Sla Based Information Security Metrics in Cloud Computing (T-0698) (MFN 5085)

Abstract

Cloud computing is new technology which provides scalable, highly available, and low cost services over internet. There are many risks and threats involved in it. Security of information in cloud computing is still big question for large enterprise like banks, huge data centers, educational institutions and business enterprises. Using cloud and its services there is a need to protect sensitive and critical information. Basically cloud offers virtual computing services to small average or big scale enterprise, so there are many risk and obstacles involve for an enterprise to entirely shift to cloud because for every enterprise there are some major concerns like privacy, confidentiality, and risk management, critical information of their assets and secure flow of information are few key important concerns. The aim of this study is to extract cloud security risks, mapping of identified cloud risks to cloud control matrix V 3.0.1 and propose SLA based information security metrics to address and mitigate these cloud risks, and finally to evaluate how secure the proposed metrics can make the cloud based infrastructure. In this study systematic literature review has been carried out to analyze different cloud risks related to information security, 50 cloud risks were identified, and mapped to cloud control matrix V 3.0.1, to know how many risks are mitigated and what level of assurance can be attained by implementing specific controls of this standard. After mapping SLA based information security metrics based on goal question metric framework are proposed, these metrics are best tool to take decisions based on qualitative and quantitative analysis also they can aid cloud customers in evaluating cloud environment.