An iterative mathematical decision model for cloud migration: A cost and security risk approach

This paper presents an iterative mathematical decision model for organizations to evaluate whether to invest in establishing information technology (IT) infrastructure on‐premises or outsourcing IT services on a multicloud environment. This is because a single cloud cannot cover all types of users’ functional/nonfunctional requirements, in addition to several drawbacks such as resource limitation, vendor lock‐in, and prone to failure. On the other hand, multicloud brings several merits such as vendor lock‐in avoidance, system fault tolerance, cost reduction, and better quality of service. The biggest challenge is in selecting an optimal web service composition in the ever increasing multicloud market in which each provider has its own pricing schemes and delivers variation in the service security level. In this regard, we embed a module in the cloud broker to log service downtime and different attacks to measure the security risk. If security tenets, namely, security service level agreement, such as availability, integrity, and confidentiality for mission‐critical applications, are targeted by cybersecurity attacks, it causes disruption in business continuity, leading to financial losses or even business failure. To address this issue, our decision model extends the cost model by using the cost present value concept and the risk model by using the advanced mean failure cost concept, which are derived from the embedded module to quantify cloud competencies. Then, the cloud economic problem is transformed into a bioptimization problem, which minimizes cost and security risks simultaneously. To deal with the combinatorial problem, we extended a genetic algorithm to find a Pareto set of optimal solutions. To reach a concrete result and to illustrate the effectiveness of the decision model, we conducted different scenarios and a small‐to‐medium business IT development for a 5‐year investment as a case study. The result of different implementation shows that multicloud is a promising and reliable solution against IT on‐premises deployment.

[1]  Ronald L. Krutz,et al.  Cloud Security: A Comprehensive Guide to Secure Cloud Computing , 2010 .

[2]  Rida Khatoun,et al.  Understanding botclouds from a system perspective: A principal component analysis , 2014, 2014 IEEE Network Operations and Management Symposium (NOMS).

[3]  Yang Yang,et al.  A genetic-based approach to web service composition in geo-distributed cloud environment , 2015, Comput. Electr. Eng..

[4]  Ian Lumb,et al.  A Taxonomy and Survey of Cloud Computing Systems , 2009, 2009 Fifth International Joint Conference on INC, IMS and IDC.

[5]  Schahram Dustdar,et al.  Composable cost estimation and monitoring for computational applications in cloud computing environments , 2010, ICCS.

[6]  Yang Wang,et al.  Toward cost‐effective replica placements in cloud storage systems with QoS‐awareness , 2017, Softw. Pract. Exp..

[7]  Dag H. Olsen,et al.  Understanding cloud computing adoption issues: A Delphi study approach , 2016, J. Syst. Softw..

[8]  Hiroaki Hazeyama,et al.  Enabling secure multitenancy in cloud computing: Challenges and approaches , 2012, 2012 2nd Baltic Congress on Future Internet Communications.

[9]  Wolfgang Nejdl,et al.  A hybrid approach for efficient Web service composition with end-to-end QoS constraints , 2012, TWEB.

[10]  Suzanne Rivard,et al.  A framework for information technology outsourcing risk management , 2005, DATB.

[11]  O. Williamson The Economics of Organization: The Transaction Cost Approach , 1981, American Journal of Sociology.

[12]  Rajkumar Buyya,et al.  Inter‐Cloud architectures and application brokering: taxonomy and survey , 2014, Softw. Pract. Exp..

[13]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[14]  Eduardo Lalla-Ruiz,et al.  A cloud brokerage approach for solving the resource management problem in multi-cloud environments , 2016, Comput. Ind. Eng..

[15]  Rajkumar Buyya,et al.  CloudPick: a framework for QoS‐aware and ontology‐based service deployment across clouds , 2015, Softw. Pract. Exp..

[16]  Mário M. Freire,et al.  Security issues in cloud environments: a survey , 2014, International Journal of Information Security.

[17]  Rainer Böhme,et al.  Economic Security Metrics , 2005, Dependability Metrics.

[18]  Ali Mili,et al.  Quantifying security threats and their potential impacts: a case study , 2010, Innovations in Systems and Software Engineering.

[19]  Said El Hajji,et al.  From Single to Multi-clouds Computing Privacy and Fault Tolerance , 2014 .

[20]  Thomas Hess,et al.  Drivers of SaaS-Adoption – An Empirical Study of Different Application Types , 2009, Bus. Inf. Syst. Eng..

[21]  Timothy Grance,et al.  Guidelines on Security and Privacy in Public Cloud Computing | NIST , 2012 .

[22]  Angela Lin,et al.  Cloud computing as an innovation: Percepetion, attitude, and adoption , 2012, Int. J. Inf. Manag..

[23]  Peter Rittgen,et al.  CLOUD COMPUTING ADOPTION , 2013 .

[24]  Wilbur G. Lewellen,et al.  Analysis of the Lease-or-Buy Decision , 1972 .

[25]  Ali Mili,et al.  A cybersecurity model in cloud computing environments , 2013, J. King Saud Univ. Comput. Inf. Sci..

[26]  J. D. Suver,et al.  Cost of capital. , 1978, Hospital financial management.

[27]  Valérie Issarny,et al.  QoS-Aware Service Composition in Dynamic Service Oriented Environments , 2009, Middleware.

[28]  Ayaz Isazadeh,et al.  QoS-aware service composition in cloud computing using data mining techniques and genetic algorithm , 2017, The Journal of Supercomputing.

[29]  Wayne A. Jansen,et al.  Cloud Hooks: Security and Privacy Issues in Cloud Computing , 2011, 2011 44th Hawaii International Conference on System Sciences.

[30]  Matt E. Thatcher,et al.  Managing the Knowledge Supply Chain: An Organizational Learning Model of Information Technology Offshore Outsourcing , 2008, MIS Q..

[31]  Jörg Schwenk,et al.  On Technical Security Issues in Cloud Computing , 2009, 2009 IEEE International Conference on Cloud Computing.

[32]  Bala Srinivasan,et al.  Information Security Threats Classification Pyramid , 2010, 2010 IEEE 24th International Conference on Advanced Information Networking and Applications Workshops.

[33]  Frank Gens,et al.  Cloud Computing Benefits, risks and recommendations for information security , 2010 .

[34]  Latifa Ben Arfa Rabai,et al.  Mean Failure Cost Extension Model towards Security Threats Assessment: A Cloud Computing Case Study , 2015, J. Comput..

[35]  Dirk Neumann,et al.  Making money with clouds: Revenue optimization through automated policy decisions , 2009, ECIS.

[36]  Chris Ford,et al.  Single and multi-sourcing models , 2011 .

[37]  James A. Thom,et al.  Cloud Computing Security: From Single to Multi-clouds , 2012, 2012 45th Hawaii International Conference on System Sciences.

[38]  Danilo Ardagna,et al.  A mixed integer linear programming optimization approach for multi-cloud capacity allocation , 2017, J. Syst. Softw..

[39]  Latifa Ben Arfa Rabai,et al.  Classification of Security Threats in Information Systems , 2014, ANT/SEIT.

[40]  Jörn Altmann,et al.  Cost model based service placement in federated hybrid clouds , 2014, Future Gener. Comput. Syst..

[41]  Valeria Vittorini,et al.  Workflow Pattern Analysis in Web Services Orchestration: The BPEL4WS Example , 2005, HPCC.

[42]  Luigi Coppolino,et al.  Cloud security: Emerging threats and current solutions , 2017, Comput. Electr. Eng..

[43]  John C. Grundy,et al.  Emerging Security Challenges of Cloud Virtual Infrastructure , 2016, APSEC 2010.

[44]  Frank Teuteberg,et al.  Decision-making in cloud computing environments: A cost and risk based approach , 2011, Information Systems Frontiers.

[45]  Daniele Catteddu and Giles Hogben Cloud Computing. Benefits, risks and recommendations for information security , 2009 .

[46]  Zahir Tari,et al.  Security and Privacy in Cloud Computing , 2014, IEEE Cloud Computing.

[47]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[48]  Hao Luo,et al.  Model-based services convergence and multi-clouds integration , 2013, Comput. Ind..

[49]  John Bresnahan,et al.  Infrastructure outsourcing in multi-cloud environment , 2012, FederatedClouds '12.

[50]  Theodosios Tsiakis Information Security Expenditures: a Techno-Economic Analysis , 2010 .

[51]  John Shalf,et al.  Performance Analysis of High Performance Computing Applications on the Amazon Web Services Cloud , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[52]  Prasad Saripalli,et al.  MADMAC: Multiple Attribute Decision Methodology for Adoption of Clouds , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[53]  Steven Cheung,et al.  Economic Organization and Transaction Costs , 1989 .

[54]  Claus Pahl,et al.  Pattern‐based multi‐cloud architecture migration , 2017, Softw. Pract. Exp..

[55]  Ben Walters,et al.  QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[56]  Farhad Foroughi Information Security Risk Assessment by Using Bayesian Learning Technique , 2008 .

[57]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[58]  R. Ruegg,et al.  Lease or Buy Decisions , 1990 .

[59]  Eugen von Böhm-Bawerk,et al.  Capital and Interest: A Critical History of Economical Theory , 2019 .

[60]  Bin Li,et al.  Ant colony optimization applied to web service compositions in cloud computing , 2015, Comput. Electr. Eng..

[61]  Zhi Wang,et al.  DKSM: Subverting Virtual Machine Introspection for Fun and Profit , 2010, 2010 29th IEEE Symposium on Reliable Distributed Systems.

[62]  Heba Kurdi,et al.  A combinatorial optimization algorithm for multiple cloud service composition , 2015, Comput. Electr. Eng..

[63]  Wai Chi Wong,et al.  A Quantitative model for analysing IS outsourcing decisions , 2006 .

[64]  Ahmed Shawish,et al.  Cloud Computing: Paradigms and Technologies , 2014 .

[65]  Mehdi Kazemi,et al.  Prioritisation of cloud computing acceptance indicators using fuzzy AHP , 2015, Int. J. Bus. Inf. Syst..

[66]  Ian Sommerville,et al.  The Cloud Adoption Toolkit: supporting cloud adoption decisions in the enterprise , 2010, Softw. Pract. Exp..

[67]  Athman Bouguettaya,et al.  Genetic Algorithm Based QoS-Aware Service Compositions in Cloud Computing , 2011, DASFAA.

[68]  Anand Sivasubramaniam,et al.  To Move or Not to Move: The Economics of Cloud Computing , 2011, HotCloud.

[69]  Eric Pardede,et al.  A New approach using redundancy technique to improve security in cloud computing , 2012, Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec).

[70]  Anchal Pokharana,et al.  Review in Cloud Computing Security , 2014 .

[71]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[72]  Yixin Chen,et al.  AI Planning and Combinatorial Optimization for Web Service Composition in Cloud Computing , 2010 .