Security Criteria in Deciding on Migration of Systems to the Cloud

Rafael Gómez, David G. Rosado, Daniel Mellado, Eduardo Fernández-Medina

2012

Abstract

Cloud computing is setting trend in IT world. As it evolves, providers and clients claim their concern about their pros and cons. Some proposals have been made on the methodologies to assess criteria for benefits and risks of the different cloud models. How these proposals deal with security issues (that most IT executives point out as their top concern)? In this paper we go into the issue of how we can incorporate security requirements to a decision making process for whether to migrate legacy systems to the cloud and how to do it. From systems in control of the firms’ data centers to systems working partially, if not totally out of their control.

References

  1. Andrzejak, A., D. Kondo, and S. Ji. Decision Model for Cloud Computing under SLA Constraints. in IEEE International Symposium on Modeling, Analysis & Simulation of Computer and Telecommunication Systems (MASCOTS), 2010. 2010.
  2. Bibi, S., D. Katsaros, and P. Bozanis. Application Development. Fly to the Clouds or Stay in-House. in 19th IEEE International Workshop on Enabling Technologies: Infrastructures for Collaborative Enterprises (WETICE), 2010 2010.
  3. Bisbal, J., D. Lawless, B. Wu, and J. Grimson, Legacy Information Systems: Issues and Directions. IEEE Software, 1999. 16(5): p. 103-111.
  4. Buyya, R., C. S. Yeo, S. Venugopal, J. Broberg, and I. Brandic, Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Generation Computer Systems, 2009. 25(6): p. 599-616.
  5. CSA, Security Guidance for Critical Areas of Focus in Cloud Computing. 2009, Cloud Security Alliance.
  6. CSA, Top Threats to Cloud Computing. 2010, Cloud Security Alliance.
  7. Chen, Y. and R. Sion. To Cloud Or Not To Cloud? Musings On Costs and Viability. in 2nd ACM Symposium on Cloud Computing SOCC 2011. 2011.
  8. Christiansen, C. A., C. J. Kolodgy, S. Hudson, and G. Pintal, Identity and Access Management for Approaching Clouds, in IDC White Paper. 2010.
  9. Fredriksson, J. and K. Augustsson, Cloud Service Analysis Choosing between an onpremise resource and a cloud computing service. 2011, Chalmers University of Technology, University of Gothenburg.
  10. Gens, F. IT Cloud Services User Survey, pt.2: Top Benefits & Challenges. 2008; Available from: http://blogs.idc.com/ie/?p=210.
  11. Gomolski, B., Gartner Perspective on IT Spending 2010. 2010, The Gartner Group.
  12. Guitouni, A. and J. M. Martel, Tentative guidelines to help choosing an appropriate MCDA method. European Journal of Operational Research, 1998. 109(2): p. 501-521.
  13. Heckel, R., R. Correia, C. M. P. Matos, M. El-Ramly, G. Koutsoukos, and L. F. Andrade, Architectural Transformations: From Legacy to Three-Tier and Services. Software Evolution, 2008: p. 139-170.
  14. Huang, C.-Y., W.-C. Tzeng, G.-H. Tzeng, and M.-C. Yuan, Derivations of Information Technology Strategies for Enabling the Cloud Based Banking Service by a Hybrid MADM Framework. Smart Innovation, Systems and Technologies, 2011. 10: p. 123-134.
  15. Jansen, W. and T. Grance, Guidelines on Security and Privacy in Cloud Computing. 2011, NIST.
  16. Khajeh-Hosseini, A., D. Greenwodd, and I. Sommerville. Cloud Migration: A Case Study of Migrating an Enterprise IT System to IaaS. in IEEE 3rd Int. Conf. on Cloud Computing (CLOUD 2010). 2010.
  17. Khajeh-Hosseini, A., I. Sommerville, J. Bogaerts, and T. P. Decision Support Tools for Cloud Migration in the Enterprise. in IEEE 4th Int. Conf. on Cloud Computing (CLOUD 2011). 2011.
  18. Künsemöller, J. and H. Kark. A Game-Theoretical Approach to the Benefits of Cloud Computing. in 8th Intl. Workshop on Economics of Grids, Clouds, Systems, and Services (Gecon2011). 2011.
  19. Madan, B. B., K. Goševa-Popstojanova, K. Vaidyanathan, and K. S. Trivedi, A method for modeling and quantifying the security attributes of intrusion tolerant systems. Performance Evaluation, 2004. 56 p. 167-186.
  20. Mell, P. and T. Grance, The NIST Definition of Cloud Computing 2011, NIST.
  21. Schryen, G. A Fuzzy Model for IT Security Investments. in Sicherheit 2010. 2011.
  22. Seacord, R., D. Plakosh, and G. Lewis, Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices. 1st ed. Addison-Wesley Professional. 2003.
  23. The Open Group, The Open Group Cloud Computing Survey. 2011, The Open Group
  24. Tobin, M. and B. Bass, Federal Application Modernization Road Trip: Express Lane or Detour Ahead? 2011, Meritalk.
  25. Winkler, V. J. R., Introduction to Cloud Computing and Security, in Securing the Cloud. Cloud Computing Security. Techniques and Tactics., E. Syngress, Editor. 2011. p. 25.
Download


Paper Citation


in Harvard Style

Gómez R., G. Rosado D., Mellado D. and Fernández-Medina E. (2012). Security Criteria in Deciding on Migration of Systems to the Cloud . In Proceedings of the 9th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2012) ISBN 978-989-8565-15-0, pages 93-100. DOI: 10.5220/0004099600930100


in Bibtex Style

@conference{wosis12,
author={Rafael Gómez and David G. Rosado and Daniel Mellado and Eduardo Fernández-Medina},
title={Security Criteria in Deciding on Migration of Systems to the Cloud},
booktitle={Proceedings of the 9th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2012)},
year={2012},
pages={93-100},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004099600930100},
isbn={978-989-8565-15-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 9th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2012)
TI - Security Criteria in Deciding on Migration of Systems to the Cloud
SN - 978-989-8565-15-0
AU - Gómez R.
AU - G. Rosado D.
AU - Mellado D.
AU - Fernández-Medina E.
PY - 2012
SP - 93
EP - 100
DO - 10.5220/0004099600930100