Assessment of Security Risks in Merging the Private and Public Clouds

Abstract

Cloud computing is growing at a phenomenal rate with large number of new users embracing this utility based paradigm. In cloud computing platforms, the data is maintained by the cloud provider with limited control of the use,; making the privacy and security of data most important concern for the use,: Those, who do not want to compromise with security and privacy, are adopting the private model of the cloud computing, maintained by themselves or with the help of third party. However, private deployment model of cloud have limited elasticity and upfront cost is high. Enterprises intending to exploit the advantages of cloud computing without compromising with privacy and security are merging their private cloud with the public cloud. Once the enterprise crosses the .firewall of its private cloud and merges with the public cloud, there is a significant risk involvement, as public cloud uses different technology and supports multi-tenancy. Present work suggests a framework for assessment and mitigation of"riskfor such mergers. Framework is having planning, risk assessment, mitigation and review phases to take care of the risk management. The assessed risk can be mitigated in mitigation phase and its performance can be evaluated in review phase. Considering the evolving stage of cloud computing another phase discove1y is incmporated to discover the new/actors. Proposedframework will enable the enterprises to evaluate risk involved, by using the probability impact matrix, well before merging the private cloud to the public cloud so that the remedial action required can be taken to soak the risk. Hence, optimum benefits of both the public and private clouds can be realized with minimum risk.