Loading...
Paper Type
Complete
Abstract
Identity and access management is an essential component to addressing security issues in cloud. Nowadays, private organizations and government agencies at any level spend billions of dollars in an effort to protect user’ identity and digital access while complying with legislation that mandates the implementation of security measures. This paper intends to illuminate and discusses in more detail three legislative acts: ENISA, CSA and NIST. These guidelines address the significant business and technical decisions that need to be considered by an organization seeking to implement Security as a Service, or an organization that is looking for guidance on how to assess an IAM offering. The current paper provides a brief description of all three legislative acts, a high-level comparison of suggested and/or mandated guidelines (highlighting gaps and overlaps) and suggests a possible threshold model that may incorporate security settings that satisfy requirements of all three legislative acts.
Recommended Citation
Ghazizadeh, Eghbal; Deylami, Hanif; Shahzad, Abid; and Cusack, Brian, "Cloud Surfing: A General Comparison of Cloud Identity Guidelines" (2020). AMCIS 2020 Proceedings. 6.
https://aisel.aisnet.org/amcis2020/info_security_privacy/info_security_privacy/6
Cloud Surfing: A General Comparison of Cloud Identity Guidelines
Identity and access management is an essential component to addressing security issues in cloud. Nowadays, private organizations and government agencies at any level spend billions of dollars in an effort to protect user’ identity and digital access while complying with legislation that mandates the implementation of security measures. This paper intends to illuminate and discusses in more detail three legislative acts: ENISA, CSA and NIST. These guidelines address the significant business and technical decisions that need to be considered by an organization seeking to implement Security as a Service, or an organization that is looking for guidance on how to assess an IAM offering. The current paper provides a brief description of all three legislative acts, a high-level comparison of suggested and/or mandated guidelines (highlighting gaps and overlaps) and suggests a possible threshold model that may incorporate security settings that satisfy requirements of all three legislative acts.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.