Self-assessment of security in cloud deployment
Koskinen, Pinja; Simola, Vesa (2019)
2019
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-201904175484
https://urn.fi/URN:NBN:fi:amk-201904175484
Tiivistelmä
Increasing number of services running on top of outsourced cloud environments has led to changes in the security landscape. These changes have created a situation where extra
care is to be applied in order to ensure that the services continue to run securely. This the-
sis aims to find the key points organization should take into an account during the life-cycle of service running in the cloud. The result - a self-assessment tool - aims at being an easily manageable checklist which can be used to identify, acknowledge and also to limit the dangers posed by the threats tied especially to the cloud environments.
The self-assessment tool is not meant as a replacement for other audit criterion; its pur-
pose is to define the set of important questions to ask, written especially from the per-
spective of running services on top of outsourced cloud environments.
Research problem of this thesis is the challenge of identifying the threats closely related to
the cloud. The research method used is a literature review; trying to find literature cover-
ing the topic either directly or by means of applying what has been written for general se-
curity and continuity while adapting it to the context of the cloud. The latter method was
required as the amount of literature directly related to auditing cloud deployments was
found scarce.
Primary result of this thesis is that seventeen issues were identified as topics for discussion concerning cloud deployment. It is obvious that anyone could add dozens more questions, especially for special needs of different types of businesses and data, but these can be tackled in more detail using specific audit criterion or following the relevant regulation.
care is to be applied in order to ensure that the services continue to run securely. This the-
sis aims to find the key points organization should take into an account during the life-cycle of service running in the cloud. The result - a self-assessment tool - aims at being an easily manageable checklist which can be used to identify, acknowledge and also to limit the dangers posed by the threats tied especially to the cloud environments.
The self-assessment tool is not meant as a replacement for other audit criterion; its pur-
pose is to define the set of important questions to ask, written especially from the per-
spective of running services on top of outsourced cloud environments.
Research problem of this thesis is the challenge of identifying the threats closely related to
the cloud. The research method used is a literature review; trying to find literature cover-
ing the topic either directly or by means of applying what has been written for general se-
curity and continuity while adapting it to the context of the cloud. The latter method was
required as the amount of literature directly related to auditing cloud deployments was
found scarce.
Primary result of this thesis is that seventeen issues were identified as topics for discussion concerning cloud deployment. It is obvious that anyone could add dozens more questions, especially for special needs of different types of businesses and data, but these can be tackled in more detail using specific audit criterion or following the relevant regulation.