perspective on Risks and Compliance , 2009, Theory in practice.

[15]  Adil M. Hammadi,et al.  A Framework for SLA Assurance in Cloud Computing , 2012, 2012 26th International Conference on Advanced Information Networking and Applications Workshops.

[16]  Ben Walters,et al.  QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[17]  Ahmed Z. Emam,et al.  A Review of Security Risk Assessment Methods in Cloud Computing , 2014, WorldCIST.

[18]  Mario Macías,et al.  Toward business-driven risk management for Cloud computing , 2010, 2010 International Conference on Network and Service Management.

[19]  Sugata Sanyal,et al.  A Survey on Security Issues in Cloud Computing , 2011, 1109.5388.

[20]  O. KuyoroS.,et al.  Cloud computing security issues and challenges , 2011 .

[21]  Hiroyuki Sato,et al.  Risk Management on the Security Problem in Cloud Computing , 2011, 2011 First ACIS/JNU International Conference on Computers, Networks, Systems and Industrial Engineering.

[22]  T. Aaron Gulliver,et al.  Safeguarding the Cloud: An Effective Risk Management Framework for Cloud Computing Services , 2014 .

[23]  Wei Zhao,et al.  A risk management framework for cloud computing , 2012, 2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems.

[24]  Katarzyna Nowicka,et al.  Smart City Logistics on Cloud Computing Model , 2014 .

[25]  G. S. Bindra,et al.  Cloud security: Analysis and risk management of VM images , 2012, 2012 IEEE International Conference on Information and Automation.

[26]  Norbik Bashah Idris,et al.  Traditional Security Risk Assessment Methods in Cloud Computing Environment: Usability Analysis , 2014 .

[27]  Alan Calder,et al.  Information Security Risk Management for ISO27001/ISO27002 , 2010 .

[28]  Avita Katal,et al.  Enhanced Security Framework for Cloud Computing , 2013 .