Abstract
With the growing adoption of cloud computing as a viable business proposition to reduce both infrastructure and operational costs, an essential requirement is to provide guidance on how to manage information security risks in the cloud. In this chapter, security risks to cloud computing are discussed, including privacy, trust, control, data ownership, data location, audits and reviews, business continuity and disaster recovery, legal, regulatory and compliance, security policy and emerging security threats and attacks. Finally, a cloud computing framework and information asset classification model are proposed to assist cloud users when choosing cloud delivery services and deployment models on the basis of cost, security and capability requirements.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mell P, Grance T (2009) Draft NIST working definition of cloud computing. http://csrc.nist.gov/groups/SNS/cloud-computing/index.html. Accessed 16 Sept 2009
Mell P, Grance T (2009, August 12) Effectively and securely using the cloud computing paradigm, NIST
Kaufman LM (2009 July/August) Data security in the world of cloud computing. IEEE Sec Priv 7(4):61–64
Greenfield T (2009) Cloud computing in a military context – Beyond the Hype, Defense Information Systems Agency (DISA), DISA Office of the CTO. http://www.govinfosecurity.com/regulations.php?reg_id = 1432. Accessed 20 Sept 2009
NBC Federal Cloud Playbook (2009) National business center, Department of the Interior, Washington DC. http://cloud.nbc.gov/PDF/NBC%20Cloud%20White%20Paper%20Final%20(Web%20Res).pdf. Accessed 23 Sept 2009
Microsoft Azure Services, http://www.microsoft.com/azure/services.mspx. Accessed 23 Sept 2009
Gellman R (2009) Privacy in the clouds: risks to privacy and confidentiality from cloud computing. http://www.worldprivacyforum.org/pdf/WPF_Cloud_Privacy_Report.pdf. Accessed 17 Sept 2009
Claburn T (2009) Google Apps contract in LA hits security Headwind, http://www.informationweek.com/news/showArticle.jhtml?articleID=218501443. InformationWeek. Accessed 20 July 2009
Onwubiko C, Lenaghan A (2009, March) Challenges and complexities of managing information security. Int J Elect Sec Digit Forensic IJESDF 3(2). ISSN (Online): 1751-9128 – ISSN (Print): 1751-911X
Safe Harbour (1998) European commission’s directive on data privacy and protection legislation, http://www.export.gov/safeharbor/SafeHarborInfo.htm. Accessed 17 Sept 2009
Onwubiko C (2008) Security framework for attack detection in computer networks. VDM Verlag, Germany
Cloud Security Alliance (2009), http://www.cloudsecurityalliance.org/. Accessed 19 Sept 2009
Cloud Computing Interoperability Forum (2009), http://www.cloudforum.org/. Accessed 17 Sept 2009
SB-1386, The California Security Breach Information Act (2002) SB1386 amending civil codes 1798.29, 1798.82 and 1798.84. http://en.wikipedia.org/wiki/SB_1386. Accessed 20 Sept 2009
Onwubiko C (2009), A security audit framework for security management in the enterprise. Commun Inform Sci 45:9–17, Springer. ISSN 1865-0929 (Print) 1865-0937 (Online)
Chaput SR (2009) Compliance and audit, security guidance for critical areas of focus in cloud computing, Cloud Security Alliance
Cohen R (2009) Lightning knocks out amazon’s compute cloud. Cloud Comput J. http://cloudcomputing.sys-con.com/node/998582. Accessed 11 June 2009
Viega J (August 2009) Cloud computing and the common man. IEEE Comput 42(8):106–108
Ristenpart T, Tromer E, Shacham H, Savage S (2009) Hay, you, get off of my cloud: exploring information leakage in third-party compute clouds. ACM Computer Communications Security Conference CCS’09, November 2009
Cheesbrough P (2008, Dec) Into the cloud, lessons from the early adopters of cloud computing. Information Age
Youseff L et al. (2009) Toward a unified ontology of cloud computing. http://www.cs.ucsb.edu/~lyouseff/CCOntology/CloudOntology.pdf Accessed 15 Sept 2009
OpenCrowd (2009) The OpenCrowd cloud taxonomy. http://www.opencrowd.com/views/cloud.php. Accessed 26 Sept 2009
Pfleeger SL (May/June 2009) Useful cybersecurity metrics. IEE IT Pro J 11(3):38–45
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer London
About this chapter
Cite this chapter
Onwubiko, C. (2010). Security Issues to Cloud Computing. In: Antonopoulos, N., Gillam, L. (eds) Cloud Computing. Computer Communications and Networks. Springer, London. https://doi.org/10.1007/978-1-84996-241-4_16
Download citation
DOI: https://doi.org/10.1007/978-1-84996-241-4_16
Published:
Publisher Name: Springer, London
Print ISBN: 978-1-84996-240-7
Online ISBN: 978-1-84996-241-4
eBook Packages: Computer ScienceComputer Science (R0)