New governance framework to secure cloud computing

Cloud computing is enabling proper, on-demand network access to a shared pool of computing resources that is elastic in reserve and release with minimal interaction from cloud service provider. As cloud gains maturity, cloud service providers are becoming more competitive, which increase the percentage of cloud adoption. But security remains the most cited challenge in Cloud. So, while we are progressing in cloud adoption, we have to define key elements of our cloud strategy and governance. Governance is about applying policies relating to used services. Therefore, it has to include the techniques and policies that measure and control how we manage cloud. In this paper, we develop an innovative governance model. We changed and tuned the Guo, Z., Song, M. and Song, J governance model from theoretical model into practical model using Cloud Control Matrix (CCM). But, governance model alone will not allow us to bridge the gap between control requirements, technical issues and business risks. As a result, we introduce a new Cloud governance framework using the processes on the new Cloud governance model and controls in CCM. The Framework focuses on using business drivers to guide cloud governance activities while considering cloud risks as part of the organization’s risk management processes. © Springer International Publishing Switzerland 2015.