107 research outputs found
A Decision Framework Model for Migration into Cloud: Business, Application, Security and Privacy Perspectives
Cloud computing offers a different, affordable approach for supporting the IT needs of organisations. However, despite the unprecedented benefits cloud migration may bring, there are numerous difficulties involved in moving business critical applications, legacy systems or corporate data into the cloud. It is necessary to consider a broad view over all business areas, and taking into account the technical and business minutiae of a full scale cloud migration, as well as the wider concerns of security, privacy and other business and technical risks. A detailed understanding of all these areas is required in order to make the correct decisions concerning cloud migration. This paper aims to take a broad view of the issues relating to migration. We propose a process model to identify risks and requirements, as well as to provide control assurance during the migration decision. We also define an outline migration strategy by focusing on the context of the organisation
A Framework for Security Transparency in Cloud Computing
Individuals and corporate users are persistently considering cloud adoption due to its
significant benefits compared to traditional computing environments. The data and applications
in the cloud are stored in an environment that is separated, managed and maintained externally
to the organisation. Therefore, it is essential for cloud providers to demonstrate and implement
adequate security practices to protect the data and processes put under their stewardship. Security
transparency in the cloud is likely to become the core theme that underpins the systematic disclosure
of security designs and practices that enhance customer confidence in using cloud service and
deployment models. In this paper, we present a framework that enables a detailed analysis of
security transparency for cloud based systems. In particular, we consider security transparency from
three different levels of abstraction, i.e., conceptual, organisation and technical levels, and identify
the relevant concepts within these levels. This allows us to provide an elaboration of the essential
concepts at the core of transparency and analyse the means for implementing them from a technical
perspective. Finally, an example from a real world migration context is given to provide a solid
discussion on the applicability of the proposed framework
Migration goals and risk management in cloud computing: A review of state of the art and survey results on practitioners
Organizations are now seriously considering adopting cloud into the existing business context, but migrating
data, application and services into cloud doesn’t come without substantial risks. These risks are the significant
barriers for the wider cloud adoption. Cloud computing has obtained a lot of attention by both research and
industry communities in recent years. There are works that consolidate the existing work on cloud migration
and technology. However, there is no secondary study that consolidates the state of the art research and
existing practice on risk management in cloud computing. It makes difficult to understand the risks
management trend, maturity, and research gaps. This paper investigates the state of the art research and
practices relating to risk management in cloud computing and discusses survey results on migration goals and
risks. The survey participants are practitioners from both public and private organizations of two different
locations, i.e., UK and Malaysia. We identify and classify the relevant literature and systematically compare
the existing works and survey results. The results show that most of the existing works do not consider the
existing organization and business context for the risk assessment only emphasize on security and privacy
risks. Our study results also reveal that risk management in cloud computing research and practice is still not in
a mature stage but gradually advancing. Our observation emphasizes the necessity of a comprehensive risk
management framework to support the migration decision and to monitor the risks after migration. Finally,
we propose a risk assessment approach based on the six prioritized cloud migration goals using analytic
hierarchy process and determine the relative importance of these migration goals from two real migration use
cases
Governance, Risk & Compliance (GRC) Status Quo and Software Use: Results from A Survey Among Large Enterprises
The focus on governance, risk and compliance (GRC) is steadily increasing as companies are facing increased risk and a growing number of legal, regulatory and other compliance requirements. Enterprises start to emphasise the integration and automation of GRC activities in order to efficiently manage them. This research evaluates how integrated GRC and GRC software are perceived and applied in large enterprises. Through a survey among large enterprises several key findings are derived. Even though integrated GRC is deemed useful and integration efforts are ongoing, many companies are unsure about the importance of an integrated approach. Half of organisations have deployed integrated GRC software that helps leverage the benefits of GRC. Solutions developed in-house are more often used than standard solutions. Participants are unsatisfied with their current reporting solutions. The authors recommend actions for research to follow up on each of the findings
A Risk Management Framework for Cloud Migration Decision Support
Managing risks is of paramount importance for enabling a widespread adoption of
cloud computing. Users need to understand the risks associated with the process of migrating
applications and data, so that appropriate mechanisms can be taken into consideration. However,
risk management in cloud computing differs from risk management in a traditional computing
environment due to the unique characteristics of the cloud and the users’ dependency on the cloud
service provider for risk control. This paper presents a risk management framework to support users
with cloud migration decisions. In particular, the framework enables users to identify risks, based
on the relative importance of the migration goals and analyzed the risks with a semi-quantitative
approach. This allows users to make accurate cloud migration decisions, based on specific migration
scenarios. Our framework follows basic risk management principles and proposes a novel and
structured process and a well-defined method for managing risks and making migration decisions.
A practical migration use case about collaborative application such as e-mail and document migration
is considered to demonstrate the applicability of our work. The results from the studied context show
that risks in cloud computing mainly depend on the specific migration scenario and organization
context. A cloud service provider is not alone responsible for mitigating all the risks; hence, depending
on the type of risk, the cloud user is also responsible for risk mitigation
User-Perceived Privacy in Blockchain
This paper studies users’ privacy perceptions of UTXO-based blockchains such as Bitcoin.
In particular, it elaborates -- based on interviews and questionnaires -- on a mental model of employing privacy-preserving techniques for blockchain transactions. Furthermore, it evaluates users\u27 awareness of blockchain privacy issues and examines their preferences towards existing privacy-enhancing solutions, i.e., add-on techniques to Bitcoin versus built-in techniques in privacy coins. Using Bitcoin as an example, we shed light on existing discrepancies between users\u27 privacy perceptions and preferences as well as current implementations
- …