A Decision Framework Model for Migration into Cloud: Business, Application, Security and Privacy Perspectives

Cloud computing offers a different, affordable approach for supporting the IT needs of organisations. However, despite the unprecedented benefits cloud migration may bring, there are numerous difficulties involved in moving business critical applications, legacy systems or corporate data into the cloud. It is necessary to consider a broad view over all business areas, and taking into account the technical and business minutiae of a full scale cloud migration, as well as the wider concerns of security, privacy and other business and technical risks. A detailed understanding of all these areas is required in order to make the correct decisions concerning cloud migration. This paper aims to take a broad view of the issues relating to migration. We propose a process model to identify risks and requirements, as well as to provide control assurance during the migration decision. We also define an outline migration strategy by focusing on the context of the organisation

A Framework for Security Transparency in Cloud Computing

Individuals and corporate users are persistently considering cloud adoption due to its significant benefits compared to traditional computing environments. The data and applications in the cloud are stored in an environment that is separated, managed and maintained externally to the organisation. Therefore, it is essential for cloud providers to demonstrate and implement adequate security practices to protect the data and processes put under their stewardship. Security transparency in the cloud is likely to become the core theme that underpins the systematic disclosure of security designs and practices that enhance customer confidence in using cloud service and deployment models. In this paper, we present a framework that enables a detailed analysis of security transparency for cloud based systems. In particular, we consider security transparency from three different levels of abstraction, i.e., conceptual, organisation and technical levels, and identify the relevant concepts within these levels. This allows us to provide an elaboration of the essential concepts at the core of transparency and analyse the means for implementing them from a technical perspective. Finally, an example from a real world migration context is given to provide a solid discussion on the applicability of the proposed framework

Migration goals and risk management in cloud computing: A review of state of the art and survey results on practitioners

Organizations are now seriously considering adopting cloud into the existing business context, but migrating data, application and services into cloud doesn’t come without substantial risks. These risks are the significant barriers for the wider cloud adoption. Cloud computing has obtained a lot of attention by both research and industry communities in recent years. There are works that consolidate the existing work on cloud migration and technology. However, there is no secondary study that consolidates the state of the art research and existing practice on risk management in cloud computing. It makes difficult to understand the risks management trend, maturity, and research gaps. This paper investigates the state of the art research and practices relating to risk management in cloud computing and discusses survey results on migration goals and risks. The survey participants are practitioners from both public and private organizations of two different locations, i.e., UK and Malaysia. We identify and classify the relevant literature and systematically compare the existing works and survey results. The results show that most of the existing works do not consider the existing organization and business context for the risk assessment only emphasize on security and privacy risks. Our study results also reveal that risk management in cloud computing research and practice is still not in a mature stage but gradually advancing. Our observation emphasizes the necessity of a comprehensive risk management framework to support the migration decision and to monitor the risks after migration. Finally, we propose a risk assessment approach based on the six prioritized cloud migration goals using analytic hierarchy process and determine the relative importance of these migration goals from two real migration use cases

Governance, Risk & Compliance (GRC) Status Quo and Software Use: Results from A Survey Among Large Enterprises

The focus on governance, risk and compliance (GRC) is steadily increasing as companies are facing increased risk and a growing number of legal, regulatory and other compliance requirements. Enterprises start to emphasise the integration and automation of GRC activities in order to efficiently manage them. This research evaluates how integrated GRC and GRC software are perceived and applied in large enterprises. Through a survey among large enterprises several key findings are derived. Even though integrated GRC is deemed useful and integration efforts are ongoing, many companies are unsure about the importance of an integrated approach. Half of organisations have deployed integrated GRC software that helps leverage the benefits of GRC. Solutions developed in-house are more often used than standard solutions. Participants are unsatisfied with their current reporting solutions. The authors recommend actions for research to follow up on each of the findings

A Risk Management Framework for Cloud Migration Decision Support

Managing risks is of paramount importance for enabling a widespread adoption of cloud computing. Users need to understand the risks associated with the process of migrating applications and data, so that appropriate mechanisms can be taken into consideration. However, risk management in cloud computing differs from risk management in a traditional computing environment due to the unique characteristics of the cloud and the users’ dependency on the cloud service provider for risk control. This paper presents a risk management framework to support users with cloud migration decisions. In particular, the framework enables users to identify risks, based on the relative importance of the migration goals and analyzed the risks with a semi-quantitative approach. This allows users to make accurate cloud migration decisions, based on specific migration scenarios. Our framework follows basic risk management principles and proposes a novel and structured process and a well-defined method for managing risks and making migration decisions. A practical migration use case about collaborative application such as e-mail and document migration is considered to demonstrate the applicability of our work. The results from the studied context show that risks in cloud computing mainly depend on the specific migration scenario and organization context. A cloud service provider is not alone responsible for mitigating all the risks; hence, depending on the type of risk, the cloud user is also responsible for risk mitigation

User-Perceived Privacy in Blockchain

This paper studies users’ privacy perceptions of UTXO-based blockchains such as Bitcoin. In particular, it elaborates -- based on interviews and questionnaires -- on a mental model of employing privacy-preserving techniques for blockchain transactions. Furthermore, it evaluates users\u27 awareness of blockchain privacy issues and examines their preferences towards existing privacy-enhancing solutions, i.e., add-on techniques to Bitcoin versus built-in techniques in privacy coins. Using Bitcoin as an example, we shed light on existing discrepancies between users\u27 privacy perceptions and preferences as well as current implementations