A framework for assessing cloud computing risk for Kenyan organizations
Cloud computing has recently emerged as a buzz word in the distributed computing community. Many believe that Cloud is going to reshape the IT industry as a revolution. Yet for security professionals, the cloud presents a huge dilemma: How do you embrace the benefits of the cloud while maintaining security controls over your organisations’ assets? It becomes a question of balance to determine whether the increased risks are truly worth the agility and economic benefits. The author proposes a framework that borrows from other developed frameworks that will assist in the mapping out of security risks and controls that current and prospective users will need to take care of. The target group of respondents for this research are employees in the Information Technology departments in randomly selected Kenyan firms cutting across Utilities, Manufacturing, Transport, Non Governmental Organisations (NGOs), Government, Academia, Finance and ICT. Questionnaires were used with forty respondents giving their feedback. The feedback was positive with majority of the respondents having confidence in the framework – 90% of the respondents did not suggest any item for removal from the framework. They concurred that to address the risks in cloud computing, consideration has to be given to security in personnel, operational and physical issues, in addition to supply-chain assurance, portability and business continuity management. Also to be considered are environmental controls and legal and jurisdiction matters. The suggestions for additions were incorporated in the final model that was used to evaluate an existing cloud user who found areas that needed to be addressed by their Cloud Service Provider. The implication of this research is that the market is ripe and ready for cloud computing as long it can have assurance of the security and continuity of their data and systems. The research will give guidelines to those interested in implementing cloud computing on the considerations to make in order to ensure security and continuity risks of their systems are considered. The paper adds value in that cloud computing being a relatively new phenomenon, not much research has gone into its implementation, especially in Africa and more so in Kenya.