Security in Cloud Computing: A Security Assessment of Cloud Computing Providers for an Online Receipt Storage

Abstract

Considerations with regards to security issues and demands must be addressed before migrating an application into a cloud computing environment. Different vendors, Microsoft Azure, Amazon Web Services and Google AppEngine, provide different capabilities and solutions to the individual areas of concern presented by each application. Through a case study of an online receipt storage application from the company dSafe, a basis is formed for the evaluation. The three cloud computing vendors are assessed with regards to a security assessment framework provided by the Cloud Security Alliance and the application of this on the case study. Finally, the study is concluded with a set of general recommendations and the recommendation of a cloud vendor. This is based on a number of security aspects related to the case study's existence in the cloud. With dSafe's high demands of data locality, integrity and security, Google AppEngine is discarded as an option due to the lack of focus on business related applications, whilst Microsoft Azure is the recommended cloud vendor - closely followed by Amazon Web Services - due to its suitable technical solutions with regards to existing implementation, risk mitigation capabilities and audit results.