Analysing the Security Risks of Cloud Adoption Using the SeCA Model: A Case Study

When IS/IT needs to be replaced, cloud systems might provide a feasible solution. However, the adoption process thus far has gone undocumented and enterprise architects are troubled with proper hands-on tools missing, until very recently. This single case study describes a large Dutch utility provider in their effort to understand the facets of the cloud and identifying the risks associated with it. In an action research setting, the SeCA model was used to analyse the cloud solutions and identify the risks with specific data classifications in mind. The results show how decision makers can use the SeCA model in various ways to identify the security risks associated with each cloud solution analysed. The analysis assumes that data classifications are in place. This research concludes that by using the SeCA model, a full understanding of the security risks can be gained on an objective and structural level; this is a further validation of prior empirical research that the SeCA model is a proper hands-on tool for cloud security analysis.

[1]  Burton S. Kaliski,et al.  Toward Risk Assessment as a Service in Cloud Environments , 2010, HotCloud.

[2]  Kyungho Jeon,et al.  The HybrEx Model for Confidentiality and Privacy in Cloud Computing , 2011, HotCloud.

[3]  Cong Wang,et al.  Ensuring data storage security in Cloud Computing , 2009, 2009 17th International Workshop on Quality of Service.

[4]  Yong Zhao,et al.  Cloud Computing and Grid Computing 360-Degree Compared , 2008, GCE 2008.

[5]  Izak Benbasat,et al.  The Case Research Strategy in Studies of Information Systems , 1987, MIS Q..

[6]  Chen Wang,et al.  A Collaborative Monitoring Mechanism for Making a Multitenant Platform Accountable , 2010, HotCloud.

[7]  Siani Pearson,et al.  A client-based privacy manager for cloud computing , 2009, COMSWARE '09.

[8]  Mario Piattini,et al.  Security Engineering for Cloud Computing: Approaches and Tools , 2012 .

[9]  Hakim Weatherspoon,et al.  Unshackle the Cloud! , 2011, HotCloud.

[10]  David A. Maltz,et al.  Mining policies from enterprise network configuration , 2009, IMC '09.

[11]  Amani S. Ibrahim,et al.  Collaboration-Based Cloud Computing Security Management Framework , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[12]  Daniele Catteddu,et al.  Cloud Computing: Benefits, Risks and Recommendations for Information Security , 2009 .

[13]  Sugata Sanyal,et al.  A New Trusted and Collaborative Agent Based Approach for Ensuring Cloud Security , 2011, ArXiv.

[14]  Jean Hartley,et al.  Case study research , 2004 .

[15]  Fernando Pérez-González,et al.  CryptoDSPs for Cloud Privacy , 2010, WISE Workshops.

[16]  Robert Beverly,et al.  A Position Paper on Data Sovereignty: The Importance of Geolocating Data in the Cloud , 2011, HotCloud.

[17]  Minlan Yu,et al.  CloudPolice: taking access control out of the network , 2010, Hotnets-IX.

[18]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[19]  Marco R. Spruit,et al.  Designing a Secure Cloud Architecture: The SeCA Model , 2012, Int. J. Inf. Secur. Priv..

[20]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[21]  Peter Checkland,et al.  Systems Thinking, Systems Practice , 1981 .

[22]  Xiaowei Yang,et al.  CloudCmp: Shopping for a Cloud Made Easy , 2010, HotCloud.

[23]  Arun Venkataramani,et al.  Disaster Recovery as a Cloud Service: Economic Benefits & Deployment Challenges , 2010, HotCloud.

[24]  G. Susman,et al.  An Assessment of the Scientific Merits of Action Research. , 1978 .

[25]  F. John Krautheim,et al.  Private Virtual Infrastructure for Cloud Computing , 2009, HotCloud.

[26]  Jianliang Xu,et al.  Non-Exposure Location Anonymity , 2009, 2009 IEEE 25th International Conference on Data Engineering.

[27]  Ayman I. Kayssi,et al.  Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[28]  Daniele Catteddu and Giles Hogben Cloud Computing. Benefits, risks and recommendations for information security , 2009 .

[29]  John C. Grundy,et al.  Emerging Security Challenges of Cloud Virtual Infrastructure , 2016, APSEC 2010.

[30]  Marcos K. Aguilera,et al.  Location, location, location!: modeling data proximity in the cloud , 2010, Hotnets-IX.