Analyzing transparency and malicious insiders prevention for cloud computing environment

Abstract

The emerging cloud technology and its integration with cloud services from an enterprise standpoint have provided a gateway for Cloud Service Providers (CSPs) to garner consumers and their data. Due to the growing increase of Cloud Service Users (CSUs), it is pertinent to provide an adequate amount of cloud security to prevent detrimental impacts to businesses. Two large challenges CSPs face for cloud security include transparency and malicious insiders. The primary objective of this work is to provide a framework that analyzes CSPs based on evaluation metrics such as data breaches, data loss, account hijacking, insecure APIs, DoS, malicious insiders, abuse of cloud services, insufficient due diligence, and shared technology concerns. The security index of a CSP is then computed based on the listed evaluation metrics and given a score that translates to a linguistic rating of the CSP. Factors within transparency and malicious insiders are further broken down within the framework to emphasize various components. Transparency factors include published audit certifications, consumer base, membership of cloud organizations, and published incidents. Malicious insiders are sub-sectioned into personnel-related prevention, policy-related prevention, third-party CSP prevention, technical-related prevention, and hypervisor-related prevention. With this scoring contribution, analysis is able to be done on a CSP's potential threats within the network, which can then be visualized into recommended security controls or preventative measures. Finally, we conducted case studies to demonstrate the application of the scoring analysis using our proposed framework and to evaluate the security levels of two extensively employed CSPs.