Title :
Leveraging the Potential of Cloud Security Service-Level Agreements through Standards
Author :
Luna, Jesus ; Suri, Neeraj ; Iorga, Michaela ; Karmel, Anil
Abstract :
Despite the undisputed advantages of cloud computing, customers-in particular, small and medium enterprises (SMEs)-still need meaningful understanding of the security and risk-management changes that the cloud entails so they can assess whether this new computing paradigm meets their security requirements. This article presents a fresh view on this problem by surveying and analyzing, from the standardization and risk assessment perspective, the specification of security in cloud service-level agreements (secSLA) as a promising approach to empower customers in assessing and understanding cloud security. Apart from analyzing the proposed risk-based approach and surveying the relevant landscape, this article presents a real-world scenario to support the creation and adoption of secSLAs as enablers for negotiating, assessing, and monitoring the achieved security levels in cloud services.
Keywords :
cloud computing; contracts; risk management; security of data; small-to-medium enterprises; software standards; standardisation; SME; cloud computing; risk management; secSLA; security in cloud service-level agreement; security requirement; small and medium enterprise; standardization; Cloud computing; Computer security; Interoperability; Measurement; Monitoring; NIST; SLA; cloud; metrics; risk management; security assessment; standards;
Journal_Title :
Cloud Computing, IEEE
DOI :
10.1109/MCC.2015.52
