Risk and Compliance Management for Cloud Computing Services: Designing a Reference Model

More and more companies are making use of Cloud Computing Services in order to reduce costs and to increase theflexibility of their IT infrastructures. Currently, the focus is shifting towards problems of risk and compliance which includeas well the realm of Cloud Computing security. For instance, since the storage locations of data may shift or remain unknownto the user, the problem of the applicable jurisdiction arises and impede the adoption and management of Cloud ComputingServices. Therefore, companies need new methods to avoid being fined for compliance violations, to manage risk factors aswell as to manage processes and decision rights. This paper presents a reference model that serves to support companies inmanaging and reducing risk and compliance efforts. We developed the model on the solid basis of a systematic literaturereview and practical requirements by analyzing Cloud Computing Service offers

Various Security Issues and their Remedies in Cloud Computing

The services of cloud computing is expending day by day. It has given shape to the theoretical infrastructure for future computations. The computational framework is running very fast worldwide towards cloud based architecture, though cloud computing is becoming very popular now a days but there are some other issues which should be considered-one of the major issue is security. In this paper, some major security issues has been analyzed and main emphasis is to rectify those issues

Contribución a la estimulación del uso de soluciones Cloud Computing: Diseño de un intermediador de servicios Cloud para fomentar el uso de ecosistemas distribuidos digitales confiables, interoperables y de acuerdo a la legalidad. Aplicación en entornos multi-cloud.

184 p.El objetivo del trabajo de investigación presentado en esta tesis es facilitar a los desarrolladores y operadores de aplicaciones desplegadas en múltiples Nubes el descubrimiento y la gestión de los diferentes servicios de Computación, soportando su reutilización y combinación, para generar una red de servicios interoperables, que cumplen con las leyes y cuyos acuerdos de nivel de servicio pueden ser evaluados de manera continua. Una de las contribuciones de esta tesis es el diseño y desarrollo de un bróker de servicios de Computación llamado ACSmI (Advanced Cloud Services meta-Intermediator). ACSmI permite evaluar el cumplimiento de los acuerdos de nivel de servicio incluyendo la legislación. ACSmI también proporciona una capa de abstracción intermedia para los servicios de Computación donde los desarrolladores pueden acceder fácilmente a un catálogo de servicios acreditados y compatibles con los requisitos no funcionales establecidos.Además, este trabajo de investigación propone la caracterización de las aplicaciones nativas multiNube y el concepto de "DevOps extendido" especialmente pensado para este tipo de aplicaciones. El concepto "DevOps extendido" pretende resolver algunos de los problemas actuales del diseño, desarrollo, implementación y adaptación de aplicaciones multiNube, proporcionando un enfoque DevOps novedoso y extendido para la adaptación de las prácticas actuales de DevOps al paradigma multiNube

Secure Clouds Through Reputation-Based Cloud Service Trust Management

Inadequate mechanisms for managing user trust in cloud services are a major roadblock to the broad adoption of this technology. Difficulties with privacy, security, and availability are inevitable in the cloud because of the service's intrinsic malleability, dispersion, and lack of transparency. Due to the sensitive nature of the information shared between customers and the trust management service, confidentiality must be maintained at all times. It's difficult to prevent malicious individuals from disrupting cloud services (for example, by providing false or misleading feedback to make a cloud service seem bad). Due to the dynamic nature of cloud infrastructure, it may be challenging to guarantee the constant availability of the trust management service in a cloud environment. We discuss the design and implementation of Cloud Armor, a reputation-based trust management framework that offers a collection of functions to provide Trust as a Service, with the goals of protecting cloud services from malicious users and comparing the trustworthiness of various cloud services. A unique protocol to verify the credibility of trust feedbacks while protecting users' anonymity; and (ii) an adaptive and resilient credibility model for gauging the veracity of trust feedbacks. Our approach's benefits and viability have been demonstrated through prototype development and experimentation with real-world trust feedback on cloud services

Cloud Armor: a platform for credibility-based trust management of cloud services

Trust management of cloud services is emerging as an impor- tant research issue in recent years, which poses signicant challenges because of the highly dynamic, distributed, and non-transparent nature of cloud services. This paper de- scribes Cloud Armor, a platform for credibility-based trust management of cloud services. The platform provides a crawler for automatic cloud services discovery, an adaptive and robust credibility model for measuring the credibility of feedbacks, and a trust-based recommender to recommend the most trustworthy cloud services to users. This paper presents the motivation, system design, implementation, and a demonstration of the Cloud Armor platform.Talal H. Noor, Quan Z. Sheng, Anne H.H. Ngu, Abdullah Alfazi and Jeriel Lawhttp://www.cikm2013.org/cfp.ph