Open AccessMeasuring Security for Applications Hosted in Cloud
Author(s) -
Nitin Chauhan,
Ashutosh Saxena,
J.V.R Murthy
Publication year - 2019
Publication title -
international journal of innovative technology and exploring engineering
Language(s) - English
Resource type - Journals
ISSN - 2278-3075
DOI - 10.35940/ijitee.j1125.0881019
Subject(s) - cloud computing , cloud computing security , computer science , security controls , visibility , computer security , security service , computer security model , security information and event management , measure (data warehouse) , information security , control (management) , database , physics , artificial intelligence , optics , operating system
Despite the numerous benefits of cloud computing, concerns around security, trust and privacy are holding back the cloud adoption. Lack of visibility and tangible measurement of the security posture of any cloud hosted application is a disadvantage to cloud service customers. Decision to migrate workloads on the Cloud requires thoughtful analysis about security implications and ability to measure the security controls after hosting. In this paper, we propose a framework to quantitatively measure different aspects of information security for Cloud applications. This framework has a system through which we can define applications specific controls, gather information on control implementation, calculate the security levels for applications and present them to stakeholders through dashboards. Framework also includes detailed method to quantify the security of a Cloud application considering different aspects of security, control criticalities, stakeholder responsibilities and cloud service models. System and method provide visibility to Cloud customer on the security posture of their cloud hosted applications.