Risk Based NIST Effectiveness Analysis for Cloud Security

Abstract

Cloud computing has brought new innovations in the paradigm of IT industry through virtualization and by offering low price services on pay-as-per-use basis. Since the development of cloud computing, several issues like security, privacy, cost, load balancing, power consumption, scheduling algorithms are still under research also the advent of newer technologies announces new-fangled risks and vulnerabilities. Although the cloud has a very advanced structures and expansion of services, security and privacy concerns have been creating obstacles for the enterprise to entirely shift to the cloud. A Threat Agent is an attacker, intruder, employee that takes the benefits of the vulnerabilities and risks in the system. Failure to ensure appropriate security protection when using cloud services could ultimately result in higher costs and potential loss of business, thus eliminating any of the potential benefits of cloud computing. There are different Information Security standards, governance and security frameworks, and guides to protect the organizations to protect from threat agents. In this research, cloud vulnerabilities and risks have been identified that can be exploited by the threat agent and mapped into renowned information security standard by National Institute of Standards and Technology NIST SP 800-53 Rev.3 to check whether the standard provides claim security to cloud users.