Cloud provider transparency: An empirical evaluation

IEEE Security and Privacy

Volumn 8, Issue 6, 2010, Pages 32-39

  Pauley, Wayne ^a  

^a Root cause Analysis Network Management Design and Development   (United States)

Author keywords

cloud computing; cloud provider; privacy; security; service level agreement audit; service oriented architecture; transparency

Indexed keywords

CLOUD COMPUTING; CLOUD PROVIDER; PRIVACY; SECURITY; SERVICE LEVEL AGREEMENTS;

COMPUTER SYSTEMS; ECONOMICS; INFORMATION SERVICES; INFORMATION TECHNOLOGY; TRANSPARENCY; WEB SERVICES;

SERVICE ORIENTED ARCHITECTURE (SOA);

EID: 78650059753     PISSN: 15407993     EISSN: None     Source Type: Journal    
DOI: 10.1109/MSP.2010.140     Document Type: Article

References (21)

1. K. S. Candan et al., "Frontiers in Information and Software as Services, " Proc. 2009 IEEE Conf. Data Eng., IEEE CS Press, 2009, pp. 1761-1768.
2. P. Mell and T. Grance, "The NIST Defnition of Cloud Computing, " Nat'l Inst. of Standards and Technology Computer Security Division, 7 Oct. 2009; http://csrc. nist.gov/groups/SNS/cloud-computing/cloud-def-v15.doc.
3. K. Wüllenweber and T. Weitzel, "An Empirical Exploration of How Process Standardization Reduces Outsourcing Risk, " Proc. 40th Ann. Hawaii Int'l Conf. System Science, IEEE CS Press, 2007, p. 240c.
4. "Security Guidance for Critical Areas of Focus in Cloud Computing V2.1, " Cloud Security Alliance, 2009; www.cloudsecurityalliance.org/ csaguide.pdf.
5. "Cloud Computing Security Risk Assessment, " European Network and Information Security Agency, 20 Nov. 2009; www.enisa.europa.eu/act/rm/fles/ deliverables/cloud-computing-risk-assessment.
6. H. R. Nemati and T. Van Dyke, "Do Privacy Statements Really Work? The Efect of Privacy Statements and Fair Information Practices on Trust and Perceived Risk in E-Commerce, " Int'l J. Information Security and Privacy, vol. 3, no. 1, 2009, pp. 45-65.
7. "Chronology of Data Breaches, " Privacy Rights Clearinghouse, 2 Mar. 2010; www.privacyrights.org/ar/ChronDataBreaches.htm.
8. "CloudAudit and the Automated Audit, Assertion, Assessment, and Assurance API (A6), " CloudAudit, 2010; www.cloudaudit.org.
9. "Open Grid Forum Open Cloud Computing Interface Working Group, " OCCI, 2010; www.occi-wg.org/doku.php.
10. "Frequently Asked Questions, " Small Business Administration Ofce of Advocacy, Sept. 2009; www.sba.gov/advo/stats/sbfaq.pdf.
11. AU Section 324 Service Organizations: Sources SAS No. 70; SAS No. 78; SAS No. 88; SAS No. 98, Am. Inst. Certifed Public Accountants; www.aicpa.org/ Research/Standards/AuditAttest/DownloadableDocuments/AU-00324.pdf.
12. "Payment Card Industry Data Security Standard: Navigating PCI DSS V1.2, " Payment Card Industry Security Standards Council, 2008; www.pcisecuritystandards.org/pdfs/pci-dss-saq-navigating-dss.pdf.
13. "The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules, " US Dept. of Health and Human Services, 2006; www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/ adminsimpregtext.pdf.
14. "Sarbanes-Oxley Act of 2002 (Public Company Accounting Reform and Investor Protection), " Government Accountability Ofce, 2002.
15. "COBIT Framework for IT Governance and Control, " Information Systems Audit and Control Association, 2007; www.isaca.org/Knowledge-Center/ COBIT/Pages/Overview.aspx.
16. ISO/IEC 27000:2009: Information Technology, Security Techniques, Information Security Management Systems, Overview and Vocabulary, Int'l Org. for Standardization and the Int'l Electrotechnical Commission, 2009; www.iso.org/iso/iso-catalogue/catalogue-tc/catalogue-detail.htm? csnumber=41933.
17. R. Ross et al., "Recommended Security Controls for Federal Information Systems, " Dec. 2007; http://csrc. nist.gov/publications/ nistpubs/800-53-Rev2/sp800-53-rev2-f nal.pdf.
18. "AWS Completes SAS70 Type II Audit, " Amazon Web Services, " 2010; http://aws.amazon.com/about-aws/whats-new/2009/11/11/aws-completes- sas70-type-ii-audit.
19. "Information Technology Infrastructure Library, " ITIL, 12 Mar. 2010; www.itil-of cialsite.com/home/home.asp.
20. M. W. Jones, "Microsoft's Sidekick Cloud Outage Gets Worse, " Tech. Blorge, 11 Oct. 2009; http://tech.blorge.com/Structure:%20/2009/10/11/ microsofts-sidekick-cloud-outage-gets-worse.
21. "Setting the Standards for Vendor Assessments, " Shared Assessments, 13 Mar. 2010; www.sharedassessments.org.