A quantitative analysis of current security concerns and solutions for cloud computing

Gonzalez, Nelson; Miers, Charles; Redígolo, Fernando; Simplício, Marcos; Carvalho, Tereza; Näslund, Mats; Pourzandi, Makan

doi:10.1186/2192-113X-1-11

Journal of Cloud Computing

Advances, Systems and Applications

Table 1 Summary of CSA security frameworks

From: A quantitative analysis of current security concerns and solutions for cloud computing

Framework	Objectives	Structure and comments
CSA Guidance
	• Recommendations for reducing risks • No restrictions regarding specific solutions or service types • Guidelines not necessarily applicable for all deployment models • Provide initial structure to divide efforts for researches	• One architectural domain • Governance domains: risk management, legal concerns, compliance, auditing, information management, interoperability and portability • Operational domains: traditional and business security, disaster recovery, data center operations, encryption, application security, identification, authorization, virtualization, security outsourcing • Emphasis on the fact that cloud is not bound to virtualization technologies, though cloud services heavily depend on virtualized infrastructures to provide flexibility and scalability
CSA Top Threats
	• Provide context for risk management decisions and strategies • Focus on issues which are unique or highly influenced by cloud computing characteristics	• Seven main threats: ‐Abuse and malicious use of cloud resources ‐Insecure APIs ‐Malicious insiders ‐Shared technology vulnerabilities ‐Data loss and leakage ‐Hijacking of accounts, services and traffic ‐Unknown risk profile (security obscurity) · Summarizes information on top threats and provide examples, remediation guidelines, impact caused and which service types (based on SPI model) are affected
CSA Architecture
	• Enable trust in the cloud based on well-known standards and certifications allied to security frameworks and other open references • Use widely adopted frameworks in order to achieve standardization of policies and best practices based on already accepted security principles	• Four sets of frameworks (security, NIST SPI, IT audit and legislative) and four architectural domains (SABSA business architecture, ITIL for services management, Jericho for security and TOGAF for IT reference) • Tridimensional structure based on premises of cloud delivery, trust and operations • Concentrates a plethora of concepts and information related to services operation and security

Table summarizing information related to CSA security frameworks (guidance, top threats and TCI architecture).

Back to article page