A Comparative Review of Cloud Security Proposals with ISO/IEC 27002

Information Security is considered one of the main reasons why users are reluctant to adopt the new generation of services offered by cloud computing providers. In order to minimize risks, some security proposals have been developed, with the purpose of facing a wide range of security concerns. This paper reviews these existing approaches and defines a security comparative framework, based on ISO/IEC 27002, suitable for the cloud environment. The analysis process of these alternatives shows a partial compliance with the defined requirements as each one is focused on different issues. As a consequence, more investigation is needed to achieve a comprehensive cloud security framework. The results of this paper highlight the gaps and weaknesses of each proposal, so that directions are settled for future work.