Risk Management Strategies in the Cloud Computing Sector
Abstract
Cloud computing and related technologies have grown exponentially in the recent past. Cloud computing has offered several solutions to both the individuals, companies, and even to large corporations and organizations. However, even with the benefits that come with cloud computing, there are many issues related to security and continuity that cloud computing has compromised. Cloud computing platforms are vulnerable to threats and risks, and it is up to the administrators and managers of cloud computing in individual companies to take a step forward and put in place measures to manage the vulnerabilities. It is evident to note that the conventional approach cannot apply in this area as far as the development of a risk management framework is concerned. This study looks into previous submissions and propositions on frameworks to be used for cloud computing. A more in-depth look is initialized, and the strengths and weaknesses of each structure are determined. The paper then proposes an updated and more effective approach in securing cloud computing platforms for organizations today.
Introduction
Technology is an ever-evolving factor, and so is cloud computing. Due to the increase in the number of users and data generation, it is required that key functions that were previously performed on physical machines to be substituted by virtual locations. Some of these services include storage of data, transmission channels, and even processing of data. Due to the benefits and competitive advantage it provides, quite some companies have opted to include it in their day to day operations. Cloud computing ensures increased levels of flexibility and scalability as far as organizational resources are concerned. Cloud computing ensures that data is reliable and can be accessed by authorized persons at any time and at any place. Don't use plagiarised sources.Get your custom essay just from $11/page
With the implementation of cloud computing, organizations have chosen to give up their sole control over their IT resources and thus rely on a third party. This choice has brought about risks and vulnerabilities to organizational IT assets. It is therefore essential for the organization to develop several controls and protocols that manage how the resources are used on the platform. The controls cut down on the percentage of risks, threats, and vulnerabilities to the protected resources. It also increases the confidence of the company, applying cloud computing as a technique to improve its productivity. Risk management is one essential control that aims at developing mechanisms of effectively assessing and managing the occurrence of risks to the cloud computing platforms and minimizing the impact that the risks would have on the main objectives and goals of the company.
Literature Review
Cloud computing
Cloud computing extends from other computing models like grid computing, distributed computing, and parallel computing. The model provides new features to the computing world by enhancing security issues, speed of operation, and convenience of data storage, and an additional computing service that has its center on the internet. These factors have been essential in the development of cloud computing and grid computing. Five key characteristics uniquely distinguish the operation of cloud computing: self-service, broadness in-network access operations, data and resource pooling, elasticity, and finally measured services.
In the operation of cloud computing, three vital levels are used:
Software as a Service- in the operation of cloud computing services, hardware, and software capabilities are already enabled and customized (Souri et al., 2017). Users can access the services by using the internet and not necessarily having to install any software components on the servers.
Platform as a Service- Cloud computing avails developmental capabilities to users ranging from libraries, tools, and even programming languages. Users can access these resources by using the internet as a channel.
Infrastructure as a Service- By the use of cloud computing, critical resources in a computing environment, for instance, servers and storage resources, are availed. Users get to acquire these resources by virtualization, where they install and enable some applications on their machines.
There are four ways of deploying cloud computing:
Public cloud- this type of cloud operates in the form that users can access the resources and services via a public network. In most cases, third parties get to control the functioning of this type of cloud.
Private cloud- In this type of cloud, services are only made available to specific customers, and the security of the service is tight. This type of cloud can either be managed by the third party or the organization itself.
Community cloud- as the name suggests, this cloud is available to a designated group of customers that share a common agenda or purpose.
Hybrid cloud- this type comprises of two or more of the stated types of cloud.
Risk Management
In the operation of organizations, it is often the case for them to face one or two challenges and risks that may affect their normal functioning. A risk can be defined as a set of consequences or outcomes that are associated with a specific event of happening. Risk management, on the other hand, is a mechanism, set of procedures, and techniques for managing the threats that face an organization (Alosaimi & Alnuem, 2016). By conducting successful risk management, an organization has the upper hand in the way that it handles attacks and risks and can smoothly realize its objectives.
Risk Management Structures and Frameworks in the Cloud Computing Sector
In an effort by researchers to determines better risk management techniques for the cloud, three main perspectives arise. The first perspective proposes a framework that is based on the consumer of the services. Secondly, some groups of researchers recommend that risk management should be provided or managed by the providers of cloud computing services. After that, a more developed approach stated the importance of incorporating both providers and opinions from consumers in the processes of managing risks.
Consumers
To be able to effectively gauge the impact and risk of implementing cloud security measures, a quantitatively propelled framework can be used (Tanimoto et al., 2011). The US Federal Information Security Management Act states three main aspects as far as computer security is concerned: confidentiality, availability, and integrity of data. However, other factors can be incorporated to achieve the highest levels of security. They include mutual suitability of the parties being involved, multiparty trust, and finally, the usability of the systems in place. Each occurrence of threats and attacks on a cloud computing service can be mapped onto either a single or multiple categories of the six stated.
Risk factors in the cloud computing environment need to be viewed concerning the consumer’s point of view (Saripalli & Walters, 2010). This view can be accomplished by basing on the risk breakdown structure as the method to implement it. Risks are classified into three main categories: risk for the consumer, for the provider, and others. It is, therefore logical, in a sense, to apply the hybrid approach in addressing risks.
Cloud Provider
Businesses have unique goals and objectives, thereby requiring a personalized approach as far as dealing with risks is concerned. In this way, a semi-quantitative approach best applies to conduct cloud-related risk assessment for cloud computing providers (Zhang et al., 2010). Providers often refer to the companies, stakeholders, and manufacturers of equipment used in cloud computing. Given their targeted objectives, their side must manage the risk assessment and management set of duties. Three basic processes are involved in this type of risk management: reporting of risks and related communication about the occurrence, risk treatment, and finally, risk survey or monitoring to determine the performance of the systems. By use of this approach, the providers can effectively curb the impact and probability that risk could have on the cloud computing platform, and consequently promote improved levels of business objectives.
Due to the evolving standards and in ISO and IEC, there are different service and deployment models that can be incorporated by providers to ensure that risks are dealt with effectively. This approach poses some similarities to a traditional type and includes seven necessary steps. The first process involves selecting the areas for risk management to be performed, followed by thorough strategy development and planning. Continued risk analysis, assessment, mitigation, monitoring program, and management review is then performed on the selected areas. All the information assets that are involved in the systems affected need to be protected by using the necessary security requirements of confidentiality, availability, and integrity.
Consumers and Cloud Providers
This set of risk management procedures aims at incorporating demands by the consumers of cloud computing services, the service providers, and even the suppliers in developing a secure and risk-free cloud computing platform (Albakri et al., 2014). It is advised that consumers, or rather users of the cloud computing services need to actively participate in each of the designed phases of risk management to effectively implement the risk management protocols. The service providers often have a broader responsibility in managing risk, but as per this framework, both viewpoints need to be accounted for in the risk management process. The process involves six necessary steps: categorization of security services, selection of controls, implementation of the selected controls, assessment of the authorities, authorization of services provided, and finally, monitoring the operation of the controls and functions.
Pros and Cons of Different Risk Management Frameworks
Depending on the scope of applicability and extent of implementation, various frameworks possess pros and cons in their operations. This section explores some of the critical articles and research papers that relate to risk management frameworks and proposes the articles’ pros and cons in tabular form.
| Article/Research Paper | Pros | Cons |
| Tanimoto et al. | The framework presented provides an in-depth analysis of the risk factors and initiates the development of countermeasures to take on any risk possibility. It uses both quantitative and qualitative analysis techniques in the process of risk analysis. | The framework lacks a process of uniquely identifying risks and vulnerabilities on the systems. Risk assessment procedures solely focus on the consumers and do not consider the service providers. |
| Saripalli and Walters | The framework proposals are iterative and enhance a comparative analysis of the various offerings by the vendor. Puts into consideration three additional aspects required for the process of risk assessment. | The framework requires an effective process of data collection and analysis. The focus has only been on the consumer, and the service provider has not been included. |
| Zhang et al. | In this framework, vital and critical areas of cloud computing are proposed, and this improves the focus of the risk assessment process. | The approach has focused solely on the provider as the viewpoint, and the consumer has not been considered. |
| Albakri et al. | The framework takes into consideration the involvement of both service providers and the consumers. It balances the existence of benefits relative to the incorporation of consumers’ views, and the complex issues brought about by this decision. | Involving customer feedback and other required tasks may entirely delay the risk management process.
|
Discussion
From the scenarios posted in the frameworks discussed, it is evident that most traditional approaches in risk management may not apply in the cloud computing environment today. The pros and cons of the discussed frameworks have led the development of essential issues and conclusions as far as risk management for cloud computing is concerned. The problems are discussed as follows:
Each entity in the operation of cloud computing is essential. It is thus key to include consumers in the processes set for risk management. These choices are important because they are the ones who interact with the system on a more personalized level, and they can gauge the value of the assets they use in the cloud computing traversals.
Participation of consumers in risk management should not have limits regarding the inactivity issues. Consumer contributions should be taken in at any of the designed steps of risk management. This act is to increase the efficiency and effectiveness of the frameworks that could be developed.
Establishing contexts and identifying risks are vital procedures in risk assessment and analysis.
The inclusion and participation of consumers are essential because the consumers are part of the problem to be solved, and this demands that they are also involved in finding the solutions.
In conducting a risk assessment for a whole system, it is advisable that each service is separately handled to reduce the causes of conflicts, and this also improves the effectiveness of the entire process.
Conflicts that exist in the consumers’ part should be professionally handled because the impact is massive on the success of the framework. Customer satisfaction should be the driving point in collecting views, opinions, and other forms of data from the consumers.
Qualitative and quantitative techniques of data analysis are primary analysis methods used to assess data. Given that each of them uniquely possesses its strengths and weaknesses, it is advised that a framework to be used should take into consideration contribution from both techniques to avert from the drawbacks and shortcomings of each.
Conclusions and Future Work
Different risk management frameworks have been proposed to address risks to cloud computing environments. The conventional approach, due to its specificity, does not fit to be used in effective risk management. Due to these factors, various models and frameworks have been researched on and their nature of operation determined. Each of the frameworks that has been studied on possesses its advantages and disadvantages, attesting to the fact that no structure is blameless and one hundred percent efficient. Choosing a particular framework is merely based on how applicable its processes are to the prevailing scenario. This research has looked into a few of the existing risk management frameworks, stating how they operate, their advantages, and disadvantages in how they impact the systems they interact with. It was concluded that each framework has its pros and cons, and risk assessment should take into account a broader scope of addressing the problem avoiding limited viewpoints of risks. A significant issue that relates to this is customer involvement.
References
Alosaimi, R., & Alnuem, M. (2016). Risk Management Frameworks for Cloud Computing: A Critical Review. International Journal of Computer Science & Information Technology, 8(4).
- Saripalli, and B. Walters, “A Quantitative Impact and Risk Assessment Framework for Cloud Security,” IEEE 3rd International Conference on Cloud Computing, pp. 280-288, IEEE, 2010.
- Albakri, B. Shanmugam, G. Samy, N. Idris, and A. Ahmed, “Security risk assessment framework for cloud computing environments,” Security and Communication Networks, Wiley Online Library, 2014.
- Tanimoto, M. Hiramoto, M. Iwashita, H. Sato, and A. Kanai, “Risk Management on the Security Problem in Cloud Computing,” First ACIS/JNU International Conference on Computers, Networks, Systems, and Industrial Engineering, pp. 147-152, IEEE, 2011
Samy, G. N., Shanmugam, B., Maarop, N., Magalingam, P., Perumal, S., Albakri, S. H., & Ahmad, R. (2018). Information security risk assessment framework for cloud computing environment using medical research design and method. Advanced Science Letters, 24(1), 739-743.
Souri, A., Asghari, P., & Rezaei, R. (2017). Software as a service based CRM providers in the cloud computing: challenges and technical issues. Journal of Service Science Research, 9(2), 219-237.
- Zhang, N. Wuwong, H. Li, and X. Zhang, “Information Security Risk Management Framework for the Cloud Computing Environments,” IEEE International Conference on Computer and Information Technology, pp. 1328-1334, IEEE, 2010.