How Do You Secure an Environment Without a Perimeter? Using Emerging Technology Processes to Support Information Security Efforts in an Agile Data Center

Cloud computing has transformed businesses, enabling agile and cost-effective IT infrastructure. The critical problem is that these new opportunities resulted in a co-mingled architecture which is difficult to secure. Based on interviews with boards of directors and executive leadership teams facing these new environments, our research question was: How do we secure increasingly dynamic architecture in an environment without a perimeter? The research involved an in-depth exploration of this problem using a survey instrument and interviews with 204 executives from 80 companies throughout 2014. From this work we developed an information security framework for executives in this new environment.

[1]  S. O. Kuyoro,et al.  Cloud computing security issues and challenges , 2011 .

[2]  Qiaoyan Wen,et al.  SaaS Access Control Research Based on UCON , 2012, 2012 Fourth International Conference on Digital Home.

[3]  K. Arun,et al.  To improve the current security model and efficiency in cloud computing using access control matrix , 2012, 2012 Third International Conference on Computing, Communication and Networking Technologies (ICCCNT'12).

[4]  Olga Levina,et al.  Enforcing confidentiality in a SaaS cloud environment , 2011, 2011 19thTelecommunications Forum (TELFOR) Proceedings of Papers.

[5]  Wee Keong Ng,et al.  Towards security in sharing data on cloud-based social networks , 2011, 2011 8th International Conference on Information, Communications & Signal Processing.

[6]  Jemal H. Abawajy,et al.  Detecting and Mitigating HX-DoS Attacks against Cloud Web Services , 2012, 2012 15th International Conference on Network-Based Information Systems.

[7]  Martin Gilje Jaatun,et al.  Monitoring Intrusions and Security Breaches in Highly Distributed Cloud Environments , 2011, 2011 IEEE Third International Conference on Cloud Computing Technology and Science.

[8]  M Hasan Islam,et al.  Cloud computing security auditing , 2011, The 2nd International Conference on Next Generation Information Technology.

[9]  Gihwan Cho,et al.  A Secure Service Framework for Handling Security Critical Data on the Public Cloud , 2011, ICITCS.

[10]  Wanlei Zhou,et al.  Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks , 2011, J. Netw. Comput. Appl..

[11]  Akihiko Matsuo,et al.  SaaS Application Framework Using Information Gateway Enabling Cloud Service with Data Confidentiality , 2012, 2012 19th Asia-Pacific Software Engineering Conference.

[12]  P. M. Hoener Cloud Computing Security Requirements and Solutions: a Systematic Literature Review , 2013 .

[13]  Shu Ching Wang,et al.  Security of Cloud Computing Lightweight Authentication Protocol , 2013 .

[14]  Javier González,et al.  A Performance-Oriented Monitoring System for Security Properties in Cloud Computing Applications , 2012, Comput. J..

[15]  A. Strauss,et al.  Basics of qualitative research: Grounded theory procedures and techniques. , 1993 .

[16]  Feng Xie,et al.  A Framework for Storage Security in Cloud Computing , 2013 .

[17]  R. Prasad,et al.  A cloud computing security schemes:- TGOS [Threshold group-oriented signature] and TMS [Threshold multisignature schemes] , 2012, 2012 World Congress on Information and Communication Technologies.

[18]  Christine Nadel,et al.  Case Study Research Design And Methods , 2016 .