Royal Holloway 2012: An analysis of cloud security certifications


Royal Holloway 2012: An analysis of cloud security certifications

2012 Royal Holloway thesis seriesAdoption of cloud services is accelerating as companies take advantage of the more flexible and scalable IT provisioning model created by the cloud.

But how should an organisation check that a cloud service provider is capable of looking after its data? The provider may have been audited for SAS 70, ISO 27001, PCI DSS and a range of other standards, but how valid are those standards for the world of the cloud?

For his MSc thesis at Royal Holloway University of London (RHUL), Robert Farrugia, under the supervision of lecturer Geraint Price, analysed each of the main auditing standards and examined their applicability to cloud computing.

While many of the standards were found to provide some useful reassurance, none of them proved to be adequate in their own right, leaving the authors to conclude that a new cloud certification model will be needed in the future.

Read the article

Download the article by Robert Farrugia on cloud security certifications (.pdf).

Read the full thesis (.pdf).

In an article now published on, the authors provide a detailed mapping of the current cloud security certification standards applicable to the cloud, and illustrate where each standard is lacking. In the absence of a reliable standard, the authors suggest ways organisations might minimise risk when moving their data and processes from a traditional in-house IT infrastructure stack to that of the cloud.

The feature is one of six is publishing this year in collaboration with RHUL.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

This was first published in June 2012


COMMENTS powered by Disqus  //  Commenting policy