Alexander W. Camara INFO 712
1
Information Assurance Challenges, Technology, and Goals in a
Cloud Computing Environment
INFO 712 – Winter 2014
Alex Camara
Alexander W. Camara INFO 712
2
Table of Contents Abstract ............................................................................................................................... 3
Introduction ......................................................................................................................... 3
Background ..................................................................................................................... 5
Cloud Computing Governance .......................................................................................... 5
Introduction ..................................................................................................................... 6
Discussion ....................................................................................................................... 6
Governance Conclusion .................................................................................................. 9
Trust in Cloud Computing ................................................................................................ 10
Introduction ................................................................................................................... 10
Automated Trust Management ..................................................................................... 11
Trust Discussion............................................................................................................ 12
Trust Conclusion ........................................................................................................... 14
Cloud Client and Provider Relationship ........................................................................... 15
Introduction ................................................................................................................... 15
Cloud Provider Study .................................................................................................... 16
Cloud Provider Discussion ........................................................................................... 17
Cloud Client and Provider Relationship Conclusion .................................................... 18
Conclusion ........................................................................................................................ 19
References ......................................................................................................................... 20
Alexander W. Camara INFO 712
3
Abstract
Cloud computing is the hot topic for the future of information technology (IT) offering
countless benefits, seamless connectivity, and overall reduced costs for businesses. However there
are serious security concerns that can make any business wary once they migrate to the cloud.
Handing the keys to your intellectual property, operations data, and financial position to a third
party cloud service provider may not make executive stakeholders sleep well at night. Knowing
the risks associated with the migration to cloud services and what level of uncertainty a business
can tolerate are fundamental to the topic of information assurance. Cloud governance introduces
new legal, compliance, and security risks that didn’t exist with traditional IT functions. It is
important for cloud clients to understand the territory that comes with the possibility of cloud
computing and how best to incorporate it into their IA posture. Cloud service providers along with
the client must be willing to engage in an open discourse on the state of security practices and be
as transparent as possible. Fundamentally, the topic of trust is what roots whether or not cloud
computing will succeed. This simple yet crucial aspect represents cloud computing risk from a
client and provider standpoint. Overall, how can cloud computing survive if organizations don’t
feel secure and have the appropriate controls and oversight to manage operations within cloud
computing?
Introduction
Cloud computing, also known as distributed computing, is heralded as the future of
enterprise and personal computing. Cloud computing is continually defined as a shared set of
resources that are scalable and accessible on-demand to support information and application needs
(Cloud Security Alliance, 2011).
Alexander W. Camara INFO 712
4
From a high-level perspective the governance of cloud computing is comprised of
regulatory and legal compliance as well as hardware and personnel management in regards to the
platform. As an added layer to the governance portion of cloud computing there is a strong need
for trust between the client (business or personal) and the service provider. The trust builds upon
governance best-practices and opens up communication to share needs and expectations.
Matching expectations is what fosters good security and also strong customer support. These
criteria are defined in several and can be found in service-level agreements, company white papers,
and online publications (Chakraborty, Ramireddy, Raghu, & Rao, 2010). These will serve as the
basis for understanding the role cloud service providers and their clients play into the overall
information assurance practices related to cloud computing.
With a solid fundamental understanding of the unique challenges that cloud computing
brings to the table it will be important to look at how cloud service providers are making headway
to address these concerns. The last part of the paper will look at how specific providers are
overcoming information assurance challenges and how cloud computing is paving the way for the
development of standards (Vincent, 2010).
There is little doubt concerning the benefits of cloud computing. The costs savings that
come from the centralization of data center management along with the rapid deployment of
resources without the need for costly hardware procurement and setup is unmatched. However
these advantages are met with an equal number of disadvantages.
Understanding the differences when transitioning to a cloud computing platform can be
overwhelming for large and small companies alike. The confidentiality, integrity, and availability
of data is vital to the everyday needs and financial stability of many organization today. It is in
the best interest of both the provider and the client to forge trust through an increased awareness
Alexander W. Camara INFO 712
5
of unique platform specific risks. Best-practices through standardization, greater transparency, and
user-centric controls are needed in order to win over hesitate clients that see the platform as a
potential threat to their bottom line. If cloud computing is to succeed in our virtual world it must
do so through continued focus on enhanced governance and client-provider trust that strengthens
the relationship and benefits all those involved.
Background
Cloud computing is a way to make a shared set of resources into a service model. With
the seemingly limitless capabilities of distributed computing, cloud services can be utilized to
solve large scale computations in a fraction of the time (Sadiku, Musa, Momoh, 2014).
When discussing cloud computing it is usually based on three different platform models,
information as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS).
Each platform has their own advantages as well as different security and provider based controls.
SaaS cloud types typically provide an application that a cloud service provider manages. These
have the least amount of flexibility but provide a high level of security because the provider is
locking down backdoor access to information. PaaS is a model in which the client is deploying a
specific application or code to the cloud that the service provider manages. This cloud type is the
middle of the road when it comes to security controls and client-side involvement. The last cloud
type is IaaS. Storage and data processing is largely handled on this cloud type and the client is
responsible for implementing a large portion of the security regarding their data. Out of the three
cloud types SaaS and IaaS have emerged as the primary types. PaaS is still in use but not frequently
discussed in the research paper I’ve found. While each unique in their own regard they share the
same fundamental technology that cloud computing is defined by and therefore will be treated the
same when discussing the benefits and risks in the proceeding paper.
Alexander W. Camara INFO 712
6
Cloud Computing Governance
Introduction
Cloud computing as an operational platform isn’t vastly different than traditional in-house
IT. The major differentiation comes from the offload of hardware management and overall
information security (Cloud Security Alliance, 2011). This shift opens the door to reduced costs
from a hardware asset, personnel, and data management standpoint but opens the door for security,
compliance, and legal concerns that can ultimately undermine the company and their business
advantage if not properly controlled. This tradeoff of benefits against risk is highlighted in a 2010
study performed by the Information Systems Audit and Control Association (ISACA) which found
that 45% of respondents said that the risks associated with cloud computing outweigh the benefits
(Prakash, 2011). With less than half of those surveyed in favor of cloud computing it is important
to find steps that are being taken to increase adoption of the platform and minimize the risks
identified.
The overarching topics that encompass cloud computing are lumped into two categories,
governance and operations. While the latter of the two focuses on operational security practices
akin to traditional IT environments the former deals with organization structure, regulatory
compliance, and policies associated with the technology which directly relate to the topic of
information assurance and thus will be the focus of the first section (Cloud Security Alliance,
2011). Specifically, issues related to the risks facing the platform and how changes both through
standardization, location based policies, and cloud provider best practices will be addressed.
Discussion
Alexander W. Camara INFO 712
7
The Cloud Security Alliance Cloud (CSA) outlines cloud computing governance as an idea
that is directly related to the information assurance practices of an organization from a strategic
and operational perspective (Cloud Security Alliance, 2011). Governance in cloud computing
faces a different set of threats than those in a traditional IT environment. For example a multi-
tenant computing environment raises policy enforcement concerns as well as financial billing
complications due to the shared virtual space. It is in these types of applications of cloud
computing that the client entering into a contract must be diligent to understand what their role is
in order to protect themselves and their organization. Overcoming the challenges of this new
technology is what has spurred the U.S. Federal Government to adopt a framework of best-
practices.
With a recent survey indicating that 60% of 600 security professionals experiencing theft of
some kind the focus for a renewed effort is required more than ever (Greer, 2010). Knowing that
a simple defense plan alone is an inadequate approach, the need for a new federal agency called
the Federal Cloud Information Assurance Baseline (CIAB) was founded to oversee regulatory
compliance and auditing of vendors and the services they offer. The focus is to limit the increasing
threat of cyberwar by minimizing risks in data loss and security through an increase in vendor
compliance and viability. The involvement of the government and a federal agency increase the
awareness and compliance of specific threats to the underlying cloud computing architecture
however it is known that even with their involvement they cannot always keep up with the dizzying
pace of technological innovation.
Knowing the initiative by the federal government to enforce governance practices in cloud
computing doesn’t free us from the fact that traditional IT computing faces similar compliance and
security threats. In contrast to the government’s position, Ovum reporter Laurent Lachal (2010)
Alexander W. Camara INFO 712
8
states that oversight by an agency isn’t what governance should be comprised of and that real
change to the platform should be focused on behavioral rather than top down rules imposed on or
by cloud service providers. This viewpoint offers a perspective that cloud governance should be
organic in nature and develop through a shared interest between IT teams. With this mind-set the
afflictions of both traditional IT and cloud computing can be overcome rather than just focusing
on rehashing the oversight of a new technology from a government perspective.
The thought of governance as an imposed set of rules that are enforced upon the relationship
between the client and the cloud service provider will not change the fact that there is still a high
level of uncertainty among adopters of cloud computing. If the recent ISACA survey is to be
believed, 90% of mission critical application will never make it to the cloud due to risks with the
platform as a whole (Prakash, 2011). One detractor to adoption of cloud computing is thought to
be based on the lack of a comprehension strategy put in place by companies seeking to utilize this
new technology.
An example of this deals with the location of company data which is not necessarily fixed
inside the same state, country, or continent. This change in data location introduces regulatory
and legal repercussions. One area where this is highlighted is in the European Union.
A 2012 reform of EU laws introduced stricter controls that increase responsibility for service
providers operating outside and within the EU that aim to raise awareness through fast
communication about data leakage and security breaches. Additionally, the reform covers user
rights respective to cloud computing by increasing portability of data and allowing for their usage
history to be wiped clean when they request it (Lovrek, Lovric, & Lucic, 2010). These reforms
mark a victory for personal information and give more control over individual user data. These
Alexander W. Camara INFO 712
9
laws also allow for greater transparency from a business perspective about the integrity of their
data.
However it’s not just the location that is worrisome to potential customers. Data loss from
human error is estimated at 75% reinforcing the fact that cloud service providers must be vigilant
about their own physical access controls and whether or not they have a reduced human
intervention system that limits involvement altogether (Khan, Oriol, Kiran, Jiang, & Djemame,
2012). Additionally, since data is stored throughout the world, a variety of natural disasters unique
to the specific location of the data can threaten the availability of a cloud application or information
service.
Insider attacks are another possible avenue of data leakage and compromise. In a study
conducted between 2000 and 2006 the number of internal and external attacks were equal (Duncan,
Creese, & Goldsmith, 2012). With the risk of obtaining confidential data and the potential for
reputation altering damage insider attacks are a real and very difficult threat to prevent against.
Choosing a cloud provider that has policies in place that audit employee behavior and limit their
access controls between clients can minimize the possibility of an attack. Additionally, a strong
security policy that resonates from all levels of manage helps breed a culture of trust and
compliance.
Governance Conclusion
Governance in cloud computing is fundamental for the successful adoption of the platform.
Clients and providers must be transparent about their security practices, location of their data, to
establish a baseline of trust. Though risks are inherent with any new technology it is not wise to
wade into cloud computing without a complete profile on the company you’re entrusting your data
to. With an estimated 10% of all data residing in the cloud by 2015 there must be a continued
Alexander W. Camara INFO 712
10
focus on the formation of standards that baseline the technology from the ground up (Duncan,
Creese, & Goldsmith, 2012).
Trust in Cloud Computing
Introduction
The concept of trust in cloud computing is simple and involves the client and the cloud service
provider engaging in an open relationship to provide services to one another. The problem that
arises from this is one of differing levels of technical complexity and how companies weigh the
options when it comes to topics of regulatory compliance, liabilities, and other legalities inherent
with this change in technology (Vincent, 2010).
Recent surveys echo these concerns. Of the 3,000 cloud clients being polled 88% said that
they were worried about who was about to access their data on the provider side (Habib, Sebastian,
& Muhlhauser, 2011). The complications of this relationship also surface in the unclear language
used to form the service level agreements. These agreements form the basis for engaging in a cloud
computing partnership and outline the general constraints placed on your data in the cloud. The
terminology in these documents can be technical to someone unfamiliar with the platform which is
why technology is being used to bridge the gap.
To better manage these difficulties a number of technical solutions are being developed to
automate the process of trust. Trust in this form rely on surveys and technical break downs of the
service level agreement that take into account the clients expectations of security, compliance, and
overall governance of the cloud provider and the way they handle their data. Ultimately, the concept
of trust can be summed up in Kahn and Malluhi’s paper that states, “Trust is more important than
money and will ultimately determine cloud computing’s success” (Kahn, & Malluhi, 2013).
Alexander W. Camara INFO 712
11
Automated Trust Management
If you believe trust is only forged through face to face meetings and handshakes then there
are two interesting technologies looking to change your mind. An automated approach to trust
management alleviates the personnel overhead required to monitor a cloud service and specific
provider actions. These systems also introduce performance measurements that clearly define the
expectations of both parties increasing overall transparency and reducing the gray areas found in
service level agreements.
The first of two automated approaches that will be discussed relies on the participation of
clients and providers to answer questionnaires. The questions are designed to judge the priorities
associated with both parties and to develop performance metrics that each can be rated upon. The
results of the survey are then fed into a computation engine that evaluates the responses and builds
a digital representation of the client and cloud service provider. The goal is to develop a
marketplace for both the client and the service provider so that they can easily identify what they’re
looking for in each other to find the best match. This is the equivalent of an online dating algorithm
that finds your match based on answers to predefined questions.
This trust management model aims to provide a more in-depth review of the robustness of a
cloud service provider that has yet to be achieved. By looking beyond the general requirements
of cost, scalability, and availability, additional questions tackle concerns related to information
assurance, confidentiality, and integrity. In addition to questionnaires, sources such as work-of-
mouth, cloud service provider statements, and compliance assessments are used to complete a
thorough picture of what a client can expect from a provider. All of this information is built into
a reputation model and fed into several trust systems that allow for the customization and
evaluation of how a provider stacks up.
Alexander W. Camara INFO 712
12
The second technical approach to increasing trust between the client and the provider is
through the use of details extracted from the service level agreement. The service level agreement
provides the terms and conditions for the contract that each party is actively engaging in. The
application of trust management comes online once the service level agreement is signed and the
client is officially subscribing to a cloud service provider. The difference in this approach,
compared to that above, is through the active management of the provider. This technology gives
a real-time representation of compliance related to the service level agree. The visibility given to
the client helps them to understand the processing power, storage, execution efficiency, failure
handling and so forth. These attributes, like those proposed in the previous example, are fed into
a program that evaluates the provider and outputs a rating between 0 and 1 that informs the client
whether or not their expectations match what they’re really being given.
Trust Discussion
With two different technical approaches outlined, and many other in development, the real
question comes down to whether or not machines can build our trust in cloud computing. An
automated system provides ease of control, ownership, and a sense of overall security but not the
human factor that comes out of business meetings or face to face partnerships. Customer
perception is not easily calculated or factored into a machine and therefore must be built over time
before a client is willing to place their trust in it.
To reduce concerns over the past, current, and future state of a client’s data, providers are
leveraging additional tools that provide users with control. Traditionally, cloud computing doesn’t
allow the user to have completely control over their data. It is in these cases that cloud tools like
remote access control give the client control over what the provider has access to. Manipulation
of cloud data along with detailed report logs and audit trails round out the tool suite that providers
Alexander W. Camara INFO 712
13
are trying to give clients. Private enclaves are another avenue of building client focused controls
into the cloud computing platform. These areas within a cloud environment eliminate the threat
from a multi-tenant virtualization and allow single security policy enforcement over a cloud
partition (Kahn, & Malluhi, 2013). These controls add an additional layer of mechanisms that
reassure existing and can sway potential clients apprehensive about placing their trust in a provider.
Clients knowing the state of their data and services is an important topic in the realm of trust
building.
Trust isn’t something that is unique to the partnership of a business and a large cloud
computing vendor. Millions of people across the globe actively participate in a trust relationship
with cloud computing providers. When people access Facebook and Google they’re trusting their
personal information to a cloud service provider whether they know it or not. This level of trust
wasn’t built overnight and provides an interesting perspective into how non-business consumers
are inviting the cloud platform into their daily lives. A research initiative is looking to capture
how trust is built in social networks and existing popular cloud based application. The research
aims to gather feedback through semi-structured interviews and questionnaires hoping to
understand how consumer categorize their feelings into the five defined research processes of trust,
prediction, consistency of trustees, attribution, bonding, and identification (Kim, & Yoon, 2012).
Though the research has just begin, initial feedback shows that convenience of cloud computing
is the primary driving force behind the choice to begin using the platform. Word of mouth
marketing takes over from there and as the preliminary results show, the more people who use a
service the more likely individuals will feel safe using it. This kind of insight isn’t fundamentally
different than what a business owner will go through. It is reasonable to assume they will solicit
Alexander W. Camara INFO 712
14
feedback on a provider and would be more willing to trust those if multiple friends or other
businesses in the same market are using it as well.
Trust Conclusion
Trust among existing and potential cloud consumers and cloud service providers is paramount
to the continued success of the platform. The partnerships formed during these interactions along
with the performance of providers will reassure hesitant business owners and consumers alike. The
fact that cloud computing is relatively new only the block gives rise to the theory that it should
start with a “clean sheet” to implement more robust security practices (Ghosh, Acre, 2010).
Technological innovations are giving forging new way to gain trust. By automating the
selection of criteria that a provider is offering entries barriers are vastly reduced. This gives way
to greater engagement from the beginning of a cloud partnership which has greater potential to
blossom into businesses moving more of their application and information services to a cloud
platform. Additional controls that monitor continued compliance of a provider fit into the model
of giving the client more control.
Remote access tools that allow for easy viewing of a system and control of access can be a
game changer. Giving the cloud control is the best example of trust as it allows the provider to
give users increased reign over the services they offer. This type of trust is what ultimately will
lead the way for better consumer related controls.
Google and Facebook, along with a host of other services, are already on public display as
cloud successes. Users many not be fully aware that the data they share, like, and post is forever
in the cloud but most have already committed to the idea. Competition among these providers
Alexander W. Camara INFO 712
15
over access control and portability of data is increasing as they strive to one up each other in a
large scale popularity contest.
Trust will be for the consumer and the business owner to decide. With financial repercussions
and lasting reputations on the line, one wrong file transfer or security break could make or break
the future of a cloud service provider.
Cloud Client and Provider Relationship
Introduction
The struggles to adjust to policy and legal issues are not the only trust and compliance issues
cloud providers face. Trust from a client or consumer perspective is also a steep hill to overcome.
Technology along with more user control are two ways of easing the transition for many people
seeking cloud services. With a foundation for understanding the risks that providers and clients
face it’s important to address how providers are adopting best-practices to develop the platform as
a whole.
The cloud service provider and client must be trusting of each other. In addition to that vendors
must implement best-practice strategies to mitigate risks and ensure consistent and robust data and
application security. These practices vary widely among different providers and while there are
many, some feel that there aren’t enough to consider the platform mature. In addition to this
companies are investing in third-party audits that can baseline the technology and offer better
marketing advantages based on their reputation and customer base (“Mitigating Security, 2012).
It is therefore necessary to look at how different characteristics of a company value security,
privacy, and business integrity.
The growth of cloud computing has risen 27% between 2008 and 2012 (Leavitt, 2009). This
increase reinforces the fact that cloud computing is a viable solution to lowering operating costs
Alexander W. Camara INFO 712
16
while maintaining robust information and applications. A review Symantec’s approach to cloud
computing will be covered to provide real world context to the solutions they offer to some of
cloud computing’s biggest problems.
Cloud Provider Study
The overall information assurance of cloud service providers is best shown in a study
conducted by (Chakraborty et al., 2010). Criteria essential to information assurance was gathered
based on security, privacy, and business integrity. These three areas represent the CIA triad and
provide a comparable set of rules that allow each vendor to be equally assessed. Security covers
all aspects of the triad with privacy covering the confidentiality and integrity portion and business
covering the integrity and availability portion.
With an understanding of how to rate vendors against one another specific attributes of
each service were developed. Categories such as online traffic, ranging from low to very high,
company size (small to large), and cloud type were all captured through questionnaires, company
releases, and white papers distributed on the internet. The online traffic of a company represents
the customer base that it serves and therefore goes hand in hand with the trust factor applied to
work-of-mouth advertising and the safety net associated with the mob mentality. The cloud service
type is another critical factor to consider in this study. It is well documented that as you move
down the stack from SaaS to IaaS the vendor security controls decrease and the level of control
increases. Company size is an odd choice but one that helps show the level of involvement, either
internal or external, in shaping the policies that are enforced on the cloud platform.
The results of the study are mixed. Ratings range from 0 to 1 and were plotted for the three
information assurance concepts. Consistent trends were displayed for the IA concepts when it
came to the specific cloud types. IaaS maintained the highest positive score out of all three cloud
Alexander W. Camara INFO 712
17
service types with SaaS receiving the lowest except for the privacy attribute. The privacy anomaly
is best described by the low adoption rate of the platform. IaaS and SaaS are more popular options
and therefore are better represented in this survey.
The second set of results deals specifically with online traffic for each IA concept. In
regards to all three of the IA concepts, site traffic doesn’t play a large enough role to dictate any
meaningful differentiation. This is positive in many ways because it shows that the platform is
stable for high traffic vendors and also that low traffic vendors follow similar practices ensuring a
consistent level of quality in regards to business integrity, security, and privacy.
The third set of results outline the three criteria against the company size. A positive trend
can be seen for business integrity based on the company size. It is thought that larger companies
can put more capital towards ensuring business integrity because their reputation relies on it. The
other interesting data points are for the medium sized companies. The negative security and
privacy index for companies of this size is far lower than the small and larger companies. This
places an emphasis on the services offered by medium sized companies providing some insight on
how they’re trying to compete against other providers.
Cloud Provider Discussion
The study conducted in the section above leads us to a better understanding of the
differences and similarities between providers. This study shows us that cloud providers as a
whole value security and privacy regardless of the online traffic and cloud type. The major
differences were only seen when a comparison based on the company sized, which was an estimate
at best, showed medium sized companies with an increased focus on privacy and security.
Business integrity stood out for large companies which can be summed up by acknowledging the
fact that they have large amounts of capital to invest in this service compared to smaller companies.
Alexander W. Camara INFO 712
18
In addition to cloud provider’s providing their own support and security services,
companies like Symantec are entering the cloud arena. Symantec’s goal is to provide intermediary
security, compliance, legal, and regulatory services to ease private and public concerns. Symantec
has established industry leading experience for providing cloud security with existing providers
such as salesforce.com and amazon.com (“Protected Clouds”, 2012). These tools can be seen as
leveling agents that ensure consistent compliance from both the client and provider perspective.
A small provider can rely on Symantec’s specialized tools such as Compliance Suite, Symantec
O3, and Data Loss Prevention Network Discovery to better round out their offerings and make
themselves marketable when compared to other companies competing for the same customer base.
This approach is highlighted in a recent publication by Symantec as holistic and also as a
hybrid cloud model that combines physical and virtual computing best-practices (“Mitigating
Security, 2012).
Cloud Client and Provider Relationship Conclusion
In this section we provided the basis for security, privacy, and business integrity practices
based on a recent study conducted by (Chakraborty et al., 2010). This study showed predictable
differences in IA practices based on cloud types in addition to some interesting results based on
company size. The outcome shows us that many medium size companies are offering unique
advantages over large and small companies in regards to the security and privacy.
Third-party information assurance providers such as Symantec also help mitigate a
variety of risks normally associated with building and security cloud infrastructure. This third-
party abstraction provides a buffer for cloud service providers. By allowing a third-party
company with a reputation for security and information assurance, cloud service providers can
focus on delivering their service instead of managing downstream compliance, legal, and
Alexander W. Camara INFO 712
19
regulatory concerns. This offloading of service is similar to that provide by cloud companies as
they take the data center management and hardware overhead off of companies looking to enter
the cloud arena.
Conclusion
Cloud computing as a platform is here to stay. This statement is reinforced by the fact that
global business spending on cloud computing is expected to rise 20% in 2014 compared to 2013
(Seitz, 2014). With this rapid expansion the focus on standardization and greater governance
controls is more important than ever. The global increase in regulatory and location based policies
and laws will play larger roles as business leaders seek to capture the benefits associated with
moving their IT products to a cloud platform. This drive shouldn’t overshadow the fact that
information assurances best-practices need to be dealt with during initial planning when moving
information, applications, and software to the cloud. The bond between the client and the cloud
service provider needs to be continually reviewed throughout the relationship lifecycle. Tools to
manage trust are trying to lower the overwhelming entry barriers that many businesses face. New
marketplaces are being developed to level set expectations between both entities. Vendors are also
looking to deliver top-notch quality regardless of platform, company size, and overall traffic they
receive. These factors improve overall quality of service making cloud offerings comparable
between a varieties of vendors. In addition to individual cloud service providers increasing their
user level control, companies like Symantec are aiming to package a suite of services that further
reduce entry barriers and thus make transitioning easier for users of all kinds.
Alexander W. Camara INFO 712
20
References
1. Sadiku, M., Musa, S. & MoMOh, O. (2014, January 07). Cloud computing: Opportunities
and challenges. IEEE,
2. Prakash, S. (2011). Risk management: Cloud computing considerations. CMA
Magazine, 85(2), 40. Retrieved from
http://search.proquest.com/docview/894725517?accountid=10559
3. Security guidance for critical areas of focus in cloud computing v3.0. In (2011). (Vol. 3.0).
Cloud Security Alliance.
4. Khan, A., Oriol, M., Kiran, M., Jiang, M., & Djemame, K. (2012). Security risks and their
management in cloud computing. International conference on cloud computing technology
and science.
5. Duncan, A., Creese, S., & Goldsmith, M. (2012). Insider attacks in cloud computing. Ieee
11th international conference on trust, security and privacy in computing and
communications. doi: 10.1109
6. Greer, M. (2010). Survivability and information assurance in the cloud. International
conference on dependable systems and networks workshops (dsn-w).
7. Cloud computing governance 'must improve' says ovum. (2010). Express
Computer, Retrieved from
http://search.proquest.com/docview/607137915?accountid=10559
Alexander W. Camara INFO 712
21
8. Vincent, M. (2010, October 26). Australia: Cloud computing - legal issues in the
cloud. Mondaq
9. Chakraborty, S., & Roy, K. (2012). An sla-based framework for estimating trustworthiness
of a cloud. IEEE 11th international conference on trust, security and privacy in computing
and communications. doi: 10.1109
10. Habib, S., Sebastian, R., & Muhlhauser, M. (2011).Towards a trust management system for
cloud computing. 2011 international joint conference of ieee trustcom-11/ieee icess-11/fcst-
11. doi: 10.1109
11. Malluhi, Q. & Khan, K. (2013). Trust in cloud services: Providing more controls to
clients. IEEE
12. Leavitt, N. (2009, January). Is cloud computing really ready for prime time?. IEEE,
13. Chakraborty, R., Ramireddy, S., Raghu, T., & Rao, H. (2010). The information assurance
practices of cloud computing vendors. IT PRO,
14. Symantec Corp. (n.d.). Mitigating security risk in the cloud. Retrieved March 9th, 2014,
from http://eval.symantec.com/mktginfo/enterprise/white_papers/b-
mitigating_security_risk_in_the_cloud_WP.en-us.pdf
15. Arce’s, I. (2010, November). In cloud computing we trust—but should we?. IEEE Security,
Retrieved from http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5655238
16. Khan, K. & Malluhi, Q. (2010, September). Establishing trust in cloud computing. IT PRO,
17. Kim, S. and Yoon, A. (2012), Do I trust google? An exploration of how people form trust in
cloud computing. Proc. Am. Soc. Info. Sci. Tech., 49: 1–3. doi: 10.1002/meet.14504901267
18. Lovrek, I., Lovric, T., Lucic, D., & , (2010). Regulatory aspects of cloud computing.
(Master's thesis, University of Zagreb, Zagreb, Croatia).
Alexander W. Camara INFO 712
22
19. Symantec Corp. (n.d.). PROTECTED CLOUDS: Symantec solutions for consuming,
building, or extending into the cloud. Retrieved March 9th, 2014, from
http://www.symantec.com/content/en/us/enterprise/brochures/b-protected-
clouds_21260411.en-us.pdf
20. Seitz, P. (2014, Feb 14). Cloud computing sales to triple by 2017, new forecast
says. Investor's Business Daily. Retrieved from
http://search.proquest.com/docview/1498143144?accountid=10559