An Adaptive Security Framework Delivered as a Service for Cloud Environment

Cloud computing is a flexible, cost effective and proven delivery platform for providing business or consumer IT services over the Internet. Despite of all the hype surrounding the cloud, enterprise customers are still reluctant to deploy their business in the cloud. This study proposes a security framework that provides security as a service for cloud applications. This framework provides security as a single-tier or multi-tier based on the application s demand. Moreover, these tiers are enabled to change dynamically making the entire security system less predictable. The behavior of this framework is designed to be customizable based on the application s importance and is localized. This design will help the cloud in adverse situations of threats because the threats will also be localized and will not pose a threat to the entire cloud. In a cloud where there are heterogeneous asset systems, a single security system would be too costly for certain applications and if there is less security then the vulnerability factor of some applications like financial and military applications will shoot up. This consideration is incorporated within the framework which enables security levels based on the importance of the assets of the services provided by the cloud and their respective clients. The framework was tested and the results were positive.