Business process (BP) stakeholders want to enjoy the benefits of the cloud, but they are also reluctant to expose their BP models which express the know-how of their companies. To prevent such a know-how exposure, this paper proposes a designtime approach for transforming a BP model into BP fragments so that these BP fragments externalized in a multi-cloud context do not allow a cloud resource provider to understand a critical fragment of the company. While existing contributions on this topic remain at the level of principles, we propose an algorithm supporting automatically such a BP model transformation. Index Terms-Business Process; Security Risk Management; Cloud; Privacy; Obfuscation Bank Get Loan Application (GLA) Check Customer Credit (CCC) Risk Evaluation (RE) Risk Capture (RC) Direct Loan Agreement (DLA) Loan Reject (LR) Hierarchy Validation (HV) Decision Consolidation (DC)
Managing security risks on information systems is essential to guarantee their security while handling costs. However, the complexity of risk assessments is greatly increased when data is spread on multiple environments. In this paper we present a security risk assessment model for distributing business processes in a multi-cloud environment. We aim at offering the full power of cloud computing to composite applications while shielding companies from the complexity related to security risk assesments in the Cloud. We also want to give them the capablility to automatically generate secure and cost-effective applications across multiple clouds. Our approach is based on existing risk assessment methodologies, while using the industry recognized IT standards.
Security issues are still preventing wider adoption of cloud computing, especially for businesses which are handling sensitive information. Indeed, by outsourcing its information system (IS), a company can lose control over its infrastructure, its software or even its data. Therefore, new methods and tools need to be defined to respond to this challenge. In this paper we propose to integrate Security Risk Management approaches into Business Process Management to effectively treat security issues at the early phases of the Information System construction. We focus on cloud brokers, emerging actors of the cloud delivery model, who enhance and aggregate existing cloud services to match them with their cloud consumers' requirements. Our main goal is to provide them with tools and techniques to increase the global security level of an IS through different risk treatment strategies.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.