A framework for selecting a secure cloud service provider : a case study of Kenyan banks
Date
2014-06
Authors
Njeru, Anthony Mwaniki
Journal Title
Journal ISSN
Volume Title
Publisher
Strathmore University
Abstract
The rate at which cloud services are being adopted by financial institutions in Kenya is
increasing on daily basis despite, increased insecurity incidences associated with the cloud
service, one of the major cause for this is lack of standards. Many banks in Kenya are faced
with a challenge when deciding to move to cloud because there is no prudent guideline for
selecting CSP which has resulted to loss of millions of money and reputation of institutions.
Because of the above challenge, the researcher recommend a framework to guide the
financial institutions in selecting an appropriate and secure cloud CSP in the midst of many
unsecured providers. The research mainly focused on Kenyans banks and identified the
following as the key variables; resource capacity, trust, availability, confidentiality, integrity
and non-repudiation as indicated in chapter four of this report.
Questionnaires, observation and interview were used for collection of raw data as
indicated on chapter three for analysis, The research had a finite population of 15 clouds
service providers selected based on availability and 40 users based on usability, hence all
entities in the universe were identified through purposive sampling.
Solutions to the existing security challenges in cloud services were proposed in the
framework on chapter five based on analysis of the data collected and the information
gathered from literature review. The proposed framework was used to make decision based on
trust and the available solutions evaluated with the prevailing security challenges for their
enhancement. To achieve this, first, the researcher used descriptive design to get the variables
on a targeted population of 55 sample size then, critically reviewed each of the identified factors
to see the relationship to be considered before finally developing the proposed
framework.
Data gathered reviewed that, the choice of CSP is an emerging determinant for
success or failure of many banks moving to the cloud, hence various factors in selecting a
trusted CSP were identified such as trust as indicated in the framework to get data from the
registry of the framework based on previous feedback from the users and capacity. The
proposed framework utilized data mining techniques from a third party mandated with the role
of collecting such information from various CSP and disseminating this refined information to various financial institutions in Kenya at management level to help them make prudent
decision on the CSP to host their data.
Finally, the framework was validated by two banking institutions to check on its
reliability. The evaluated results obtained confirmed that the developed framework was
effective in selecting a secure and trusted CSP and pinpointed areas requiring further research
and improvement such as factors of trust. Various suggestions and recommendations were
given as indicated on chapter six by the evaluating teams to be incorporated in the final
framework template. In addition, the researcher later discussed a scheme for a secured third
party cloud services and how these users' rights can be protected technologically by adopting
the framework.
Description
Submitted in partial fulfillment of the requirements for the degree of Masters of Science
in Information Technology
Keywords
Cloud computing, secure cloud service, Kenyan banks, Banking