查看文章

The cloud offers attractive options to migrate corporate applications, without any implication for the corporate security manager to manage or to secure physical resources. While this ease of migration is appealing, several security issues arise: can the validity of corporate legal compliance regulations still be ensured for remote data storage? How is it possible to assess the Cloud Service Provider (CSP) ability to meet corporate security requirements? Can one monitor and enforce the agreed cloud security levels? Unfortunately, no comprehensive solutions exist for these issues. In this context, we introduce a new approach, named SPECS. It aims to offer mechanisms to specify cloud security requirements and to assess the security features offered by CSPs, and to integrate the desired security services (e.g., credential and access management) into cloud services with a Security-as-a-Service approach. Furthermore …