Utilizing Third Party Auditing to Manage Trust in the Cloud

Abstract

Recent trends within the IT industry have led to a tectonic shift in the way organizations utilize information systems to yield maximum efficiency. Cloud computing is the cornerstone of the aforementioned paradigm permutation. Information security, however, continues to dominate discussion on how organizations can utilize the efficiency of the cloud, while simultaneously maintaining end-user privacy and trust. The advent of cloud computing has likewise brought with it a multitude of new and exciting concepts that can complicate security demands exponentially. These security demands must be met to ensure user trust. Multi-tenancy is a cloud computing concept that is at the forefront of information security concerns in the 21st century computing environment. Current Multi-tenancy models fail to provide adequate security measures by blindly multiplexing various unknown users, whose intentions can be hostile, with reputable cloud service users. In this paper, we propose a novel security auditing framework to establish the user trust by (a) allowing the cloud service users (CSUs) to provide their security preferences with the desired cloud services, (b) providing a conceptual mechanism to validate the security controls and internal security policies of cloud service providers (CSPs) published in the CSA's (Cloud Security Alliance) Security Trust and Assurance Registry (STAR) database, and (c) maintaining a database of CSPs along with their responses to the Consensus Assessments Initiative Questionnaire (CAIQ) as well as the certificates issued by the certificate authorities. Thus, our proposed framework facilitates the CSUs in choosing a trustworthy CSP by empowering them to select an appropriate security preferences and services.