Cloud computing (CC) reveals a remarkable potential to provide on-demand services to a wide variety of enterprises over the Internet with greater flexibility in a cost-effective manner. However, it presents an added level of security and privacy risks because essential services are often outsourced to a third party. Security risks are the most critical issue that hinders enterprises from adopting CC since they may result in loss of satisfaction for many business objectives. On the other hand, Cloud Service Providers (CSP) are struggling with the cloud platform security issues since the cloud model has a very complex architecture with many characteristics and different stakeholders’ security requirements. Hence, there is an essential need for an indepth assessment of cloud related security risks. Traditional risk assessment methods do not fit CC well due to its complex environment and the assumption by those methods that assets are owned and fully controlled by the enterprise itself. In this paper, we propose a Delphi-based Cloud Security Risk Assessment Model (DCSRAM) that identifies, analyzes, and evaluates security risks affecting CC adoption in enterprises. The proposed model supports a higher level of trust in cloud technologies from the side of enterprises and a costeffective and reliable productivity from the side of CSP. The model has been tested for applicability and usability through a use case scenario.
展开▼