Automated Risk Management Framework For Cloud Computing Environment

As the need for security increases daily with the unprecedented growth of platform sharing, we oriented our research to the cloud computing security. Enterprises are reluctant to adopt cloud technology because of the security uncertainties that escort it even though cloud is a must for the future of computing technology, just like subscribing to a big electricity provider was a must some decades ago because the cost is far much less than providing your own infrastructure for your own source of electricity power. Yet, surprisingly, we found no work on the subject that addresses directly the need of organizations to have a security and risk management framework that is not costly, not time consuming, objective and systematic, not as a separate entity but one with the classic risk management the organization uses. Many respectable works have been done as security guidelines on adopting cloud, nonetheless on the one hand they are not practical for the public, but only for handful of expert in IT security, and on the other hand, costly as it is done manually and subjective to the expertise of the security analyst and the data collected.In this paper, we propose a model to cope with those needs:the Risk Aware Framework for Cloud Ecosystem (RAFCE). RAFCE is mainly automated risk assessment and management framework for a public cloud computing subscriber, evolved from an Ontology and Bayesian-based Threat Probability Determination framework, the AURUM (Automated Risk and Utility Management). It uses the same mechanism as AURUM with some radical changes in the architecture, namely in the Security Concepts and Relationships, and the Bayesian Threat calculation schema to handle all compulsory requirements of cloud computing security.We based our work on the AURUM framework, since it is one of the best tools in the hand of the Information Security and Risk Management (ISRM) community as it provides reduced domain expert dependency, automatic threat-infrastructure mapping, concrete control implementation suggestions, objective threat probability determination, measurable Information Technology (IT) solution effectiveness and interactive decision support. Relatively to our work, the shortcoming of AURUM is that, it is not compatible with a Cloud Computing environment because in the cloud, there are risks that are out of control for the subscribed organization. Nevertheless, the ratio of those resources which are not controlled by the organization over the global resources the organization uses can be more or less important depending on the type of service model the organization is subscribed to (Iaas-Infrastructure as a Service, or PaaS-Platform as a Service, or SaaS-Software as a Service). That implies that, those cloud-related risks cannot be overlooked, since the effectiveness of the enterprise depends on those resources from the cloud on which the organization has a limited control. In fact, the cloud-related risks can increase the vulnerability of some assets and/or threaten the asset itself. Consequently, the effect can be either in the short-term or in long-term.According to the Jarvinen’s taxonomy of research methods, we conducted the research as a combination of conceptual-analytical, artifact-building, and artifact-evaluating research approaches, alongside with which we used the AT AM (Architecture Trade-off Analysis Method)’s principles to refine our findings. AT AM is a value-based systematic architecture evaluation technique developed and refined by Software Engineering Institute (SEI) at Carnegie Mellon University, in which the architecture is evaluated in terms of performance, modifiability, and availability. Using those techniques, we built a framework that can assess the costs attached to the likelihood of loss in a period of time for an organization subscribed to a cloud service model, from the AURUM; by considering the principal concerns of cloud computing security community outlined by the major literature in the field such as Cloud Security Alliance (CSA)’s guidance and National Institute of Standards and Technology (NIST)’s special publication800-144.With RAFCE, we introduce some new concepts in the security ontology which were previously used by AURUM. To not mention but the major changes, we divided the resources into two groups depending on the owner (the enterprise client or the cloud provider). The assets owned by the organization are subjected to vulnerabilities on which the organization can implement controls to mitigate the likelihood of threats to exploit that particular vulnerability, but the assets owned by the cloud provider and used by the organization are subjected to vulnerabilities that the subscriber can only monitor via an auditing system to identify the risks attached to the use of those cloud-owned assets. By knowing the likelihood of the cloud-related risk, the risk that that a particular cloud-related risk will affect the asset owned by the cloud can be known depending on the degree of impact that it can have over that asset and its own severity. We figured out also in the security ontology the increasing impact that the cloud-related threats can have on the vulnerabilities on the assets owned by the cloud, which in turn will increase the likelihood that that specific vulnerability will be used by a threat to threaten the asset. The latter implied some updates in the threat probability determination formulas, since the cloud-related risks don’t affect the assets directly as the former but instead, affect the assets by increasing its vulnerability to be more likely used by a threat. Thus, the vulnerability exploitation probability is not only made of the weighted attacker effectiveness, in case of deliberate threat sources, or the weighted a priori probability of the corresponding threat, in case of accidental threat sources, and the weighted and vulnerability-specific effectiveness of the existing control implementation, but also made of the weighted cloud-related threat probability.We evaluated RAFCE with a simulation of scenario where the functionalities can be explored to see how the model deals with the settled goals after identifying the shortcomings of the related works. And that will be used to isolate its benefit versus the existing framework for cloud computing information risk management. As RAFCE is in its architectural designing phase it is a secure foundation for developers in implementing a helpful tool in the hand of the businessmen to assist them closely with their decisions related to risk awareness and decision. Decision makers can’t avoid considering all cloud-related risks’impacts that could be overlooked without a tool such as RAFCE, and in the time of our research, RAFCE is unique of its kind.