Enhancing Cloud Security and Privacy: Broadening the Service Level Agreement

Abstract: Achieving security and privacy in the cloud is not a trivial exercise. Indeed, the difficulties associated with achieving this goal are both many and highly complex, and present one of the major barriers to the uptake of cloud computing. Yet, we know cloud computing offers the possibility of substantial economic benefit to firms, as well as providing great agility, which can offer a competitive advantage in today's difficult trading conditions. We address this issue by considering whether greater accountabilit… Show more

“…CSPs are much better placed to do this, since cloud customers will not necessarily have access to all the systems necessary for this to happen. We have further argued (Duncan and Whittington, 2015b) that this will require a significant change in attitude from the CSPs, leading to the development of better security oriented SLAs, which will improve the approach to security for all actors within the cloud ecosystem.…”

“…Accountability, assurance, audit, confidentiality, compliance, integrity, privacy, responsibility and security do not feature in the standard SLA (Duncan and Whittington, 2015b). It is important that companies recognise that this represents the current status.…”

“…In previous work (Duncan and Whittington, 2015b) on enhancing cloud security and privacy, the authors addressed issues arising due to the cloud service provider's (CSP)'s lack of accountability in the standard service level agreement (SLA). The authors discuss the importance of the role assurance plays, and the two main mechanisms used to achieve this, namely compliance and audit.…”

Could the Outsourcing of Incident Response Management Provide a Blueprint for Managing Other Cloud Security Requirements?

“…CSPs are much better placed to do this, since cloud customers will not necessarily have access to all the systems necessary for this to happen. We have further argued (Duncan and Whittington, 2015b) that this will require a significant change in attitude from the CSPs, leading to the development of better security oriented SLAs, which will improve the approach to security for all actors within the cloud ecosystem.…”

“…Accountability, assurance, audit, confidentiality, compliance, integrity, privacy, responsibility and security do not feature in the standard SLA (Duncan and Whittington, 2015b). It is important that companies recognise that this represents the current status.…”

“…In previous work (Duncan and Whittington, 2015b) on enhancing cloud security and privacy, the authors addressed issues arising due to the cloud service provider's (CSP)'s lack of accountability in the standard service level agreement (SLA). The authors discuss the importance of the role assurance plays, and the two main mechanisms used to achieve this, namely compliance and audit.…”

Could the Outsourcing of Incident Response Management Provide a Blueprint for Managing Other Cloud Security Requirements?

“…CSPs are much better placed to do this, since cloud customers will not necessarily have access to all the systems necessary for this to happen. We have further argued [13] that this will require a significant change in attitude from the CSPs, leading to the development of better security oriented SLAs, which will improve the approach to security for all actors within the cloud ecosystem.…”

The Importance of Proper Measurement for a Cloud Security Assurance Model

“…Therefore, more and more enterprises, institutions choose cloud computing services as its information resource management service providers and cloud computing services has become an important business in the field of IT. IBM, Amazon, Google, Microsoft and other companies have also launched their own cloud computing service [3][4].…”

Research on the Method of Cloud Computing Storage Security based on the Homomorphic Encryption Method