Iorga, M.
and Karmel, A.
(2015),
Managing Risk in a Cloud Ecosystem, IEEE Cloud Computing Magazine, [online], https://doi.org/10.1109/MCC.2015.122
(Accessed April 19, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Managing Risk in a Cloud Ecosystem
Published
Author(s)
, Anil Karmel
Abstract
The article focuses on the tier 3 security risks related to the operation and use of cloud-based information systems. To prevent and mitigate any threats, adverse actions, service disruptions, attacks, or compromises, organizations need to quantify their residual risk below the threshold of the acceptable level of risk. The risk-based approach of managing information systems is a holistic activity that needs to provide a disciplined and structured process that integrates cloud-based information system's security and risk management activities into the system development life cycle. Adopting a cloud-based solution for an information system requires cloud Consumers to diligently identify their security requirement, assess each prospective service provider's security and privacy controls, negotiate SLA and SA and build trust with the cloud Provider before authorizing the service. A thorough risk analysis coupled with secure cloud Ecosystem orchestration introduced in this article, along with adequate guidance on negotiating SLAs, are intended to assist the cloud Consumer in managing risk and making informed decisions in adopting cloud services.Citation
IEEE Cloud Computing Magazine
Volume
2
Issue
6
Pub Type
Journals
Download Paper
Keywords
cloud security, risk assessment, risk management, cloud computing, virtualization
Citation
Created December 18, 2015, Updated May 4, 2021