IT Security and Privacy Standards in Comparison: Improving FedRAMP Authorization for Cloud Service Providers

Carlo Di Giulio, Read Sprabery, Charles Kamhoua, Kevin Kwiat, Roy Campbell, Masooda N. Bashir

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

To demonstrate compliance with privacy and security principles, information technology (IT) service providers often rely on security standards and certifications. However, the appearance of new service models such as cloud computing has brought new threats to information assurance, weakening the protection that existing standards can provide. In this study, we analyze four highly regarded IT security standards used to assess, improve, and demonstrate information systems assurance and cloud security. ISO/IEC 27001, SOC 2, C5, and FedRAMP are standards adopted worldwide and constantly updated and improved since the first release of ISO in 2005. We examine their adequacy in addressing current threats to cloud security, and provide an overview of the evolution over the years of their ability to cope with threats and vulnerabilities. By comparing the standards alongside each other, we investigate their complementarity, their redundancies, and the level of protection they offer to information stored in cloud systems. We unveil vulnerabilities left unaddressed in the four frameworks, thus questioning the necessity of multiple standards to assess cloud assurance. We suggest necessary improvements to meet the security requirements made indispensable by the current threat landscape.

Original languageEnglish (US)
Title of host publicationProceedings - 2017 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, CCGRID 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1090-1099
Number of pages10
ISBN (Electronic)9781509066100
DOIs
StatePublished - Jul 10 2017
Event17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, CCGRID 2017 - Madrid, Spain
Duration: May 14 2017May 17 2017

Publication series

NameProceedings - 2017 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, CCGRID 2017

Other

Other17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, CCGRID 2017
CountrySpain
CityMadrid
Period5/14/175/17/17

Keywords

  • C5
  • Certification
  • Cloud
  • FedRAMP
  • Framework
  • ISO
  • Privacy
  • SOC
  • Security
  • Standard

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture

Fingerprint Dive into the research topics of 'IT Security and Privacy Standards in Comparison: Improving FedRAMP Authorization for Cloud Service Providers'. Together they form a unique fingerprint.

Cite this