The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.06 - November/December (2010 vol.8)
pp: 32-39
Wayne Pauley , EMC Corporation, Hopkinton
ABSTRACT
Cloud computing is quickly becoming the next wave of technological evolution as a new approach to providing IT capabilities needed by business. Driving interest and investment in cloud computing is the revolutionary change to the economic model. Cloud computing also promises to allow IT to respond more quickly to the needs of the business. Key tenets of cloud computing include being on-demand and self-service. This shift to the way that a business engages IT services creates new challenges including regulating how internal business units purchase cloud services. How does a business assess cloud providers services for security, privacy, and service levels? The purpose of this study is to develop an instrument for evaluating a cloud provider’s transparency of security, privacy, and service level competencies via its self-service web portals and web publications, and then to empirically evaluate cloud service providers to measure how transparent by using the instrument.
INDEX TERMS
cloud computing, cloud provider, transparency, service-oriented architecture, privacy, security, service-level agreement audit
CITATION
Wayne Pauley, "Cloud Provider Transparency: An Empirical Evaluation", IEEE Security & Privacy, vol.8, no. 6, pp. 32-39, November/December 2010, doi:10.1109/MSP.2010.140
REFERENCES
1. K.S. Candan et al., "Frontiers in Information and Software as Services," Proc. 2009 IEEE Conf. Data Eng., IEEE CS Press, 2009, pp. 1761–1768.
2. P. Mell and T. Grance, "The NIST Definition of Cloud Computing," Nat'l Inst. of Standards and Technology Computer Security Division, 7 Oct. 2009; http://csrc.nist.gov/groups/SNS/cloud-computing cloud-def-v15.doc.
3. K. Wüllenweber and T. Weitzel, "An Empirical Exploration of How Process Standardization Reduces Outsourcing Risk," Proc. 40th Ann. Hawaii Int'l Conf. System Science, IEEE CS Press, 2007, p. 240c.
4. "Security Guidance for Critical Areas of Focus in Cloud Computing V2.1," Cloud Security Alliance, 2009; www.cloudsecurityalliance.orgcsaguide.pdf .
5. "Cloud Computing Security Risk Assessment," -European Network and Information Security Agency, 20 Nov. 2009; www.enisa.europa.eu/act/rm/files/deliverables cloud-computing-risk-assessment.
6. H.R. Nemati and T. Van Dyke, "Do Privacy Statements Really Work? The Effect of Privacy Statements and Fair Information Practices on Trust and Perceived Risk in E-Commerce," Int'l J. Information Security and Privacy, vol. 3, no. 1, 2009, pp. 45–65.
7. "Chronology of Data Breaches," Privacy Rights Clearinghouse, 2 Mar. 2010; www.privacyrights.org/arChronDataBreaches.htm .
8. "CloudAudit and the Automated Audit, Assertion, Assessment, and Assurance API (A6)," CloudAudit, 2010; www.cloudaudit.org.
9. "Open Grid Forum Open Cloud Computing Interface Working Group," OCCI, 2010; www.occi-wg.orgdoku.php.
10. "Frequently Asked Questions," Small Business Administration Office of Advocacy, Sept. 2009; www.sba.gov/advo/statssbfaq.pdf.
11. AU Section 324 Service Organizations: Sources SAS No. 70; SAS No. 78; SAS No. 88; SAS No. 98, Am. Inst. Certified Public Accountants; www.aicpa.org/Research/Standards/AuditAttest/ DownloadableDocumentsAU-00324.pdf.
12. "Payment Card Industry Data Security Standard: Navigating PCI DSS V1.2," Payment Card Industry Security Standards Council, 2008; www.pcisecuritystandards.org/pdfspci_dss_saq_navigating_dss.pdf .
13. "The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules," US Dept. of Health and Human Services, 2006; www.hhs.gov/ocr/privacy/hipaa/administrative/ privacyruleadminsimpregtext.pdf.
14. "Sarbanes–Oxley Act of 2002 (Public Company Accounting Reform and Investor Protection)," Government Accountability Office, 2002.
15. "COBIT Framework for IT Governance and Control," Information Systems Audit and Control Association, 2007; www.isaca.org/Knowledge-Center/COBIT/Pages Overview.aspx.
16. ISO/IEC 27000:2009: Information Technology, Security Techniques, Information Security Management Systems, Overview and Vocabulary, Int'l Org. for Standardization and the Int'l Electrotechnical Commission, 2009; www.iso.org/iso/iso_catalogue/catalogue_tc catalogue_detail.htm?csnumber=41933.
17. R. Ross et al., "Recommended Security Controls for Federal Information Systems," Dec. 2007; http://csrc.nist.gov/publications/nistpubs/ 800-53-Rev2sp800-53-rev2-final.pdf.
18. "AWS Completes SAS70 Type II Audit," Amazon Web Services," 2010; http://aws.amazon.com/about-aws/whats-new/ 2009/11/11aws-completes-sas70-type-ii-audit .
19. "Information Technology Infrastructure Library," ITIL, 12 Mar. 2010; www.itil-officialsite.com/homehome.asp.
20. M.W. Jones, "Microsoft's Sidekick Cloud Outage Gets Worse," Tech.Blorge,11 Oct. 2009; http://tech.blorge.com/Structure:%20/2009/ 10/11microsofts-sidekick-cloud-outage-gets-worse .
21. "Setting the Standards for Vendor Assessments," Shared Assessments, 13 Mar. 2010; www.sharedassessments.org.
24 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool