Estimating Security Coverage for Cloud Services
Dasgupta, Dipankar; Rahman, Md Moshiur;
IEEE International Conference on Privacy, Security, Risk, and Trust, and IEEE International Conference on Social Computing, MIT. Boston, MA
Secure cloud environment is essential for providing uninterrupted services to customers (individual user, company and government), since customers are relying on cloud for their computing and network service needs. As providers play the central role in cloud security, they need to establish rigorous security measures as a part of their service offerings. In order to limit liabilities for damages caused by the cloud, some form of insurance seems appropriate. For cloud security insurance, however, the question of differential security coverage is relevant as the cost of deploying special protection, detection and response tools varies and requires the coverage estimation. In this paper, we describe a framework to estimate security coverage for different type of service offerings. We have developed software prototype of this framework, called MEGHNAD and tested for various cloud service security requirements. This prototype can serve as a specialized Cloud Doctor in prescribing the right combination of security tools for different cloud services and according to the level of security assurance required.