Cloud computing security requirements and a methodology for their auditing

Abstract

Security is a crucial issue in cloud computing especially since a lot of stakeholders worldwide are involved. Achieving an acceptable security level in cloud environments is much harder when compared to other traditional IT systems due to specific cloud characteristics like: architecture, openness, multi-tenancy etc. Conventional security mechanisms are no longer suitable for applications and data in the cloud, since new security requirements have emerged. Furthermore, there is a clear need for a trusted security audit method for cloud providers. This paper identifies the security requirements that are specific to cloud computing and highlights how these requirements link to the cloud security policy while illustrating the structure of a General Security Policy Model. Furthermore, it proposes a method that can be adopted by cloud providers for auditing the security of their systems.