Title: Security policy rules and required procedures for two crucial cloud computing threats

Authors: Dimitra Georgiou; Costas Lambrinoudakis

Addresses: Systems Security Laboratory, Department of Digital Systems, University of Piraeus, Piraeus, 185 32, Greece ' Systems Security Laboratory, Department of Digital Systems, University of Piraeus, Piraeus, 185 32, Greece

Abstract: Cloud computing is the most accurate paradigm of next generation internet-based distributed computing systems providing an innovative business model for organisations. It offers potential benefits including cost savings, flexibility and improved business outcomes for organisations. Despite the potential advantages of cloud computing, security is one of the major issues remaining questionable. In this paper, two crucial security threats of cloud computing systems are presented and are assigned to one of four categories of our security policy. We facilitate both users and providers to know about these security threats and we propose security metrics that providers could use to evaluate the security of their services. Finally, the necessary policy rules and required procedures are described. Our approach tackles the cloud security issues providing guidance in the form of a set of rules which can be utilised for monitoring the implementation and effectiveness of security controls in cloud environments.

Keywords: cloud computing; threats; security policy rules; SaaS; software-as-a-service; required procedures; methodology; security policy.

DOI: 10.1504/IJEG.2017.088217

International Journal of Electronic Governance, 2017 Vol.9 No.3/4, pp.385 - 403

Received: 04 Jun 2016
Accepted: 24 Apr 2017
Published online: 29 Nov 2017 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article