Security governance as a service on the cloud

Small companies need help to detect and to respond to increasing security related threats. This paper presents a cloud service that automates processes that make checks for such threats, implement mitigating procedures, and generally instructs client companies on the steps to take. For instance, a process that automates the search for leaked credentials on the Dark Web will, in the event of a leak, trigger processes that instruct the client on how to change passwords and perhaps a micro-learning process on credential management. The security governance service runs on the cloud as it needs to be managed by a security expert and because it should run on an infrastructure separated from clients. It also runs as a cloud service for economy of scale: the processes it runs can service many clients simultaneously, since many threats are common to all. We also examine how the service may be used to prove to independent auditors (e.g., cyber-insurance agents) that a company is taking the necessary steps to implement its security obligations

A Security Pattern for Cloud service certification

Cloud computing is interesting from the economic, operational and even energy consumption perspectives but it still raises concerns regarding the security, privacy, governance and compliance of the data and software services offered through it. However, the task of verifying security properties in services running on cloud is not trivial. We notice the provision and security of a cloud service is sensitive. Because of the potential interference between the features and behavior of all the inter-dependent services in all layers of the cloud stack (as well as dynamic changes in them). Besides current cloud models do not include support for trust-focused communication between layers. We present a mechanism to implement cloud service certification process based on the usage of Trusted Computing technology, by means of its Trusted Computing Platform (TPM) implementation of its architecture. Among many security security features it is a tamper proof resistance built in device and provides a root of trust to affix our certification mechanism. We present as a security pattern the approach for service certification based on the use TPM.Universidad de Málaga. Campus de Excelencia Internacional Andalucía Tec

A JSON Token-Based Authentication and Access Management Schema for Cloud SaaS Applications

Cloud computing is significantly reshaping the computing industry built around core concepts such as virtualization, processing power, connectivity and elasticity to store and share IT resources via a broad network. It has emerged as the key technology that unleashes the potency of Big Data, Internet of Things, Mobile and Web Applications, and other related technologies, but it also comes with its challenges - such as governance, security, and privacy. This paper is focused on the security and privacy challenges of cloud computing with specific reference to user authentication and access management for cloud SaaS applications. The suggested model uses a framework that harnesses the stateless and secure nature of JWT for client authentication and session management. Furthermore, authorized access to protected cloud SaaS resources have been efficiently managed. Accordingly, a Policy Match Gate (PMG) component and a Policy Activity Monitor (PAM) component have been introduced. In addition, other subcomponents such as a Policy Validation Unit (PVU) and a Policy Proxy DB (PPDB) have also been established for optimized service delivery. A theoretical analysis of the proposed model portrays a system that is secure, lightweight and highly scalable for improved cloud resource security and management.Comment: 6 Page

Cloud Sourcing – Next Generation Outsourcing?

Although Cloud Sourcing has been around for some time it could be questioned what actually is known about it. This paper presents a literature review on the specific question if Cloud Sourcing could be seen as the next generation of outsourcing. The reason for doing this is that from an initial sourcing study we found that the sourcing decisions seems to go in the direction of outsourcing as a service which could be described as Cloud Sourcing. Whereas some are convinced that Cloud Sourcing reduces cost and complexity in advantage for increased labor productivity, others maintain that the negotiation with the cloud provider is crucial to ensure data privacy, security regulations, compliance, standards, tolerance for risk, governance and service level agreements. The purpose of this paper is to investigate whether the debate on Cloud Sourcing in the top IS conferences and AIS basket of 8 journals goes in the direction of Cloud Sourcing being the future of sourcing as practice predicts, and to identify the space for the development of this research. An introductory literature review showed that there is not much written about Cloud Sourcing as an alternative for outsourcing albeit it seems to have a great potential

Investigating the Impacts of Cloud Computing on Firm Profitability

The advent of cloud computing has been a technical revolution that transformed how organizations access, store, and process information. This research proposes that cloud deployment can have a significant impact on profitability in multiple ways. We argued that one of the most significant ways is by reducing costs by eliminating the need for businesses to invest in and maintain their own IT infrastructure, making it easier for businesses to scale their resources up or down as needed, improving agility, and providing advanced security features and tools. Additionally, cloud deployment can increase profitability through increased scalability, improved collaboration, access to new technologies such as machine learning and big data, and improved customer experience by providing faster and more reliable service. By implementing cloud deployment, businesses can also increase revenue and improve overall operational efficiency and productivity. Using the datasets of 115 firms, this research investigated the impact of various cloud-use matrices on firm profitability. The results indicate that the gross profit margins of firms are increased when services delivered via the cloud, cloud spending, best cloud governance, and the number of cloud-based applications are increased in a more concentrated market with less competition. To increase the positive impact of cloud computing on a business organization, it is important to develop a clear and comprehensive cloud strategy, establish robust security and compliance policies, invest in the necessary resources and expertise for successful cloud migration, and continuously monitor and measure the performance and effectiveness of the cloud solutions. This will help organizations make informed decisions, align their cloud investments with their overall business goals and objectives, mitigate security and compliance risks, ensure a successful cloud migration, and continuously optimize their cloud solutions for maximum value. By taking this holistic approach, businesses can ensure that they get the most value out of their cloud investments and achieve optimal results

Adoption of Cloud Computing in India

The researcher looks at adoption and applicability of cloud computing to e-governance in India. Data has been gathered via structured questionnaire from stakeholders of various businesses - public & private sector of India, including Indian IT companies that offer cloud computing solutions to clients. The study takes a balanced and unbiased view of cloud computing with focus on India, to figure out the key factors that lead to its adoption using factor analysis and whether these factors could be the drivers for its adoption in e-governance. Cloud computing has picked up in developed markets and is starting to pick up in India. For enterprises, SMB, Government, NGO & individuals - it reduces initial investments, results in cost savings, gives flexibility, scalability, service on demand, device independency and anytime accessibility and reduces key data loss in the event of hardware crash, loss or theft. However, it has issues like confidentiality, information security, legal & regulatory challenges and malicious attacks as data gets stored in a distributive internet cloud, generally beyond any nation\\\'s geography. The intended target audience for this research are Union & State Governments, Large Municipal Corporations, National Federation of Urban cooperative and credit bank societies Ltd

A Phase Approach for Adopting Private Clouds as a Collaborative Platform for Nigerian Universities

Cloud computing is creating a new era for information technology by providing a set of services that appears to have infinite capacity, immediate deployment and high availability at trivial cost. It is the result of the evolution of computing and communications technology from a high-value asset to a simple commodity. In this evolution, the focus shifts from the concept of computing as a physical thing to computing as a service, like electricity, that is accessible from the nearest network connection. An organization, which is under increasing pressure to provide computing services at the lowest possible cost, can choose either public or private clouds to meet these needs. However, driven by concerns over security, regulatory compliance, control over quality of service, and long-term costs, many organizations choose internal private clouds. Private clouds provide the same cost and flexibility benefits as public clouds and also enable an organization to control the quality of service delivered to their users. In addition, private clouds allow an organization to better secure data and meet governance regulations which is usually a major concern when using public clouds. Many universities spend huge amount of money yearly on ICT infrastructure.  About ninety percent of ICTs budgets are consumed by computing requirements that can be centralized and standardized enabling one to do more with less resource. This paper tries to make a ca se for the private cloud as a better platform for collaboration among the Nigerian universities and to propose a safe strategy for migration into the private cloud. Keywords: Cloud Computing, Private Cloud, Public Cloud, Cloud Service Models, Cloud Characteristic

Cloud Computing Tipping Point Model

Recently a continuing trend toward ITindustrialization has grown in popularity. IT services deliveredvia hardware, software and people are becoming repeatableand usable by a wide range of customers and service providers.This is due, in part, to the commoditization and standardizationof technologies, virtualization and the rise of service-orientedsoftware architectures, and (most importantly) the dramaticgrowth in popularity/use of the Internet and the Web. Takentogether, they constitute the basis of a discontinuity that amountsto a new opportunity to shape the relationship between those whouse IT services and those who sell them. The discontinuity impliesthat the ability to deliver specialised services in IT can be pairedwith the ability to deliver those services in an industrialised andpervasive way. The reality of this implication is that users of ITrelatedservices can focus on what the services provide them, ratherthan how the services are implemented or hosted. Analogous tohow utility companies sell power to subscribers, and telephonecompanies sell voice and data services, some IT services suchas network security management, data centre hosting or evendepartmental billing can now be easily delivered as a contractualservice. This notion of cloud computing capability is gatheringmomentum rapidly. However, the governance and enterprisearchitecture to obtain repeatable, scalable and secure businessoutcomes from cloud computing is still greatly undefined.This paper attempts to evaluate the enterprise architecturefeatures of cloud computing and investigates a model that an ITorganisation can leverage to predict / evaluate the ‘tipping point’where an organisation can make an objective decision to investin cloud computing. Current research results are attempting tobuild a quantitative and qualitative service centric frameworkby mapping cloud computing features with ValIT and COBITindustry best practices