Cloud Standards in Comparison: Are New Security Frameworks Improving Cloud Security?

Carlo Di Giulio, Read Sprabery, Charles Kamhoua, Kevin Kwiat, Roy H. Campbell, Masooda N. Bashir

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The increasing relevance of information assurance in cloud computing has forced governments and stakeholders to turn their attention to Information Technology (IT) security certifications and standards. The introduction of new frameworks such as FedRAMP in the US and C5 in Germany is aimed to raise the level of protection against threats and vulnerabilities unique to cloud computing. However, our in-depth and systematic analyses reveals that these new standards do not bring a radical change in the realm of certifications. Results also shows that the newly developed standards share much of their basis with older, more consolidated standards such as the ISO/IEC 27001 and hence the need for determining the added value. In this study, we provide an overview of ISO/IEC 27001, C5, and FedRAMP while examining their completeness and adequacy in addressing current threats to cloud assurance. We question the level of protection they offer by comparing these three certifications alongside each other. We identify weaknesses in the three frameworks and highlight necessary improvements to meet the security requirements indispensable in relation to the current threat landscape.

Original languageEnglish (US)
Title of host publicationProceedings - 2017 IEEE 10th International Conference on Cloud Computing, CLOUD 2017
EditorsGeoffrey C. Fox
PublisherIEEE Computer Society
Pages50-57
Number of pages8
ISBN (Electronic)9781538619933
DOIs
StatePublished - Sep 8 2017
Event10th IEEE International Conference on Cloud Computing, CLOUD 2017 - Honolulu, United States
Duration: Jun 25 2017Jun 30 2017

Publication series

NameIEEE International Conference on Cloud Computing, CLOUD
Volume2017-June
ISSN (Print)2159-6182
ISSN (Electronic)2159-6190

Other

Other10th IEEE International Conference on Cloud Computing, CLOUD 2017
CountryUnited States
CityHonolulu
Period6/25/176/30/17

Fingerprint

Cloud computing
Information technology

Keywords

  • C5
  • Certification
  • Cloud
  • FedRAMP
  • Framework
  • ISO
  • Privacy
  • Security
  • Standard

ASJC Scopus subject areas

  • Artificial Intelligence
  • Information Systems
  • Software

Cite this

Giulio, C. D., Sprabery, R., Kamhoua, C., Kwiat, K., Campbell, R. H., & Bashir, M. N. (2017). Cloud Standards in Comparison: Are New Security Frameworks Improving Cloud Security? In G. C. Fox (Ed.), Proceedings - 2017 IEEE 10th International Conference on Cloud Computing, CLOUD 2017 (pp. 50-57). [8030571] (IEEE International Conference on Cloud Computing, CLOUD; Vol. 2017-June). IEEE Computer Society. https://doi.org/10.1109/CLOUD.2017.16

Cloud Standards in Comparison : Are New Security Frameworks Improving Cloud Security? / Giulio, Carlo Di; Sprabery, Read; Kamhoua, Charles; Kwiat, Kevin; Campbell, Roy H.; Bashir, Masooda N.

Proceedings - 2017 IEEE 10th International Conference on Cloud Computing, CLOUD 2017. ed. / Geoffrey C. Fox. IEEE Computer Society, 2017. p. 50-57 8030571 (IEEE International Conference on Cloud Computing, CLOUD; Vol. 2017-June).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Giulio, CD, Sprabery, R, Kamhoua, C, Kwiat, K, Campbell, RH & Bashir, MN 2017, Cloud Standards in Comparison: Are New Security Frameworks Improving Cloud Security? in GC Fox (ed.), Proceedings - 2017 IEEE 10th International Conference on Cloud Computing, CLOUD 2017., 8030571, IEEE International Conference on Cloud Computing, CLOUD, vol. 2017-June, IEEE Computer Society, pp. 50-57, 10th IEEE International Conference on Cloud Computing, CLOUD 2017, Honolulu, United States, 6/25/17. https://doi.org/10.1109/CLOUD.2017.16
Giulio CD, Sprabery R, Kamhoua C, Kwiat K, Campbell RH, Bashir MN. Cloud Standards in Comparison: Are New Security Frameworks Improving Cloud Security? In Fox GC, editor, Proceedings - 2017 IEEE 10th International Conference on Cloud Computing, CLOUD 2017. IEEE Computer Society. 2017. p. 50-57. 8030571. (IEEE International Conference on Cloud Computing, CLOUD). https://doi.org/10.1109/CLOUD.2017.16
Giulio, Carlo Di ; Sprabery, Read ; Kamhoua, Charles ; Kwiat, Kevin ; Campbell, Roy H. ; Bashir, Masooda N. / Cloud Standards in Comparison : Are New Security Frameworks Improving Cloud Security?. Proceedings - 2017 IEEE 10th International Conference on Cloud Computing, CLOUD 2017. editor / Geoffrey C. Fox. IEEE Computer Society, 2017. pp. 50-57 (IEEE International Conference on Cloud Computing, CLOUD).
@inproceedings{3684f0916b5a4833bfb7db88cba94351,
title = "Cloud Standards in Comparison: Are New Security Frameworks Improving Cloud Security?",
abstract = "The increasing relevance of information assurance in cloud computing has forced governments and stakeholders to turn their attention to Information Technology (IT) security certifications and standards. The introduction of new frameworks such as FedRAMP in the US and C5 in Germany is aimed to raise the level of protection against threats and vulnerabilities unique to cloud computing. However, our in-depth and systematic analyses reveals that these new standards do not bring a radical change in the realm of certifications. Results also shows that the newly developed standards share much of their basis with older, more consolidated standards such as the ISO/IEC 27001 and hence the need for determining the added value. In this study, we provide an overview of ISO/IEC 27001, C5, and FedRAMP while examining their completeness and adequacy in addressing current threats to cloud assurance. We question the level of protection they offer by comparing these three certifications alongside each other. We identify weaknesses in the three frameworks and highlight necessary improvements to meet the security requirements indispensable in relation to the current threat landscape.",
keywords = "C5, Certification, Cloud, FedRAMP, Framework, ISO, Privacy, Security, Standard",
author = "Giulio, {Carlo Di} and Read Sprabery and Charles Kamhoua and Kevin Kwiat and Campbell, {Roy H.} and Bashir, {Masooda N.}",
year = "2017",
month = "9",
day = "8",
doi = "10.1109/CLOUD.2017.16",
language = "English (US)",
series = "IEEE International Conference on Cloud Computing, CLOUD",
publisher = "IEEE Computer Society",
pages = "50--57",
editor = "Fox, {Geoffrey C.}",
booktitle = "Proceedings - 2017 IEEE 10th International Conference on Cloud Computing, CLOUD 2017",

}

TY - GEN

T1 - Cloud Standards in Comparison

T2 - Are New Security Frameworks Improving Cloud Security?

AU - Giulio, Carlo Di

AU - Sprabery, Read

AU - Kamhoua, Charles

AU - Kwiat, Kevin

AU - Campbell, Roy H.

AU - Bashir, Masooda N.

PY - 2017/9/8

Y1 - 2017/9/8

N2 - The increasing relevance of information assurance in cloud computing has forced governments and stakeholders to turn their attention to Information Technology (IT) security certifications and standards. The introduction of new frameworks such as FedRAMP in the US and C5 in Germany is aimed to raise the level of protection against threats and vulnerabilities unique to cloud computing. However, our in-depth and systematic analyses reveals that these new standards do not bring a radical change in the realm of certifications. Results also shows that the newly developed standards share much of their basis with older, more consolidated standards such as the ISO/IEC 27001 and hence the need for determining the added value. In this study, we provide an overview of ISO/IEC 27001, C5, and FedRAMP while examining their completeness and adequacy in addressing current threats to cloud assurance. We question the level of protection they offer by comparing these three certifications alongside each other. We identify weaknesses in the three frameworks and highlight necessary improvements to meet the security requirements indispensable in relation to the current threat landscape.

AB - The increasing relevance of information assurance in cloud computing has forced governments and stakeholders to turn their attention to Information Technology (IT) security certifications and standards. The introduction of new frameworks such as FedRAMP in the US and C5 in Germany is aimed to raise the level of protection against threats and vulnerabilities unique to cloud computing. However, our in-depth and systematic analyses reveals that these new standards do not bring a radical change in the realm of certifications. Results also shows that the newly developed standards share much of their basis with older, more consolidated standards such as the ISO/IEC 27001 and hence the need for determining the added value. In this study, we provide an overview of ISO/IEC 27001, C5, and FedRAMP while examining their completeness and adequacy in addressing current threats to cloud assurance. We question the level of protection they offer by comparing these three certifications alongside each other. We identify weaknesses in the three frameworks and highlight necessary improvements to meet the security requirements indispensable in relation to the current threat landscape.

KW - C5

KW - Certification

KW - Cloud

KW - FedRAMP

KW - Framework

KW - ISO

KW - Privacy

KW - Security

KW - Standard

UR - http://www.scopus.com/inward/record.url?scp=85032226123&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85032226123&partnerID=8YFLogxK

U2 - 10.1109/CLOUD.2017.16

DO - 10.1109/CLOUD.2017.16

M3 - Conference contribution

AN - SCOPUS:85032226123

T3 - IEEE International Conference on Cloud Computing, CLOUD

SP - 50

EP - 57

BT - Proceedings - 2017 IEEE 10th International Conference on Cloud Computing, CLOUD 2017

A2 - Fox, Geoffrey C.

PB - IEEE Computer Society

ER -