Cloud Security Assessment: Practical Method for Organization’s Assets Migration to the Cloud

Costa, Ronivon; Serrão, Carlos

doi:10.1007/978-3-662-46549-3_27

Ronivon Costa⁵ &
Carlos Serrão⁶

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 454))

Included in the following conference series:

International Joint Conference on Knowledge Discovery, Knowledge Engineering, and Knowledge Management

1019 Accesses

Abstract

New organizations wanting to surf the Cloud wave face one big challenge, which is how to evaluate how its business will be impacted. Currently, there is no mutually accepted methodology to allow the verification of this information, or to compare security between the organization’s systems before and after migrating their resources to a Cloud. In this paper the authors discuss the implications of assessing Cloud security and how to compare two different environment’s security in a way to provide enough resources for management to take decisions about migrating or not their systems to a remote datacenter. A practical method is proposed to assess and compare the organization system security before and after migration to a Cloud.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Reuters: Amazon wins key cloud security clearance from government. http://www.reuters.com/article/2013/05/21/us-amazon-cloud-idUSBRE94K06S20130521
Herzog, P.: OSSTMM 3 – The Open Source Security Testing Methodology Manual – Contemporary Security Test and Analysis. Institute for Security and Open Methodologies (ISECOM) (2010)
Google Scholar
European Network and Information Security Agency (ENISA): Cloud: Benefits, risks and recommendations for information security. http://www.enisa.europa.eu
Yildiz, M., Abawajy, J., Ercan, T., Bernoth, A.: A layered security approach for cloud computing infrastructure. In: 2009 10th International Symposium on Pervasive Systems Algorithms, and Networks, pp. 763–767. IEEE 978-0-7695-3908-9/09 (2009)
Google Scholar
Cloud Security Alliance: Security Guidance for Critical Areas of Focus in Cloud Computing V2.1. http://www.cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf
U.S. Chief Information Officer: Proposed Security Assessment and Authorization for U.S. Government Cloud Computing. http://educationnewyork.com/files/Proposed-Security-Assessment-and-Authorization-for-Cloud-Computing.pdf
OWASP: Cloud Top 10 Security Risks. https://www.owasp.org/index.php/Category:OWASP_Cloud_%E2%80%90_10_Project
Herzog, P.: Analyzing the Biggest Bank Robbery in History: Lessons in OSSTMM Analysis. Banking Magazine, 2/2011. http://hakin9.org/analyzing-the-biggest-bank-robbery-in-history-lessons-in-osstmm-analysis
Grobauer, B., Walloschek, T., Stöcker, E.: Understanding cloud computing vulnerabilities. IEEE Secur. Priv. 9(2), 50–57 (2011). doi:10.1109/MSP.2010.115
Article Google Scholar
Hiroyuki, S., Shigeaki, T., Atsushi, K.: Building a security aware cloud by extending internal control to cloud. In: 2011 Tenth International Symposium on Autonomous Decentralized Systems, pp. 323–326. IEEE 978-0-7695-4349-9/11 (2011)
Google Scholar
CERT: 2011 CyberSecurityWatch Survey - How Bad Is the Insider Threat? Carnegie Mellon University. http://www.cert.org/archive/pdf/CyberSecuritySurvey2011Data.pdf
Krutz, R., Vines, R.: Cloud Security: A Comphrehensive Guide to Secure Cloud Computing. Wiley Publishing, Indianápolis (2010)
Google Scholar
Wilhelm, T.: Professional Penetration Testing. Elsevier Inc, Burlington (2010)
Google Scholar
MacClure, S., Scambray, J., Kurtz, G.: Hacking Exposed: Network Security Secrets and Solutions. Oxborne, California (1999)
Google Scholar
Cloud Security Alliance: Consensus Assessments Initiative. https://cloudsecurityalliance.org/research/cai
Mell, P., Grance, T.: The NIST Definition of Cloud Computing. NIST Special Publication 800–145. National Institute of Standards and Technology – U.S Department of Commerce. http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf (2011)

Download references

Author information

Authors and Affiliations

VANTIS, R. Rui Teles Palhinha 6 - 3ºG, 2740-278, Porto Salvo, Portugal
Ronivon Costa
ISCTE-IUL/ADETTI-IUL, Av. das Forças Armadas, 1649-026, Lisbon, Portugal
Carlos Serrão

Authors

Ronivon Costa
View author publications
You can also search for this author in PubMed Google Scholar
Carlos Serrão
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ronivon Costa .

Editor information

Editors and Affiliations

Technical University of Lisbon, Lisbon, Portugal
Ana Fred
Faculty of Electrical Engineering, Mathematics and Computer Science, Delft University of Technology, Delft, The Netherlands
Jan L.G. Dietz
Henley Business School, University of Reading, Reading, United Kingdom
Kecheng Liu
INSTICC, Setubal, Portugal
Joaquim Filipe

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Costa, R., Serrão, C. (2015). Cloud Security Assessment: Practical Method for Organization’s Assets Migration to the Cloud. In: Fred, A., Dietz, J., Liu, K., Filipe, J. (eds) Knowledge Discovery, Knowledge Engineering and Knowledge Management. IC3K 2013. Communications in Computer and Information Science, vol 454. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-46549-3_27

Download citation

DOI: https://doi.org/10.1007/978-3-662-46549-3_27
Published: 25 April 2015
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-46548-6
Online ISBN: 978-3-662-46549-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics