A risk assessment framework for cloud computing

Abstract

Cloud service providers offer access to their resources through formal service level agreements (SLA), and need well-balanced infrastructures so that they can maximise the quality of service (QoS) they offer and minimise the number of SLA violations. This paper focuses on a specific aspect of risk assessment as applied in cloud computing: methods within a framework that can be used by cloud service providers and service consumers to assess risk during service deployment and operation. It describes the various stages in the service lifecycle whereas risk assessment takes place, and the corresponding risk models that have been designed and implemented. The impact of risk on architectural components, with special emphasis on holistic management support at service operation, is also described. The risk assessor is shown to be effective through the experimental evaluation of the implementation, and is already integrated in a cloud computing toolkit.