IMPLEMENTING CLOUD SECURITY FRAMEWORK BASED ON IT GOVERNANCE
Cloud computing is one of the fast growing technological phenomena being adopted by many organizations ranging from small to large and even individuals, due to the advantage that no need of infrastructure deployment is needed by customers to meet their computational demands. In this research, the various components of cloud computing such as service delivery models, types of cloud computing, security issues, and security mechanisms used were discussed in detail. There are various security vulnerabilities and risks in the cloud environment introduced due to the fact that users do not have mechanisms of control over their confidential data in the cloud. The major security concerns raised by Cloud Service Consumers (CSCs) as seen from the literature were insufficient data security, compliance and legal issues, and loss of governance on data. The aim of this research is, therefore, to provide solutions for the above-mentioned security issues. Various mechanisms were used for data gathering such as interviews and document analysis to get the full picture of the cloud security mechanisms deployed at Cloud Service Providers (CSPs) and CSCs, and analyzed whether they address security issues and concerns faced by CSCs. Based on the data gathered it was evident that the organizations under the study that use the cloud were provided with only technical security controls which are not enough to deem they are alone enough to ensure cloud security and address CSCs’ concerns about getting services that are secured, transparent and managed in a formal manner. Thus, in order to address these security concerns and issues, the researcher proposed a framework that encompasses an end-to-end cloud environment by combining technical cloud security solutions with IT governance solutions. The proposed framework was evaluated using two methods, the first was by presenting it to the various individuals who participated in the interviews that were conducted and IT security professionals from other organizations. The other validation technique utilized was comparing the proposed framework with other cloud security frameworks. Based on the validations conducted the framework was given positive feedback about addressing the issues faced by CSCs and improving its adoptability.
IMPLEMENTING CLOUD SECURITY FRAMEWORK BASED ON IT GOVERNANCE, GET MORE COMPUTER SCIENCE PROJECT TOPICS AND MATERIALS