Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Managing Risk in a Cloud Ecosystem



Michaela Iorga, Anil Karmel


The article focuses on the tier 3 security risks related to the operation and use of cloud-based information systems. To prevent and mitigate any threats, adverse actions, service disruptions, attacks, or compromises, organizations need to quantify their residual risk below the threshold of the acceptable level of risk. The risk-based approach of managing information systems is a holistic activity that needs to provide a disciplined and structured process that integrates cloud-based information system's security and risk management activities into the system development life cycle. Adopting a cloud-based solution for an information system requires cloud Consumers to diligently identify their security requirement, assess each prospective service provider's security and privacy controls, negotiate SLA and SA and build trust with the cloud Provider before authorizing the service. A thorough risk analysis coupled with secure cloud Ecosystem orchestration introduced in this article, along with adequate guidance on negotiating SLAs, are intended to assist the cloud Consumer in managing risk and making informed decisions in adopting cloud services.
IEEE Cloud Computing Magazine


cloud security, risk assessment, risk management, cloud computing, virtualization


Iorga, M. and Karmel, A. (2015), Managing Risk in a Cloud Ecosystem, IEEE Cloud Computing Magazine, [online], (Accessed June 25, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created December 18, 2015, Updated May 4, 2021