CISUC

Cloud Computing and Security

Authors

Abilio Cardoso
Paulo Simões

Abstract

There is always a strong pressure on Information Technology (IT)
to do more with fewer resources. Over the decades, this pressure to rationalize IT costs spurred a number of paradigms, technologies and
buzzwords. Some of them failed to meet their promises, while others became successfully embed in IT practices and infrastructures, providing
sizeable benefits. The paradigm of cloud computing is currently riding this
wave, promising to be the next great revolution in IT. Cloud computing
appears to have the right technological and market ingredients to become
widely successful. However, there are some key areas where cloud computing is still underperforming – such as security. Availability, security, privacy
and integrity of information are some of the biggest concerns in the process of designing, implementing and running IT services based on cloud
computing, due to technological and legal matters. There is already an extensive set of recommendations for IT management and IT governance in
general – such as the popular Information Technology Infrastructure Library (ITIL) guidelines and Control Objectives for Information and related
Technology (COBIT) recommendations. However, the field of cloud computing remains poorly covered. ITIL and other general sources can be sometimes translated to the context of cloud computing, but there are many
new challenges not addressed by those generic resources. Recognizing this
state of affairs, a number of initiatives already started focusing on novel
proposals specifically targeting cloud computing but, up to now, with no
significant outcomes. In this paper, we discuss the security implications
involved in the migration of IT services to the cloud-computing model,
proposing a set of rules and guidelines to be followed in the process of
migrating IT services to the cloud. This set of rules and guidelines largely
builds on general ITIL recommendations, discussing how to extend/adapt
them to the field of cloud computing and identifying which a number of
novel areas not covered by current ITIL recommendations.

Keywords

cloud computing, security, ITIL

Conference

11th European Conference on Information Warfare and Security (ECIW'2012), July 2012


Cited by

Year 2014 : 1 citations

 E. Sitnikova and M. Asgarkhani, "A strategic framework for managing internet security," 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD), Xiamen, 2014, pp. 947-955. doi: 10.1109/FSKD.2014.6980967