Cloud computing allows for organizations to have the opportunity to use Internet-based services so that they can reduce start-up costs, lower capital expenditures, use services on a pay-as-you-use basis, access applications only as needed, and quickly reduce or increase capacities. As the march of cloud computing continues, it brings both new opportunities and new security issues. This paper introduces a holistic security management framework based on aligning policies relating to standards of IT governance and security management to fit with the cloud computing model. Further, some practical controls are discussed in detail, enabling cloud service providers and consumers to be security certified.
展开▼