Investigation of IT Security and Compliance Challenges in Security-as-a-Service for Cloud Computing

Hussain Al-Aqrabi, Lu Liu, Jie Xu, Richard Hill, Nick Antonopoulos, Yongzhao Zhan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

24 Citations (Scopus)

Abstract

The key security challenges and solutions on the cloud have been investigated in this paper with the help of literature reviews and an experimental model created on OPNET that is simulated to produce useful statistics to establish the approach that the cloud computing service providers should take to provide optimal security and compliance. The literatures recommend the concept of Security-as-a-Service using unified threat management (UTM) for ensuring secured services on the cloud. Through the simulation results, this paper has demonstrated that UTM may not be a feasible approach to security implementation as it may become a bottleneck for the application clouds. The fundamental benefits of cloud computing (resources on demand and high elasticity) may be diluted if UTMs do not scale up effectively as per the traffic loads on the application clouds. Moreover, it is not feasible for application clouds to absorb the performance degradation for security and compliance because UTM will not be a total solution for security and compliance. Applications also share the vulnerabilities just like the systems, which will be out of UTM cloud’s control.
LanguageEnglish
Title of host publication2012 15th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops (ISORCW)
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages124-129
Number of pages6
ISBN (Electronic)9780769546698
ISBN (Print)9781467309004
DOIs
Publication statusPublished - 10 May 2012
Externally publishedYes
EventIEEE 15th International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops - Shenzen, China
Duration: 11 Apr 201211 Apr 2012
Conference number: 15

Conference

ConferenceIEEE 15th International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops
Abbreviated titleISORC 2012
CountryChina
CityShenzen
Period11/04/1211/04/12

Fingerprint

Cloud computing
Elasticity
Statistics
Degradation
Compliance

Cite this

Al-Aqrabi, H., Liu, L., Xu, J., Hill, R., Antonopoulos, N., & Zhan, Y. (2012). Investigation of IT Security and Compliance Challenges in Security-as-a-Service for Cloud Computing. In 2012 15th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops (ISORCW) (pp. 124-129). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ISORCW.2012.31
Al-Aqrabi, Hussain ; Liu, Lu ; Xu, Jie ; Hill, Richard ; Antonopoulos, Nick ; Zhan, Yongzhao. / Investigation of IT Security and Compliance Challenges in Security-as-a-Service for Cloud Computing. 2012 15th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops (ISORCW). Institute of Electrical and Electronics Engineers Inc., 2012. pp. 124-129
@inproceedings{17356547ba8f42938cd93e64075056a3,
title = "Investigation of IT Security and Compliance Challenges in Security-as-a-Service for Cloud Computing",
abstract = "The key security challenges and solutions on the cloud have been investigated in this paper with the help of literature reviews and an experimental model created on OPNET that is simulated to produce useful statistics to establish the approach that the cloud computing service providers should take to provide optimal security and compliance. The literatures recommend the concept of Security-as-a-Service using unified threat management (UTM) for ensuring secured services on the cloud. Through the simulation results, this paper has demonstrated that UTM may not be a feasible approach to security implementation as it may become a bottleneck for the application clouds. The fundamental benefits of cloud computing (resources on demand and high elasticity) may be diluted if UTMs do not scale up effectively as per the traffic loads on the application clouds. Moreover, it is not feasible for application clouds to absorb the performance degradation for security and compliance because UTM will not be a total solution for security and compliance. Applications also share the vulnerabilities just like the systems, which will be out of UTM cloud’s control.",
keywords = "Cloud computing security, security-as-a-service, unified threat management",
author = "Hussain Al-Aqrabi and Lu Liu and Jie Xu and Richard Hill and Nick Antonopoulos and Yongzhao Zhan",
year = "2012",
month = "5",
day = "10",
doi = "10.1109/ISORCW.2012.31",
language = "English",
isbn = "9781467309004",
pages = "124--129",
booktitle = "2012 15th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops (ISORCW)",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
address = "United States",

}

Al-Aqrabi, H, Liu, L, Xu, J, Hill, R, Antonopoulos, N & Zhan, Y 2012, Investigation of IT Security and Compliance Challenges in Security-as-a-Service for Cloud Computing. in 2012 15th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops (ISORCW). Institute of Electrical and Electronics Engineers Inc., pp. 124-129, IEEE 15th International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops, Shenzen, China, 11/04/12. https://doi.org/10.1109/ISORCW.2012.31

Investigation of IT Security and Compliance Challenges in Security-as-a-Service for Cloud Computing. / Al-Aqrabi, Hussain; Liu, Lu; Xu, Jie; Hill, Richard; Antonopoulos, Nick; Zhan, Yongzhao.

2012 15th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops (ISORCW). Institute of Electrical and Electronics Engineers Inc., 2012. p. 124-129.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Investigation of IT Security and Compliance Challenges in Security-as-a-Service for Cloud Computing

AU - Al-Aqrabi, Hussain

AU - Liu, Lu

AU - Xu, Jie

AU - Hill, Richard

AU - Antonopoulos, Nick

AU - Zhan, Yongzhao

PY - 2012/5/10

Y1 - 2012/5/10

N2 - The key security challenges and solutions on the cloud have been investigated in this paper with the help of literature reviews and an experimental model created on OPNET that is simulated to produce useful statistics to establish the approach that the cloud computing service providers should take to provide optimal security and compliance. The literatures recommend the concept of Security-as-a-Service using unified threat management (UTM) for ensuring secured services on the cloud. Through the simulation results, this paper has demonstrated that UTM may not be a feasible approach to security implementation as it may become a bottleneck for the application clouds. The fundamental benefits of cloud computing (resources on demand and high elasticity) may be diluted if UTMs do not scale up effectively as per the traffic loads on the application clouds. Moreover, it is not feasible for application clouds to absorb the performance degradation for security and compliance because UTM will not be a total solution for security and compliance. Applications also share the vulnerabilities just like the systems, which will be out of UTM cloud’s control.

AB - The key security challenges and solutions on the cloud have been investigated in this paper with the help of literature reviews and an experimental model created on OPNET that is simulated to produce useful statistics to establish the approach that the cloud computing service providers should take to provide optimal security and compliance. The literatures recommend the concept of Security-as-a-Service using unified threat management (UTM) for ensuring secured services on the cloud. Through the simulation results, this paper has demonstrated that UTM may not be a feasible approach to security implementation as it may become a bottleneck for the application clouds. The fundamental benefits of cloud computing (resources on demand and high elasticity) may be diluted if UTMs do not scale up effectively as per the traffic loads on the application clouds. Moreover, it is not feasible for application clouds to absorb the performance degradation for security and compliance because UTM will not be a total solution for security and compliance. Applications also share the vulnerabilities just like the systems, which will be out of UTM cloud’s control.

KW - Cloud computing security

KW - security-as-a-service

KW - unified threat management

U2 - 10.1109/ISORCW.2012.31

DO - 10.1109/ISORCW.2012.31

M3 - Conference contribution

SN - 9781467309004

SP - 124

EP - 129

BT - 2012 15th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops (ISORCW)

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

Al-Aqrabi H, Liu L, Xu J, Hill R, Antonopoulos N, Zhan Y. Investigation of IT Security and Compliance Challenges in Security-as-a-Service for Cloud Computing. In 2012 15th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops (ISORCW). Institute of Electrical and Electronics Engineers Inc. 2012. p. 124-129 https://doi.org/10.1109/ISORCW.2012.31