Abstract
New organizations wanting to surf the Cloud wave face one big challenge, which is how to evaluate how its business will be impacted. Currently, there is no mutually accepted methodology to allow the verification of this information, or to compare security between the organization’s systems before and after migrating their resources to a Cloud. In this paper the authors discuss the implications of assessing Cloud security and how to compare two different environment’s security in a way to provide enough resources for management to take decisions about migrating or not their systems to a remote datacenter. A practical method is proposed to assess and compare the organization system security before and after migration to a Cloud.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Reuters: Amazon wins key cloud security clearance from government. http://www.reuters.com/article/2013/05/21/us-amazon-cloud-idUSBRE94K06S20130521
Herzog, P.: OSSTMM 3 – The Open Source Security Testing Methodology Manual – Contemporary Security Test and Analysis. Institute for Security and Open Methodologies (ISECOM) (2010)
European Network and Information Security Agency (ENISA): Cloud: Benefits, risks and recommendations for information security. http://www.enisa.europa.eu
Yildiz, M., Abawajy, J., Ercan, T., Bernoth, A.: A layered security approach for cloud computing infrastructure. In: 2009 10th International Symposium on Pervasive Systems Algorithms, and Networks, pp. 763–767. IEEE 978-0-7695-3908-9/09 (2009)
Cloud Security Alliance: Security Guidance for Critical Areas of Focus in Cloud Computing V2.1. http://www.cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf
U.S. Chief Information Officer: Proposed Security Assessment and Authorization for U.S. Government Cloud Computing. http://educationnewyork.com/files/Proposed-Security-Assessment-and-Authorization-for-Cloud-Computing.pdf
OWASP: Cloud Top 10 Security Risks. https://www.owasp.org/index.php/Category:OWASP_Cloud_%E2%80%90_10_Project
Herzog, P.: Analyzing the Biggest Bank Robbery in History: Lessons in OSSTMM Analysis. Banking Magazine, 2/2011. http://hakin9.org/analyzing-the-biggest-bank-robbery-in-history-lessons-in-osstmm-analysis
Grobauer, B., Walloschek, T., Stöcker, E.: Understanding cloud computing vulnerabilities. IEEE Secur. Priv. 9(2), 50–57 (2011). doi:10.1109/MSP.2010.115
Hiroyuki, S., Shigeaki, T., Atsushi, K.: Building a security aware cloud by extending internal control to cloud. In: 2011 Tenth International Symposium on Autonomous Decentralized Systems, pp. 323–326. IEEE 978-0-7695-4349-9/11 (2011)
CERT: 2011 CyberSecurityWatch Survey - How Bad Is the Insider Threat? Carnegie Mellon University. http://www.cert.org/archive/pdf/CyberSecuritySurvey2011Data.pdf
Krutz, R., Vines, R.: Cloud Security: A Comphrehensive Guide to Secure Cloud Computing. Wiley Publishing, Indianápolis (2010)
Wilhelm, T.: Professional Penetration Testing. Elsevier Inc, Burlington (2010)
MacClure, S., Scambray, J., Kurtz, G.: Hacking Exposed: Network Security Secrets and Solutions. Oxborne, California (1999)
Cloud Security Alliance: Consensus Assessments Initiative. https://cloudsecurityalliance.org/research/cai
Mell, P., Grance, T.: The NIST Definition of Cloud Computing. NIST Special Publication 800–145. National Institute of Standards and Technology – U.S Department of Commerce. http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Costa, R., Serrão, C. (2015). Cloud Security Assessment: Practical Method for Organization’s Assets Migration to the Cloud. In: Fred, A., Dietz, J., Liu, K., Filipe, J. (eds) Knowledge Discovery, Knowledge Engineering and Knowledge Management. IC3K 2013. Communications in Computer and Information Science, vol 454. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-46549-3_27
Download citation
DOI: https://doi.org/10.1007/978-3-662-46549-3_27
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-46548-6
Online ISBN: 978-3-662-46549-3
eBook Packages: Computer ScienceComputer Science (R0)