Cloud-Computing in Banking Influential Factors, Benefits and Risks from a Decision Maker\u27s Perspective

In 2008 Gartner Group listed Cloud-Computing (CC) in its Hype-Cycle (Gartner, 2008). Since these days, enterprises in different industries discuss the utilization of cloud-computing for their own benefit. The banking industry traditionally is heavily dependent on information technology. Therefore, it can be assumed that cloud-computing could be of particular interesting for banks. This paper investigates the use of cloud-computing in German banks and the associated benefits and risks as senior management perceives them. Grounded in the TOE-Framework ten expert interviews with senior decision makers German banks have been conducted to evaluate the decision criteria pro and con cloud computing. Several factors influencing the cloud-computing decision have been detected, amongst them the technology supporting infrastructure, government regulations and security and compliance requirements. Furthermore the financial benefits came up as the most important perceived benefit and government regulation (esp. privacy/security regulations) are the most important risks perceived by senior management

Cloud Security Risk Management: A Critical Review

Cloud computing has created a remarkable paradigm shift in the IT industry and brought several advantages such as on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. These advantages enabled cloud to have significant impact on different sectors of smart cites. However, cloud adoption has increased the sophistication of the ever changing security risks which frustrate enterprises on expanding their on-premises infrastructure towards cloud horizons. These risks have the potential of being a major concern for smart cities due to the increasing impact of cloud on them. Managing these security risks requires adopting effective risk management method which involve both the cloud service provider and the customer. The risk management frameworks currently applied to manage enterprise IT risks do not readily fit the cloud environment and the dynamic nature of clouds, which are characterized by on demand self-service and rapid elasticity. Therefore, researchers have proposed different cloud security risk management methods and frameworks. This paper critically reviews these risk management methods and frameworks. In addition, it conducts critical analysis on two of them using qualitative content analysis technique, and evaluates their effectiveness for assessing and mitigating cloud security risks

Risk Management Considerations in Cloud Computing Adoption

Information and Communication Technology (ICT) plays a pivotal role in enabling organizational capability and productivity, and in initiating and facilitating innovation across all industry sectors. In recent years, cloud computing has emerged as a growing trend because it serves as an enabler of scalable, flexible and powerful computing. Consequently, each year significant global investment is made in migrating to the cloud environment. However, despite its growing popularity, several risks and security concerns surround the cloud computing model. Therefore, understanding an organization’s readiness and ability to mitigate associated risks is critical prior to embarking on the cloud computing journey. One approach to determining an organization’s ability to effectively migrate to the cloud is to determine the current maturity of both its cloud computing capabilities and its risk management capabilities. As such, the Cloud Computing tool and the Risk Management (RM) Critical Capability of the IT Capability Maturity Framework (IT-CMF) are proposed as effective maturity assessment instruments to enable organizations to establish future roadmaps that will improve their maturity with respect to their cloud computing readiness. Increasing the level of maturity improves organizational practices surrounding the identification and mitigation of risks/threats that pertain to the cloud environment

Review on Data Security in Cloud Computing

Cloud Computing is a set of Information Technology Services, like network, software system, storage, hardware, software, and resources and these services are provided to a customer over a internet. These services of Cloud Computing are delivered by third party provider who owns the infrastructure. This technology has a major potential to bring the numerous benefits, however, it faces the risks in terms of unintended economic and security impacts. Cloud computing technology offers a great potential to improve the civil military, interoperability, information sharing and infrastructure resilience. The great benefits offered by the cloud computing technology, data security concerns about their availability, confidentiality, integrity and loss of governance have a great influence on risk management decision process. The paper assesses how security and privacy issues transpire in the context of cloud computing and examines ways in which they might be addressed. This paper aims to solve privacy and security in cloud computing. The methodology used involves encrypting and decrypting data to ensure privacy and security in the cloud

SECURING THE DATA STORAGE AND PROCESSING IN CLOUD COMPUTING ENVIRONMENT

Organizations increasingly utilize cloud computing architectures to reduce costs and en- ergy consumption both in the data warehouse and on mobile devices by better utilizing the computing resources available. However, the security and privacy issues with publicly available cloud computing infrastructures have not been studied to a sufficient depth for or- ganizations and individuals to be fully informed of the risks; neither are private nor public clouds prepared to properly secure their connections as middle-men between mobile de- vices which use encryption and external data providers which neglect to encrypt their data. Furthermore, cloud computing providers are not well informed of the risks associated with policy and techniques they could implement to mitigate those risks. In this dissertation, we present a new layered understanding of public cloud comput- ing. On the high level, we concentrate on the overall architecture and how information is processed and transmitted. The key idea is to secure information from outside attack and monitoring. We use techniques such as separating virtual machine roles, re-spawning virtual machines in high succession, and cryptography-based access control to achieve a high-level assurance of public cloud computing security and privacy. On the low level, we explore security and privacy issues on the memory management level. We present a mechanism for the prevention of automatic virtual machine memory guessing attacks

Cloud Computing Security Issues - Challenges and Opportunities

Cloud computing services enabled through information communication technology delivered to a customer as services over the Internet on a leased basis have the capability to extend up or down their service requirements or needs. In this model, the infrastructure is owned by a third party vendor and the cloud computing services are delivered to the requested customers. Cloud computing model has many advantages including scalability, flexibility, elasticity, efficiency, and supports outsourcing non-core activities of an organization. Cloud computing offers an innovative business concept for organizations to adopt IT enabled services without advance investment. This model enables convenient, on-request network accessibility to a shared pool of IT computing resources like networks, servers, storage, applications, and services. Cloud computing can be quickly provisioned and released with negligible management exertion or service provider interaction. Even though organizations get many benefits of cloud computing services, many organizations are slow in accepting cloud computing service model because of security concerns and challenges associated with management of this technology. Security, being the major issues which hinder the growth of cloud computing service model due to the provision of handling confidential data by the third party is risky such that the consumers need to be more attentive in understanding the risks of data breaches in this new environment. In this paper, we have discussed the security issues, the challenges and the opportunities in the adoption and management of cloud computing services model in an organization

A Survey on Secure Storage Services in Cloud Computing

Cloud computing is an emerging technology and it is purely based on internet and its environment It provides different services to users such as Software-as-a-Service SaaS PaaS IaaS Storage-as-a-service SaaS Using Storage-as-a-Service users and organizations can store their data remotely which poses new security risks towards the correctness of data in cloud In order to achieve secure cloud storage there exists different techniques such as flexible distributed storage integrity auditing mechanism distributed erasure-coded data Merkle Hash Tree MHT construction etc These techniques support secure and efficient dynamic data storage in the cloud This paper also deals with architectures for security and privacy management in the cloud storage environmen

Customer Relationship Management in a Public Cloud environment – Key influencing factors for European enterprises

Customer Relationship Management is crucial influencing factor for competitiveness in saturated markets. Public cloud-computing services for customer-relationship management provide many benefits. However, their usage in Europe is reluctant. Our research identifies several core and sub-influence factors and reveals how strong they are. Enterprises strive for covering risks in terms of safety and security. Further important influencing factors are functional completeness and integration into the existing environment. Our research provides new knowledge of the use of public cloud services in general and in particular for the use of customer relationship in a public cloud environment

Potential Risks of Cloud Computing in Financial Institutions in Tanzania: Perspectives from CRDB Bank Plc

The adoption of cloud computing introduces a range of potential risks that financial institutions must navigate with prudence. Cloud service providers are entrusted with valuable customer information, and any compromise could have severe consequences, including financial losses and reputational damage. The main objective of this research was to assess the potential risks of cloud computing in financial institutions in Tanzania. This is done in the context of CRDB bank. The research employed a mixed methods approach, incorporating both quantitative and qualitative data collection methods. The data was acquired through questionnaires, specifically targeting the employee population of CRB bank. The data underwent quantitative analysis. The research sampled population is 201 respondents from ICT, legal and procurement departments at the financial institution. Cloud computing poses hazards that financial organizations must carefully manage. Security of sensitive financial data comes first. Any compromise of cloud service providers' client data could result in financial losses and reputational damage. Data privacy risks occur as legislative contexts change. Cross-border cloud services can challenge data sovereignty and local legislation. Another crucial factor is operational continuity. Financial institutions depend on uninterrupted service, putting them exposed to cloud service provider outages and technical issues. Maintaining financial services and client satisfaction are crucial. The regulatory compliance challenge is unique. Cloud computing requires vigilance in local and international legal systems. To retain financial ecosystem confidence, financial institutions must ensure their cloud-based solutions meet industry standards and laws. The study stressed the importance of a holistic strategy to cloud computing in financial institutions like CRDB Bank PLC. Cloud technology has many benefits, but stakeholders must be cautious and implement risk management and mitigation strategies. The conclusions of this study can help CRDB Bank PLC and other Tanzanian financial institutions make educated cloud technology implementation decisions. These decisions must prioritize financial system security, privacy, and resilience. The results also highlight the need for financial industry-regulatory cooperation to keep the regulatory framework up to date with technology.&nbsp

Fog-to-Cloud (F2C) Data Management for Smart Cities

Smart cities are the current technological solutions to handle the challenges and complexity of the growing urban density. Traditionally, smart city resources management rely on cloud based solutions where sensors data are collected to provide a centralized and rich set of open data. The advantages of cloudbased frameworks are their ubiquity, as well as an (almost) unlimited resources capacity. However, accessing data from the cloud implies large network traffic, high latencies usually not appropriate for real-time or critical solutions, as well as higher security risks. Alternatively, fog computing emerges as a promising technology to absorb these inconveniences. It proposes the use of devices at the edge to provide closer computing facilities and, therefore, reducing network traffic, reducing latencies drastically while improving security. We have defined a new framework for data management in the context of a smart city through a global fog to cloud resources management architecture. This model has the advantages of both, fog and cloud technologies, as it allows reduced latencies for critical applications while being able to use the high computing capabilities of cloud technology. In this paper, we present the data acquisition block of our framework and discuss the advantages. As a first experiment, we estimate the network traffic in this model during data collection and compare it with a traditional real systemPeer ReviewedPostprint (published version