Cloud Standards in Comparison: Are New Security Frameworks Improving Cloud Security?

Carlo Di Giulio, Read Sprabery, Charles Kamhoua, Kevin Kwiat, Roy H. Campbell, Masooda N. Bashir

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The increasing relevance of information assurance in cloud computing has forced governments and stakeholders to turn their attention to Information Technology (IT) security certifications and standards. The introduction of new frameworks such as FedRAMP in the US and C5 in Germany is aimed to raise the level of protection against threats and vulnerabilities unique to cloud computing. However, our in-depth and systematic analyses reveals that these new standards do not bring a radical change in the realm of certifications. Results also shows that the newly developed standards share much of their basis with older, more consolidated standards such as the ISO/IEC 27001 and hence the need for determining the added value. In this study, we provide an overview of ISO/IEC 27001, C5, and FedRAMP while examining their completeness and adequacy in addressing current threats to cloud assurance. We question the level of protection they offer by comparing these three certifications alongside each other. We identify weaknesses in the three frameworks and highlight necessary improvements to meet the security requirements indispensable in relation to the current threat landscape.

Original languageEnglish (US)
Title of host publicationProceedings - 2017 IEEE 10th International Conference on Cloud Computing, CLOUD 2017
EditorsGeoffrey C. Fox
PublisherIEEE Computer Society
Pages50-57
Number of pages8
ISBN (Electronic)9781538619933
DOIs
StatePublished - Sep 8 2017
Event10th IEEE International Conference on Cloud Computing, CLOUD 2017 - Honolulu, United States
Duration: Jun 25 2017Jun 30 2017

Publication series

NameIEEE International Conference on Cloud Computing, CLOUD
Volume2017-June
ISSN (Print)2159-6182
ISSN (Electronic)2159-6190

Other

Other10th IEEE International Conference on Cloud Computing, CLOUD 2017
CountryUnited States
CityHonolulu
Period6/25/176/30/17

    Fingerprint

Keywords

  • C5
  • Certification
  • Cloud
  • FedRAMP
  • Framework
  • ISO
  • Privacy
  • Security
  • Standard

ASJC Scopus subject areas

  • Artificial Intelligence
  • Information Systems
  • Software

Cite this

Giulio, C. D., Sprabery, R., Kamhoua, C., Kwiat, K., Campbell, R. H., & Bashir, M. N. (2017). Cloud Standards in Comparison: Are New Security Frameworks Improving Cloud Security? In G. C. Fox (Ed.), Proceedings - 2017 IEEE 10th International Conference on Cloud Computing, CLOUD 2017 (pp. 50-57). [8030571] (IEEE International Conference on Cloud Computing, CLOUD; Vol. 2017-June). IEEE Computer Society. https://doi.org/10.1109/CLOUD.2017.16