A Conceptual Framework To Identify Cyber Risks Associated With The Use Of Public Cloud Computing

Abstract

There are a number of methods of abstraction used in public cloud computing models today. Successive incidents involving cloud customer instantiations reveal that either the security risks are difficult to comprehend, or customers' requisite security responsibilities are not fully understood. A pretext to this paper is an argument that there has been an over-reliance upon: (a) compliance mapping by customers that can hide technical complexities and the associated technical risks, or (b) risk assessment methods that pre-date cloud. The transition to a Cloud 2.0 era offers us an opportunity to re-think architecture and also to re-calibrate security approaches in order to better understand the risks. A Conceptual Framework has been derived for this purpose and proposed as a mechanism to contextualise public cloud risks.