Public Software as a Service a Business-Driven Guidance for Risk Control

Abstract: Because cloud computing adoption grows day-by-day, it is essential for theexecutives of a company to be able to rely on a risks management guidanceto fully grasp all the aspects concerning cloud computing security.The concerns of the industry, the security standards, the official guidelines,and the European laws about the security when using cloud serviceshave been analyzed. The risks, the measures, and the obligations have beengathered. This paper, with all these information collected, describes how torun a risk management for public SaaS security keeping a business-drivenmindset. While running the risk assessment, the management should look atthe impact a threat may have on company activities, image, and finances. Itwill decide on the measures that should be implemented by the administrationor the IT.Following this guidance should minimize the risk of using public SaaScloud computing and allowing a company to align its security goals with itsbusiness goals.