Next Article in Journal
A New Approach to Keep the Privacy Information of the Signer in a Digital Signature Scheme
Previous Article in Journal
Heuristic Analysis for In-Plane Non-Contact Calibration of Rulers Using Mask R-CNN
Open AccessArticle

Selecting a Secure Cloud Provider—An Empirical Study and Multi Criteria Approach

1
Faculty of Economics and Business, Goethe University Frankfurt, 60323 Frankfurt, Germany
2
Department of Computer Science, University of Verona, 37134 Verona, Italy
3
Faculty of Computer Science, University of Koblenz, 56070 Koblenz, Germany & Fraunhofer ISST, 44227 Dortmund, Germany
4
Department of Information Sciences and Engineering, University of Trento, 38123 Trento, Italy
*
Author to whom correspondence should be addressed.
Information 2020, 11(5), 261; https://doi.org/10.3390/info11050261
Received: 1 April 2020 / Revised: 30 April 2020 / Accepted: 6 May 2020 / Published: 11 May 2020
(This article belongs to the Special Issue Cloud Security Risk Management)
Security has become one of the primary factors that cloud customers consider when they select a cloud provider for migrating their data and applications into the Cloud. To this end, the Cloud Security Alliance (CSA) has provided the Consensus Assessment Questionnaire (CAIQ), which consists of a set of questions that providers should answer to document which security controls their cloud offerings support. In this paper, we adopted an empirical approach to investigate whether the CAIQ facilitates the comparison and ranking of the security offered by competitive cloud providers. We conducted an empirical study to investigate if comparing and ranking the security posture of a cloud provider based on CAIQ’s answers is feasible in practice. Since the study revealed that manually comparing and ranking cloud providers based on the CAIQ is too time-consuming, we designed an approach that semi-automates the selection of cloud providers based on CAIQ. The approach uses the providers’ answers to the CAIQ to assign a value to the different security capabilities of cloud providers. Tenants have to prioritize their security requirements. With that input, our approach uses an Analytical Hierarchy Process (AHP) to rank the providers’ security based on their capabilities and the tenants’ requirements. Our implementation shows that this approach is computationally feasible and once the providers’ answers to the CAIQ are assessed, they can be used for multiple CSP selections. To the best of our knowledge this is the first approach for cloud provider selection that provides a way to assess the security posture of a cloud provider in practice. View Full-Text
Keywords: cloud service provider; security self-assessment; security assessment; risk assessment cloud service provider; security self-assessment; security assessment; risk assessment
Show Figures

Figure 1

MDPI and ACS Style

Pape, S.; Paci, F.; Jürjens, J.; Massacci, F. Selecting a Secure Cloud Provider—An Empirical Study and Multi Criteria Approach. Information 2020, 11, 261.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Search more from Scilit
 
Search
Back to TopTop