Royal Holloway 2012: An analysis of cloud security certifications

Feature

Royal Holloway 2012: An analysis of cloud security certifications

2012 Royal Holloway thesis seriesAdoption of cloud services is accelerating as companies take advantage of the more flexible and scalable IT provisioning model created by the cloud.

But how should an organisation check that a cloud service provider is capable of looking after its data? The provider may have been audited for SAS 70, ISO 27001, PCI DSS and a range of other standards, but how valid are those standards for the world of the cloud?

For his MSc thesis at Royal Holloway University of London (RHUL), Robert Farrugia, under the supervision of lecturer Geraint Price, analysed each of the main auditing standards and examined their applicability to cloud computing.

While many of the standards were found to provide some useful reassurance, none of them proved to be adequate in their own right, leaving the authors to conclude that a new cloud certification model will be needed in the future.

Read the article

Download the article by Robert Farrugia on cloud security certifications (.pdf).

Read the full thesis (.pdf).

In an article now published on SearchSecurity.co.UK, the authors provide a detailed mapping of the current cloud security certification standards applicable to the cloud, and illustrate where each standard is lacking. In the absence of a reliable standard, the authors suggest ways organisations might minimise risk when moving their data and processes from a traditional in-house IT infrastructure stack to that of the cloud.

The feature is one of six SearchSecurity.co.UK is publishing this year in collaboration with RHUL.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in June 2012

 

COMMENTS powered by Disqus  //  Commenting policy