978-1-4244-9008-0/10/$26.00 ©2010 IEEE 138 Assessing the Risks and Opportunities of Cloud Computing – Defining Identity Management Systems and Maturity Models R.PalsonKennedy Research Scholar, A.P, RREC Anna University, Chennai-95, India palsonkemmedy@yahoo.co.in T.V.Gopal Dept of CSE CEG,Anna University, Chennai-25, India Abstract— Despite the potential that Cloud Computing has for revolutionizing every aspect of the software industry, there are significant shortcomings in the area of security and risk assessment and mitigation. The basic value proposition of Cloud Computing is that by leasing applications online, companies have the potential to significantly reduce their operating costs. What is not often pointed out however is the fact that identity management on Cloud Computing platforms is still in its nascent or very embryonic stages. Often identity management systems fail to fully protect all assets of a given Cloud Computing platform as role-based access has yet to be defined and implemented. Lacking is a protocol stack of Cloud Computing Identity Management and a maturity model to assist organizations in assessing their relative levels of risk. The intent of this analysis is to provide the frameworks for both the protocol stack and maturity model for Cloud Computing platforms. Keywords- Cloud computing,Risk,Security,IMS I. INTRODUCTION A. Assessing Cloud Computing The collection of technologies that comprise the Cloud Computing platforms being sold as services today have been in existence for decades as the basis of enterprise systems and platform deployments. Specifically including integration platforms including Enterprise Application Integration (EAI), networking platforms and products and servers, and strong reliance on TCP/IP, with the inclusion of data center virtualization algorithms to ensure their scalability, Cloud Computing platforms are an outgrowth of enterprise-wide networks that had been created in previous decades. Despite how time-tested these core components are, the relatively recent developments in Web-based application development have created security vulnerabilities at the application and also at the service provider level. Given how cloud providers must integrate disparate, often conflicting database together to create a multi-tenancy platform the tendency to cut corners and do AJAX-based scripting that exposes an entire application online has been known to occur. The underlying technologies are fundamentally sound yet the cloud providers in many cases are not taking all necessary Precautions in creating multi-tenancy and secured client locations on their servers. Often organizations contracting with cloud providers may be attracted to the very low prices offered for hosting yet have no idea of the risks and potential security lapses that could result due to the providers’ unwillingness to invest in adequate Web-based security. Studies indicate the plummeting prices of Cloud storage and application hosting are partially driven by the cost reductions made possible by cutting corners on security. To have an appreciation of the trade-offs being made from a security standpoint, it is imperative to understand the levels or fundamental structure of Cloud Computing. Fig. 1 presents the structure with Infrastructure-as-a-Service (IaaS) at the bottom of the protocol stack, as this is the foundation on which Cloud-based platforms are built. IaaS is comprised of those technologies which have the greatest number of years in use and as a result many of them have advanced security and encryption algorithms associated with them. Servers, networking, data centers and storage including storage area networks (SANs) have advanced authentication and verification technologies associated with them, many in single-instance installation. Figure 1: Fundamental Structure of Cloud Computing