Cloud computing offers benefits in terms of availability and cost, but it transfers the responsibility of information security management to the cloud service provider. Thus, the consumer looses control over the security of their information and services. This factor has prevented the migration to cloud computing in many businesses. This paper proposes a model where the cloud consumer can perform risk analysis on providers before and after contracting the service. The proposed model establishes the responsibilities of three actors: Consumer, Provider and Security Labs. The inclusion of the Security Labs provides more credibility to risk analysis making the results more consistent for the consumer.
An Architecture for Risk Analysis in Cloud
Dos Santos, Daniel Ricardo
2014-01-01
Abstract
Cloud computing offers benefits in terms of availability and cost, but it transfers the responsibility of information security management to the cloud service provider. Thus, the consumer looses control over the security of their information and services. This factor has prevented the migration to cloud computing in many businesses. This paper proposes a model where the cloud consumer can perform risk analysis on providers before and after contracting the service. The proposed model establishes the responsibilities of three actors: Consumer, Provider and Security Labs. The inclusion of the Security Labs provides more credibility to risk analysis making the results more consistent for the consumer.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
