Regulations and Standards in Public Cloud: A Centrally Driven Technique for Subscribers

Regulations and Standards in Public Cloud: A Centrally Driven Technique for Subscribers

Jitendra Singh (Dyal Singh Evening College, University of Delhi, New Delhi, India) and Kamlesh Kumar Raghuvanshi (Department of Computer Science, Ramanujan College, University of Delhi, New Delhi, India)
Copyright: © 2020 |Pages: 16
DOI: 10.4018/JITR.2020070102
OnDemand PDF Download:
Available
$37.50
No Current Special Offers
TOTAL SAVINGS: $37.50

Abstract

Security is a critical issue particularly in public cloud as it rests with the cloud providers. During security implementation, prevailing security threats and regulatory standards are borne in mind. Regulatory compliance varies from one cloud provider to another according to their maturity and location of the data center. Thus, subscribers need to verify the security requirement meeting their objective and the one implemented by the public cloud provider. To this end, subscribers need to visit each cloud provider's site to view the compliance. This is a time-consuming activity at the same time difficult to locate on a website. This work presents the prominent security standards suggested by the leading security institutions including NIST, CSA, ENISA, ISO, etc., that are applicable to the public cloud. A centrally-driven scheme is proposed in order to empower the subscriber to know the regulation and standards applicable according to their services need. The availability of an exhaustive list at one place will lower the users hassle at subscription time.
Article Preview
Top

Introduction

Cloud computing is a promising paradigm and gaining wide support from the research institutions and industry leaders. Cloud paradigm is widely appreciated due to its capability to serve the increasing computing demand (Yong, 2015). To serve the wide variety of users it offers thre prominent services model that includes Infrastructure as a service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) (Mell, Grance et al., 2011). Aforementioned models can be accessed with the help of private, public, community or the hybrid cloud model. Scalability, on demand resource provisioning, ubiquitous access, etc., are some of the significant advantages of cloud paradigm (Singh, 2014; Buyya, Yeo, Venugopal, Broberg, & Brandic, 2009).

Other than the proprietary cloud providers such as Amazon, Microsoft, IBM, etc., a number of open source cloud platforms including Eucalyptus, open stack, Open nebula, Nimbus, etc. also exist (singh j., 2014). Open source cloud platforms are serving the subscribers by offering them higher flexibility that is needed to manage and customize the cloud platform. Trend of open cloud and cloud standards is growing regularly in order to widen their reach. Open standards for storage, security and infrastructure has already been developed (CDMI; SNIA).

Cloud computing is one of the highly sought environments in present business landscape, as evident in growing share of cloud usage. SaaS services are widely subscribed services in the cloud environment and enjoys around 40% share among all types of deployment model (Singh, 2016). However, cloud computing is unable to gain the exponential growth due to the security challenges (Gartner, 2008). Security remained the major concern in the legacy-based system and is equally applicable in the cloud computing (Ali, Khan, & Vasilakos, 2015). In cloud computing, security has further gained the momentum due to the fact that the resources are managed and maintained by the cloud provider. Whereas, subscribers do not hold any control. Several studies outline that security is the major threat in the cloud computing (Phaphooma, Wanga, Samuel, Helmer, & Abrahamsson, 2015; Schrutt, 2013).

Although, cloud environment is considered to be increasingly secure relative to the legacy-based system, however, cloud environment is also not completely secure despite of the deployment of skilled manpower, powerful and large secure arrangement. Security threats also lie due to inherent technologies in cloud environment. Security vulnerabilities have been revealed by the several attacks occurred in cloud environments (Singh, 2014b; Singh, 2014c).

In order to strengthened cloud security, new standards and regulatory compliances have emerged (CSA, 2013). Majority of these clouds regulatory acts are limited to the country’s specific boundaries. Subscribers, particularly (SME based) and sole proprietorship are not aware of the standards and regulatory acts applicable to them (Singh & Kumar, 2013). Accordingly, this work is an attempt to assess the security offered by the major cloud providers, identifying the gaps and highlighting the risk owing to the absence of the security and finally a centrally driven approach has been proposed in order to empower the subscribers and to mitigate the security and privacy risk.

Complete Article List

Search this Journal:
Reset
Open Access Articles
Volume 15: 6 Issues (2022): Forthcoming, Available for Pre-Order
Volume 14: 4 Issues (2021)
Volume 13: 4 Issues (2020)
Volume 12: 4 Issues (2019)
Volume 11: 4 Issues (2018)
Volume 10: 4 Issues (2017)
Volume 9: 4 Issues (2016)
Volume 8: 4 Issues (2015)
Volume 7: 4 Issues (2014)
Volume 6: 4 Issues (2013)
Volume 5: 4 Issues (2012)
Volume 4: 4 Issues (2011)
Volume 3: 4 Issues (2010)
Volume 2: 4 Issues (2009)
Volume 1: 4 Issues (2008)
View Complete Journal Contents Listing