Designing Cloud Services Adhering to Government Privacy Laws |
Cloud computing delivers on-demand services with flexibility and scalability on a simple pay-per-use basis. However, major concerns regarding to security and privacy hinder a broad adoption by users, especially small- and medium-sized enterprises (SMEs). This is because existing guidelines, IT standards and laws on security and privacy do not take virtual environments into account. Thus, they present a significant challenge for cloud providers to comply with. As a result, the cloud providers are unable to provide SMEs with an assurance. In order to address these privacy and security issues, this paper presents the Cloud Data Security (CloudDataSec) project that aims to design cloud services adhering to government privacy laws. In particular, this paper introduces a six-layer security model for cloud computing and three level of security assurance for SMEs to take advantage of. Finally, Security Management as a Service (SMaaS) modules, as proposed in this paper, enable users to apply necessary security and privacy operations, based on the sensitivity of their data.
Doelitzscher F, Reich C, Sulistio A