Introducing risk management into cloud computing
Document typeExternal research report
Rights accessOpen Access
The Cloud computing paradigm is offering an innovative and promising vision concerning the Information and Communications Technology (ICT). Actually, it gives the possibility of improving IT systems management and is changing the way in which hardware and software are designed and purchased. Notwithstanding, the use of Cloud resources, which usually are external assets to their consumers, implies risk issues that must be taken into account. In this paper, we propose the involvement of risk management procedures into Cloud computing. In this sense, we present a Cloud computing risk management approach aware of Business- Level Objectives (BLOs) of a given Cloud organization. More to the point, we propose an innovatory SEmi-quantitative BLOdriven Cloud Risk Assessment (SEBCRA) as the core subprocess of this Cloud risk management approach. In addition, we present, as a use case, a Cloud Service Provider (CSP) that is able to improve the achievement of a given BLO, i.e. profit maximization, by managing, assessing, and treating Cloud-related risks. As demonstrated in the experimentation, this provider maximizes its profit by transferring the risks of provisioning its private Cloud, either under- or over-provisioning, to third-party Cloud Infrastructure Providers (CIPs).
CitationFitó, J.; Guitart, J. "Introducing risk management into cloud computing". 2010.
Is part ofUPC-DAC-RR-2010-33