MIT Internet Policy Research Initiative

Cloud Security Benchmarking Framework - The MIT-IBM CloudSec 16 - Daniel Lewke (2023)

This research proposes a novel cloud security benchmarking framework and scoring system to improve cyber risk management. Cyber risk management is challenging and has become even more difficult as organizations digitally transform their business and IT from on-premises environments to cloud infrastructure. Threats proliferate as organizations’ attack surfaces expand due to shadow IT, software supply chain security, outsourced networking, and virtualization. Existing cyber risk management frameworks and controls are too exhaustive or generic and provide no means for organizations to assess their cyber risk against their peers.

The MIT-IBM CloudSec 16 developed in this paper is a new security benchmarking framework and scoring system built specifically for cloud deployments in the financial service sector. When paired with MIT’s SCRAM secure computation platform, the MIT-IBM CloudSec 16 can provide an overview of cloud security in the financial service sector and enable organizations to and remediate areas of relative weakness.

Damien Lewke (Thesis)