Date Added: May 2010
Security and privacy assessments are considered a best practice for evaluating a system or application for potential risks and exposures. Cloud computing introduces several characteristics that challenge the effectiveness of current assessment approaches. In particular, the on-demand, automated, multi-tenant nature of cloud computing is at odds with the static, human process-oriented nature of the systems for which typical assessments were designed. This paper describes these challenges and recommends addressing them by introducing risk assessment as a service.