Risk Management on the Security Problem in Cloud Computing

Abstract

ICT systems have been investigated for flexible systems configuration, systems operation cost reduction, environmental impact reduction, etc. Cloud computing has attracted attention as technology that solves these. In the U.S., business Cloud services, such as Amazon EC2/S3, Google Apps, Force.com, and Windows Azure, are gaining more and more users. Additionally, study of Cloud computing, such as a governmental i-Japan strategy and a start of the smart Cloud study group of the Ministry of Internal Affairs and Communications, is progressing rapidly in Japan. However, the investigation on the present Cloud computing is mainly focused on the service side, while the security side has not been sufficiently looked at. The security perception by the social viewpoints of a user's vague uneasiness has especially been insufficiently investigated. This paper looks into the various risks when a company uses Cloud computing. That is, the security from a user's viewpoint in Cloud computing is investigated. Concretely, the risk factor from a user's viewpoint in such Cloud computing is comprehensively extracted with the risk breakdown structure (RBS) method. Furthermore, the risk factors that were extracted are analyzed and evaluated. A detailed countermeasure and proposal are produced on the basis of these results. These in turn will be used to promote public Cloud use, strengthen competitiveness by cost reduction, and increase the efficiency of corporate management.