Abstract
The lack of capacity, unplanned outages of sub-contractors, a disaster recovery plan, acquisitions, or other financial goals may force cloud providers to enter into collaborations with other cloud providers. However, the cloud provider is not always fully aware of the security level of a potential collaborative cloud provider. This can lead to security breaches and customers’ data leakage, ending in court cases and financial penalties. In our paper, we analyze different types of cloud collaborations with respect to their security concerns and discuss possible solutions. We also outline trusted security entities as a feasible approach for managing security governance risks and propose our security broker solution for ad hoc cloud collaborations. Our work provides support in the cloud provider selection process and can be used by cloud providers as a foundation for their initial risk assessment.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Keahey, et al.: Sky Computing. IEEE Internet Computing, 43–51 (September/October 2009)
Bernstein, et al.: Intercloud Security Considerations. In: IEEE International Conference on Cloud Computing Technology and Services, pp. 537–544 (2010)
Wolf, et al.: A Message Meta Model for Federated Authentication in Service-oriented Architectures. In: IEEE International Conference on Service-Oriented Computing and Applications (SOCA), pp. 1–8 (2009)
Kretzschmar, et al.: Security management Spectrum in future Multi-Provider Inter-Cloud Environments – Method to highlight necessary further development. In: 5th International DMTF Academic Alliance Workshop on Systems and Virtualization Management (SVM), pp. 1–8 (2011)
Almutairi, A., Sarfraz, M., Basalamah, S., Aref, W., Ghafoor, A.: A Distributed Access control Architecture for Cloud Computing. IEEE Software 29(2), 36–44 (2012)
CSA: Security Guidance for Critical Areas of Focus in Cloud Computing, V3.0, https://cloudsecurityalliance.org/research/security-guidance/
CISSP Domains, https://www.isc2.org/cissp-domains/default.aspx
European Data Protection Directive – Directive 9/46/EC, http://eurex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:1995:281:0031:0050:EN:PDF
Canada’s Personal Information Protection and Electronic Document Act – PIPEDA, http://www.priv.gc.ca/leg_c/leg_c_p_e.asp
Pearson, et al.: Privacy, Security and Trust Issues Arising from Cloud Computing. In: IEEE 2nd International Conference on Cloud Computing Technology and Science (CloudCom), pp. 693–702 (2010)
Perkins, et al.: Multinational Data-Privacy Laws: An Introduction for IT Managers. IEEE Transactions on Professional Communication 47(2), 85–94 (2004)
Ho, et al.: A Guideline to Enforce Data Protection and Privacy Digital Laws in Malaysia. In: 2nd International Conference on Computer Research and Development, pp. 3–6 (2010)
Chen, et al.: Legal Issues on Public Access to Remote Sensing Data in Taiwan. In: Geosciences and Remote Sensing Symposium (2005)
ENISA: Security & Resilience in Governmental Clouds (2011), http://www.enisa.europa.eu/activities/risk-management/emerging-and-future-risk/deliverables/security-and-resilience-in-governmental-clouds
Wood, K., Anderson, M.: Understanding the complexity surrounding multitenancy in cloud computing. In: IEEE 8th International Conference on e-Business Engineering (ICEBE), pp. 119–124 (2011)
Wolf, C.: The Role of Government in Commercial Cybersecurity. In: Telecom World (ITU WT), Technical Symposium at ITU, pp. 13–18 (2011)
NIST SP 800-145: The NIST Definition of Cloud Computing, http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
Bernsmed, K., Jaatun, M.G., Meland, P.H., Undheim, A.: Security SLAs for Federated Cloud Services. In: 6th International Conference on Availability, Reliability and Security (ARES), pp. 202–209 (2011)
ISO/IEC 27001: International Standard (2005), http://www.iso.org/iso/catalogue_detail?csnumber=42103
COBIT, http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx
CSA Cloud Control Matrix, https://cloudsecurityalliance.org/research/ccm/
BSI-Standard 100-1, Version1.5, https://www.bsi.bund.de/ContentBSI/Publikationen/BSI_Standard/
The Shared Assessment Program: Evaluation Cloud Risk for the Enterprise: A Shared Assessment Guide (2010), http://sharedassessments.org/media/pdf-EnterpriseCloud-SA.pdf
NIST: Guide for Security-Focused Configuration management of Information Systems (2011), http://csrc.nist.gov/publications/nistpubs/800-128/sp800-128.pdf
ISACA: Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives (2011)
Watson, P.: A Multi-level Security Model for Partitioning Workflows over federated Clouds. In: IEEE 3rd International Conference on Cloud Computing Technology and Science (CloudCom), pp. 180–188 (2011)
Berger, et al.: Security for the Cloud Infrastructure: Trusted Virtual Data Center Implementation. IBM Journal of Research and Development 53(4), 6:1–6:12 ( (2009)
Wu, et al.: Alignment of Authentication Information for Trusted Federation. In: EDOC Conference Workshop, pp. 73–80 (2007)
Kandukuri, B.R., Paturi, V.R., Rakshit, A.: Cloud Security Issues. In: Services Computing, pp. 517–520 (2009)
OASIS-Security-Services, http://www.oasis-open.org/
Sabahi, F.: Cloud Computing Security Threats and Responses. In: IEEE 3rd International Conference on Communication Software and Networks, pp. 245–249 (2011)
ENISA: Procure Secure: A guide to monitoring of security service levels (2012), http://www.enisa.europa.eu/activities/application-security/test/procure-secure-a-guide-to-monitoring-of-security-service-levels-in-cloud-contracts
He, Y.H., Bin, W., Xiao, X.L., Jing, M.X.: Identity Federation Broker for Service Cloud. In: International Conference on Service Sciences (ICSS), pp. 115–120 (2010)
Goyal, P.: Application of a Distributed Security Method to End-2-End Services Security in Independent Heterogeneous Cloud Computing Environments. In: IEEE World Congress on Services (SERVICES), pp. 379–384 (2011)
Ates, M., Ravet, S., Ahmat, A.M., Fayolle, J.: An Identity-Centric Internet: Identity in the Cloud, Identity as a Service and other delights. In: 6th International Conference on Availability, Reliability and Security (ARES), pp. 555–560 (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wenge, O., Siebenhaar, M., Lampe, U., Schuller, D., Steinmetz, R. (2012). Much Ado about Security Appeal: Cloud Provider Collaborations and Their Risks. In: De Paoli, F., Pimentel, E., Zavattaro, G. (eds) Service-Oriented and Cloud Computing. ESOCC 2012. Lecture Notes in Computer Science, vol 7592. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33427-6_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-33427-6_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33426-9
Online ISBN: 978-3-642-33427-6
eBook Packages: Computer ScienceComputer Science (R0)