Assessing the Security Risks of Multicloud SaaS Applications: A Real-World Case Study
Title | Assessing the Security Risks of Multicloud SaaS Applications: A Real-World Case Study |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Akinrolabu, Olusola, New, Steve, Martin, Andrew |
Conference Name | 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom) |
ISBN Number | 978-1-7281-1661-7 |
Keywords | Analytical models, case study, cloud, cloud computing, cloud computing services, cloud risks, cloud service providers, cloud supply chain cyber risk assessment model, Collaboration, composability, computing industry, CSCCRA model, data privacy, dynamic supply chain, Human Behavior, human factors, Metrics, multicloud SaaS application, policy-based governance, privacy concerns, pubcrawl, quantitative risk assessment, resilience, Resiliency, risk assessments, risk management, SaaS, Scalability, security, security risks, Software as a service, supply chain, supply chain risk assessment, supply chain-inclusive risk assessment model, Supply chains, transparency |
Abstract | Cloud computing is widely believed to be the future of computing. It has grown from being a promising idea to one of the fastest research and development paradigms of the computing industry. However, security and privacy concerns represent a significant hindrance to the widespread adoption of cloud computing services. Likewise, the attributes of the cloud such as multi-tenancy, dynamic supply chain, limited visibility of security controls and system complexity, have exacerbated the challenge of assessing cloud risks. In this paper, we conduct a real-world case study to validate the use of a supply chaininclusive risk assessment model in assessing the risks of a multicloud SaaS application. Using the components of the Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, we show how the model enables cloud service providers (CSPs) to identify critical suppliers, map their supply chain, identify weak security spots within the chain, and analyse the risk of the SaaS application, while also presenting the value of the risk in monetary terms. A key novelty of the CSCCRA model is that it caters for the complexities involved in the delivery of SaaS applications and adapts to the dynamic nature of the cloud, enabling CSPs to conduct risk assessments at a higher frequency, in response to a change in the supply chain. |
URL | https://ieeexplore.ieee.org/document/8854030 |
DOI | 10.1109/CSCloud/EdgeCom.2019.00-14 |
Citation Key | akinrolabu_assessing_2019 |
- Scalability
- privacy concerns
- pubcrawl
- Quantitative risk assessment
- resilience
- Resiliency
- risk assessments
- risk management
- SaaS
- policy-based governance
- security
- security risks
- Software as a service
- Supply Chain
- supply chain risk assessment
- supply chain-inclusive risk assessment model
- supply chains
- transparency
- composability
- case study
- cloud
- Cloud Computing
- cloud computing services
- cloud risks
- cloud service providers
- cloud supply chain cyber risk assessment model
- collaboration
- Analytical models
- computing industry
- CSCCRA model
- data privacy
- dynamic supply chain
- Human behavior
- Human Factors
- Metrics
- multicloud SaaS application