Safeguarding the Cloud: An Effective Risk Management Framework for Cloud Computing Services

Authors

  • Fahad F Alruwaili Shaqra University Saudi Arabia and College of Engineering/Department of Electrical and Computer Engineering University of Victoria Victoria, British Columbia Canada
  • T. Aaron Gulliver College of Engineering/Department of Electrical and Computer Engineering University of Victoria Victoria, British Columbia Canada

Abstract

Cloud computing services have attracted the attention of many organizations seeking flexible, simple, and efficient system development, operation, and support. The cost advantages of cloud services motivate the outsourcing of IT systems to the cloud. However, there is a lack of awareness of the security risks associated with cloud services. These risks and the associated threats could jeopardize the success and even the survivability of organizations that adopt cloud services. To address this issue, a risk management framework is proposed in this paper which leverages the previously proposed security operations center as a service (SOCaaS) combined with a secure service level agreement (SecSLA) to provide security requirements and compliance. The framework is self-aware of the organization assets and the associated security risks and vulnerabilities. Automated tools are provided to identify, classify, evaluate, and control the information security and data privacy of cloud systems and services. The proposed framework supports cloud protection by identifying threats and vulnerabilities in cloud systems and recommending steps to ensure their confidentiality, integrity, and availability (CIA).

Author Biographies

  • Fahad F Alruwaili, Shaqra University Saudi Arabia and College of Engineering/Department of Electrical and Computer Engineering University of Victoria Victoria, British Columbia Canada

    Fahad Alruwaili is a faculty member and academic advisor at computer science department at University of Shaqra, Saudi Arabia. He freelance and works as information security and computer networks consultant with over six years of practical and administrative experience. He earned his BS degree in Computer Engineering from King Fahd University of Petroleum and Minerals, Saudi Arabia, in 2002. In 2008, he achieved his MS degree in Computer, Information, and Network Security with first class honor from DePaul University, Chicago USA. In 2011, he received his second MS in Information Systems and Technology from Claremont Graduate University, Los Angeles USA. He’s currently working on his Ph.D. at University of Victoria in Canada.

    To have access to my work and competencies, please visit my LinkedIn page

    http://www.linkedin.com/in/fahadalruwaili

  • T. Aaron Gulliver, College of Engineering/Department of Electrical and Computer Engineering University of Victoria Victoria, British Columbia Canada
    T. Aaron Gulliver received the B.Sc.(Eng.) and M.Sc.(Eng.) degrees in Electrical Engineering from the University of New Brunswick, Fredericton, New Brunswick, in 1982 and 1984, respectively, and the Ph.D. degree in Electrical Engineering from the University of Victoria in 1989.

    From 1989 to 1991 he was employed as a Defence Scientist at Defence Research Establishment Ottawa, Ottawa, Ontario, where he was primarily involved in research on frequency hop satellite communications.

    From 1990 to 1991 he was an Adjunct Research Professor in the Department of Systems and Computer Engineering at Carleton University, Ottawa. In 1991, he joined the department as an Assistant Professor, and was promoted to Associate Professor in 1995. From 1996 to 1999 he was a Senior Lecturer in the Department of Electrical and Electronic Engineering at the University of Canterbury, Christchurch, New Zealand. He is now a Professor in the Department of Electrical and Computer Engineering at the University of Victoria.

    He was registration chair for the 1995 IEEE International Symposium on Information Theory which was held in Whistler, BC, Canada. In 2001, 2005, 2007, 2009 and 2011 he was the co-chair of the IEEE Pacific Rim Conference on Communications, Computers and Signal Processing. He was also the co-chair of the 2003 Information Theory Workshop held in Paris. He has been on the organizing committees of numerous other international conferences.

    From 2000-2003, he was Secretary and a member of the Board of Governors of the IEEE Information Theory Society.

    He is a Senior Member of the Institute of Electrical and Electronic Engineers and a member of the Association of Professional Engineers and Geoscientists of British Columbia, Canada.

    He is the author or co-author of over 500 published papers.

    In 2000, he was awarded a Research Fellowship by the British Columbia Advanced Systems Institute.

    In 2002, he was made a Fellow of the Engineering Institute of Canada . In 2012, he was made a Fellow of the Canadian Academy of Engineering.

    His research interests include algebraic coding theory, information theory, cryptography, design and construction of error correcting codes decoding and implementation of error correcting codes, soft decision decoding of block codes, turbo codes and iterative decoding, error control coding for computer memories, ultra-wideband and spread spectrum communication systems, mobile and personal communications, OFDM, smart grid and green communications.

References

Published

2014-09-28

Issue

Vol. 1 No. 2 (2014): International Journal of Future Generation Distributed Systems (IJFGDS)

Section

Articles

License

The copyright of a submitted article is only transferred to the publishers if and when the article is accepted for publication.