Home // ICIMP 2014, The Ninth International Conference on Internet Monitoring and Protection // View article

A Security Policy for Cloud Providers: The Software-as-a-Service Model

Authors:
Dimitra Georgiou
Costas Lambrinoudakis

Keywords: Cloud Computing Security; Security Policies; Security Requirements; Software-as-a-Service (SaaS)

Abstract:
Cloud Computing is a new computing paradigm originating and combining characteristics from grid computing, distributed computing, parallel computing, virtualization and other computer technologies. Trust and security in Cloud Computing are more complex than in traditional IT systems. Conventional security policies designed for other technologies do not map well to the cloud environment, which, on top of that, may exhibit additional security requirements. In an attempt to assist cloud providers to secure their environment, and specifically for the Software-as-a-Service Model (SaaS), this paper starts with the presentation of the already reported threats. Because of these security threats, there are specific requirements that we claim must be clearly addressed in the Security Policy for the Cloud Environment. Our work focuses on the required structure and contents of such a security policy. In this respect, this paper proposes a model to describe the relationship between threats, measures, and security policies applicable to the SaaS model. It is worth stressing that in the SaaS service model, the client depends on the provider for the proper security measures.

Pages: 13 to 21

Copyright: Copyright (c) IARIA, 2014

Publication date: July 20, 2014

Published in: conference

ISSN: 2308-3980

ISBN: 978-1-61208-362-9

Location: Paris, France

Dates: from July 20, 2014 to July 24, 2014