Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Managing Risk in a Cloud Ecosystem

Published

Author(s)

Michaela Iorga, Anil Karmel

Abstract

The article focuses on the tier 3 security risks related to the operation and use of cloud-based information systems. To prevent and mitigate any threats, adverse actions, service disruptions, attacks, or compromises, organizations need to quantify their residual risk below the threshold of the acceptable level of risk. The risk-based approach of managing information systems is a holistic activity that needs to provide a disciplined and structured process that integrates cloud-based information system's security and risk management activities into the system development life cycle. Adopting a cloud-based solution for an information system requires cloud Consumers to diligently identify their security requirement, assess each prospective service provider's security and privacy controls, negotiate SLA and SA and build trust with the cloud Provider before authorizing the service. A thorough risk analysis coupled with secure cloud Ecosystem orchestration introduced in this article, along with adequate guidance on negotiating SLAs, are intended to assist the cloud Consumer in managing risk and making informed decisions in adopting cloud services.
Citation
IEEE Cloud Computing Magazine
Volume
2
Issue
6

Keywords

cloud security, risk assessment, risk management, cloud computing, virtualization

Citation

Iorga, M. and Karmel, A. (2015), Managing Risk in a Cloud Ecosystem, IEEE Cloud Computing Magazine, [online], https://doi.org/10.1109/MCC.2015.122 (Accessed June 25, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created December 18, 2015, Updated May 4, 2021