Cloud security certifications: A comparison to improve cloud service provider security

Carlo Di Giulio, Read Sprabery, Charles Kamhoua, Kevin Kwiat, Roy H. Campbell, Masooda N. Bashir

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The great diffusion of cloud computing applications and services in the last years has brought new threats to security of information. 1 IT Certification and authorization mechanisms try to provide assurance against those threats by leveraging high security standards and controls. Two examples of such certification based on IT security controls are ISO/IEC 27001 and FedRAMP. While these two certifications largely share their scope it is important to note that ISO is a standardization adopted worldwide since 2005 whereas FedRAMP was developed in 2012 specifically for US Government Cloud Service Providers. New frameworks, however, are not always more effective than earlier ones, especially in the fast-moving world of cloud computing where IT security standards need to be constantly updated. This study offers an overview of adequacy and completeness of ISO/IEC 27001 and FedRAMP, bringing to question the level of protection that they provide by comparing them to each other and evaluating both in terms of known threats to cloud computing. The study identifies weaknesses in the certification build process and highlights necessary improvements. Copyright is held by the owner/author(s).

Original languageEnglish (US)
Title of host publicationProceedings of the 2nd International Conference on Internet of Things and Cloud Computing, ICC 2017
EditorsHani Hamdan, Djallel Eddine Boubiche, Faouzi Hidoussi
PublisherAssociation for Computing Machinery
ISBN (Electronic)9781450347747
DOIs
StatePublished - Mar 22 2017
Event2nd International Conference on Internet of Things and Cloud Computing, ICC 2017 - Cambridge, United Kingdom
Duration: Mar 22 2017Mar 23 2017

Publication series

NameACM International Conference Proceeding Series

Other

Other2nd International Conference on Internet of Things and Cloud Computing, ICC 2017
CountryUnited Kingdom
CityCambridge
Period3/22/173/23/17

Keywords

  • Certification
  • Cloud
  • FedRAMP
  • Framework
  • ISO
  • Privacy
  • Security
  • Standard

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Cloud security certifications: A comparison to improve cloud service provider security'. Together they form a unique fingerprint.

  • Cite this

    Di Giulio, C., Sprabery, R., Kamhoua, C., Kwiat, K., Campbell, R. H., & Bashir, M. N. (2017). Cloud security certifications: A comparison to improve cloud service provider security. In H. Hamdan, D. E. Boubiche, & F. Hidoussi (Eds.), Proceedings of the 2nd International Conference on Internet of Things and Cloud Computing, ICC 2017 [a120] (ACM International Conference Proceeding Series). Association for Computing Machinery. https://doi.org/10.1145/3018896.3025169