ABSTRACT
A CC has a special challenge in risk assessment compared to conventional information technology (i.e., other than cloud) customers. CSPs usually keep the locations, architecture, and details about the security of their server farms and data centers con dential from CCs. In addition, the abstract view of the cloud is one of the advantages promised by the cloud concept: CCs do not need to have an in-depth knowledge about the technical details of the cloud. erefore, it is more dicult for a CC to assess all the threats and vulnerabilities. Note that the risks are not only related to security issues but also to service outages, and CSPs have to prioritize the issues to solve when risks are realized. A CC has to rely on the routine procedures of the CSP for managing the infrastructure appropriately
CONTENTS 6.1 Introduction 67
6.1.1 De nitions 68 6.1.2 Structure of the Chapter 69
6.2 Risk Analysis, Assessment, and Management 69 6.3 Top reats for the Cloud 70 6.4 Cloud Risk Assessment 71 6.5 Risk and Trust Models for the Cloud 73 6.6 Summary 75 Acknowledgments 76 Further Reading 76 References 76
according to the CCs’ security dynamics, treating the CCs’ issues in a timely manner, detecting, recovering, and reporting the security and service outage incidents accurately. ese uncertainties increase risk and imply that the CCs have to trust CSPs [2].
