Survey on Cloud Computing Security Risk Assessment
Ishraga Mohamed Ahmed Khogali1, Hany Ammar2
1 College of Graduate Studies, Sudan University of Science and Technology, SUDAN
2Lane Computer Science and Electrical Engineering Dept., West Virginia University, USA
Cloud computing is a new computing technology which has attracted much attention. Unfortunately, it is a risk prone technology since users are sharing remote computing resources, data is held remotely, and clients lack of control over data. Therefore, assessing security risk of cloud is important to establish trust and to increase the level of confidence of cloud service consumers and provide cost effective and reliable service and infrastructure of cloud providers. This paper provides a survey on the state of the art research on risk assessment in the cloud environment.
Keywords — cloud computing security, risk assessment, impact, and likelihood
Cloud computing is a new technology that provide real promise to business with real advantages in term of cost and computational power. However, it’s important to consider security and data protection when it comes to widespread cloud adoption  because cloud computing raises severe security concerns that existing in traditional system as well as issues that appear to be specific to that domain because cloud computing platform have dynamic nature and new technologies such as virtualization. Therefore, there are both new risks to be determined and old risks to be re-evaluated and mitigated  since that risk assessments provide significant value in increasing trust and thus appear particularly beneficial to the adoption of cloud computing . Therefore, the traditional assessments developed for conventional IT environments do not readily fit the dynamic nature of clouds. Hence, the introduction of cloud specific security assessment methodology has significant importance and scope.
Although, several studies have been conducted to improve traditional security assessment techniques and present new paradigms for analyzing and evaluating security risks in cloud environment but security assessment in cloud is still challenging domain and a growing area of research .
In order to provides a survey on the state of the art on risk assessment in the cloud environment this paper organized as follows: Section 2 is a literature search process; Section 3 is a literature review, Section 4 open issues and section 5 a conclusion.
2. Literature Search Process
The strategy followed in this survey directed toward finding published papers in journals and conference proceedings via the widely accepted literature search engines and databases. For the search, we focused on selected keywords, based on the aimed scope. Then, we reviewed the abstracts and keywords of the collected papers in the cases where these two were insufficient, we also considered parts of the introduction, contribution and conclusion sections and further extended the collection with additional papers based on an analysis of the cited papers and the ones citing it (forward and backward citation search) .
One of the main threats to the validity of this literature review is the incompleteness. The risk of this threat highly depends on the limitations of the employed search engines. To decrease this risk we used multiple search engines .
3. Literature Review
In this review, we introduce in section 3.1 the related work, section 3.2. A classification of cloud-based security risk assessment methods and tools and section 3.3 discuss the open issues directions.
3.1 Related work
In  Amit Sangroya et al. (2010) present a risk analysis approach that can be primarily used by the perspective cloud users before putting their confidential data into a cloud in order to build a better trust mechanism between the cloud service provider and users. However, they define variables that can be used where there are some past statistics about the service provider . The most obvious finding to emerge from this study is that, there is a need of better trust management framework and there is a lack of structured analysis approaches that can be used for risk analysis in cloud computing environments. The approach suggested in  is a first step towards analyzing data security risks it is easily adaptable for automation of risk analysis.
Xuan Zhang et al. (2010) in  present information risk management framework that provide better understanding for critical areas of focus in cloud computing environment, to identifying a threat and identifying vulnerability. It is covering all of cloud service models and cloud deployment models. Cloud provider can be applied this framework to organizations to do risk mitigation . However, the risk assessment in this paper is not quantitative.
 J. Oriol Fitó, Mario Macías and Jordi Guitart, Toward Business-driven Risk Management for Cloud Computing, Barcelona Supercomputing Center and Technical University of Catalonia, 978-1-4244-8909-1/$26.00 _c 2010 IEEE.
 Fatimah M. Alturkistani, Ahmed Z. Emam, "A Review of Security Risk Assessment Methods in Cloud Computing", New Perspectives in Information Systems and Technologies, Volume 1 , Springer International Publishing, 2014.
 Burton S. Kaliski Jr. and Wayne Pauley “Toward Risk Assessment as a Service in Cloud Environments,” EMC Corporation, Hopkinton, MA, USA 2010.
 Aldeida Aleti, Barbora Buhnova, Lars Grunske, Anne Koziolek, and Indika Meedeniya,"Software Architecture Optimization Methods:A Systematic Literature Review", IEEE Transaction on Software Engineering.
 Amit Sangroya, Saurabh Kumar, Jaideep Dhok, Vasudeva Varma, "Towards Analyzing Data Security Risks in Cloud Computing Environments", International Conference on Information Systems, Technology, and Management (ICISTM 2010)
 Xuan Zhang, Nattapong Wuwong, Hao Li ,Xuejie Zhang,"Information Security Risk Management Framework for the Cloud Computing Environments",10th IEEE International Conference on Computer and Information Technology (CIT 2010), China.