CYBERSECURITY RISK ASSESSMENT FOR SELECTING A CLOUD SERVICE PROVIDER
DOI:
https://doi.org/10.28925/2663-4023.2025.27.773Keywords:
сloud technology, cloud computing, public cloud, сloud service provider selection, cybersecurity risk assessmentAbstract
This paper presents the development of a cybersecurity risk assessment module for selecting a cloud service provider, enabling organizations to make informed decisions based on all aspects of security. The module is designed as part of an integrated decision support system (DSS) and utilizes a detailed taxonomy of cloud services, covering various models and deployment options (IaaS, PaaS, SaaS, public, private, and hybrid clouds). The system performs security assessments based on collected vulnerability data, including information from the National Vulnerability Database (NVD) and other sources.
One of the key stages of the assessment is determining the risks associated with each service, which allows for the accurate identification of potential threats and the selection of a provider with the best security performance. The module evaluates various factors, including the frequency and severity of vulnerabilities, the likelihood of exploitation by attackers, and the speed of vulnerability remediation. The collected data is used to form a weighted risk assessment matrix that aids decision-making based on specific criteria.
The results of the study show that the developed module can significantly improve the cloud service provider selection process, particularly for large organizations with high data security requirements. Future research will focus on integrating this module into automated decision support systems, which will allow the selection process to be adapted to the rapidly changing conditions of cloud technologies and emerging threats.
Downloads
References
Luxner, T. (2024). Cloud computing trends: Flexera 2024 State of the Cloud Report. Flexera. https://www.flexera.com/blog/finops/cloud-computing-trends-flexera-2024-state-of-the-cloud-report/
Luxner, T. (2023). Cloud computing trends and statistics: Flexera 2023 State of the Cloud Report. Flexera. https://www.flexera.com/blog/finops/cloud-computing-trends-flexera-2023-state-of-the-cloud-report/
Khomchak, M. (2024). Enterprise private cloud platforms: A systematic review of key vendors. International Journal of Wireless and Microwave Technologies, 14(4), 1–14. https://doi.org/10.5815/ijwmt.2024.04.01
Mell, P., & Grance, T. (2011). The NIST definition of cloud computing. National Institute of Standards and Technology, 53(6), 50.
Al-Otaibi, S. Z. (2022). Data Security Challenges and Solutions in Cloud Computing: Critical Review. Communications in Mathematics and Applications, 13(2), 795.
Nassif, A. B., Talib, M. A., Nasir, Q., Albadani, H., & Dakalbab, F. M. (2021). Machine learning for cloud security: a systematic review. IEEE Access, 9, 20717–20735.
Süß, F., Freimuth, M., Aßmuth, A., Weir, G. R., & Duncan, B. (2024). Cloud security and security challenges revisited. arXiv preprint arXiv:2405.11350.
Vaka, P. R. (n.d.). Cloud Security: Challenges, Methodologies, And Future Directions.
Makulov, K., Chikrii, À., Lakhno, V., Yagaliyeva, B., Malyukov, V., Malyukova, I. N. N. A., & Lakhno, M. (2025). Cloud Platform Selection Model in the Framework of Differential Quality Game with Fuzzy Information. IEEE Access.
Cayirci, E., Garaga, A., Santana de Oliveira, A., & Roudier, Y. (2016). A risk assessment model for selecting cloud service providers. Journal of Cloud Computing, 5(1), 14.
Pape, S., Paci, F., Jürjens, J., & Massacci, F. (2020). Selecting a Secure Cloud Provider—An Empirical Study and Multi Criteria Approach. Information, 11(5), 261.
Da Silva, C. A., Ferreira, A. S., & de Geus, P. L. (2012). A methodology for management of cloud computing using security criteria. 2012 IEEE Latin America Conference on Cloud Computing and Communications (LatinCloud), 49–54. https://doi.org/10.1109/LatinCloud.2012.6508157
Khomchak, M. (2024). A Comprehensive Taxonomy of Modern Public Cloud Services for Infrastructure Selection. International Journal of Computing, 23(3), 468–475. https://doi.org/10.47839/ijc.23.3.3667
National vulnerability database (NVD). (2025). NIST. https://www.nist.gov/programs-projects/national-vulnerability-database-nvd
National vulnerability database (NVD). (2025). NIST. https://www.nist.gov/programs-projects/national-vulnerability-database-nvd
Vulnerability metrics: CVSS. National Vulnerability Database. (n.d.). National Institute of Standards and Technology. https://nvd.nist.gov/vuln-metrics/cvss
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Михайло Хомчак
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
