Requirements definition for a holistic approach of cloud computing governance

With the appearance of virtualization, the spread of internet, the development of broadband networks, and also the advent of externalization and application rental; cloud computing (CC) has emerged as being the next generation of distributed computing paradigm. Based on “pay-for-what-you-use” model, CC offers significant benefits including costs reduction, on demand provisioning, rapid elasticity, resources pooling, etc. But despite all its potential gains, the model also introduces many challenges from which the major concern that hampers its adoption is the lack of an integrated approach for CC governance. With regard to this matter, the main contributions of this paper is first, to analyze the existing standards and research works considering different aspects of IT governance; and second, to identify, analyze, and organize the main CC governance requirements that constitute the cornerstone for the development of an integrated approach for CC governance.

[1]  Isaca The Risk IT Framework , 2009 .

[2]  Rajkumar Buyya,et al.  Service Level Agreement (SLA) in Utility Computing Systems , 2010, ArXiv.

[3]  Joint Task Force Transformation Initiative,et al.  Security and Privacy Controls for Federal Information Systems and Organizations , 2013 .

[4]  Rashmi,et al.  A five-phased approach for the cloud migration , 2012 .

[5]  Lech J. Janczewski,et al.  Governance Life Cycle Framework for Managing Security in Public Cloud: From User Perspective , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[6]  Amani S. Ibrahim,et al.  Collaboration-Based Cloud Computing Security Management Framework , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[7]  FRamewoRk exceRpT The Risk IT Framework , 2010 .

[8]  Hatim Hafiddi,et al.  Challenges for IT based cloud computing governance , 2014, 2014 9th International Conference on Intelligent Systems: Theories and Applications (SITA-14).

[9]  Daniele Catteddu and Giles Hogben Cloud Computing. Benefits, risks and recommendations for information security , 2009 .

[10]  Ying Li,et al.  Effort Estimation in Cloud Migration Process , 2013, 2013 IEEE Seventh International Symposium on Service-Oriented System Engineering.

[11]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[12]  Pär J. Ågerfalk,et al.  Situational Method Engineering , 2014, Springer Berlin Heidelberg.

[13]  Meina Song,et al.  Notice of Retraction A Governance Model for Cloud Computing , 2010, MASS 2010.

[14]  Jean-Henry Morin,et al.  Towards Cloud Computing SLA Risk Management: Issues and Challenges , 2012, 2012 45th Hawaii International Conference on System Sciences.

[15]  Manuel Oriol,et al.  Security risks and their management in cloud computing , 2012, 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings.

[16]  Pankesh Patel,et al.  Service Level Agreement in Cloud Computing , 2009 .

[17]  Xuejie Zhang,et al.  Information Security Risk Management Framework for the Cloud Computing Environments , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[18]  MinChao Wang,et al.  A Conceptual Platform of SLA in Cloud Computing , 2011, 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing.

[19]  Claus Pahl,et al.  Cloud Migration Research: A Systematic Review , 2013, IEEE Transactions on Cloud Computing.

[20]  Mario Macías,et al.  Toward business-driven risk management for Cloud computing , 2010, 2010 International Conference on Network and Service Management.

[21]  Elizabeth Chang,et al.  Conceptual SLA framework for cloud computing , 2010, 4th IEEE International Conference on Digital Ecosystems and Technologies.

[22]  Adriano Bessa Albuquerque,et al.  Cloudstep: A step-by-step decision process to support legacy application migration to the cloud , 2012, 2012 IEEE 6th International Workshop on the Maintenance and Evolution of Service-Oriented and Cloud-Based Systems (MESOCA).

[23]  Zhuo Zhao,et al.  Towards autonomic SLA management: A review , 2012, 2012 International Conference on Systems and Informatics (ICSAI2012).

[24]  Isaca IT Control Objectives for Cloud Computing: Controls and Assurance in the Cloud , 2011 .

[25]  Megha Jain,et al.  Analysis of Supply Chain Management in Cloud Computing , 2013 .

[26]  Timothy Grance,et al.  Cloud Computing Synopsis and Recommendations , 2012 .

[27]  Ching-Hao Mao,et al.  Cloud SSDLC: Cloud Security Governance Deployment Framework in Secure System Development Life Cycle , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[28]  Paul D. Witman,et al.  GOVERNANCE AND SERVICE LEVEL AGREEMENT ISSUES IN A CLOUD COMPUTING ENVIRONMENT , 2011 .

[29]  Wei Zhao,et al.  A risk management framework for cloud computing , 2012, 2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems.