CloudWatch2 Risk Based Decision Making Mechanisms For Cloud Service In The Public Sector
Released: 10/27/2016
Despite the undisputed advantages of cloud computing, customers (in particular Public
Administrations or PAs, and Small and Medium-sized Enterprises or SMEs) are still in need of
“meaningful” understanding of the security and risk management changes the cloud entails,
in order to assess if this new computing paradigm is “good enough” for their security
requirements. Traditional ICT risk management approaches usually adopt one-size-fits-all
methodologies relying on (security) experts, which are usually not adequate for small
organisations and Public Administrations (PA) that use relatively simple IT-components. One
of the main drivers of CloudWatch2 is to develop a simplified cloud risk
assessment/management approach, called “risk profile” in this document, with the requisite
that SMEs/PAs need simple, flexible, efficient and cost-effectivecloud security solutions.
This deliverable proposes a risk profiling methodology to assist PAs with the risk assessment
process from the perspective of a cloud service customer (CSC) procuring a suitable cloudbased service. The proposed approach also provides information to cloud partners (e.g.
cloud brokers) and CSPs, on the risk management methodology for cloud adoption used by a
(prospective) customer organization. Despite the fact that the main focus of this deliverable
being on PAs, we also discuss the appropriateness of the suggested risk profile methodology
for SMEs (to be further expanded inDeliverable 3.5 or D3.5).
This incremental report also presents a fresh approach to the problem of leveraging risk
profiles by analysing, from the risk management perspective, the specification of security in
mechanisms like Service Level Agreements (SLA) as a promising approach to empower PAs
(and also SMEs) in assessing and understanding their cloud requirements.
The next version of this deliverable (i.e. D3.5) will present the validation results of the
presented risk profiles, both for SMEs and PAs, based on real-world use cases and end-user
feedback. In addition D3.5 will further elaborate on end-user mechanisms/tools for
instantiating the proposed risk profiling methodology.
Administrations or PAs, and Small and Medium-sized Enterprises or SMEs) are still in need of
“meaningful” understanding of the security and risk management changes the cloud entails,
in order to assess if this new computing paradigm is “good enough” for their security
requirements. Traditional ICT risk management approaches usually adopt one-size-fits-all
methodologies relying on (security) experts, which are usually not adequate for small
organisations and Public Administrations (PA) that use relatively simple IT-components. One
of the main drivers of CloudWatch2 is to develop a simplified cloud risk
assessment/management approach, called “risk profile” in this document, with the requisite
that SMEs/PAs need simple, flexible, efficient and cost-effectivecloud security solutions.
This deliverable proposes a risk profiling methodology to assist PAs with the risk assessment
process from the perspective of a cloud service customer (CSC) procuring a suitable cloudbased service. The proposed approach also provides information to cloud partners (e.g.
cloud brokers) and CSPs, on the risk management methodology for cloud adoption used by a
(prospective) customer organization. Despite the fact that the main focus of this deliverable
being on PAs, we also discuss the appropriateness of the suggested risk profile methodology
for SMEs (to be further expanded inDeliverable 3.5 or D3.5).
This incremental report also presents a fresh approach to the problem of leveraging risk
profiles by analysing, from the risk management perspective, the specification of security in
mechanisms like Service Level Agreements (SLA) as a promising approach to empower PAs
(and also SMEs) in assessing and understanding their cloud requirements.
The next version of this deliverable (i.e. D3.5) will present the validation results of the
presented risk profiles, both for SMEs and PAs, based on real-world use cases and end-user
feedback. In addition D3.5 will further elaborate on end-user mechanisms/tools for
instantiating the proposed risk profiling methodology.
Download this Resource
Prefer to access this resource without an account? Download it now.
