Security policy rules and required procedures for two crucial cloud computing threats

Abstract

Cloud computing is the most accurate paradigm of next generation internet-based distributed computing systems providing an innovative business model for organisations. It offers potential benefits including cost savings, flexibility and improved business outcomes for organisations. Despite the potential advantages of cloud computing, security is one of the major issues remaining questionable. In this paper, two crucial security threats of cloud computing systems are presented and are assigned to one of four categories of our security policy. We facilitate both users and providers to know about these security threats and we propose security metrics that providers could use to evaluate the security of their services. Finally, the necessary policy rules and required procedures are described. Our approach tackles the cloud security issues providing guidance in the form of a set of rules which can be utilised for monitoring the implementation and effectiveness of security controls in cloud environments.