Title :
A new methodology for security evaluation in cloud computing
Author :
Ristov, Sasko ; Gusev, Marjan ; Kostoska, Magdalena
Author_Institution :
Fac. of Inf. Sci. & Comput. Eng., Ss. Cyril & Methodius Univ., Skopje, Macedonia
Abstract :
Cloud service providers (CSPs) and cloud customers (CCs) are not only exposed to existing security risks but to new risks introduced by clouds, like multi-tenancy, virtualization and data outsourcing. Several international and industrial standards target information security and their conformity with cloud computing security challenges. We give an overview of these standards and evaluate their completeness. As a result we propose a new extension to the ISO 27001:2005 standard including a new control objective about virtualization applicable for cloud systems. We also define a new quantitative metric and evaluate the importance of existing ISO 27001:2005 control objectives if customer services are hosted on-premise or in cloud. Our conclusion is that obtaining the ISO 27001:2005 certificate is not enough for CSP and CC information security systems, especially in business continuity detriment that cloud computing produces and propose new solutions that mitigate the risks.
Keywords :
business continuity; cloud computing; outsourcing; risk analysis; security of data; virtualisation; ISO 27001:2005 certificate; ISO 27001:2005 control objectives; ISO 27001:2005 standard; business continuity detriment; cloud computing; cloud customers; cloud service providers; data outsourcing; industrial standards; information security; international standards; multitenancy; security evaluation; security risks; virtualization; Cloud computing; Companies; ISO standards; Information security; NIST; Information Security Management; Security Assessment; Security Standards; Virtualization;
Conference_Titel :
MIPRO, 2012 Proceedings of the 35th International Convention
Conference_Location :
Opatija
Print_ISBN :
978-1-4673-2577-6
