Measuring security for applications hosted in cloud

Abstract

Despite the numerous benefits of cloud computing, concerns around security, trust and privacy are holding back the cloud adoption. Lack of visibility and tangible measurement of the security posture of any cloud hosted application is a disadvantage to cloud service customers. Decision to migrate workloads on the Cloud requires thoughtful analysis about security implications and ability to measure the security controls after hosting. In this paper, we propose a framework to quantitatively measure different aspects of information security for Cloud applications. This framework has a system through which we can define applications specific controls, gather information on control implementation, calculate the security levels for applications and present them to stakeholders through dashboards. Framework also includes detailed method to quantify the security of a Cloud application considering different aspects of security, control criticalities, stakeholder responsibilities and cloud service models. System and method provide visibility to Cloud customer on the security posture of their cloud hosted applications.