A framework for assessing cloud computing risk for Kenyan organizations
Date
2013
Authors
Were, Timothy Othieno
Journal Title
Journal ISSN
Volume Title
Publisher
Strathmore University
Abstract
Cloud computing has recently emerged as a buzz word in the distributed computing
community. Many believe that Cloud is going to reshape the IT industry as a
revolution. Yet for security professionals, the cloud presents a huge dilemma: How do
you embrace the benefits of the cloud while maintaining security controls over your
organisations’ assets? It becomes a question of balance to determine whether the
increased risks are truly worth the agility and economic benefits.
The author proposes a framework that borrows from other developed frameworks that
will assist in the mapping out of security risks and controls that current and
prospective users will need to take care of. The target group of respondents for this
research are employees in the Information Technology departments in randomly
selected Kenyan firms cutting across Utilities, Manufacturing, Transport, Non
Governmental Organisations (NGOs), Government, Academia, Finance and ICT.
Questionnaires were used with forty respondents giving their feedback.
The feedback was positive with majority of the respondents having confidence in the
framework – 90% of the respondents did not suggest any item for removal from the
framework. They concurred that to address the risks in cloud computing,
consideration has to be given to security in personnel, operational and physical issues,
in addition to supply-chain assurance, portability and business continuity
management. Also to be considered are environmental controls and legal and
jurisdiction matters. The suggestions for additions were incorporated in the final
model that was used to evaluate an existing cloud user who found areas that needed to
be addressed by their Cloud Service Provider.
The implication of this research is that the market is ripe and ready for cloud
computing as long it can have assurance of the security and continuity of their data
and systems. The research will give guidelines to those interested in implementing
cloud computing on the considerations to make in order to ensure security and
continuity risks of their systems are considered. The paper adds value in that cloud
computing being a relatively new phenomenon, not much research has gone into its
implementation, especially in Africa and more so in Kenya.
Description
Submitted in partial fulfillment of the requirements for the Degree of
Master of Science in Information Technology
Keywords
Cloud computing, Kenya