Inter-Cloud Data Security Framework, Compliance And Trust

Abstract Prospects of cloud computing as a technology which optimizes resources, reduces complexity and provides cost effective solutions to its consumers is well established. Future of cloud is ‘cloud of clouds’ where cloud service providers (CSPs) collaborate with each other to provide ever scalable solutions to their customers. However, one most restricting factor towards use of cloud by its consumers is their concerns about data security. Most sensitive to any organization is its data, which thus necessitates a trustworthy framework which could give confidence to these organizations to put their sensitive data on cloud. This paper, therefore, proposed a data security framework which is based on data security controls, driven against the possible data related threats emerging from various inter-cloud use cases. It is a very systematic derivation of data security controls, consolidated as a data security framework. Further in this study, is a proposed mechanism, which can enable CSPs to view compliance to data security controls and overall trustworthiness of other CSPs; thus, enabling them to decide level of interaction that they might feel appropriate to undertake depending upon their data security commitments to their consumers. A Data Security Compliance Monitor service is proposed which measures the compliance to data security framework. This service is also connected with Data Trust as a Service, which measures the trustworthiness of a cloud based on its Total Compliance Value, Users’ Feedback Rating, SLA Rating, Cloud Security Auditor Rating and Incidents History Value. CSPs who subscribe to Cloud Trust as a Service would be able to view Trustworthiness of other CSPs, yet they would be bound to provide access to the service to measure theirs as well. This new approach to data security in inter-cloud is a mix of data security controls, their measure of compliance and based on this, a service, which recommends how much trust can be placed on a CSP for handling data. The proposed solution thus promotes use of inter-cloud for data related requirements.