ABSTRACT
Just as data centers were both business and technical constructs to support data processing needs of businesses, cloud in some sense is more like a business construct, because the security and privacy in the cloud is handled more or less by the cloud service providers. A private cloud service could be utilized by a nancial company that is required by regulation to store sensitive data internally and that will still want to benet from some of the advantages of cloud computing within their business infrastructure, such as on-demand resource allocation. e private cloud computing service users no longer own the infrastructure; hence, the data security must be managed by the cloud service provider. is is a shi in paradigm and calls for redening the governance of privacy and security. is in no way suggests that the consumer of cloud services need not be responsible for their data privacy and security, but should have service-level agreement with the cloud service provider, and identify appropriate levels of security and its compliance with the state in which they operate. Risk management must factor the threats specic to dierent deployment cloud models and devise solutions to mitigate these threats. Data condentiality, integrity, and its availability in cloud deployment model are more susceptible to risk compared to noncloud deployment model. Secure cloud computing architecture must be a scalable one to respond to all insider and outsider threats as well as from natural disasters. Security can be breached at either or both at cloud infrastructure or along the Internet. Cloud computing services oer elasticity, rapid provisioning and releasing of resources, resource pooling, and high bandwidth access with security risks.
