Technology transfer of dynamic IT outsourcing requires security measures in SLAs

For the present efforts in dynamic IT outsourcing environments like Grid or Cloud computing security and trust are ongoing issues. SLAs are a proved remedy to build up trust in outsourcing relations. Therefore, it is necessary to determine whether SLAs can improve trust from the perspective of the outsourcing customer by integration of security measures. The conducted survey indicates that customers see SLAs as an approach to increase their level of trust in IT outsourcing partners. In addition, security measures in SLAs are of high relevance to support trust but not yet integrated appropriately. However, SLAs are very important for the technology transfer of eScience projects in Grid computing. Again, Grid based outsourcing of biomedical IT services requires security measures in SLAs. Thus, the technology transfer process of dynamic IT outsourcing infrastructures requires adequate SLAs in order to be successful

Software-Defined Cloud Computing: Architectural Elements and Open Challenges

The variety of existing cloud services creates a challenge for service providers to enforce reasonable Software Level Agreements (SLA) stating the Quality of Service (QoS) and penalties in case QoS is not achieved. To avoid such penalties at the same time that the infrastructure operates with minimum energy and resource wastage, constant monitoring and adaptation of the infrastructure is needed. We refer to Software-Defined Cloud Computing, or simply Software-Defined Clouds (SDC), as an approach for automating the process of optimal cloud configuration by extending virtualization concept to all resources in a data center. An SDC enables easy reconfiguration and adaptation of physical resources in a cloud infrastructure, to better accommodate the demand on QoS through a software that can describe and manage various aspects comprising the cloud environment. In this paper, we present an architecture for SDCs on data centers with emphasis on mobile cloud applications. We present an evaluation, showcasing the potential of SDC in two use cases-QoS-aware bandwidth allocation and bandwidth-aware, energy-efficient VM placement-and discuss the research challenges and opportunities in this emerging area.Comment: Keynote Paper, 3rd International Conference on Advances in Computing, Communications and Informatics (ICACCI 2014), September 24-27, 2014, Delhi, Indi

A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view

Cloud adoption and cyber security in public organizations: an empirical investigation on Norwegian municipalities

The public sector in Norway, particularly municipalities, is currently transforming through the adoption of cloud solutions. This multiple case study investigates cloud adoption and is security challenges that come along with it. The objective is to identify the security challenges that cloud solutions present and techniques or strategies that can be used to mitigate these security challenges. The Systematic Literature Review (SLR) provided valuable insights into the prevalent challenges and associated mitigation techniques in cloud adoption. The thesis also uses a qualitative approach using Semi-Structured Interviews (SSI) to gather insight into informants’ experiences regarding cloud adoption and its security challenges. The study’s empirical data is based on interviews with six different Norwegian municipalities, providing a unique and broad perspective. The analysis of the empirical findings, combined with the literature, reveals several security challenges and mitigation techniques in adopting cloud solutions. The security challenges encompass organizational, environmental, legal, and technical aspects of cloud adoption in the municipality. Based on the findings, it is recommended that Norwegian municipalities act on these issues to ensure a more secure transition to cloud solutions

Service Level Agreements for Communication Networks: A Survey

Information and Communication Technology (ICT) is being provided to the variety of end-users demands, thereby providing a better and improved management of services is crucial. Therefore, Service Level Agreements (SLAs) are essential and play a key role to manage the provided services among the network entities. This survey identifies the state of the art covering concepts, approaches and open problems of the SLAs establishment, deployment and management. This paper is organised in a way that the reader can access a variety of proposed SLA methods and models addressed and provides an overview of the SLA actors and elements. It also describes SLAs' characteristics and objectives. SLAs' existing methodologies are explained and categorised followed by the Service Quality Categories (SQD) and Quality-Based Service Descriptions (QSD). SLA modelling and architectures are discussed, and open research problems and future research directions are introduced. The establishment of a reliable, safe and QoE-aware computer networking needs a group of services that goes beyond pure networking services. Therefore, within the paper this broader set of services are taken into consideration and for each Service Level Objective (SLO) the related services domains will be indicated. The purpose of this survey is to identify existing research gaps in utilising SLA elements to develop a generic methodology, considering all quality parameters beyond the Quality of Service (QoS) and what must or can be taken into account to define, establish and deploy an SLA. This study is still an active research on how to specify and develop an SLA to achieve the win-win agreements among all actors.Comment: 25 Pages, 4 Figure

DESIGN AND IMPLEMENTATION OF A COMMUNITY PLATFORM FOR THE EVALUATION AND SELECTION OF CLOUD COMPUTING SERVICES: A MARKET ANALYSIS

The large number of available Cloud Computing Services makes it hard for companies to keep an overview of the market and to identify the services that best fit their needs. Also, the search for the most suitable Cloud Computing Services often takes too much time and money. The community platform presented in this article was designed to assist companies and users in solving this problem by enabling them to identify relevant Cloud Computing Services. Furthermore, users have the option of evaluating individual services and get access to the evaluations submitted to the community platform by other users. The paper describes the design and the prototypical implementation of the platform and introduces a maturity model for the quality assessment of Cloud Computing Services listed in the platform’s underlying database. The authors also provide recommendations for further action based on a first analysis of the market situation. Our research can be characterized as a design-oriented research approach that focuses on the design of IT artifacts (i.e. community platform and underlying maturity model). Both IT artifacts are evaluated by means of expert interviews and by users giving us feedback when testing our community platform