An Integration of Service Compliance System for Cloud Providers

Abstract

A major barrier to the mainstream adoption of cloud computing in the workplace is security, specifically security compliance. Cloud providers are required to adhere to certain security compliance standards for several reasons, including trust, legislative restrictions, and commercial needs. To date, security professionals have created this compliance or auditing data by hand. This approach necessitates manual data collection and processing, which is costly and time-consuming. To verify and evaluate the level of compliance of various cloud providers, an automated compliance tool is necessary. Such technology can eventually save time and money by reducing the requirement for human participation through automatic compliance confirmation. Cloud providers will be able to exchange security compliance data in a standard manner with this method. Because of the shared architecture, customers can compare various cloud service providers based on their security needs. These goals guided the design of our architecture, which aims to provide an automated security compliance solution for cloud computing platforms. Four distinct approaches could be used to achieve this automation. For data retrieval from cloud systems, there are four different design patterns: vulnerability scanning, log analysis, API, and human entry. Finally, we developed a proof-of-concept prototype of this automated security compliance system using the Grafana monitoring tool. The results of this prototype implementation are shared with cloud users and linked to the OpenStack cloud platform, based on the Cloud Audit API architecture developed by the Cloud Security Alliance.