Leveraging the Potential of Cloud Security Service-Level Agreements through Standards

Luna, Jesús; Suri, Neeraj; Iorga, Michaela; Karmel, Anil

doi:10.1109/mcc.2015.52

Cited by 42 publications

(26 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Lindner et al [35] believe the application of the supply chain concept to cloud computing to be innovative and suggest the possibility of a new research field. According to Jenks [36], there is a gap between the 'what' and 'how' processes of managing cloud supply chain cybersecurity risks, and seeing that only a few recommendations have been made to bridge this gap, it remains an open research problem [37,38].…”

Section: Cloud Supply Chain Risksmentioning

confidence: 99%

CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers

2019

View full text Add to dashboard Cite

Security and privacy concerns represent a significant hindrance to the widespread adoption of cloud computing services. While cloud adoption mitigates some of the existing information technology (IT) risks, research shows that it introduces a new set of security risks linked to multi-tenancy, supply chain and system complexity. Assessing and managing cloud risks can be a challenge, even for cloud service providers (CSPs), due to the increased numbers of parties, devices and applications involved in cloud service delivery. The limited visibility of security controls down the supply chain, further exacerbates this risk assessment challenge. As such, we propose the Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, a quantitative risk assessment model which is supported by supplier security posture assessment and supply chain mapping. Using the CSCCRA model, we assess the risk of a SaaS application, mapping its supply chain, identifying weak links in the chain, evaluating its security risks and presenting the risk value in monetary terms (£), with this, promoting cost-effective risk mitigation and optimal risk prioritisation. We later apply the Core Unified Risk Framework (CURF) in comparing the CSCCRA model with already established methods, as part of evaluating its completeness.

show abstract

Section: Cloud Supply Chain Risksmentioning

confidence: 99%

CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers

2019

View full text Add to dashboard Cite

show abstract

“…In order to apply the proposed approach in the cloud environment and for specific services, instead that respect to the overall CSPs infrastructure, recently such controls are embedded into Security SLA in order to grant the level of security offered by each service ( (Casola, 2015b), (Luna et al, 2015)). …”

Section: Selection Of Controlsmentioning

confidence: 99%

Methodology to Obtain the Security Controls in Multi-cloud Applications

Afolaranmi

Moctezuma

Rak

et al. 2016

Proceedings of the 6th International Conference on Cloud Computing and Services Science

View full text Add to dashboard Cite

Abstract:What controls should be used to ensure adequate security level during operation is a non-trivial subject in complex software systems and applications. The problem becomes even more challenging when the application uses multiple cloud services which security measures are beyond the control of the application provider. In this paper, a methodology that enables the identification of the best security controls for multicloud applications which components are deployed in heterogeneous cloud providers is presented. The methodology is based on application decomposition and modelling of threats over the components, followed by the analysis of the risks together with the capture of cloud business and security requirements. The methodology has been applied in the MUSA EU H2020 project use cases as the first step for building up the multi-cloud applications' security-aware Service Level Agreements (SLA). The identified security controls will be included in the applications' SLAs for their monitoring and fulfilment assurance at operation.

show abstract

“…In multicloud systems, the CSP's ability to secure customer data and assure customers of the compliance of other suppliers involved in the provision of the service becomes more complicated due to the many moving parts. The further away the CSP is from the cloud customer, the coarser the customer's view of the CSP's security policies and processes [4]. As the growth of cloud computing and adoption continue to increase, the move to the cloud will gradually change from being a tactical means for cost reduction, into a strategic tool for business transformation.…”

Section: Introductionmentioning

confidence: 99%

Assessing the Security Risks of Multicloud SaaS Applications: A Real-World Case Study

Akinrolabu

New

Martin

2019

2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference

View full text Add to dashboard Cite

Cloud computing is widely believed to be the future of computing. It has grown from being a promising idea to one of the fastest research and development paradigms of the computing industry. However, security and privacy concerns represent a significant hindrance to the widespread adoption of cloud computing services. Likewise, the attributes of the cloud such as multi-tenancy, dynamic supply chain, limited visibility of security controls and system complexity, have exacerbated the challenge of assessing cloud risks. In this paper, we conduct a real-world case study to validate the use of a supply chaininclusive risk assessment model in assessing the risks of a multicloud SaaS application. Using the components of the Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, we show how the model enables cloud service providers (CSPs) to identify critical suppliers, map their supply chain, identify weak security spots within the chain, and analyse the risk of the SaaS application, while also presenting the value of the risk in monetary terms. A key novelty of the CSCCRA model is that it caters for the complexities involved in the delivery of SaaS applications and adapts to the dynamic nature of the cloud, enabling CSPs to conduct risk assessments at a higher frequency, in response to a change in the supply chain.

show abstract

Leveraging the Potential of Cloud Security Service-Level Agreements through Standards

Cited by 42 publications

References 3 publications

CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers

CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers

Methodology to Obtain the Security Controls in Multi-cloud Applications

Assessing the Security Risks of Multicloud SaaS Applications: A Real-World Case Study

Contact Info

Product

Resources

About