Abstract
Cloud computing plays a very important role in the development of business and competitive edge for many organisations including SMEs (Small and Medium Enterprises). Every cloud user continues to expect maximum service, and a critical aspect to this is cloud security which is one among other specific challenges hindering adoption of the cloud technologies. The absence of appropriate, standardised and self-assessing security frameworks of the cloud world for SMEs becomes an endless problem in developing countries and can expose the cloud computing model to major security risks which threaten its potential success within the country. This research presents a security framework for assessing security in the cloud environment based on the Goal Question Metrics methodology. The developed framework produces a security index that describes the security level accomplished by an evaluated cloud computing environment thereby providing the first line of defence. This research has concluded with an eight-step framework that could be employed by SMEs to assess the information security in the cloud. The most important feature of the developed security framework is to devise a mechanism through which SMEs can have a path of improvement along with understanding of the current security level and defining desired state in terms of security metric value.
Highlights
Cloud computing is a means of data storage whereby the data is stored and accessed over the network, mostly through the internet
The absence of appropriate, standardised and self-assessing security frameworks of the cloud world for SMEs becomes an endless problem in developing countries and can expose the cloud computing model to major security risks which threaten its potential success within the country
The identification of priority levels assigned to Subcategories has been performed according to two specific criteria: 1) Ability to reduce cyber risk, by working on one or more key factors for the identification, that is, exposure to threats, intended as the set of factors that increase or diminish the threat probability; Occurrence Probability, that is the frequency of the possible event of a threat over the time; impact on business operations and company assets, intended as the amount of damage resulting from the threat occurrence; 2) Ease of sub metric implementation, considering the technical and organisational maturity usually required to put in place specific countermeasures
Summary
In the Kenyan market, an SME is defined by researchers as a company that has a yearly turnover of between KES 70 million and 1 billion and is not listed in the stock exchange [1]. Small enterprises have between $5000 to $50,000 annual turnovers and employ 10 - 49 people. A recent National Economic Survey report by the Central Bank of Kenya [2] shows that, SMEs constitute 98 percent of all businesses in Kenya and create 30 percent of the jobs annually as well as contribute 3 percent of the GDP. Despite their immense contribution to the economy, Kenya’s SMEs are faced with numerous challenges and one of the main challenges has been information technology related costs [3]. The shared infrastructure means cloud computing works like a utility, where SMEs only pay for what they need, upgrades are automatic and scaling up or down is easy [5]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
