Abstract
Security as a Service (SECaaS) has been demonstrated to be one of the increasingly popular ways to address security problems in Cloud Computing but still not very widely investigated. As a new concept, SECaaS could be treated as integrated security means and delivered as a service module in the Cloud. Reviewed from a number of related literature, this paper analyzes and categorizes SECaaS into three major groups including Protective, Detective, and Reactive based on security control perspectives. We discuss the three groups and their interplay in order to identify the key characteristics and problems that they aim to address therefore revealing potentials of research and industrial application in the cloud security and service-oriented computing field.
This is a preview of subscription content, log in via an institution.
References
Khan, M.A.: A survey of security issues for cloud computing. J. Netw. Comput. Appl. 71, 11–29 (2016)
Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34, 1–11 (2011)
Al-Aqrabi, H., Liu, L., Xu, J., Hill, R., Antonopoulos, N., Zhan, Y.: Investigation of IT security and compliance challenges in security-as-a-service for cloud computing. In: 2012 15th IEEE International Symposium Object/Component/Service-Oriented Real-Time Distributed Computing Workshops (ISORCW), pp. 124–129, April 2012
Getov, V.: Security as a service in smart clouds–opportunities and concerns. In: 2012 IEEE 36th Annual Computer Software and Applications Conference, pp. 373–379, July 2012
Lee, Y.C., Kim, Y., Han, H., Kang, S.: Fine-grained, adaptive resource sharing for real pay-per-use pricing in clouds. In: 2015 International Conference on Cloud and Autonomic Computing (ICCAC), pp. 236–243, September 2015
Gupta, A., Chourey, V.: Cloud computing: security threats and control strategy using tri-mechanism. In: 2014 International Conference on Control, Instrumentation, Communication and Computational Technologies (ICCICCT), pp. 309–316 (2014)
Furfaro, A., Garro, A., Tundis, A.: Towards security as a service (SecaaS): on the modeling of security services for cloud computing. In: 2014 International Carnahan Conference on Security Technology (ICCST), pp. 1–6, October 2014
Arbel, L.: Data loss prevention: the business case. Comput. Fraud Secur. 2015, 13–16 (2015)
Albakri, S.H., Shanmugam, B., Samy, G.N., Idris, N.B., Ahmed, A.: Security risk assessment framework for cloud computing environments. Secur. Commun. Netw. 7, 2114–2124 (2014)
Hussain, M., Abdulsalam, H.: SECaaS: security as a service for cloud-based applications. In: Proceedings of the Second Kuwait Conference on e-Services and e-Systems, p. 8, April 2011
Rieke, R., Coppolino, L., Hutchison, A., Prieto, E., Gaber, C.: Security and reliability requirements for advanced security event management. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 171–180. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33704-8_15
Wenge, O., Lampe, U., Rensing, C., Steinmetz, R.: Security information and event monitoring as a service: a survey on current concerns and solutions. PIK-Praxis der Informationsverarbeitung und Kommunikation 37, 163–170 (2014)
Pawar, P.S., Sajjad, A., Dimitrakos, T., Chadwick, D.W.: Security-as-a-service in multi-cloud and federated cloud environments. In: Damsgaard Jensen, C., Marsh, S., Dimitrakos, T., Murayama, Y. (eds.) IFIPTM 2015. IAICT, vol. 454, pp. 251–261. Springer, Cham (2015). doi:10.1007/978-3-319-18491-3_21
Haji, J.: Airline business continuity and IT disaster recovery sites. J. Bus. Continuity Emerg. Plann. 9, 228–238 (2016)
Cloud Security Alliance SecaaS - Defined Categories of Services (2016)
Munyaka, D., Noviansyah, B., Goel, V., Yenchik, A., Durham, S.: Cloud computing security. Telecommun. Manage. 1–20 (2012). http://www.vibhanshu.com/courses/telecom/wp-content/uploads/2013/09/CloudComputingSecurity.pdf
Symeonidis, H.: Cloud Computing security for efficient Big Data delivery (2016)
Srinivasan, S.: Cloud computing evolution. Cloud Computing Basics. SECE, pp. 1–16. Springer, New York (2014). doi:10.1007/978-1-4614-7699-3_1
McLaren, C.C., Juvekar, P.R., Darisi, P.: Identity and access management. U.S. Patent Application, p. 241 (2013)
Waters, M.: Evaluating Identity and Access Management (IAM) as a Cloud Service (2016)
Song, X.D., Fischer, I., Altekar, G., Martignoni, L., Pavlinovic, Z.: Secure surrogate cloud browsing. U.S. Patent and Trademark Office, July 2016
Raphel, J., Kailash, K., Apte, M.S., Chaudhry, J.S.: Guest account management using cloud based security services. U.S. Patent and Trademark Office, August 2014
Garkusha, A.: Building data in motion DLP system from scratch using open source software and confirming its effectiveness within capture the flag competitions. In: The 8th International Conference on Security of Information and Networks, pp. 54–57 (2015)
Gugelmann, D., Studerus, P., Lenders, V., Ager, B.: Can content-based data loss prevention solutions prevent data leakage in Web traffic? IEEE Secur. Priv. 13, 52–59 (2015)
Freire, C., Gatterbauer, W., Immerman, N., Meliou, A.: The complexity of resilience and responsibility for self-join-free conjunctive queries. Proc. VLDB Endowment 9, 180–191 (2015)
Foster, I.D., Larson, J., Masich, M., Snoeren, A.C., Savage, S., Levchenko, K.: Security by any other name: on the effectiveness of provider based email security. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 450–464, October 2015
Jung, T., Li, X.Y., Wan, Z., Wan, M.: Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption. IEEE Trans. Inf. Forensics Secur. 10, 190–199 (2015)
Wood, T., Cecchet, E., Ramakrishnan, K.K., Shenoy, P.J., van der Merwe, J.E., Venkataramani, A.: Disaster recovery as a cloud service: economic benefits & deployment challenges. HotCloud 10, 8–15 (2010)
Meszaros, J., Buchalcevova, A.: Introducing OSSF: a framework for online service cybersecurity risk management. Comput. Secur. 65, 300–313 (2017)
Sommer, T., Nobile, T., Rozanski, P.: The conundrum of security in modern cloud computing. Commun. IIMA 12, 2 (2014)
Aniyikaiye, J., Udoh, E.: Web services gateway: taking advantage of the cloud. Int. J. Grid High Perform. Comput. (IJGHPC) 8, 85–92 (2016)
Tolba, A.: An ontological framework for controlling service responses in hybrid cloud. J. Emerg. Trends Comput. Inf. Sci. 5, 871–876 (2014)
Shibli, M.A., Masood, R., Habiba, U., Kanwal, A., Ghazi, Y., Mumtaz, R.: Access control as a service in cloud: challenges, impact and strategies. In: Mahmood, Z. (ed.) Continued Rise of the Cloud. CCN, pp. 55–99. Springer, London (2014). doi:10.1007/978-1-4471-6452-4_3
Cheng, T., Teizer, J.: Real-time resource location data collection and visualization technology for construction safety and activity monitoring applications. Autom. Constr. 34, 3–15 (2013)
Cook, J.: A six-stage business continuity and disaster recovery planning cycle. SAM Adv. Manage. J. 80, 23 (2015)
Sahebjamnia, N., Torabi, S.A., Mansouri, S.A.: Integrated business continuity and disaster recovery planning: towards organizational resilience. Eur. J. Oper. Res. 242, 261–273 (2015)
Snedaker, S.: Business continuity and disaster recovery planning for IT professionals. Newnes (2013)
Liu, B., Chen, Y., Hadiks, A., Blasch, E., Aved, A., Shen, D., Chen, G.: Information fusion in a cloud computing Era: a systems-level perspective. IEEE Aerosp. Electron. Syst. Mag. 29, 16–24 (2014)
Sharma, D.H., Dhote, C.A., Potey, M.M.: Security-as-a-service from clouds: a comprehensive analysis. Int. J. Comput. Appl. 67, 15–18 (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Wang, W., Yongchareon, S. (2017). A Survey on Security as a Service. In: Bouguettaya, A., et al. Web Information Systems Engineering – WISE 2017. WISE 2017. Lecture Notes in Computer Science(), vol 10570. Springer, Cham. https://doi.org/10.1007/978-3-319-68786-5_24
Download citation
DOI: https://doi.org/10.1007/978-3-319-68786-5_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-68785-8
Online ISBN: 978-3-319-68786-5
eBook Packages: Computer ScienceComputer Science (R0)