Let me in the cloud: analysis of the benefit and risk assessment of cloud platform
| Pages | 6-24 |
| DOI | https://doi.org/10.1108/13590791311287337 |
| Date | 28 December 2012 |
| Published date | 28 December 2012 |
| Author | Azeem Aleem,Christopher Ryan Sprott |
| Subject Matter | Accounting & finance |
Let me in the cloud:
analysis of the benefit and risk
assessment of cloud platform
Azeem Aleem
Institute of Criminal Justice Studies, University of Portsmouth,
Portsmouth, UK, and
Christopher Ryan Sprott
Eastern Caribbean Central Bank, Bird Rock, West Indies
Abstract
Purpose – The purpose of this paper is to critically examine the vulnerabilities of the cloud platform
affecting businesses trading on the internet. It aims to examine the appropriateness of the cloud
computing, its benefits to the industry and helps to identify security concerns for businesses that plan
to deploy one of the cloud platforms. It helps to identify areas where businesses should focus before
choosing an appropriate Cloud Service Provider (CSP).
Design/methodology/approach – This paper presents the findings of an original research survey
(200IT professionals working bothin the public and private sectors)undertaken to examine theirprivacy,
and data security concerns associated with the cloud platform. Views of those who have yet to deploy
cloudwere analysed todetect the patternsof common security issues.Cyber fraud and trustconcerns of the
organisationsare addressed and deployment of the securedcloud environment is outlined.
Findings – The survey analysis highlighted that the top concerns for organisations on cloud were
security (93.8 per cent), governance (61.1 per cent) and a lack of control over service availability
(56.6 per cent). The survey highlighted that the majority of IT professionals were not aware that some
CSPs currently control the decryption keys that enable them to decrypt their client’s data. This should
be considered as a major security concern and it is one of the factors that should be looked into while
vetting the service level agreement (SLA). Data loss and leakage (73.5 per cent) were voted as the top
threat to cloud computing by respondents; this was followed by account, service and traffic hijacking
(60.8 per cent). The paper examines various types of cloud threats companies have encountered.
Research limitations/implications – The vast majority of the data are drawn from IT
professionals with businesses mainly in the UK and the USA.
Practical implications – The paper advocates a proactive and holistic cloud-cyber security
prevention typology to prevent e-crime, with guidance of what features to look for when choosing an
appropriate cloud service provider.
Originality/value – This is the first analysis done that includes IT auditors, physical security
personnel as well as IT professionals. The paper is of value to companies considering adoption or
implementation of a cloud platform. It helps to assess the cloud by evaluating a detailed comparison of
benefits and risk associated with the platform.
Keywords Computing,Information technology,Data security, Internet, Cybercrime, Cloud computing,
Cloud, Disruptivetechnology
Paper type Research paper
The current issue and full text archive of this journal is available at
www.emeraldinsight.com/1359-0790.htm
The authors are grateful to the following organisations and partners who proactively
contributed towards the survey exercise: Centre for Counter Fraud Group: www.port.ac.uk/
departments/academic/icjs/centreforcounterfraudstudies/. The Security Institute IT Security
Group: www.security-institute.org/ and the Information Security Awareness Forum: www.
theisaf.org/kzscripts/default.asp?
JFC
20,1
6
Journal of Financial Crime
Vol. 20 No. 1, 2013
pp. 6-24
qEmerald Group Publishing Limited
1359-0790
DOI 10.1108/13590791311287337
1. Introduction and context of the research
The very nature of organisations has changed substantially as a result of rapid
technological advancement, with a remarkable advancement in enterprise technology,
which has created new opportunities for different business practises. The advent of
cloud computing is a direct result of such technological transformations (Aleem and
Antwi-Boasiako, 2011). In the corporate sector particularly the financial market, it is
next to impossible for businesses not to come across the concept of cloud computing –
“Implement Cloud to Survive” is the call you get now days from the media and industry
experts. There is no denial regarding the benefits, but very few studies have tr ied to
examine the platform with a balance approach, i.e. benefits vs security risk.
Cloud as the name identifies is able to provide flexible, on-demand and elastic
(can shrink or increased based upon needs) computing power to organisations. The idea
of organisations getting charged for only the time they have used a particular service is
very attractive for the growing businesses.
Cloud platform has witnessed an astonishing growth; with an estimate of $46 billion
market, representing 17 per cent of the world software sales. For Small to Medium Size
Organisations (SMEs)[1] cloud computing will continue to be an attractive and cost
affectiveoptionas they are be able toreduce the totalcost of technologyownership.There is
a strong interest withinSMEs group in the UK to savecost and to adapt cloud computing,
with 47 per cent placing the migration in their corporate five years strategy (EasyNet
Connect, 2010). Cloud Computing model is forecast to revolutionize the information
technology(IT) industryover the nextfive years. The globalisation of computingresources
is deemed tobe the principal contribution the cloudhas made to this point and asa result
the cloud is the subject of many debates (Rittinghouse and Ransome, 2010).
However, where cloud computing model offers many innovative ways of increasing
corporate productivity also has security repercussions in the form of hacking toward
the businesses. This paper highlights the areas of cloud deployment and security
concerns in the corporate sector.
This is achieved by focusing on the following key objectives: explore cloud platform
deploymentbenefits;examine the securityconcerns of the businesses;identifykey security
challenges surrounding the technology and critically evaluating the future of the cloud.
2. Cloud: the definition and the discipline?
The cloud has been historically used as a metaphor for the internet (Chorafas, 2011;
Velte et al., 2010). One of the biggest issues with theconceptofthecloudisthatthereisno
universally accepted definition; it has been narrowly defined as a form of utility computing
where virtual servers are made available to businesses for carrying various activities.
Others define the term using a broader view where anything that is beyond the perimeter of
firewall is considered to be in the cloud (Rittinghouse and Ransome, 2010).
For this paper we adopt the definition of cloud computing as defined by The National
Institute of Science and Technology (NIST) as:
[...] a model for enabling ubiquitous, convenient, on-demand network access to a shared pool
of configurable computing resources, for example, networks, servers, storage, applications,
and services that can be rapidly provisioned and released with minimal management effort or
service provider interaction (Mell and Grance, 2011, p. 2).
Mostly “cloud computing” and “cloud” are used interchangeably but refer to the same
concept.
Let me in
the cloud
7
To continue reading
Request your trial