Cloud Computing Security and Risk Management

Cloud Computing Security and Risk Management

Yoshito Kanamori (University of Alaska Anchorage, USA) and Minnie Yi-Miin Yen (University of Alaska Anchorage, USA)
DOI: 10.4018/978-1-4666-2187-9.ch012
OnDemand PDF Download:
No Current Special Offers


Cloud computing is changing the way corporate computing operates and forcing the rapid evolution of computing service delivery. It is being facilitated by numerous technological approaches and a variety of business models. Although utilizing the infrastructure of existing computing and networking technologies, different cloud service providers (CSPs) are able to unite their efforts and address a much broader business space. As a result, confusion has emerged and questions have risen from both Information Technology (IT) and business communities. How cloud environments differ from traditional models, and how these differences affect their adoption are of major importance. In this chapter, the authors first clarify misperceptions by introducing the new threats and challenges involved in cloud environments. Specifically, security issues and concerns will be depicted in three practical scenarios designed to illuminate the different security problems in each cloud deployment model. The chapter also further discusses how to assess and control the concerns and issues pertaining to the security and risk management implementations.
Chapter Preview

Threats And Security Challenges

One of the primary challenges cloud computing faces is data security. When users store their sensitive data on public cloud servers, security will always be a great concern. The major problem behind the data security issue is that cloud servers and data owners are not within the same trusted domain (Yu, Wang, Ren, & Lou, 2010). So, it is difficult for customers to assess the security measures existing in the public cloud service provider (CSP) environment (Choudhary, 2007). For example, when a customer uses a web application provided by a third party to process data, the processed data may be temporarily stored on the third party’s server. The customer expects the third party to be in compliance with the regulations required for the customer’s business (e.g., HIPAA (HHS, 1996).) However, there is no easy way to verify how the third party actually processes and stores its customer data. The more third party applications a customer uses, the more threats and challenges that customer will face in the cloud environment.

In the following three scenarios, the security issues and challenges in cloud environments are illustrated based on three key cloud deployment models – private, public, and hybrid clouds – using three distinct delivery models – Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) (Mather, Kumaraswamy, & Latif, 2009; Krutz & Vines, 2010).

Complete Chapter List

Search this Book: