Secure migration to compliant cloud services: A case study

Abstract Adoption of cloud computing technology in the financial sector is increasing to improve the efficiency of payment transactions, risk management, and business processes. This is occurring more rapidly in developed countries such as USA, Canada, and the UK while cloud implementation in less developed countries such as Saudi Arabia is still emerging. Implementation of cloud technologies in the financial sector requires diligent decisions such as selecting the most suitable secure cloud deployment model, service level agreement, and cloud vendor. In this paper, cloud migration using an information security, privacy, and compliance (ISPC) readiness model is presented. Several types of cloud services are available, therefore evaluating migration readiness and selecting an appropriate vendor is critical, as this will have an impact on the requirements of stakeholders such as local banks. Cloud migration decisions are obtained by analyzing ISPC requirements considering the strategic initiatives of the organization. A case study involving the Saudi Arabian central bank is presented to demonstrate the implementation of the ISPC readiness model.

[1]  T. Aaron Gulliver,et al.  SecSLA: A Proactive and Secure Service Level Agreement Framework for Cloud Services , 2014, CloudCom 2014.

[2]  Mathieu Gorge Data protection: why are organisations still missing the point? , 2008 .

[3]  Paul Pocatilu,et al.  Measuring the efficiency of cloud computing for e-learning systems , 2010 .

[4]  T. Aaron Gulliver,et al.  ISPC: An Information Security, Privacy, and Compliance Readiness Model for Cloud Computing Services , 2014 .

[5]  Henry E. Schaffer,et al.  Improving K-12 pedagogy via a Cloud designed for education , 2013, Int. J. Inf. Manag..

[6]  Hai Jin,et al.  Saudi cloud infrastructure: a security analysis , 2017, Science China Information Sciences.

[7]  T. Aaron Gulliver,et al.  Safeguarding the Cloud: An Effective Risk Management Framework for Cloud Computing Services , 2014 .

[8]  J. Zhan,et al.  Cloud Computing Security Case Studies and Research , 2013 .

[9]  Kashif Saleem,et al.  An empirical study on acceptance of secure healthcare service in Malaysia, Pakistan, and Saudi Arabia: a mobile cloud computing perspective , 2016, Annals of Telecommunications.

[10]  Yao Zheng,et al.  DDoS attack protection in the era of cloud computing and Software-Defined Networking , 2015, Comput. Networks.

[11]  Robert K. Yin,et al.  Applications of case study research , 1993 .

[12]  Ian Sommerville,et al.  Cloud Migration: A Case Study of Migrating an Enterprise IT System to IaaS , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[13]  Gary B. Wills,et al.  An exploratory study for investigating the critical success factors for cloud migration in the Saudi Arabian higher education context , 2017, Telematics Informatics.

[14]  N Ramachandran,et al.  Selecting a suitable Cloud Computing technology deployment model for an academic institute , 2014 .

[15]  Pamela Baxter,et al.  Qualitative Case Study Methodology: Study Design and Implementation for Novice Researchers , 2008 .

[16]  Haiyan Zhan,et al.  Applying cloud computing in financial service industry , 2010, 2010 International Conference on Intelligent Control and Information Processing.

[17]  Tharam S. Dillon,et al.  Cloud Computing: Issues and Challenges , 2010, 2010 24th IEEE International Conference on Advanced Information Networking and Applications.

[18]  Gary B. Wills,et al.  Investigating the security factors in cloud computing adoption: towards developing an integrated framework , 2016 .

[19]  Rajkumar Buyya,et al.  A note on resource orchestration for cloud computing , 2015, Concurr. Comput. Pract. Exp..

[20]  Mark John Taylor,et al.  E-Government Information Systems and Cloud Computing (Readiness and Analysis) , 2011, 2011 Developments in E-systems Engineering.

[21]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[22]  Ali Mili,et al.  Towards quantitative measures of Information Security: A Cloud Computing case study , 2012 .

[23]  T. Aaron Gulliver,et al.  SOCaaS: Security Operations Center as a Service for Cloud Computing Environments , 2014, CloudCom 2014.

[24]  Majed alsanea,et al.  Factors Affecting the Adoption of Cloud Computing in the Government Sector: A Case Study of Saudi Arabia , 2015 .

[25]  Frank H. Katz The effect of a university information security survey on instruction methods in information security , 2005, InfoSecCD '05.

[26]  George Sibiya,et al.  Digital forensic readiness in a cloud environment , 2013, 2013 Africon.

[27]  Ian Sommerville,et al.  The Cloud Adoption Toolkit: supporting cloud adoption decisions in the enterprise , 2010, Softw. Pract. Exp..

[28]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[29]  Shamim Hossain,et al.  Cloud Computing Terms, Definitions, and Taxonomy , 2013 .