Security-Centric Evaluation Framework For It Services

Tremendous growth and adoption of cloud based services within IT enterprises has generated important requirements for security provisioning. Users need to evaluate the security characteristics of different providers and their offered services. This generates an additional requirement for methods to compare cloud service providers on the basis of their capabilities to meet security requirements. This paper proposes a novel framework to assess and compare cloud services on the basis of their security offerings, leveraging existing best practices and standards to develop new relevant metrics. We provide comparison yardsticks related to security to evaluate cloud services such that the security robustness of cloud services can be computed using easy to evaluate deconstructed metrics. This paper provides a framework that can be leveraged to provide security enhancement plans both for users and providers.