Specifying a Trust Model for Academic Cloud Services

Abstract

Recently, cloud services have fast emerged as a major form of IT services. They have changed the way of operating global or local services. Notwithstanding these promising features of cloud services, we can see many business sectors that are not very positive for adopting cloud services. One of its major reasons is controllability on security. It is widely believed that a purchasing organization loses control over operation, especially over security when adopting SaaS for their critical businesses. However, the global competition forces business sectors to change their style of thinking. Academia is never an exception. In 2012, Japan AXIES (Academic eXchange for Information Environment and Strategy) released the criteria for adopting cloud services for academic environments. Its scope includes outsourcing major functions of a univeristy management to cloud service providers. In this paper, we analyze the AXIES report in terms of risk analysis. Its security model is analyzed in terms of TPM and SLA. The criticality levels for services are defined. The assurance levels and cloud security levels are required to match a given criticality level. Cloud security model such as CCM and identity trust model such as NIST 800-63 are integrated into a cloudbased trust model.