Cloud Computing: Challenges And Risk Management Framework

Madallah Almadallah, North Carolina Agricultural and Technical State University


Cloud-computing technology has developed rapidly. It can be found in a wide range of social, business and computing applications. Cloud computing would change the Internet into a new computing and collaborative platform. It is a business model that achieves purchase on-demand and pay-per-use in network. Many competitors, organizations and companies in the industry have jumped into cloud computing and implemented it. Cloud computing provides us with things such as convenience, reduced cost and high scalability. But despite all of these advantages, there are many enterprises, individual users and organizations that still have not deployed this innovative technology. Several reasons lead to this problem; however, the main concerns are related to security, privacy and trust. Low trust between users and cloud computing providers has been found in the literature. It is important to note that choosing cloud computing assumes a high degree of trust between the organization and its cloud computing provider, as the provider will be trusted with sensitive information and security details. In an attempt to solve the problem and increase the investment and adoption of this technology, this thesis provides a comprehensive cloud computing risk management framework based on previous work. This Risk Management Framework consists of six stages, namely: (1) understand the business context, (2) identify the business technical risk, (3) synthesize and prioritize the risk, (4) define the risk mitigation strategy, (5) carry out required solutions and validate that they are resolved and (6) overall assessment and monitoring of the system. The first five steps are the well-known risk management stages, but this research has adopted a more robust approach to each of them. The sixth stage is a new stage that is unique to this work. This thesis highlights the details of these approaches used in the first five steps as well as the explanation of the sixth step. A scenario explaining a step-by-step approach to applying this Risk Management Framework to a hypothetical cloud computing provider has been outlined. The advantage of this Risk Management Framework lies in the fact that it can be used in wide range and flexibility because it can fit with small and large enterprise. Also, it is not specific to security risks; it can be applied in non-software situations.