Security policies for cloud computing
Georgiou, Dimitra A.
Γεωργίου, Δήμητρα Α.
The massive technological developments in world trade and the need for personal information to cross international borders highlighted the need to define security policies and propose specific regulations to enhance the protection of citizens' personal data. A technological breakthrough, which creates challenges to the protection of personal data, is Cloud Computing. The main feature of Cloud Computing is that it allows on-demand network access to computing resources with minimal management effort or service provider interaction. This new era gives new dimensions to international transfers of personal data and for this reason it has become necessary to establish a Security Policy for Cloud Computing services. For the new era of Cloud Computing, the purpose of a Security Policy is to protect people and information, set rules for expected behavior by users, minimize risks and help to track compliance with regulation. This thesis proposes a Methodology that can be adopted for the development of a Cloud Security Policy, in respect to data security. Specifically focused on the model of Software-as-a-Service (SaaS), this thesis is intended to serve as a Framework for organizations, users, Cloud Providers and provide a baseline for the Security Policy of Cloud Computing. We address the security requirements that are specific to Cloud Environment, highlight how these requirements link to our Cloud Security Policy and recommend, the measures and the corresponding security policies. Furthermore, it proposes a method that can be adopted by Cloud Providers for auditing the security of their systems as, security is one of the core competencies of the Cloud Provider.