A framework for selecting a secure cloud service provider : a case study of Kenyan banks
The rate at which cloud services are being adopted by financial institutions in Kenya is increasing on daily basis despite, increased insecurity incidences associated with the cloud service, one of the major cause for this is lack of standards. Many banks in Kenya are faced with a challenge when deciding to move to cloud because there is no prudent guideline for selecting CSP which has resulted to loss of millions of money and reputation of institutions. Because of the above challenge, the researcher recommend a framework to guide the financial institutions in selecting an appropriate and secure cloud CSP in the midst of many unsecured providers. The research mainly focused on Kenyans banks and identified the following as the key variables; resource capacity, trust, availability, confidentiality, integrity and non-repudiation as indicated in chapter four of this report. Questionnaires, observation and interview were used for collection of raw data as indicated on chapter three for analysis, The research had a finite population of 15 clouds service providers selected based on availability and 40 users based on usability, hence all entities in the universe were identified through purposive sampling. Solutions to the existing security challenges in cloud services were proposed in the framework on chapter five based on analysis of the data collected and the information gathered from literature review. The proposed framework was used to make decision based on trust and the available solutions evaluated with the prevailing security challenges for their enhancement. To achieve this, first, the researcher used descriptive design to get the variables on a targeted population of 55 sample size then, critically reviewed each of the identified factors to see the relationship to be considered before finally developing the proposed framework. Data gathered reviewed that, the choice of CSP is an emerging determinant for success or failure of many banks moving to the cloud, hence various factors in selecting a trusted CSP were identified such as trust as indicated in the framework to get data from the registry of the framework based on previous feedback from the users and capacity. The proposed framework utilized data mining techniques from a third party mandated with the role of collecting such information from various CSP and disseminating this refined information to various financial institutions in Kenya at management level to help them make prudent decision on the CSP to host their data. Finally, the framework was validated by two banking institutions to check on its reliability. The evaluated results obtained confirmed that the developed framework was effective in selecting a secure and trusted CSP and pinpointed areas requiring further research and improvement such as factors of trust. Various suggestions and recommendations were given as indicated on chapter six by the evaluating teams to be incorporated in the final framework template. In addition, the researcher later discussed a scheme for a secured third party cloud services and how these users' rights can be protected technologically by adopting the framework.