The "Cloud Computing" paradigm is gaining ground with new IT service providers and traditional IT outsourcing providers alike. Customers want to use cloud computing solutions with all their advertised advantages and without the hassle of traditional long term outsourcing migration and contracting. Risk is at the center of attention when dealing with the adoption of cloud services. Because of the security concerns and the consequential reservations towards the acceptance of public cloud computing platforms, a lot has been done to improve security and trust in these environments. However, most of the implementations and research regarding this issue is concerning technical security risks with a focus on preventing perimeterbased attacks. Security and trust issues beyond perimeter based security risks have gained little attention. This paper identifies the need to look beyond technical issues and turns the attention to improving compliance and governance in cloud environments. In this process the focus is set on the discontinuity cap between existing methods to identify and evaluate IT risks and the treatment of these risks with Service Level Agreements. To close this cap a model for a dynamic view on current IT risk is proposed to comply with modern IT environments that are composed of an ampleness of different services. The model has a strong corporate context and will help companies to evaluate their current risk exposure and thus make better decisions when choosing their services.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.