Skip to main content
SpringerLink
Log in
Book cover

International Conference on Web Information Systems Engineering

WISE 2017: Web Information Systems Engineering – WISE 2017 pp 303–310Cite as

A Survey on Security as a Service

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10570))

Abstract

Security as a Service (SECaaS) has been demonstrated to be one of the increasingly popular ways to address security problems in Cloud Computing but still not very widely investigated. As a new concept, SECaaS could be treated as integrated security means and delivered as a service module in the Cloud. Reviewed from a number of related literature, this paper analyzes and categorizes SECaaS into three major groups including Protective, Detective, and Reactive based on security control perspectives. We discuss the three groups and their interplay in order to identify the key characteristics and problems that they aim to address therefore revealing potentials of research and industrial application in the cloud security and service-oriented computing field.

This is a preview of subscription content, log in via an institution.

References

  1. Khan, M.A.: A survey of security issues for cloud computing. J. Netw. Comput. Appl. 71, 11–29 (2016)

    Article  Google Scholar 

  2. Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34, 1–11 (2011)

    Article  Google Scholar 

  3. Al-Aqrabi, H., Liu, L., Xu, J., Hill, R., Antonopoulos, N., Zhan, Y.: Investigation of IT security and compliance challenges in security-as-a-service for cloud computing. In: 2012 15th IEEE International Symposium Object/Component/Service-Oriented Real-Time Distributed Computing Workshops (ISORCW), pp. 124–129, April 2012

    Google Scholar 

  4. Getov, V.: Security as a service in smart clouds–opportunities and concerns. In: 2012 IEEE 36th Annual Computer Software and Applications Conference, pp. 373–379, July 2012

    Google Scholar 

  5. Lee, Y.C., Kim, Y., Han, H., Kang, S.: Fine-grained, adaptive resource sharing for real pay-per-use pricing in clouds. In: 2015 International Conference on Cloud and Autonomic Computing (ICCAC), pp. 236–243, September 2015

    Google Scholar 

  6. Gupta, A., Chourey, V.: Cloud computing: security threats and control strategy using tri-mechanism. In: 2014 International Conference on Control, Instrumentation, Communication and Computational Technologies (ICCICCT), pp. 309–316 (2014)

    Google Scholar 

  7. Furfaro, A., Garro, A., Tundis, A.: Towards security as a service (SecaaS): on the modeling of security services for cloud computing. In: 2014 International Carnahan Conference on Security Technology (ICCST), pp. 1–6, October 2014

    Google Scholar 

  8. Arbel, L.: Data loss prevention: the business case. Comput. Fraud Secur. 2015, 13–16 (2015)

    Article  Google Scholar 

  9. Albakri, S.H., Shanmugam, B., Samy, G.N., Idris, N.B., Ahmed, A.: Security risk assessment framework for cloud computing environments. Secur. Commun. Netw. 7, 2114–2124 (2014)

    Article  Google Scholar 

  10. Hussain, M., Abdulsalam, H.: SECaaS: security as a service for cloud-based applications. In: Proceedings of the Second Kuwait Conference on e-Services and e-Systems, p. 8, April 2011

    Google Scholar 

  11. Rieke, R., Coppolino, L., Hutchison, A., Prieto, E., Gaber, C.: Security and reliability requirements for advanced security event management. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 171–180. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33704-8_15

    Chapter  Google Scholar 

  12. Wenge, O., Lampe, U., Rensing, C., Steinmetz, R.: Security information and event monitoring as a service: a survey on current concerns and solutions. PIK-Praxis der Informationsverarbeitung und Kommunikation 37, 163–170 (2014)

    Article  Google Scholar 

  13. Pawar, P.S., Sajjad, A., Dimitrakos, T., Chadwick, D.W.: Security-as-a-service in multi-cloud and federated cloud environments. In: Damsgaard Jensen, C., Marsh, S., Dimitrakos, T., Murayama, Y. (eds.) IFIPTM 2015. IAICT, vol. 454, pp. 251–261. Springer, Cham (2015). doi:10.1007/978-3-319-18491-3_21

    Chapter  Google Scholar 

  14. Haji, J.: Airline business continuity and IT disaster recovery sites. J. Bus. Continuity Emerg. Plann. 9, 228–238 (2016)

    Google Scholar 

  15. Cloud Security Alliance SecaaS - Defined Categories of Services (2016)

    Google Scholar 

  16. Munyaka, D., Noviansyah, B., Goel, V., Yenchik, A., Durham, S.: Cloud computing security. Telecommun. Manage. 1–20 (2012). http://www.vibhanshu.com/courses/telecom/wp-content/uploads/2013/09/CloudComputingSecurity.pdf

  17. Symeonidis, H.: Cloud Computing security for efficient Big Data delivery (2016)

    Google Scholar 

  18. Srinivasan, S.: Cloud computing evolution. Cloud Computing Basics. SECE, pp. 1–16. Springer, New York (2014). doi:10.1007/978-1-4614-7699-3_1

    Chapter  Google Scholar 

  19. McLaren, C.C., Juvekar, P.R., Darisi, P.: Identity and access management. U.S. Patent Application, p. 241 (2013)

    Google Scholar 

  20. Waters, M.: Evaluating Identity and Access Management (IAM) as a Cloud Service (2016)

    Google Scholar 

  21. Song, X.D., Fischer, I., Altekar, G., Martignoni, L., Pavlinovic, Z.: Secure surrogate cloud browsing. U.S. Patent and Trademark Office, July 2016

    Google Scholar 

  22. Raphel, J., Kailash, K., Apte, M.S., Chaudhry, J.S.: Guest account management using cloud based security services. U.S. Patent and Trademark Office, August 2014

    Google Scholar 

  23. Garkusha, A.: Building data in motion DLP system from scratch using open source software and confirming its effectiveness within capture the flag competitions. In: The 8th International Conference on Security of Information and Networks, pp. 54–57 (2015)

    Google Scholar 

  24. Gugelmann, D., Studerus, P., Lenders, V., Ager, B.: Can content-based data loss prevention solutions prevent data leakage in Web traffic? IEEE Secur. Priv. 13, 52–59 (2015)

    Article  Google Scholar 

  25. Freire, C., Gatterbauer, W., Immerman, N., Meliou, A.: The complexity of resilience and responsibility for self-join-free conjunctive queries. Proc. VLDB Endowment 9, 180–191 (2015)

    Article  Google Scholar 

  26. Foster, I.D., Larson, J., Masich, M., Snoeren, A.C., Savage, S., Levchenko, K.: Security by any other name: on the effectiveness of provider based email security. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 450–464, October 2015

    Google Scholar 

  27. Jung, T., Li, X.Y., Wan, Z., Wan, M.: Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption. IEEE Trans. Inf. Forensics Secur. 10, 190–199 (2015)

    Article  Google Scholar 

  28. Wood, T., Cecchet, E., Ramakrishnan, K.K., Shenoy, P.J., van der Merwe, J.E., Venkataramani, A.: Disaster recovery as a cloud service: economic benefits & deployment challenges. HotCloud 10, 8–15 (2010)

    Google Scholar 

  29. Meszaros, J., Buchalcevova, A.: Introducing OSSF: a framework for online service cybersecurity risk management. Comput. Secur. 65, 300–313 (2017)

    Article  Google Scholar 

  30. Sommer, T., Nobile, T., Rozanski, P.: The conundrum of security in modern cloud computing. Commun. IIMA 12, 2 (2014)

    Google Scholar 

  31. Aniyikaiye, J., Udoh, E.: Web services gateway: taking advantage of the cloud. Int. J. Grid High Perform. Comput. (IJGHPC) 8, 85–92 (2016)

    Article  Google Scholar 

  32. Tolba, A.: An ontological framework for controlling service responses in hybrid cloud. J. Emerg. Trends Comput. Inf. Sci. 5, 871–876 (2014)

    Google Scholar 

  33. Shibli, M.A., Masood, R., Habiba, U., Kanwal, A., Ghazi, Y., Mumtaz, R.: Access control as a service in cloud: challenges, impact and strategies. In: Mahmood, Z. (ed.) Continued Rise of the Cloud. CCN, pp. 55–99. Springer, London (2014). doi:10.1007/978-1-4471-6452-4_3

    Chapter  Google Scholar 

  34. Cheng, T., Teizer, J.: Real-time resource location data collection and visualization technology for construction safety and activity monitoring applications. Autom. Constr. 34, 3–15 (2013)

    Article  Google Scholar 

  35. Cook, J.: A six-stage business continuity and disaster recovery planning cycle. SAM Adv. Manage. J. 80, 23 (2015)

    Google Scholar 

  36. Sahebjamnia, N., Torabi, S.A., Mansouri, S.A.: Integrated business continuity and disaster recovery planning: towards organizational resilience. Eur. J. Oper. Res. 242, 261–273 (2015)

    Article  MathSciNet  Google Scholar 

  37. Snedaker, S.: Business continuity and disaster recovery planning for IT professionals. Newnes (2013)

    Google Scholar 

  38. Liu, B., Chen, Y., Hadiks, A., Blasch, E., Aved, A., Shen, D., Chen, G.: Information fusion in a cloud computing Era: a systems-level perspective. IEEE Aerosp. Electron. Syst. Mag. 29, 16–24 (2014)

    Article  Google Scholar 

  39. Sharma, D.H., Dhote, C.A., Potey, M.M.: Security-as-a-service from clouds: a comprehensive analysis. Int. J. Comput. Appl. 67, 15–18 (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of IT and Software Engineering, Auckland University of Technology, Auckland, New Zealand

    Wenyuan Wang & Sira Yongchareon

Authors
  1. Wenyuan Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sira Yongchareon
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sira Yongchareon .

Editor information

Editors and Affiliations

  1. University of Sydney, Darlington, NSW, Australia

    Athman Bouguettaya

  2. Zhejiang University, Hangzhou, China

    Yunjun Gao

  3. Institute of Computing for Physics and Technology, Protvino, Russia

    Andrey Klimenko

  4. Nanyang Technological University, Singapore, Singapore

    Lu Chen

  5. King Abdullah University of Science and Technology, Thuwal, Saudi Arabia

    Xiangliang Zhang

  6. Institute of Computing for Physics and Technology, Protvino, Russia

    Fedor Dzerzhinskiy

  7. Shanghai Jiao Tong University, Minhang Qu, China

    Weijia Jia

  8. Institute of Computing for Physics and Technology, Protvino, Russia

    Stanislav V. Klimenko

  9. City University of Hong Kong, Kowloon, Hong Kong

    Qing Li

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Wang, W., Yongchareon, S. (2017). A Survey on Security as a Service. In: Bouguettaya, A., et al. Web Information Systems Engineering – WISE 2017. WISE 2017. Lecture Notes in Computer Science(), vol 10570. Springer, Cham. https://doi.org/10.1007/978-3-319-68786-5_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-68786-5_24

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-68785-8

  • Online ISBN: 978-3-319-68786-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation