Small and Medium size Enterprises (SME) are considered as a backbone of many developing and
developed economies of the world; they are the driving force to any major economy across the globe.
Through Cloud Computing firms outsource their entire information technology (IT) process while
concentrating more on their core business. It allows businesses to cut down heavy cost incurred over IT
infrastructure without losing focus on customer needs. However, Cloud industry to an extent has struggled
to grow among SMEs due to the reluctance and concerns expressed by them. Throughout the course of this
study several interviews were conducted and the literature was reviewed to understand how cloud
providers offer services and what challenges SMEs are facing. The study identified issues like cloud
knowledge, interoperability, security and contractual concerns to be hindering SMEs adoption of cloud
services. From the interviews common practices followed by cloud vendors and what concerns SMEs have
were identified as a basis for a cloud framework which will bridge gaps between cloud vendors and SMEs.
A stepwise framework for cloud adoption is formulated which identifies and provides recommendation to
four most predominant challenges which are hurting cloud industry and taking SMEs away from cloud
computing, as well as guide SMEs aiding in successful cloud adoption. Moreover, this framework
streamlines the cloud adoption process for SMEs by removing ambiguity in regards to fundamentals
associated with their organisation and cloud adoption process
Over the last decade, cloud computing has transformed the market for IT services. But the journey to cloud adoption has not been without its share of twists and turns. This report looks at lessons that can be derived from companies' experiences implementing cloud computing technology.
Technology organization environment framework in cloud computingTELKOMNIKA JOURNAL
Cloud Computing is a rapidly emerging technology over the last few years, that has
abolished the burden of purchasing heavy hardware and software. Cloud computing
has been advantageous to Small and Medium-sized Enterprises (SMEs), though many
SMEs have not adopted to delve into its appealing benefits. To increase the cloud
adoption rate in these Enterprises, the most important thing is to understand the
aspects which influence the cloud adoption. The article focuses on these factors, which
influence the use of cloud services by establishing the three layer hierarchical framework
based on the grounded on the Technology Oriented Environmental (TOE)
framework through systematic literature review. Because cloud-based solutions offer
numerous benefits for companies, they have precious cloud determinants. This paper
therefore took into account the Technology Organization Environment TOE model for
Cloud Computing adoption. In addition, the questionaries designed at the end also
indicate the significant connection in the decision of adoption between three context
of TOE. Moreover, the designed questionaries has been used for the analysis of cloud
computing adoption in Bangladeshi SMEs.
The determinants of cloud computing adoption in saudi arabiacsandit
There is a large volume of published studies investigating the factors that affect cloud adoption.
However, there are very few studies which investigate cloud computing adoption in
technologically developing countries and one focus of the research was to examine whether the
factors which influence cloud computing adoption in technologically developed countries also
apply in technologically developing countries. The research presented in this paper builds on
the diffusion of innovation theory (DOI) and the Technology-organisation-environment (TOE)
framework in order to investigate the factors which influence cloud adoption. Fourteen
hypothesis were developed from the literature on cloud adoption and were examined in the
research. Data was collected by using a web-based questionnaire and was analysed using a
range of statistical measures. This paper discusses the design and implementation of the study,
the data analysis and conclusions from the analysis and compares the findings of this study with
the findings of similar studies in technologically developed countries. The study shows that
there are some similarities as well as some differences in the factors that affect cloud adoption
between technologically developed countries and technologically developing countries.
Adel Ben Youssef: Determinants of the adoption of cloud computing by tunisian...CBOD ANR project U-PSUD
Determinants of the adoption of cloud computing by tunisian firms, an exploratory study
Adel Ben Youssef, Walid Hadhri, Téja Maherzi, Université de Sopia Antipolis, ISG Tunis,
-session 6-
International conference on
“DATA, DIGITAL BUSINESS MODELS, CLOUD COMPUTING AND ORGANIZATIONAL DESIGN”
24-25 November 2014 ,
Université Paris–Sud
ADOPTION OF CLOUD-BASED SERVICES BY SMEs IN DEVELOPING COUNTRIES: DEVELOPMENT...Amos Wachanga
Small and Medium Enterprises (SMEs) face numerous challenges in identification, setting up
and making use of Information Technology (IT) as an enabler for business. Cloud computing
could solve this problem by offering ready, low cost of entry IT solutions. Adoption of cloud
computing among the SMEs in developing countries is however low due to a number of
barriers as identified by previous studies. Over the years, research on adoption on innovation
and technology has unveiled a number of theories on adoption which range from Individual
level theories to Organizational level theories and even Market level theories. This study
reviews the various theories, opting to use an organization level theory so that focus on the
SME is emphasized. Analysis of literature renders this study to be based on the Technology-
Organization-Environment (TOE) framework proposed by DePietro et al. (1990). This study
reviews the current adoption levels of cloud computing and proposes a TOE based model for
adoption of cloud-based services by SMEs in developing countries. The study employed
literature review to determine the factors that are applicable for a model on adoption of cloud
computing in the developing countries. Further, the study conducted a survey through a
questionnaire to collect quantitative data to assist in determination of the most applicable
model. Convenience sampling was employed due to the study’s constraints on time and budget.
The study findings revealed that there is low adoption of cloud computing for business
applications by SMEs in Nairobi County, hence confirms the need for the adoption model.
Using Exploratory Factor Analysis (EFA) six components were extracted for the proposed
model which include Relative Advantage, Accessibility, Organization Readiness and Size,
Vendor Readiness, Regulations and Trading Partner Pressure, each with attributes required to
ensure successful adoption of cloud computing. The model was validated through statistical
analysis which confirms a largely reasonable level of fit for the indices and construct validity
conducted through convergent and discriminant validity methods. Further, the model was
subjected to experts’ analysis who concluded that the model is simple, applicable and fitting.
The study finally proposes practical recommendations to governments and policy makers,
educational institutions, software vendors and SMEs based on the model. Further research
areas include subjecting the model to larger sample sizes to confirm its validity and the
preparation of an implementation guideline.
Keywords: Cloud computing, Small and medium enterprises, ICT Adoption, Nairobi Kenya
The cumulative effect of decades of IT infrastructure investment around a diverse set of technologies and processes has stifled innovation at organizations around the globe. Layer upon layer of complexity to accommodate a staggering array of applications has created hardened processes that make changes to systems difficult and cumbersome.
Over the last decade, cloud computing has transformed the market for IT services. But the journey to cloud adoption has not been without its share of twists and turns. This report looks at lessons that can be derived from companies' experiences implementing cloud computing technology.
Technology organization environment framework in cloud computingTELKOMNIKA JOURNAL
Cloud Computing is a rapidly emerging technology over the last few years, that has
abolished the burden of purchasing heavy hardware and software. Cloud computing
has been advantageous to Small and Medium-sized Enterprises (SMEs), though many
SMEs have not adopted to delve into its appealing benefits. To increase the cloud
adoption rate in these Enterprises, the most important thing is to understand the
aspects which influence the cloud adoption. The article focuses on these factors, which
influence the use of cloud services by establishing the three layer hierarchical framework
based on the grounded on the Technology Oriented Environmental (TOE)
framework through systematic literature review. Because cloud-based solutions offer
numerous benefits for companies, they have precious cloud determinants. This paper
therefore took into account the Technology Organization Environment TOE model for
Cloud Computing adoption. In addition, the questionaries designed at the end also
indicate the significant connection in the decision of adoption between three context
of TOE. Moreover, the designed questionaries has been used for the analysis of cloud
computing adoption in Bangladeshi SMEs.
The determinants of cloud computing adoption in saudi arabiacsandit
There is a large volume of published studies investigating the factors that affect cloud adoption.
However, there are very few studies which investigate cloud computing adoption in
technologically developing countries and one focus of the research was to examine whether the
factors which influence cloud computing adoption in technologically developed countries also
apply in technologically developing countries. The research presented in this paper builds on
the diffusion of innovation theory (DOI) and the Technology-organisation-environment (TOE)
framework in order to investigate the factors which influence cloud adoption. Fourteen
hypothesis were developed from the literature on cloud adoption and were examined in the
research. Data was collected by using a web-based questionnaire and was analysed using a
range of statistical measures. This paper discusses the design and implementation of the study,
the data analysis and conclusions from the analysis and compares the findings of this study with
the findings of similar studies in technologically developed countries. The study shows that
there are some similarities as well as some differences in the factors that affect cloud adoption
between technologically developed countries and technologically developing countries.
Adel Ben Youssef: Determinants of the adoption of cloud computing by tunisian...CBOD ANR project U-PSUD
Determinants of the adoption of cloud computing by tunisian firms, an exploratory study
Adel Ben Youssef, Walid Hadhri, Téja Maherzi, Université de Sopia Antipolis, ISG Tunis,
-session 6-
International conference on
“DATA, DIGITAL BUSINESS MODELS, CLOUD COMPUTING AND ORGANIZATIONAL DESIGN”
24-25 November 2014 ,
Université Paris–Sud
ADOPTION OF CLOUD-BASED SERVICES BY SMEs IN DEVELOPING COUNTRIES: DEVELOPMENT...Amos Wachanga
Small and Medium Enterprises (SMEs) face numerous challenges in identification, setting up
and making use of Information Technology (IT) as an enabler for business. Cloud computing
could solve this problem by offering ready, low cost of entry IT solutions. Adoption of cloud
computing among the SMEs in developing countries is however low due to a number of
barriers as identified by previous studies. Over the years, research on adoption on innovation
and technology has unveiled a number of theories on adoption which range from Individual
level theories to Organizational level theories and even Market level theories. This study
reviews the various theories, opting to use an organization level theory so that focus on the
SME is emphasized. Analysis of literature renders this study to be based on the Technology-
Organization-Environment (TOE) framework proposed by DePietro et al. (1990). This study
reviews the current adoption levels of cloud computing and proposes a TOE based model for
adoption of cloud-based services by SMEs in developing countries. The study employed
literature review to determine the factors that are applicable for a model on adoption of cloud
computing in the developing countries. Further, the study conducted a survey through a
questionnaire to collect quantitative data to assist in determination of the most applicable
model. Convenience sampling was employed due to the study’s constraints on time and budget.
The study findings revealed that there is low adoption of cloud computing for business
applications by SMEs in Nairobi County, hence confirms the need for the adoption model.
Using Exploratory Factor Analysis (EFA) six components were extracted for the proposed
model which include Relative Advantage, Accessibility, Organization Readiness and Size,
Vendor Readiness, Regulations and Trading Partner Pressure, each with attributes required to
ensure successful adoption of cloud computing. The model was validated through statistical
analysis which confirms a largely reasonable level of fit for the indices and construct validity
conducted through convergent and discriminant validity methods. Further, the model was
subjected to experts’ analysis who concluded that the model is simple, applicable and fitting.
The study finally proposes practical recommendations to governments and policy makers,
educational institutions, software vendors and SMEs based on the model. Further research
areas include subjecting the model to larger sample sizes to confirm its validity and the
preparation of an implementation guideline.
Keywords: Cloud computing, Small and medium enterprises, ICT Adoption, Nairobi Kenya
The cumulative effect of decades of IT infrastructure investment around a diverse set of technologies and processes has stifled innovation at organizations around the globe. Layer upon layer of complexity to accommodate a staggering array of applications has created hardened processes that make changes to systems difficult and cumbersome.
Is ‘Enterprise Mobility’ The Way Forward For Enterprises? Part I: Findings an...IJERA Editor
Attracted by the benefits offered by mobility technologies directly relating to cost savings and improved productivity, enterprises are keen to adopt BYOD models; however, without proper feasibility studies and mobility policies in place, BYOD will not be able to generate the desired results. The commercialization of technology or BYOD is rapidly transforming the enterprise mobility landscape and changing the way that organizations conduct business. However, the adoption of this concept enables enterprises to devise stringent and precise mobility policies to avoid any security and privacy issues.
Consumer technology is invading the enterprise and IT must embrace it in order to encourage employee productivity and satisfaction. Info-Tech recommends that organizations allow personal mobile devices on their corporate networks. This research addresses the following:
•Understand differences in security and management between the three major platforms – BlackBerry, Apple iOS, and Google Android.
•Evaluate the organization's position on the mobile device security scale and determine if third-party infrastructure is necessary.
•Development and enforcement of a personal mobile acceptable use policy to encourage end-user compliance and foster success.
Embrace consumer technology in the enterprise, and focus on end-user compliance to leverage productivity and maximize the potential for success.
Virtualization infrastructure in financial services rully feranataRully Feranata
Over many years, the IT function in financial institutions has evolved from a mere transactional tool into
a pervasive, integral element of virtually every aspect of doing business. This transformation has
constituted a fundamental, structural change in the financial services arena and has put IT performance
at the top of the CEO’s agenda at most banks and insurance companies.
ADOPTION OF CLOUD COMPUTING IN HIGHER EDUCATION INSTITUTION IN NIGERIAijiert bestjournal
The study is to examine the adoption of cloud in th e higher educational institution in Nigeria. The nine variants were used to investigate the adop tion of cloud computing in order to make a decision by HEIs management in Nigeria to perceive the usefulness to adopt cloud as well as the benefit and significance on cloud computing. The ni ne factors were examined in this study there are:relative advantage,compatibility,complexity,trailibility,top management,firm size,amount of information,pressure coercive and qualit y of internet connection. This study was adopted innovation diffusion theory. Technological,organizational and environmental (TOE) to explain the adoption of cloud computing in HEIs in Nigeria. Quantitative method was used to collect data by distributing the questionnaire to 1 27 people from higher educational institutions in Nigeria. The finding in this study was used smar tPLS to analyze the date which seven variables were supported and the three were not sup port to explain the adoption of cloud computing in higher education in Nigeria. Keyword:cloud computing,Technological,organizati onal and environmental (TOE),innovation diffusion theory (IDT)
All organizations need a Disaster Recovery (DR) plan, but many are unsure what is appropriate or how to scope the organization’s needs. Operating with an insufficient DR plan leaves organizations vulnerable to negative business impacts in the event of a disaster. Organizations can save time and money by properly scoping their DR plan.
The process of examining your DR plan can be broken down into a series of steps:
* Determine the current DR capability which IT can provide
* Know what DR capabilities the business wants
* Align the business’ and IT’s DR priorities
Use this Storyboard to begin the process of building your organization’s ultimate DR plan.
Selection of a standard collaboration platform and toolset used to be easy: Microsoft or IBM Lotus. Now there are many competitors in this market, fueled by the rise of Web 2.0 collaboration paradigms, requiring organizations to know what the problem is they are trying to solve.
This storyboard will help you:
•Understand and identify collaboration opportunities that exist within your organization.
•Identify leading vendors and compare capabilities.
•Select the right solution to implement.
Organizations are embracing the need to support teams with enterprise collaboration solutions.
Enterprise Information Management | EIM | Ulrich Kampffmeyer | PROJECT CONSULT Unternehmensberatung GmbH | Contents: 1) EIM ~ All information must be treated equal | 2) EIM ~ A self-fulfilling prophecy | 3) EIM ~ Definition still in progress | 4) From ECM to EIM ~ A functional model | 5) EIM ~ A platform and an ecosystem | 6) What’s up with EIM? | Definition: "EIM Enterprise Information Management is the comprehensive management and utilization of all information of an enterprise irrespective of location, user, author, source, application, platform, use case, format, medium, and time.
To cover this scope EIM supports, uses and unifies functional components like Social Business, Enterprise Search, Business Process Management, Data Warehousing, Business Intelligence, Automated Classification, BigData, Knowledge Management, Cloud, Mobile and Information Lifecycle Management, which surround Enterprise Content Management as the core of EIM."
A strong communication capability between the business and IT ensures the alignment of business requirements with delivered IT functionality and value. Use this storyboard to understand common barriers to effective requirements management, tactical solutions to overcome these barriers, and how to achieve a high level of project success.
This storyboard will help you:
•Understand the common barriers to effective requirements management
•Learn how organizations have solved these challenges
•Implement your own tactical solutions to enable effective communication of business requirements for IT projects in your organization
•Achieve a high level of project success
Whether an organization develops its own applications or implements packaged solutions, the success of the project depends on the clear communication of business requirements in terms IT can understand and deliver.
Cloud Pricing is Broken - by Dr James Mitchell, curated by The Economist Inte...James Mitchell
Commodity trading of cloud services would benefit both buyers and sellers, but the industry’s current pricing models are standing in the way, writes Dr James Mitchell, CEO of Strategic Blue, a financial cloud broker.
Management of Complexity in System Design of Large IT SolutionsMichael Heiss
The capability to manage complexity is one of the key competencies of system engineers for large IT-solutions. We call a technical system "complex" (in contrast to "complicated") if it is impossible (due to the networked interaction of its components) to predict the behavior of the whole system, even if you know exactly how each of the system components behave. On the other hand, customers expect increasingly high reliability of IT systems as their business is more and more dependent on the proper operation and interoperation of the IT systems. First we show how a network of interactions increases the complexity of the overall-system. Then we analyze the complexity management strategies of our system engineers and present generalized strategies based on examples of large customer projects. The examples demonstrate that a high maturity in managing complexity enables to provide IT solutions of ultra-high reliability even if they are complex solutions in the above defined sense.
Overview of cloud computing architectureeSAT Journals
Abstract
This Research paper explores cloud computing architecture, service delivery models, Security & Privacy Issues and Trust Challenges. Evaluates all three service delivery models Software-as-a-Service (Saas), Platform-as-a-Service (PaaS) and Infrastructure-as-a-service (IaaS) and their deployment, requirements and services they provide. In the next section Security & Privacy Issues has been discussed and focus is on potential reasons for them to cause. Also discusses the lack of common cloud security standards with constructive discussion on public cloud providers and on their proprietary security standards. Overview on Challenges with Trust between Cloud provider and cloud user and suggests solutions for inculcating trust among cloud provider and cloud user with the help of trusted thrid party. Solutions and recommendations are suggested to safeguard user Data in the cloud by implementing Data security measures such as use of Crypotography and Trusted platform module (TPM), Data integrity etc. This research paper also focuses on future scope of cloud computing and its evolution in the field of outsourcing and urges on the need of global security standards for mitigating security issues, privacy threats and Trust challenges for wide acceptance of cloud computing in organizations. Keywords: Cloud Computing Challenges, Service Delivery Models, Data Security, Security & Privacy Issues, Trust
Is ‘Enterprise Mobility’ The Way Forward For Enterprises? Part I: Findings an...IJERA Editor
Attracted by the benefits offered by mobility technologies directly relating to cost savings and improved productivity, enterprises are keen to adopt BYOD models; however, without proper feasibility studies and mobility policies in place, BYOD will not be able to generate the desired results. The commercialization of technology or BYOD is rapidly transforming the enterprise mobility landscape and changing the way that organizations conduct business. However, the adoption of this concept enables enterprises to devise stringent and precise mobility policies to avoid any security and privacy issues.
Consumer technology is invading the enterprise and IT must embrace it in order to encourage employee productivity and satisfaction. Info-Tech recommends that organizations allow personal mobile devices on their corporate networks. This research addresses the following:
•Understand differences in security and management between the three major platforms – BlackBerry, Apple iOS, and Google Android.
•Evaluate the organization's position on the mobile device security scale and determine if third-party infrastructure is necessary.
•Development and enforcement of a personal mobile acceptable use policy to encourage end-user compliance and foster success.
Embrace consumer technology in the enterprise, and focus on end-user compliance to leverage productivity and maximize the potential for success.
Virtualization infrastructure in financial services rully feranataRully Feranata
Over many years, the IT function in financial institutions has evolved from a mere transactional tool into
a pervasive, integral element of virtually every aspect of doing business. This transformation has
constituted a fundamental, structural change in the financial services arena and has put IT performance
at the top of the CEO’s agenda at most banks and insurance companies.
ADOPTION OF CLOUD COMPUTING IN HIGHER EDUCATION INSTITUTION IN NIGERIAijiert bestjournal
The study is to examine the adoption of cloud in th e higher educational institution in Nigeria. The nine variants were used to investigate the adop tion of cloud computing in order to make a decision by HEIs management in Nigeria to perceive the usefulness to adopt cloud as well as the benefit and significance on cloud computing. The ni ne factors were examined in this study there are:relative advantage,compatibility,complexity,trailibility,top management,firm size,amount of information,pressure coercive and qualit y of internet connection. This study was adopted innovation diffusion theory. Technological,organizational and environmental (TOE) to explain the adoption of cloud computing in HEIs in Nigeria. Quantitative method was used to collect data by distributing the questionnaire to 1 27 people from higher educational institutions in Nigeria. The finding in this study was used smar tPLS to analyze the date which seven variables were supported and the three were not sup port to explain the adoption of cloud computing in higher education in Nigeria. Keyword:cloud computing,Technological,organizati onal and environmental (TOE),innovation diffusion theory (IDT)
All organizations need a Disaster Recovery (DR) plan, but many are unsure what is appropriate or how to scope the organization’s needs. Operating with an insufficient DR plan leaves organizations vulnerable to negative business impacts in the event of a disaster. Organizations can save time and money by properly scoping their DR plan.
The process of examining your DR plan can be broken down into a series of steps:
* Determine the current DR capability which IT can provide
* Know what DR capabilities the business wants
* Align the business’ and IT’s DR priorities
Use this Storyboard to begin the process of building your organization’s ultimate DR plan.
Selection of a standard collaboration platform and toolset used to be easy: Microsoft or IBM Lotus. Now there are many competitors in this market, fueled by the rise of Web 2.0 collaboration paradigms, requiring organizations to know what the problem is they are trying to solve.
This storyboard will help you:
•Understand and identify collaboration opportunities that exist within your organization.
•Identify leading vendors and compare capabilities.
•Select the right solution to implement.
Organizations are embracing the need to support teams with enterprise collaboration solutions.
Enterprise Information Management | EIM | Ulrich Kampffmeyer | PROJECT CONSULT Unternehmensberatung GmbH | Contents: 1) EIM ~ All information must be treated equal | 2) EIM ~ A self-fulfilling prophecy | 3) EIM ~ Definition still in progress | 4) From ECM to EIM ~ A functional model | 5) EIM ~ A platform and an ecosystem | 6) What’s up with EIM? | Definition: "EIM Enterprise Information Management is the comprehensive management and utilization of all information of an enterprise irrespective of location, user, author, source, application, platform, use case, format, medium, and time.
To cover this scope EIM supports, uses and unifies functional components like Social Business, Enterprise Search, Business Process Management, Data Warehousing, Business Intelligence, Automated Classification, BigData, Knowledge Management, Cloud, Mobile and Information Lifecycle Management, which surround Enterprise Content Management as the core of EIM."
A strong communication capability between the business and IT ensures the alignment of business requirements with delivered IT functionality and value. Use this storyboard to understand common barriers to effective requirements management, tactical solutions to overcome these barriers, and how to achieve a high level of project success.
This storyboard will help you:
•Understand the common barriers to effective requirements management
•Learn how organizations have solved these challenges
•Implement your own tactical solutions to enable effective communication of business requirements for IT projects in your organization
•Achieve a high level of project success
Whether an organization develops its own applications or implements packaged solutions, the success of the project depends on the clear communication of business requirements in terms IT can understand and deliver.
Cloud Pricing is Broken - by Dr James Mitchell, curated by The Economist Inte...James Mitchell
Commodity trading of cloud services would benefit both buyers and sellers, but the industry’s current pricing models are standing in the way, writes Dr James Mitchell, CEO of Strategic Blue, a financial cloud broker.
Management of Complexity in System Design of Large IT SolutionsMichael Heiss
The capability to manage complexity is one of the key competencies of system engineers for large IT-solutions. We call a technical system "complex" (in contrast to "complicated") if it is impossible (due to the networked interaction of its components) to predict the behavior of the whole system, even if you know exactly how each of the system components behave. On the other hand, customers expect increasingly high reliability of IT systems as their business is more and more dependent on the proper operation and interoperation of the IT systems. First we show how a network of interactions increases the complexity of the overall-system. Then we analyze the complexity management strategies of our system engineers and present generalized strategies based on examples of large customer projects. The examples demonstrate that a high maturity in managing complexity enables to provide IT solutions of ultra-high reliability even if they are complex solutions in the above defined sense.
Overview of cloud computing architectureeSAT Journals
Abstract
This Research paper explores cloud computing architecture, service delivery models, Security & Privacy Issues and Trust Challenges. Evaluates all three service delivery models Software-as-a-Service (Saas), Platform-as-a-Service (PaaS) and Infrastructure-as-a-service (IaaS) and their deployment, requirements and services they provide. In the next section Security & Privacy Issues has been discussed and focus is on potential reasons for them to cause. Also discusses the lack of common cloud security standards with constructive discussion on public cloud providers and on their proprietary security standards. Overview on Challenges with Trust between Cloud provider and cloud user and suggests solutions for inculcating trust among cloud provider and cloud user with the help of trusted thrid party. Solutions and recommendations are suggested to safeguard user Data in the cloud by implementing Data security measures such as use of Crypotography and Trusted platform module (TPM), Data integrity etc. This research paper also focuses on future scope of cloud computing and its evolution in the field of outsourcing and urges on the need of global security standards for mitigating security issues, privacy threats and Trust challenges for wide acceptance of cloud computing in organizations. Keywords: Cloud Computing Challenges, Service Delivery Models, Data Security, Security & Privacy Issues, Trust
These slides document alternatives SaaS architecture I came up with, back in 2006, when facing my Security Officer push-back on a Salesforce deployments at Symantec.
I ran a successful presentation of these concepts to the Salesforce Core team.
~ These slides have been updated to adopt cloud computing vocabulary not in use at that time.
A PROPOSED MODEL FOR IMPROVING PERFORMANCE AND REDUCING COSTS OF IT THROUGH C...ijccsa
Information technologies are affecting the big business enterprises of todays from data processing and
transactions to achieve the goals efficiently and effectively, affecting creates new business opportunities
and towards new competitive advantage, service must be enough to match the recent trends of IT such as
cloud computing. Cloud computing technology has provided all IT services. Therefore, cloud computing
offers an alternative to adaptable with technology model current , creating reducing cost (Fixed costs and
ongoing), the proliferation of high speed Internet connections through Rent, not acquisitions, cheaper
powerful computing technology and effective performance. The public and private clouds are characterized
by flexibility, operational efficiency that reduces costs improve performance. Also cloud computing
generates business creativity and innovation resulted from collaborative ideas of users; presents cloud
infrastructure and services; paving new markets; offering security in public and private clouds; and
providing environmental impact regarding utilizing green energy technology. In this paper, the main
concentrate the cloud computing.
An Evolving Security Landscape – Security Patterns in the CloudAmazon Web Services
Availability of cloud computing is helping Financial Services organizations realize accelerated go-to-market speeds, global scalability, and cost efficiencies. This new world forces considerations for security programs – what is different in the cloud and what do I do differently? AWS Security Architects will share protocols that need to be considered in the cloud, on premises, or in a hybrid model. They will also share best practices, lessons learned, efficiencies, and design patterns and architectures unique to cloud.
RightScale 2016 State of the Cloud ReportRightScale
In January 2016, RightScale conducted its fifth annual State of the Cloud Survey of the latest cloud computing trends, with a focus on infrastructure-as-a-service. The survey results are presented in more than 60 charts along with summary analysis.
We encourage the re-use of data, charts, and text published here under the terms of this Creative Commons Attribution 4.0 International License. You are free to share and make commercial use of this work as long as you attribute the RightScale 2016 State of the Cloud Report as stipulated in the terms of the license.
7 Common Questions About a Cloud Management PlatformRightScale
You already know you need to deliver software more quickly. But what’s the best route to get that agility? Cloud, containers, and DevOps can all help, and a cloud management platform (CMP) pulls it all together. Get answers to the common questions about a CMP.
Amazon EC2 provides a broad selection of instance types to deliver high performance for a diverse mix of applications. In this session, we overview the drivers of system performance and discuss in depth how Amazon EC2 instances deliver system performance while also providing elasticity and complete control over your infrastructure. We also detail best practices and share performance tips for getting the most out of your Amazon EC2 instances.
Microservices Architecture Enables DevOps: Migration to a Cloud-Native Archit...Pooyan Jamshidi
A look at the searches related to the term “microservices” on Google Trends revealed that the top searches are now technology driven. This implies that the time of general search terms such as “What is microservices?” has now long passed. Not only are software vendors (for example, IBM and Microsoft) using microservices and DevOps practices, but also content providers (for example, Netflix and the BBC) have adopted and are using them.
I report on experiences and lessons learned during incremental migration and architectural refactoring of a commercial mobile back end as a service to microservices architecture. I explain how we adopted DevOps and how this facilitated a smooth migration towards Microservices architecture.
Cloud native applications are popular these days – applications that run in the cloud reliably und scale almost arbitrarily. They follow three key principles: they are built and composed as micro services. They are packaged and distributed in containers. The containers are executed dynamically in the cloud. Kubernetes is an open-source cluster manager for the automated deployment, scaling and management of cloud native applications. In this hands-on session we will introduce the core concepts of Kubernetes and then show how to build, package and operate a cloud native showcase application on top of Kubernetes step-by-step. Throughout this session we will be using an off-the-shelf MIDI controller to demonstrate and visualize the concepts and to remote control Kubernetes. This session has been presented at the ContainerCon Europe 2016 in Berlin. #qaware #cloudnativenerd #LinuxCon #ContainerCon
A cloud management platform (CMP) is fast becoming a de facto requirement for enterprises pursuing a multi-cloud or hybrid cloud strategy. But what should you be looking for in a CMP? Many companies make the mistake of taking a “boil the ocean” approach to a CMP evaluation. We’ll share best practices and discuss whether you need an RFP.
Beyond PaaS v.s IaaS: How to Manage BothRightScale
The lines between IaaS and PaaS are blurring. Cloud providers are offering dozens of individual IaaS+ services as an alternative to “all-in-one” PaaS options like OpenShift and Cloud Foundry. Container-as-a-service (CaaS) offerings based on Docker are also being used as a basis for PaaS offerings. In fact, many enterprises are using PaaS, IaaS, IaaS+, and CaaS side-by-side. We decode the various options and show how you can manage them all with a single pane of glass.
How to Manage VMware vSphere Like AWS and AzureRightScale
With the rapid growth in adoption in public cloud, developers have come to expect easy, fast provisioning and automated management of workloads. Enterprises are seeking to provide the same benefits on their existing VMware infrastructure, but vSphere alone doesn’t satisfy all of the requirements that users demand. We discuss how the RightScale Cloud Appliance for vSphere can make your VMware vSphere clusters provide many of the same benefits as AWS and Azure by enabling the automation and agility that developers need.
An Analysis of the Existing Frameworks in Cloud Computing Adoption and Introd...IJERA Editor
The coming up of cloud computing in recent years has evolved an interest from different organisations,
institutions and users to take advantage of web applications. This is a result of the new economic model for the
Information Technology (IT) department that cloud computing promises. The model promises a shift from an
organisation required to invest heavily for limited IT resources that are internally managed, to a model where
the organisation can buy or rent resources that are managed by a cloud provider, and pay per use. Cloud
computing also promises scalability of resources and on-demand availability of resources. Although, the
adoption of cloud computing promises various benefits to an organisation, a successful adoption of cloud
computing in an organisation requires an understanding of different dynamics and expertise in diverse domains.
Currently, there are inadequate guidelines for adopting cloud computing and building trust. This paper aims to
evaluating a shortlist of eleven frameworks for Cloud Computing and concludes that none of them addresses all
Cloud adoption challenges fully so that a new framework is required. Later we explain our proposal for the
framework discusses and topics related to the proposed framework.
Cloud computing has sweeping impact on the human productivity. Today it’s used for Computing, Storage, Predictions and Intelligent Decision Making, among others. Intelligent Decision-Making using Machine Learning has pushed for the Cloud Services to be even more fast, robust and accurate. Security remains one of the major concerns which affect the cloud computing growth however there exist various research challenges in cloud computing adoption such as lack of well managed service level agreement (SLA), frequent disconnections, resource scarcity, interoperability, privacy, and reliability. Tremendous amount of work still needs to be done to explore the security challenges arising due to widespread usage of cloud deployment using Containers. We also discuss Impact of Cloud Computing and Cloud Standards. Hence in this research paper, a detailed survey of cloud computing, concepts, architectural principles, key services, and implementation, design and deployment challenges of cloud computing are discussed in detail and important future research directions in the era of Machine Learning and Data Science have been identified.
Cloud computing technology security and trust challengesijsptm
A let of exclusive features such as high functionality and low cost have made cloud computing a valuable
technology. These remarkable features give users and companies, countless opportunities to reach their
goals spending minimum cost and time. Looking at the literature of this technology, it can be claimed that
the main concerns of the users of cloud are security issues especially trust. Unfortunately these concerns
have not been tackled yet. Therefore we decided to introduce a useful and functioned way to create more
trust among consumers to use this technology .In this paper we suggest the foundation of an international
certification institute for the service providing companies in order to increase trust and enhance likeliness
of using this new and valuable technology among people. Practicality of the technology will improve it and
will make its security better by providers.
Running head: SESSION HIJACKING & CLOUD COMPUTING 1
SESSION HIJACKING & CLOUD COMPUTING 20
Preventing Session Hijacking in Cloud Computing
Sasha Melanie
Personal Research Paper
20th October 2015
Abstract
The idea of Cloud processing is turning out to be a well-known concept every passing day particularly in the field of computing and information technology. It refers to both applications that are conveyed as administrations over the Internet and also as resources (software and hardware) in the data centres. With this kind of advancement, the cloud computing technology raises many security concerns. There are several vulnerabilities that come along with cloud computing that may be exploited by attackers through security threats such as session hijacking. This paper gives an overview of the cloud as well as session hijacking highlighting the key vulnerability areas that every organization need to put into consideration before any implementation of cloud computing. The paper gives the basis for further research that would help curb the challenge of session hijacking in cloud computing.
TABLE OF CONTENTS
Abstract 2
CHAPTER ONE 5
1.0 INTRODUCTION 5
1.1 Motivation for the study 6
1.2 Premises of the study 7
1.3 Problem Statement 7
1.4 Technical objectives of the study 7
CHAPTER TWO 9
2.0 RELATED WORK 9
2.1 Issues with Cloud Computing 9
2.2 ANALYSIS OF SESSION HIJACKING 9
2.2.1 Cookies: 10
2.2.2 TCP session capturing 10
2.3 PREVENTING SESSION HIJACKING 11
2.3.2 Information encryption programming 11
2.3.3 Virus Detection Applications 12
2.3.4 Digitized Signature 12
2.3.5 Computerized Authentication 13
2.3.6 Firewalls 14
2.3.7 Surf Anonymously 14
CHAPTER THREE 16
3.0 RESEARCH METHODOLOGY AND DESIGN 16
3.1 Introduction 16
3.2 Research Design 16
3.3 Data Collection Instruments 16
3.4 Methods of data Analysis and expected results 17
3.5 Time tables 17
3.6 Conclusion 18
REFERENCES 19
CHAPTER ONE1.0 INTRODUCTION
Enthusiasm towards Cloud processing arrangements is fast developing. Therefore, they have as of now been embraced in diverse situations, for example, person to person communication, business applications, and substance conveyance systems. Distributed computing is the start of a system based figuring over the web that is thought to be the component of two new registering models, the Client-Cloud processing, and the Terminal-Cloud figuring that would make entire eras of users and business (Mell & Grance, 2011). It is additionally the start of another Internet-based administration economy, for example, the Internet-driven, Web-based, on interest, Cloud applications and figuring economy. Bursztein et al., gives a more organized definition, who characterize a Cloud as a " parallel and disseminated framework comprising of an accumulation of interconnected and virtualized PCs that are progressively provisioned and exhibi.
Economist Intelligence Unit: Preparing for Next-Generation CloudHitachi Vantara
Preparing for next-generation cloud: Lessons learned and insights shared is an Economist Intelligence Unit (EIU) research programme, sponsored by Hitachi Data Systems. In this report, the EIU looks at companies’ experiences with cloud adoption and assesses whether the technology has lived up to expectations. Where the cloud has fallen short of expectations, we set out to understand why. In cases of seamless implementation, we gather best practices from firms using the cloud successfully.
Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...Zac Darcy
Cloud computing is an emerging model of service provision that has the advantage of minimizing costs
through sharing and storage of resources combined with a demand provisioning mechanism relying on
pay-per-use business model. Cloud computing features direct impact on information technology (IT)
budgeting but pose detrimental impacts on privacy and security mechanisms especially where sensitive
data is to be held offshore by third parties. Even though cloud computing environment promises new
benefits to organizations, it also presents its fair share of potential risks. It is considered as a double edge
sword considering the privacy and security standpoints. However, despite its potential to offer a low cost
security, customer organizations may increase the risks by storing their sensitive information in the cloud.
Therefore, this study focuses on privacy and security issues that pose a challenge in maintaining a level of
assurance that is sufficient enough to sustain confidence in potential users.
In this study, survey questions were sent to different non-profit and government organizations, which
assisted in collecting fundamental information. The data was acquired by conducting surveys in OpenStack
Company to identify the critical vulnerabilities in the cloud computing platform in order to provide the
recommended solutions.
So, analysis will be made on how the cloud’s characteristics such as the nature of the architecture,
attractiveness, as well as, vulnerability are tightly related to privacy and security issues. Privacy and
security are complex issues for which there is no standard and the relationship between them is necessarily
complicated. The study also highlight on the inherent challenge to data privacy because it typically results
in data to be presented in an encryption from the data owner. Thus, the study aimed at obtaining a common
goal to provide a comprehensive review of the existing security and privacy issues in cloud environments,
and identify and describe the most representative of the security and privacy attributes and present a
relationship among them.
Finally, in order to ensure that the standard measure of validity is achieved, validity test was conducted in
order to ensure that the study is free from errors. Various recommendations were provided. The study also
explored various areas that require future directions for each attribute, which comprise of multi-domain
policy integration and a secure service composition to design a comprehensive policy-based management
framework in the cloud environments.
Lastly, the recommendations will provide the potential for security and privacy approaches that can be
implemented to improve the cloud computing environment to ensure that a level of trust is achieved
SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...Zac Darcy
Cloud computing is an emerging model of service provision that has the advantage of minimizing costs
through sharing and storage of resources combined with a demand provisioning mechanism relying on
pay-per-use business model. Cloud computing features direct impact on information technology (IT)
budgeting but pose detrimental impacts on privacy and security mechanisms especially where sensitive
data is to be held offshore by third parties. Even though cloud computing environment promises new
benefits to organizations, it also presents its fair share of potential risks. It is considered as a double edge
sword considering the privacy and security standpoints. However, despite its potential to offer a low cost
security, customer organizations may increase the risks by storing their sensitive information in the cloud.
Therefore, this study focuses on privacy and security issues that pose a challenge in maintaining a level of
assurance that is sufficient enough to sustain confidence in potential users.
Cloud Computing Applications and Benefits for Small Businesses .docxclarebernice
Cloud Computing: Applications and Benefits for Small Businesses
Abstract
Cloud computing is one of the most talked about topics in the world of technology and entrepreneurship. Until now it has never been so easy for people, especially small business owner’s, to have the tools and resources readily available just one click away and at the fraction of the cost of the typical investment a few years back. Cloud computing offers cost-effective solutions at various levels that can be customize to meet the needs of anyone. Cloud computing can be thought of as a new found technology and this paper defines the concept of the cloud and provides a brief background of where most business are in regards to the use of this technology. This is then continued by describing the types of cloud currently available and potential use. The paper then presents a short but important section of cloud security issues and challenges. Finally, the paper discusses the benefits each of the different levels of cloud computing can provide small business.
Introduction
The use of cloud computing has grown exponentially in the last decade, according to Weins (2015) eight-four percent of enterprises that make use of such services in one way or another. Could computing by definition is internet-based computing, where by shared resources, software and information are provided to the end user as metered services much like a utility does(Bradley, 2014). For businesses in many cases could computing is use for IT solution purposes as it can provide IT-related capabilities as a service using internet technologies.
With the fast pace of today’s market businesses need to provide fast and reliable services to their customers in order to remain competitive. The concept of could computing is not something new as it uses existing technology and processes; however it can be consider new in sense that using these technologies has revolutionized the manner in which we host and cater services to customers. Startup companies and small businesses can take advantage of could computing to reduce spending on IT, be more adept to changes in the market, change scale and lower risk and cost.
Given the structural complexity of larger organization, Alijani (2014) states that it is essential for cloud computing to deliver rear value rather than serve as a platform for simple task. The need to deliver rear value is just as important for small businesses. For small businesses value is important but it’s their customer relationship and public image, flexibility and continuity. As such small business owners need to consider the benefits, drawback s and the effect of cloud computing on their organization before taking the decision to implement.
Types of cloud computing
There are three categories or levels cloud computing, this are: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
Infrastructure as a Service (I ...
Cloud Adoption in Capital Markets: A PerspectiveCognizant
For the financial services industry, the adoption of cloud services has become a viable business directive. As firms work to recoup their losses from the recent financial crisis, pay-as-you-go cloud services allow them to focus more on strategic, innovative and revenue-generating endeavors and less on managing routine IT activities and the supporting infrastructure.
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...IJERA Editor
Cloud computing, undoubtedly, is a path to expand the limits or add powerful capabilities on-demand with
almost no investment in new framework, training new staff, or authorizing new software. Though today
everyone is talking about cloud but, organizations are still in dilemma whether it’s safe to deploy their business
on cloud. The reason behind it; is nothing but Security. No cloud service provider provides 100% security
assurance to its customers and therefore, businesses are hesitant to accept cloud and the vast benefits that come
along with it. The absence of proper security controls delimits the benefits of cloud. In this paper, a review on
different cloud service models and a survey of the different security challenges and issues while providing
services in cloud is presented .The paper focuses on the security issues specific to service delivery model (SaaS,
IaaS and PaaS) of cloud environment. This paper also explores the various security solutions currently being
applied to protect cloud from various kinds of intruders.
MEASURING TECHNOLOGICAL, ORGANIZATIONAL AND ENVIRONMENTAL FACTORS INFLUENCING...csandit
The main objective of this research is to identify the factors influencing the intentions to adopt
the public computing by the private sector firms. In this research the researcher examined the
ten factors influencing the cloud computing adoption using a proposed integrated model which
incorporates aspects of the Technology, Organization and Environment factors such as
Complexity, Compatibility, Security Concerns, Trialability, Cost Saving, Top Management
Support, Prior IT Experience, Organizational Readiness, Competitive Pressure and External
Support. In order to test influencing factors a survey was conducted and one hundred and
twenty two valid responses were received from IT decision makers from forty firms in different
industries. The results revealed that the Compatibility, Cost Saving, Trialability and External
Support are the main influential factors in the adoption intentions of public cloud computing.
Future research could be built on this study by developing different model for each industry
because each industry has unique characteristics that can influence the adoption of the
technological innovations.
To prosper in this new environment insurance companies can look to the cloud, in conjunction with other technologies, to help drive reinvention of their business model to offer new services and create direct, multi-channel relationships with customers
There is currently a 30percent/ 70percent split between public and private cloud engagements; however, over the next two years, respondents see the use of data and information produced by cloud customers more than doubling, with a corresponding decrease in exclusive internal use.
Similar to Framework for Cloud Computing Adoption: A Roadmap for Smes to Cloud Migration (20)
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Framework for Cloud Computing Adoption: A Roadmap for Smes to Cloud Migration
1. International Journal on Cloud Computing: Services and Architecture (IJCCSA) Vol. 5, No. 5/6, December 2015
DOI : 10.5121/ijccsa.2015.5601 1
FRAMEWORK FOR CLOUD COMPUTING ADOPTION:
A ROADMAP FOR SMES TO CLOUD MIGRATION
Nabeel Khan and Adil Al-Yasiri
School of Computing Science and Engineering, University of Salford, Manchester,
United Kingdom
ABSTRACT
Small and Medium size Enterprises (SME) are considered as a backbone of many developing and
developed economies of the world; they are the driving force to any major economy across the globe.
Through Cloud Computing firms outsource their entire information technology (IT) process while
concentrating more on their core business. It allows businesses to cut down heavy cost incurred over IT
infrastructure without losing focus on customer needs. However, Cloud industry to an extent has struggled
to grow among SMEs due to the reluctance and concerns expressed by them. Throughout the course of this
study several interviews were conducted and the literature was reviewed to understand how cloud
providers offer services and what challenges SMEs are facing. The study identified issues like cloud
knowledge, interoperability, security and contractual concerns to be hindering SMEs adoption of cloud
services. From the interviews common practices followed by cloud vendors and what concerns SMEs have
were identified as a basis for a cloud framework which will bridge gaps between cloud vendors and SMEs.
A stepwise framework for cloud adoption is formulated which identifies and provides recommendation to
four most predominant challenges which are hurting cloud industry and taking SMEs away from cloud
computing, as well as guide SMEs aiding in successful cloud adoption. Moreover, this framework
streamlines the cloud adoption process for SMEs by removing ambiguity in regards to fundamentals
associated with their organisation and cloud adoption process.
KEYWORDS
Cloud Computing, Cloud migration, cloud adoption, SMEs, framework & guidelines.
1. INTRODUCTION
The scalability and extensibility of distributed software architectures have led to the concept
called Cloud Computing. Cloud computing is a technology used to deliver the hosted services
over the Internet. Through this technology, users don’t have to manage their own IT resources;
instead they purchase their IT needs as services over the internet [1, 2].
For SMEs cloud computing technology is an attempt which has allowed them to reduce the rates
spent on computing infrastructure. With more and more explorations of cloud technology, it has
faced new challenges that need to be resolved to improve the pace of cloud adoption among
SMEs.
With so much power of computation and data handling, there are numerous challenges that must
be addressed promptly. Some of these challenges are technical (Interoperability and data security)
and some are non-technical (Cloud knowledge and Cloud contracts); some of them are related to
computer science whilst others are beyond computing realm. One of the issues which is hurting
cloud adoption among SMEs are data security, privacy law and legal jurisdiction bound to certain
boundary of the globe [3].
2. International Journal on Cloud Computing: Services and Architecture (IJCCSA) ,Vol. 5,No. 5/6, December 2015
2
A major obstacle for SMEs in adopting cloud is how the software and hardware match and
interact with each other while running the business applications. From a customer point of view it
is an important factor to efficiently use the applications of cloud and mitigate any risks associated
with it. This issue is often named as interoperability among clouds and addressing this issue is
timely and necessary, and it’s the only way to avoid vendor lock-in situation. So for SMEs to
switch to cloud it is more important to know how to handle this issue as the market is dominated
by big cloud providers. The knowledge of this potential issue is necessary as in case of multi
provider scenario- SMEs can have plenty options to avail all the offered cloud services and at the
same time takes the full advantage of cloud computing concepts like elasticity and pay per use
model [4].
In order to start thinking of migrating organization to cloud adequate knowledge is a prime.
SMEs usually have limited knowledge about what cloud can do for their organization in a long
run and how it can enhance the productivity of its employees. Most SMEs IT professionals are
not fully trained in guiding their organizations to cloud [5].
Although, cloud computing has been really successful in attracting customers, it is still considered
as an emerging technology among the SMEs due to some challenges [6]. In order to find out these
challenges and propose a guideline to SMEs, this paper aims to showcase the challenges related
to cloud adoption by SMEs and propose a guideline to assist cloud transition from conventional
IT rooms.
SMEs are not aware of cloud contract terms which are negotiated quite often by the cloud
vendors. This issue is holding SMEs back to their conventional ways of doing business in the
market, as they have fear of losing business by getting trapped into inconclusive terms of cloud
contracts [7].
This paper explores possible solutions and elaborates on these issues. All these issues have
emerged as a viable threat to cloud industry. Moreover, a stepwise guide in the form a framework
has been proposed to aid cloud adoption process among SMEs.
The remainder of this paper is structured as follows. Section II describes the related work that has
been done in this area along with contribution made by this paper. Section III describes the
methodology and data analysis involved in making this research possible. Section IV states the
key challenges found during interviews. Section V presents the details of proposed framework for
cloud computing adoption. Finally, Section VI, VII and VII describe the further work to be
conducted in this field, the conclusion and references respectively.
2. RELATED WORK WITH CONTRIBUTION
Several studies have been conducted on cloud issues and what is really affecting cloud industry.
There are around more than 11 cloud frameworks in the market at present to deal with IT services
or architecture but none of them is designed for cloud adoption for any size of an organization
(this proposed cloud framework is only for SMEs in particular). Some of these frameworks are
Cloud Business Model Framework (CBMF) by [8], IBM Framework for Cloud Adoption [9],
Cloud Computing Business Framework [10] etc.
The cloud framework mentioned in this paper focuses on the readiness of the organization by
making them aware of all the risks and preparedness associated with cloud computing and by
proposing solutions to these. The contribution of this paper and eventually a cloud framework is
in cloud computing adoption among small organizations, as it not only raises issues inflicting
cloud computing but also provides remedy to avoid these issues to an extent.
3. International Journal on Cloud Computing: Services and Architecture (IJCCSA) ,Vol. 5,No. 5/6, December 2015
3
3. METHODOLOGY AND DATA ANALYSIS
The research methodology in figure 1 has been adopted for this research program. This four-step
guide (See Figure 5) is the vital part of the cloud preparation stage (CPS) of the proposed cloud
framework. The CPS focuses onto the preparation part of the enterprises, as it will help them to
understand the current situation of their business processes and guide them to progress in cloud
adoption. The main stages of the methodology are outlined underneath:
Figure 1. Research Methodology
1. Reviewing previous literature and relevant cloud computing issues: In this step, previous
relevant literature, surveys and studies have been reviewed to identify issues with cloud
adoption.
2. Identify and define the research problem: To do so, a qualitative research method has
been adopted as a primary approach and following this; a number of semi-structured
interviews were conducted with SMEs, cloud providers and developers to gather relevant
information.
3. Analyzing data collected from interviews: The collected data from the interview is then
analyzed by applying the content analysis approach.
4. Preparing a road map for SMEs: A structured guideline will then be designed in order to
mitigate the cloud adoption barriers among SMEs.
5. The fifth step of the research methodology concentrates on verification and validation of
the proposed framework and gathers a feedback from SMEs and Cloud Service Providers
(CSPs). For this, reflexivity workshops will be held.
6. The feedback from the workshop will then be used to modify the framework to rectify
and increase the efficiency of the framework.
7. Finally, the proposed framework will then be prepared for use by SMEs in cloud
adoption.
The information required for the current research on finding cloud barriers among SMEs, has
been collected by using primary research techniques and secondary research techniques.
Interviews were the main sources of finding the primary information; where the source of
secondary information gathering is based on the literature review method. A similar approach was
adopted by [11] in 2012 where she interviewed several IT experts to find out cloud computing
4. International Journal on Cloud Computing: Services and Architecture (IJCCSA) ,Vol. 5,No. 5/6, December 2015
4
risks and solutions for rationalizing and mitigating these risks. Also, similar research was
conducted by [12] in 2014 where he explored the factors influencing the adoption of cloud
computing and the challenges faced by the business and it is also supported by [13] as this
approach provides an in depth knowledge about the research problem. Initially, in the first round
of the interviews more than 60 SMEs were approached to know the issues that are keeping them
away from adopting cloud computing. The results of these interviews are summarized as shown
in figure 2. But during most of these interviews SMEs were perplexed over detailed knowledge of
cloud computing. But some of the SMEs had an idea about the vulnerability of their data in cloud
due to privacy and security issues with cloud computing. From the first round of the interviews, it
was quite clear that the lack of expert knowledge about cloud computing is one of the main
barrier for SMEs. Then a reversed approach was adopted and second round of interview surveys
were conducted with eight cloud vendors and four other cloud developers to get the vital
information on SMEs concerns over cloud adoption. And the sets of data collected after all these
interviews were worth analysing as it unfolded some viable threats to cloud computing among
SMEs.
Figure 2. Interview results.
The content analysis is an approach applied in order to analyze the collected data (see figure 3).
Firstly, the collected data was transcribed to avoid redundancy. It was then labelled according to
the major attributes of cloud computing which makes the next step easy where data was divided
into different themes. These themes were split into favorable attributes and non-favorable
attributes of cloud computing in regards to SMEs. From the non-favorable attributes, several
issues were identified which are hindering SMEs cloud adoption. These issues were then
segregated into technical and non-technical issues in order to get clear understanding behind these
constraints. Then a guideline to SMEs is proposed based on the findings from interviews,
government standards, previous surveys and literature review.
5. International Journal on Cloud Computing: Services and Architecture (IJCCSA) ,Vol. 5,No. 5/6, December 2015
5
Figure 3. Data analysis.
For Validation and Verification purpose, reflexivity workshop will be conducted and all the
previous participants (SMEs) will be invited to attend this workshop. During this workshop SMEs
will be sharing their concerns with CSPs and will go through these four steps and framework for
cloud adoption to validate how effective this framework is, in moving to clouds. Throughout this
workshop comments from SMEs and CSPs will be noted to know how this framework is vital
prior to any type of cloud adoption. During this workshop, the proposed framework will be
validated to know its efficiency in bridging gaps between cloud computing and small
organizations.
4. CHALLENGES FOUND DURING INTERVIEWS
Although, cloud computing has been successful in attracting customers, it is still considered as an
emerging technology among the SMEs due to some challenges. There are a number of barriers
hindering cloud computing adoption among SMEs. To identify and understand these, a pilot study
was conducted in the form of interviews with the IT managers of eight leading cloud vendors and
four cloud developers which have brought the following points into limelight:
• Lack of internal staff expertise hindering cloud computing in transforming SMEs:
Slow uptake of cloud computing was attributed to the fact that SMEs need to be educated
on the benefits and potential of cloud computing and correlating these benefits with their
current IT requirements. When asked about the services which cloud vendors often offer
to SMEs, all cloud vendors answered that they have to deal with an issue of SMEs being
perplex over services or solutions that cloud computing can offer them. This was also
inferred during the first round of interviews, as most SMEs were blank regarding cloud
computing concepts (See figure 2). When asked about the in house cloud training to
6. International Journal on Cloud Computing: Services and Architecture (IJCCSA) ,Vol. 5,No. 5/6, December 2015
6
overcome this issue; SMEs said there are no such things in their company and cloud
service providers (CSP’s) answered that for most organizations there is no adequate
training, no management and front end support for the cloud which according to CSP’s
are some serious issues to be addressed in cloud adoption [14, 15, 16].
• SMEs concern over data and its safety: The main concern for the SMEs is their data
and its security. A question was posed on “how do cloud vendors deal with data security
issues that SMEs have”, CSP’s replied, SMEs are over reluctant in giving full control of
their data to cloud vendors. SMEs often complain about where their data is stored and
what data jurisdictions protect it. When same question was asked to SMEs, 57 out 60,
responded that Data security and privacy is one of the main issues (see figure 2). What
happens in an advent of any security breach or snooping and how data will be recovered,
are some of the issues that’s hindering their cloud adoption.
• SMEs prohibits classified data to be placed on shared or outsourced infrastructure:
This issue also plays an important role in inhibiting cloud migration by SMEs. When
asked about time taken for data migration and its steps, most cloud developers and
vendors replied that during migration interoperability is one of the main barrier for SMEs
to cloud, as the problem arises when customers legacy applications, data and
infrastructure; application programming interface (API) is not compatible with the API of
the cloud services. Interoperability also emerges when a particular solution is provided on
multiple cloud models and platforms like a solution provided partially on IaaS service
mode and remaining on SaaS or on different deployment layers like public and private.
Interoperability also appears when different CSP’s are involved in giving solution to an
organization [4]
When the question about interoperability was asked to SMEs, quite a few of them were
able to answer this question as they had little or no idea regarding this issue. But when
explained about interoperability and how does it occur, more than half of them agreed to
it, as shown in figure 2.
• SMEs are perplexed over regulatory and service terms in cloud contracts: The fourth
most predominant problem found during the interviews is the cloud contract. When asked
about what SLA is on offer and how do cloud vendors deal with incompliance issues in
cloud contract, cloud vendors rated this as among the most viable challenges to cloud
computing. On the other hand, SMEs were perplexed due to complicated terms and
conditions of cloud contracts and lack of knowledge regarding cloud concepts. Also,
cloud vendors said we dictate terms while signing contracts as SMEs have little idea
about vital terms and conditions related to cloud contracting. The most common cited
terms found are liability, SLA's, security, liability, and privacy. [17].
The unawareness of these issues has blotted cloud computing among SMEs which needs
to be cleansed by taking some necessary steps.
5. FRAMEWORK FOR CLOUD COMPUTING ADOPTION
The challenges identified above affect cloud adoption among SMEs which need to be addressed
with adequate solutions and recommendations. All the above problems are directly related to a
bigger problem; which is the lack of framework for SMEs that directs the process of migration to
clouds. Eventually, a framework for SMEs could offer an answer to such problems in a
structured manner to expedite the cloud adoption among SMEs. This section provides the design
and explanation of the components of cloud framework. The framework in this research is the
7. International Journal on Cloud Computing: Services and Architecture (IJCCSA) ,Vol. 5,No. 5/6, December 2015
7
stepwise guide for the SMEs to follow their journey on cloud adoption. This framework is
divided in three stage migration process; cloud preparation stage, cloud requirement stage and
cloud migration stage as shown below in figure 4.
Figure 4. Framework for Cloud Computing Adoption.
The cloud computing process of migration requires a continuous process of improvement prior to
migration to ensure the efficiency of the system (or solution) and for this framework works in a
circular loop to provide firm and positive results. For this As-Is and To-Be business process is
adopted where Cloud Requirement stage (CRS) of the framework is To-be, Cloud Preparation
Stage (CPS) is As-is and Cloud Migration Stage (CMS) is transformation. As the CPS goes
further, the goal should be set to prepare the enterprise for cloud computing adoption and regular
modification needs to be made to refine the process of getting SME ready for cloud computing.
These refinements will be vital in deciding the efficiency and sustainability of the system. As the
process enters in a CMS stage, it is ready to be transformed as per the proposed solution provided
(or selected) to an enterprise.
5.1 CLOUD REQUIREMENT STAGE (CRS)
This stage elaborates regarding cloud computing services and deployment models that may be
required by SMEs depending upon their head count, turn over and nature of their businesses. All
the depictions in this stage are based upon market study and cloud vendor’s advice for SMEs.
Based on the understanding, consumers or users will be able to assess the solution that they would
need in order to meet their requirements.
SMEs with less than or equal to 10 employees and turnover of less than 2 million pounds (called
micro enterprise), would only go for either software as a service or Infrastructure as a service over
a public cloud model. Whereas SMEs with less than or equal to 50 employees and with turnover
of less than 10 million pounds, usually embraces IaaS as a standalone service deployed over
public cloud environment and in some cases they go for amalgamated services over hybrid cloud.
SMEs with head count less than or equal to 250 and turnover of less than 43 Million pounds,
8. International Journal on Cloud Computing: Services and Architecture (IJCCSA) ,Vol. 5,No. 5/6, December 2015
8
either go for only IaaS or PaaS on a private cloud or it may go for collection of services (SaaS,
IaaS, PaaS or mix) on mixed cloud environments.
5.2 CLOUD PREPARATION STAGE (CPS)
This is the second stage of the cloud migration process and it is called the cloud preparation stage
(CPS). It focuses onto the preparation part of the enterprises, as it will help them to understand
the current situation of their business processes and guide them to progress in cloud adoption.
5.2.1 Feasibility Study
This usually comprises of the process of finding whether migration to cloud computing is suitable
for an organisation, in both terms; financial and technical terms. This very first step in the
transition to cloud involves the study of the existing data, the analysis of existing applications
running in the organisation, the requirement analysis of the data for a desired output from the
system, and study on any constraints that may be faced pre and post cloud migration. It also
contains the detailed examination of the hardware available within the organisation in order to
perceive the additional costs incurred in terms of hardware for embracing cloud. It’s highly
recommended to use feasibility tools, like a maturity assessment tool, technical feasibility tool or
business feasibility tool [18]. These tools give an insight about the technical and business
feasibility of the organisation and helps in evaluating the effort and cost required in the process of
migration to the cloud.
5.2.2 Assessing Organisation Readiness
It’s important to know where an organisation stands in terms of preparedness to embrace the
cloud technology. The followings are four vital factors which covers the readiness of an
organisation: Governance, Risk Assessment, Standards and Data classification and
responsibilities.
5.2.2.1 Governance
This part of the organisational assessment is all about making wise (business oriented) decisions
when it comes to predicting performance and taking responsibilities among the organisation. It’s
basically, how well the policies and rules should be implemented to ensure the smoothness in the
operation of an organisation. Prior to migration organisations should ensure IT governance is
implemented. IT governance helps in enhancing performance, confidentiality, risk management,
strategies and resources. IT governance is made from members of business and IT division within
the company. Usually IT governance takes care of IT assets, ensuring approved running of all
hardware systems, process etc. as per the policies and procedures of the company. IT governance
looks after the maintenance and control of available assets, also, ensuring these assets contribute
in the organisations business strategy and goals. [19]
5.2.2.2 Risk Assessment
During interviews several technical and organisational risks were identified and they are
categorised depending upon their effects on the organisation. Also, these risks have been
formulated from the previous researches made on cloud computing risks.
Table 1. Representation of risk assessment table.
1.Probability 2.Impact 3.Vulnerability 4.Affected assets 5.Risk inference
9. International Journal on Cloud Computing: Services and Architecture (IJCCSA) ,Vol. 5,No. 5/6, December 2015
9
1. The level of probability and effects of these risks are calculated based upon the expert
reviews of cloud developers and previous researches (see table 1). Levels used in risk
assessment are Often, Rare and Not Applicable (N/A).
2. The level of impact on small business has been determined in assistance of cloud experts
(see table 1). Levels used in risk assessment are Severe, Medium and Low.
3. Vulnerabilities have been identified using interviews with cloud developers and it
basically describes about the reason which may lead to these risks (see table 1).
4. Affected assets have been mostly found from the previous researches and cloud
developers guidance has also been taken. This column shows effect of risks on assets (see
table 1).
5. Risk inference is the overall conclusion of the research made on risk with level of risks as
high, medium and low respectively. The level of underlying risks has been identified on
the basis of incident occurrences in the past (see table 1).
Depending on area of impact the possible risks have been categorized as follows:
5.2.2.2.1 Policy And Organizational Risks
Risk# 1 Loss of governance: The loss of governance may impact the organization in terms of
security, compliance, data availability, integrity, confidentiality, poor performance and service.
According to study conducted by [20], this risk can be minimized mainly through adopting
certain measure within the organization such as: Clear roles and responsibilities, appropriate SLA
clauses, Adequate use of technology and solutions provided and avoiding ambiguity over terms of
use.
Risk#2Compliance: Moving to cloud computing needs certain type of compliances and these
compliances can be used to either advertise it as a brand feature, meet regulatory requirement or
industry standard. The investment incurred in getting these compliances is hefty and can be at
risk if cloud service provider (CSP) has no such compliance evidence according to their
requirements. SMEs must ensure the availability of these compliances prior to moving to cloud.
5.2.2.2.2 TECHNICAL RISKS
Risk#3 Insider Abuse of Privilege risk: This risk may disrupt all kinds of services, may have an
adverse on data confidentiality, availability and integrity, and may blot overall organization’s
reputation and customer’s trust. SMEs must ensure the availability of intrusion detection and
incident response controller at the cloud service provider’s end with clear roles and
responsibilities. [20]
Risk#4 Data leakage while uploading or downloading data risk: In Cloud computing, data is
always on the move either within or between the clouds or between available infrastructures at
clients place. Data in the cloud is always transferred among multiple distributed images and these
images are distributed across multiple machines of customers’, between cloud infrastructures and
remote web clients etc. SMEs must ensure that this hosting from data centers is done using a
secure Virtual Private Network (VPN) connection.
Risk#5 Distributed denial of service (DDoS), Economic denial of service (EDoS) and data
deletion risks: DDoS occurs where an attacker attacks customer’s metered resources using public
channel. EDoS when cloud resources are used to disable economic drivers of using cloud
infrastructure services. In identity theft, an attacker may use customer data, account or resources
for personal gains or to spoil customer’s image. SME’s must ensure that CSP is using Distributed
10. International Journal on Cloud Computing: Services and Architecture (IJCCSA) ,Vol. 5,No. 5/6, December 2015
10
cloud intrusion detection model, confident based filtering, virtual machine monitoring, EDoS-
shield etc. mechanisms to prevent these attacks from happening while offering services.
5.2.2.2.3 LEGAL RISKS
Risk#6 Court Summons and E-discovery risk: Client’s data is at risk in the event of hardware
confiscation by law agencies or civil bodies, in this case other non-associated identities are at risk
of being revealed to unwanted people. SMEs must ensure to avoid this risk with an appropriate
clause in the cloud contract as this results in disclosure of other client’s data too.
Risk#7 Change of Jurisdiction and data protection Risk: Multiple locations (or jurisdictions) may
be used to store customer’s data, if location of the data center is in a country where law and order
framework is unstable and with no adequate data protection laws to protect the customer’s data,
where international agreements are mistreated and sites where data centers can be raided
enforcing data disclosure. In these cases SMEs must ensure CSPs data centers are in UK &
Europe or countries in which there are separate cloud computing laws already in practice. On the
basis of jurisdiction, any incompliance to data protection laws may result in civil, administrative
and criminal sanctions for both, data controller and cloud provider, as their duties are different
when it comes to data processing and handling. The best practice is to always seek for cloud
providers who provide certifications on their data processing and data security activities like
SAS70 (Statement on Auditing Standards No. 70) certification provider.
Risk#8 Risk associated with licensing in cloud: Licensing is also one of the big risk which affects
overall structure in cloud computing, per seat agreements, number of instances per use and online
licensing check are some of the licensing conditions which may become ineffective in cloud
environment. SME’s must ensure that CSP offers adequate licensing schemes pertaining to
number of users.
5.2.2.3 STANDARDS
In a process of embracing cloud technology SME should either ask a provider for standards or
implement certain standards within. Some of these standards are not obligatory to be
implemented by every SME, as it varies from size and nature of the business that they are in.
However it’s good to have best practices in place while going for a new technology. These
standards have been divided into security and confidentiality.
5.2.2.3.1SECURITY
1. ISO/IEC27001: This standard enables organizations to secure their information assets.
2.CSA’s Cloud Controls Matrix (CCM) and Consensus assessments initiative questionnaire
(CAIQ): CAIQ helps in overcoming the leading concern about lack of transparency regarding
data protection and risk management practices of cloud providers while implementing a solution.
CCM is a step forward or an implementation of a CAIQ, as this contains the requirements and
controls that a company wants from their cloud provider. In this a customer can easily go back
and forth to prepare a set of requirement and control guidelines for the cloud vendor.
5.2.2.3.2CONFIDENTIALITY
1.Transport Layer Security (TLS): Internet Engineering Task Force (IETF) is an open group for
all users, developers and engineers which ensures the smooth running of the internet and they
created protocol TLS. TLS is a protocol which ensures the communications done on computer
network are secure and safe.
11. International Journal on Cloud Computing: Services and Architecture (IJCCSA) ,Vol. 5,No. 5/6, December 2015
11
2.OASIS Key Management Interoperability Protocol (KMIP): It’s basically a protocol through
which cryptographic keys are manipulated by defining a certain message format, on a key
management server. Cryptography is used to retain the confidentiality of a data, by coding and
decoding the messages using keys which are known to sender and recipient of the message.
3.Media Sanitization (SP- 800-88): This standardization talks about how different sorts of media
is sanitized before disposal and reuse. [21]
5.2.2.4 DATA CLASSIFICATION AND RESPONSIBILITIES
Data classification is all about segregating data and tagging it, which enables enterprises and
cloud providers find the data quickly and efficiently. The types of terminologies used in the
classification of data are; confidential, secret, top secret, for internal use only and private
depending upon the nature of the data. The owner of the data has to be clear about the sensitivity
of the data and its content. Before the data migration, it is the responsibility of an organization to
classify their data, and the cloud provider should give a written commitment to an enterprise on
how they maintain the privacy and security of their data in their cloud.
5.2.3 IDENTIFY STAKE HOLDER NEEDS
There are two major stakeholders in cloud computing, which are providers and consumers (or
Users). In stakeholder perspective, the cloud providers are a group of stakeholders who perform
maintenance, deliver services and upgrade the system to ensure the trouble free and secure
running of the solution provided.
From the enterprise perspective, stakeholder needs are mostly comprised of their user’s needs
which encompasses in business productivity. The decision makers of a cloud program should use
especially designed stakeholder needs platforms and questionnaires to identify users need.
5.2.4 FOUR STEPS TO CLOUD
There are number of barriers hindering cloud computing adoption among SMEs. To identify and
understand these, a pilot study was conducted in the form of interviews which are mentioned
below in figure 5 (Also, discussed in section 4).
Figure 5. Four steps to get ready for cloud.
The challenges identified above affect cloud adoption among SMEs which needs to be addressed
with adequate solutions and recommendations which are as follows:
12. International Journal on Cloud Computing: Services and Architecture (IJCCSA) ,Vol. 5,No. 5/6, December 2015
12
1. Gain cloud knowledge and seminate it within the organization for successful cloud
execution: SMEs should invest to have dedicated budget for cloud training courses for the
employees. A set pre requisite for prospective employees to have cloud knowledge and
formal request to educational institutes to introduce cloud computing courses. SMEs
should market their success stories and contract pre & post cloud migration to encourage
cloud adoption among other SMEs.[22]
2. Know what you want and dictate your cloud contract: SMEs should be well equipped in
cloud computing concepts and seek a cloud provider who is more open and transparent
towards appropriate standards and certifications which could be accepted by legislators
and regulators. SMEs should also let insurers get involved while signing a contract, as
insurers may be better able to assess the risks. [17]
3. Care before you share, to avoid interoperability issues among the systems: One of the
most formidable and reliable solutions to resist interoperability issue within cloud or on
premises is MuleSoft. SMEs must ensure that CSP has; Open Cloud Computing Interface,
Webs Service Agreement Specification, Cloud Infrastructure Management Interface,
Open Virtualization Format and Cloud Data Management Interface; standardizations
prior to cloud migration to narrow the extent of interoperability issues among cloud
services and legacy systems. [23, 24, 25, 26]
4. Know who sees your data and where it’s stored: SMEs must ensure that any data
migrated to cloud should have an approach which must incorporates encryption, key
management, strong access control and security intelligence for the sake of protection of
data and providing sufficient level of security. SMEs must know where there data is
being hosted at all times as data in cloud is mobile at all times and they should also
ensure that data location is in UK or EU. Also, they can ask for devices to track the
location of the data at all times. SMEs may also ask cloud vendors to host their data on
elastic data warehouses which provide high performance, elasticity and multi tenancy.
[27]
5.3 CLOUD MIGRATION STAGE (CMS)
The stage describes about the migration of SME to cloud computing and going live
process.
5.3.1 CLOUD SERVICE PROVIDER AND CLOUD CONTRACT:
This section of CMS phase basically portrays attributes to look for in a Cloud service provider
after internal preparation is done by SME. These attributes are: assure that CSP is transparent in
pricing when it comes to subscriptions, pay as you go models, upgrades, maintenance, exit cost
and any other liabilities, look for CSP who is good in scalability and flexibility in clouds and
prefer CSP who has all the good security practices in place in order to provide services to their
customers. For cloud contract please refer to four steps to cloud.
5.3.2 MIGRATION TESTING AND DEPLOYMENT:
After the study and evaluation all the agreed applications or databases, it will now be migrated
slowly and then tested. Prior to going live, it is essential that system is tested on regular bases
with production data already migrated. Ensure parallel operation approach is adopted in order to
avoid any unforeseen events which may lead to system error.
13. International Journal on Cloud Computing: Services and Architecture (IJCCSA) ,Vol. 5,No. 5/6, December 2015
13
5.3.2 MONITORING AND MAINTENANCE:
The importance of this stage can be realised as most issues erupts only after, when system goes
live and CSP is in control of everything. The data or application over the cloud needs to be
monitored for its availability, performance and security. There are various monitoring tools
provided by the CSP, as these tools also helps in monitoring the compliance of SLA’s and
maintain the contract as per the agreement signed between customer and CSP.
6. FURTHER WORK
The next stage of the research is to validate and verify the proposed framework and for this
purpose all the previous participants will again be invited to attend the reflexivity workshop
where they will be explained about this framework to know the validity and effectiveness of this
framework. SMEs and CSPs will be in a discussion regarding how helpful this framework can be
in aiding cloud adoption among SMEs. Moreover, the purpose of this workshop is to know about
the pre & post migration issues that SMEs face when they approach to CSPs, the collected data
here will be useful in modifying a cloud framework for SMEs.
7. CONCLUSION
The usage of cloud computing is slow among SMEs, as SMEs require services more in the area of
offering infrastructure and software as a service. A number of issues were discussed above, which
have a great impact on cloud adoption among small and medium size enterprises. The study and
analysis of these issues have led to proposition of framework for cloud computing adoption,
which give the understanding and a roadmap to SMEs on how to approach cloud vendors or
specifically how to adopt cloud computing and minimize potential barriers. Such a framework
will ease up cloud migration by assessing organization’s readiness for the cloud through
parameters like governance, risks involved, standards, data classification and responsibilities.
Also, it will enable organizations to identify stakeholder needs, select right CSP and sign a
favourable cloud contract, which will help SMEs in a smooth transition to cloud.
We believe that this framework will encourage and accelerate the adoption of cloud computing
among such enterprises.
8. FUTURE RESEARCH
We believe that research in the field of framework for cloud computing migration would benefit
substantially if this framework is implemented in a real time environment where enterprises use
this framework as an aid to their cloud migration process and provide feedback with case study.
This could provide practical examples on framework implementation in real time and its
effectiveness.
REFERENCES
[1] P. Malecot, P. Kondo and G. Fedak (2006), “Xtremlab: A system for characterizing internet desktop
grids (abstract)”.In Proceedings of the 6th IEEE Symposium on High-Performance Distributed
Computing, 2006.
[2] I.Georgios, S.Smithson, and T.Lybereas (2001), “Trends in information technology in small
businesses”, Idea Group Publishing, UK, ISBN 9781930708044, 2001.
[3] C. Tsai, U. Lin 2011, “Information Security of Cloud Computing for Enterprises”, Advances on
Information Sciences and Service Sciences. Volume 3, Number 1, 2011.
14. International Journal on Cloud Computing: Services and Architecture (IJCCSA) ,Vol. 5,No. 5/6, December 2015
14
[4] Ernst&Young (2011). “cloud computing issues and impacts”. Available: http://assets-
production.govstore.service.gov.uk/Giii%20Attachments/ERNST%20&%20YOUNG%20LLP/Bids/
Cloud%20computing%20issues%20and%20impacts.pdf, 2011.
[5] R. Buyya, J. Broberg and A. Goscinski, M. (2011), “Cloud computing: Principles and paradigms”,
John Wiley & Sons, 2011.
[6] G. Babin, K. Stanoevska-Slabeva and P. Kropf (2011) , “E-Technologies: Transformation in a
Connected World”, 5th International Conference, MCETECH 2011, Revised Selected Papers
Springer, Les Diablerets, Switzerland, pp 23-26, January 2011.
[7] T. Metsch, A.Edmonds, R.Nyren, and A.Papaspyrou, “Open Cloud Computing Interface - Core” vol.
GFD.183, http://occi-wg.org/, June 2011.
[8] C. Weinhardt, A. Anandasivam, B. Blau, N. Borissov, T. Meinl, W. Michalk, J. Stober (2009),
“Cloud Computing – A Classification, Business Models, and Research Directions”, Journal of
Business and Information Systems Engineering.
[9] IBM (2010), “Defining a framework for cloud adoption, technical paper”, IBM Global Technology
Services: Through Leadership white paper.
[10] V. Chang,, R. J.Walters, and G. Will, (2013 a), “The development that leads to the Cloud Computing
Business Framework”, International Journal of Information Management, 33 (3), June 2013 (Chang et
al., 2013 a).
[11] M. A. Himmel (2012), "Qualitative Analysis of Cloud Computing Risks and Framework for the
Rationalization and Mitigation of Cloud Risks" (January 1, 2012). ETD Collection for Pace
University. PaperAAI3520142. [Online].Available:
http://digitalcommons.pace.edu/dissertations/AAI352014
[12] S.Nedev (2014), "Exploring The Factors Influencing The Adoption of Cloud Computing And the
Challenges Faced by the Business ", 2014, Sheffield Hallam university. [Online].Available:
http://research.shu.ac.uk/aces/enquiry/index.php/enquiry/article/view/48
[13] Walliman.N (2013). “Your Undergraduate Dissertation: The Essential Guide for Success”. 2nd
Edition ed., London, 2012, SAGE PUBLICATION
[14 ]A. Farmer (2013), “SMEs see cost benefits of cloud but still lack knowledge”, Available:
https://yougov.co.uk/news/2013/09/20/smes-see-cost-benefits-cloud-still-lack-knowledge/
[15] Ezer.O.Y and Kofi.A.E (2014), “Factors influencing the adoption of cloud computing by Small and
medium Enterprises in Developing economies”, International Journal of Emerging Science and
Engineering (IJESE)ISSN: 2319–6378, Volume-2, Issue-4, February 2014. Available:
http://www.ijese.org/attachments/File/v2i4/D0649022414.pdf
[16] S. Crosby, R. Doyle, M. Gering, M. Gionfriddo, S. Grarup, S. Hand,M. Hapner, D. Hiltgen, and et.al
(2010), “Open Virtualization Format Specification”, vol. DSP0243 1.1.0,
http://dmtf.org/standards/ovf, January 2010.
[17] T. Zhang (2012), “Instrumentation, Measurement, Circuits and Systems”, 2012, Springer.
[18] J. Alonso, L. Orue-Echevarria, M. Escalante, J. Gorronogoitia, & D. Presenza.( 2013), “Cloud
modernization assessment framework: Analyzing the impact of a potential migration to cloud. In
Maintenance and Evolution of Service-Oriented and Cloud-Based Systems (MESOCA)”, 2013 IEEE
7th International Symposium on cloud based systems, pages 64,73, Sept 2013.
[19] Hurwitz, J., Kaufman, M., Bloor, R. & Halper, F.(2009), “Understanding IT Governance in Cloud
Computing”, Cloud Computing for dummies, , 310 pages, November 2009.
[20 ]ENISA. (2009). “Benefits, Risks and Recommendations For Information Security”. November, 2009.
[21] NIST. (2006). “Guidelines For Media Sanitization: Recommendation of the National Institute of
Standards and Technology”. 2006. Available at: NIST.gov Publications.
[22] M. Finnegan (2013), “UK Business concerned over lack of graduate cloud skills”, March 20, 2013,
[Online].Available: http://dellkv.computerworlduk.com/news/cloud-computing/3435963/uk-
businesses-concerned-over-lack-of-graduate-cloud-skills/
[23] Mulesoft (2014). “MuleSoft provides the most widely used integration platform for connecting SaaS
and enterprise applications in the cloud and on-premises”,[Online].[Accessed 24 october 2014].
Available: http://www.mulesoft.com/about
[24] D. Davis and G. Pilz (2014) , “Cloud Infrastructure Management Interface (CIMI) Model and REST
Interface over HTTP”, vol. DSP-0263,November2014, http://dmtf.org/standards/cloud
[25] A. Sill (2014), “OpenGridForum: Core & Models And infrastructure”, http://www.ogf.org/,
November 2014.
15. International Journal on Cloud Computing: Services and Architecture (IJCCSA) ,Vol. 5,No. 5/6, December 2015
15
[26] Seyal, A., Rahim, M. and Rahman, M. (2000), “An Empirical Investigation of Use of Information
technology Among Small and medium Business Organizations: Bruneian Scenario”, The Electronic
Journal on Information Systems in Developing Countries, EJISDC 2, 7, 1-17.
[27] D. Tumulak (2012), “Data Security in the cloud: Protecting business-Critical information in public,
private and hybrid cloud environments”,2012.Available:
http://www.vormetric.com/sites/default/files/wp-data-security-in-the-cloud.pd
AUTHORS
I (Nabeel Khan) graduated from the Birla Institute of technologies and Sciences, Pilani in
2010 with a BSc in Computer Science, and completed my MSc in Business Computing
from Birmingham City University in 2012. Currently I am pursuing my PhD in Cloud
Computing from University of Salford, Manchester and expected completion is by 2016.
I (Dr Adil Al-Yasiri) graduated from the University of Technology (Baghdad) in 1984 with
a BSc in Systems and Control Engineering, and completed my MSc in Instrumentation and
Control Engineering from the same university in 1988. I worked as a Instrumentation
engineer before completing a PhD on Domain Oriented Object Reuse using Generic
Software Architectures in 1997 from Liverpool John Moores University (UK). After
completing my PhD I lectured at universities in the UK and the Middle East, and became a head of
Computer Science at UAE University (Al-Ain).Between 2000 and 2003, I worked on number of projects
around the world advising clients (nationally and internationally) on various aspects of the software
development process. In December, 2003 I joined the University of Salford as a lecturer in computer
network systems and became senior lecturer in 2009. I am currently the programme leader for the MSc
software engineering course.