• DocumentCode
    13977
  • Title

    Leveraging the Potential of Cloud Security Service-Level Agreements through Standards

  • Author

    Luna, Jesus ; Suri, Neeraj ; Iorga, Michaela ; Karmel, Anil

  • Volume
    2
  • Issue
    3
  • fYear
    2015
  • fDate
    May-June 2015
  • Firstpage
    32
  • Lastpage
    40
  • Abstract
    Despite the undisputed advantages of cloud computing, customers-in particular, small and medium enterprises (SMEs)-still need meaningful understanding of the security and risk-management changes that the cloud entails so they can assess whether this new computing paradigm meets their security requirements. This article presents a fresh view on this problem by surveying and analyzing, from the standardization and risk assessment perspective, the specification of security in cloud service-level agreements (secSLA) as a promising approach to empower customers in assessing and understanding cloud security. Apart from analyzing the proposed risk-based approach and surveying the relevant landscape, this article presents a real-world scenario to support the creation and adoption of secSLAs as enablers for negotiating, assessing, and monitoring the achieved security levels in cloud services.
  • Keywords
    cloud computing; contracts; risk management; security of data; small-to-medium enterprises; software standards; standardisation; SME; cloud computing; risk management; secSLA; security in cloud service-level agreement; security requirement; small and medium enterprise; standardization; Cloud computing; Computer security; Interoperability; Measurement; Monitoring; NIST; SLA; cloud; metrics; risk management; security assessment; standards;
  • fLanguage
    English
  • Journal_Title
    Cloud Computing, IEEE
  • Publisher
    ieee
  • ISSN
    2325-6095
  • Type

    jour

  • DOI
    10.1109/MCC.2015.52
  • Filename
    7158967
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=13977