Much Ado about Security Appeal: Cloud Provider Collaborations and Their Risks

The lack of capacity, unplanned outages of sub-contractors, a disaster recovery plan, acquisitions, or other financial goals may force cloud providers to enter into collaborations with other cloud providers. However, the cloud provider is not always fully aware of the security level of a potential collaborative cloud provider. This can lead to security breaches and customers' data leakage, ending in court cases and financial penalties. In our paper, we analyze different types of cloud collaborations with respect to their security concerns and discuss possible solutions. We also outline trusted security entities as a feasible approach for managing security governance risks and propose our security broker solution for ad hoc cloud collaborations. Our work provides support in the cloud provider selection process and can be used by cloud providers as a foundation for their initial risk assessment.

[1]  M. Markel,et al.  Multinational data-privacy laws: an introduction for IT managers , 2004, IEEE Transactions on Professional Communication.

[2]  Ming-Der Yang,et al.  Legal issues on public access to remote sensing data in Taiwan , 2005, Proceedings. 2005 IEEE International Geoscience and Remote Sensing Symposium, 2005. IGARSS '05..

[3]  Zhengping Wu,et al.  Alignment of Authentication Information for Trust Federation , 2007, 2007 Eleventh International IEEE EDOC Conference Workshop.

[4]  Stefan Berger,et al.  Security for the cloud infrastructure: Trusted virtual data center implementation , 2009, IBM J. Res. Dev..

[5]  Christoph Meinel,et al.  A message meta model for federated authentication in service-oriented architectures , 2009, 2009 IEEE International Conference on Service-Oriented Computing and Applications (SOCA).

[6]  José A. B. Fortes,et al.  Sky Computing , 2009, IEEE Internet Computing.

[7]  Balachandra Reddy Kandukuri,et al.  Cloud Security Issues , 2009, 2009 IEEE International Conference on Services Computing.

[8]  David Bernstein,et al.  Intercloud Security Considerations , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[9]  Bin Wang,et al.  Identity Federation Broker for Service Cloud , 2010, 2010 International Conference on Service Sciences.

[10]  Siani Pearson,et al.  Privacy, Security and Trust Issues Arising from Cloud Computing , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[11]  Ali Dehghantanha,et al.  A Guideline to Enforce Data Protection and Privacy Digital Laws in Malaysia , 2010, 2010 Second International Conference on Computer Research and Development.

[12]  Mario Golling,et al.  Security management spectrum in future multi-provider Inter-Cloud environments — Method to highlight necessary further development , 2011, 2011 5th International DMTF Academic Alliance Workshop on Systems and Virtualization Management: Standards and the Cloud (SVM).

[13]  Martin Gilje Jaatun,et al.  Security SLAs for Federated Cloud Services , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[14]  Jacques Fayolle,et al.  An Identity-Centric Internet: Identity in the Cloud, Identity as a Service and Other Delights , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[15]  Ronald S. Ross,et al.  Guide for security-focused configuration management of information systems , 2011 .

[16]  Paul Watson A multi-level security model for partitioning workflows over federated clouds , 2011, 2011 IEEE Third International Conference on Cloud Computing Technology and Science.

[17]  P. Mell,et al.  SP 800-145. The NIST Definition of Cloud Computing , 2011 .

[18]  Mark Anderson,et al.  Understanding the Complexity Surrounding Multitenancy in Cloud Computing , 2011, 2011 IEEE 8th International Conference on e-Business Engineering.

[19]  Paul Watson A Multi-Level Security Model for PartitioningWorkflows over Federated Clouds , 2011, CloudCom.

[20]  Farzad Sabahi,et al.  Cloud computing security threats and responses , 2011, 2011 IEEE 3rd International Conference on Communication Software and Networks.

[21]  C. Wolf The role of government in commercial cybersecurity , 2011, 2011 Technical Symposium at ITU Telecom World (ITU WT).

[22]  Pankaj Goyal Application of a Distributed Security Method to End-2-End Services Security in Independent Heterogeneous Cloud Computing Environments , 2011, 2011 IEEE World Congress on Services.

[23]  Walid G. Aref,et al.  A Distributed Access Control Architecture for Cloud Computing , 2012, IEEE Software.