Risk management for outsourcing to the cloud. Security risks and safeguards as selection criteria for extern cloud services

Viehmann, Johannes

2014

Conference Paper

Abstract

This short paper describes our ongoing research about security risk management for IT projects which might eventually take benefit from outsourcing to external Cloud services. Choosing appropriate, secure enough Cloud services from multiple offers might be difficult. Hence, we develop the Cloud Security Guide CSG to assist. It contains a specialized methodology for Cloud risk assessment supporting particularly the extraction of security relevant information from user contracts or terms and conditions of public Cloud services. Discovering that many providers fail to communicate their safeguards, we also decided to develop a provider's guide for risk management and for the communication of risk treatments.

Author(s)

Viehmann, Johannes

Fraunhofer-Institut für Offene Kommunikationssysteme FOKUS

Hauptwerk

IEEE International Symposium on Software Reliability Engineering workshops, ISSREW 2014

Konferenz

International Symposium on Software Reliability Engineering (ISSRE) 2014

International Workshop on Risk Assessment and Risk-Driven Testing (RISK) 2014

Options

Risk management for outsourcing to the cloud. Security risks and safeguards as selection criteria for extern cloud services