@inproceedings{6817aa6dfe86435c82410a72f415bde9,
title = "Cloud security certifications: A comparison to improve cloud service provider security",
abstract = "The great diffusion of cloud computing applications and services in the last years has brought new threats to security of information. 1 IT Certification and authorization mechanisms try to provide assurance against those threats by leveraging high security standards and controls. Two examples of such certification based on IT security controls are ISO/IEC 27001 and FedRAMP. While these two certifications largely share their scope it is important to note that ISO is a standardization adopted worldwide since 2005 whereas FedRAMP was developed in 2012 specifically for US Government Cloud Service Providers. New frameworks, however, are not always more effective than earlier ones, especially in the fast-moving world of cloud computing where IT security standards need to be constantly updated. This study offers an overview of adequacy and completeness of ISO/IEC 27001 and FedRAMP, bringing to question the level of protection that they provide by comparing them to each other and evaluating both in terms of known threats to cloud computing. The study identifies weaknesses in the certification build process and highlights necessary improvements. Copyright is held by the owner/author(s).",
keywords = "Certification, Cloud, FedRAMP, Framework, ISO, Privacy, Security, Standard",
author = "{Di Giulio}, Carlo and Read Sprabery and Charles Kamhoua and Kevin Kwiat and Campbell, {Roy H.} and Bashir, {Masooda N.}",
note = "Publisher Copyright: {\textcopyright} 2017 ACM.; 2nd International Conference on Internet of Things and Cloud Computing, ICC 2017 ; Conference date: 22-03-2017 Through 23-03-2017",
year = "2017",
month = mar,
day = "22",
doi = "10.1145/3018896.3025169",
language = "English (US)",
series = "ACM International Conference Proceeding Series",
publisher = "Association for Computing Machinery",
editor = "Hani Hamdan and Boubiche, {Djallel Eddine} and Faouzi Hidoussi",
booktitle = "Proceedings of the 2nd International Conference on Internet of Things and Cloud Computing, ICC 2017",
address = "United States",
}