Register for CSA’s SECtember conference and trainings today




Circle
Events
Blog

Download Publication

CloudWatch2 Risk Based Decision Making Mechanisms For Cloud Service In The Public Sector
CloudWatch2 Risk Based Decision Making Mechanisms For Cloud Service In The Public Sector

CloudWatch2 Risk Based Decision Making Mechanisms For Cloud Service In The Public Sector

Release Date: 10/27/2016

Despite the undisputed advantages of cloud computing, customers (in particular Public
Administrations or PAs, and Small and Medium-sized Enterprises or SMEs) are still in need of
“meaningful” understanding of the security and risk management changes the cloud entails,
in order to assess if this new computing paradigm is “good enough” for their security
requirements. Traditional ICT risk management approaches usually adopt one-size-fits-all
methodologies relying on (security) experts, which are usually not adequate for small
organisations and Public Administrations (PA) that use relatively simple IT-components. One
of the main drivers of CloudWatch2 is to develop a simplified cloud risk
assessment/management approach, called “risk profile” in this document, with the requisite
that SMEs/PAs need simple, flexible, efficient and cost-effectivecloud security solutions.
This deliverable proposes a risk profiling methodology to assist PAs with the risk assessment
process from the perspective of a cloud service customer (CSC) procuring a suitable cloudbased service. The proposed approach also provides information to cloud partners (e.g.
cloud brokers) and CSPs, on the risk management methodology for cloud adoption used by a
(prospective) customer organization. Despite the fact that the main focus of this deliverable
being on PAs, we also discuss the appropriateness of the suggested risk profile methodology
for SMEs (to be further expanded inDeliverable 3.5 or D3.5).
This incremental report also presents a fresh approach to the problem of leveraging risk
profiles by analysing, from the risk management perspective, the specification of security in
mechanisms like Service Level Agreements (SLA) as a promising approach to empower PAs
(and also SMEs) in assessing and understanding their cloud requirements.
The next version of this deliverable (i.e. D3.5) will present the validation results of the
presented risk profiles, both for SMEs and PAs, based on real-world use cases and end-user
feedback. In addition D3.5 will further elaborate on end-user mechanisms/tools for
instantiating the proposed risk profiling methodology.

Download this Resource

LoginCreate Account

Prefer to access this resource without an account? Download it now.

Acknowledgements

Marina Bregkou Headshot Missing
Marina Bregkou
Senior Research Analyst, CSA EMEA

Marina Bregkou

Senior Research Analyst, CSA EMEA

This person does not have a biography listed with CSA.

Damir Savanovic Headshot
Damir Savanovic
Senior Analyst and Researcher at Cloud Security Alliance

Damir Savanovic

Senior Analyst and Researcher at Cloud Security Alliance

Damir Savanovic (M) is an Associate Director - Cloud Controls Lead at Willis Towers Watson, leading a team of subject matter experts to address compliance and control requirements for multiple compliance frameworks within information and cybersecurity for a global financial institution.

As a security evangelist and subject matter expert in the areas of security governance, risk and compliance, data protection with over...

Read more

Jesus Luna Headshot Missing
Jesus Luna

Jesus Luna

This person does not have a biography listed with CSA.

Nicholas Ferguson Headshot Missing
Nicholas Ferguson

Nicholas Ferguson

This person does not have a biography listed with CSA.

Theodora Dragan Headshot Missing
Theodora Dragan

Theodora Dragan

This person does not have a biography listed with CSA.

Lucio Scudiero Headshot Missing
Lucio Scudiero

Lucio Scudiero

This person does not have a biography listed with CSA.

Are you a research volunteer? Request to have your profile displayed on the website here.