Assessing and Mitigating the Security Concerns, Threats and Associated Risks with Cloud Adoption

Abstract

Cloud Computing Security is part of the foreseeable evolution of Information Technology (IT) which any organisation intending to attain or sustain competitiveness must need to embrace in order to play in the evolving digital economy. Evidently, companies who tackle cloud computing responsibly need not entertain fears of security concerns, threats and associated risks on the path to the cloud. This research paper unveils that the concerns of handling security, privacy or forensic in the cloud virtualised environment are not as much a nightmare as compared to addressing them in-house. In an environment where information systems security and privacy has become paramount concern to enterprise customers, the risk of unauthorized access to information in the cloud poses a significant concern to cloud stakeholders. In a bid to mitigate the inevitable threats concerns of the associated stakeholders, this research prescribes the deployment of a cloud computing threat model, relevant to all other computing environments. Further, the research undertook and accessed a survey which was designed to identify and rank the various security, privacy, and forensic issues plaguing fears to the full adoption and deployment of this new computing paradigm. The survey was geared at the Nigeria marketplace among practicing IT professionals and organisations. Consequently, the drive to underpin this new direction and computing paradigm was advocated where the research highlights and ranks some of the operational concerns for cloud users in Nigeria, and further suggests measures to raise the level of awareness and engagement around those concerns within the constituencies of various consumers of the services. However, the research further argues that proper implementation of security, privacy, and forensic measures should not just be seen as the cloud providers’ sole concern, but the responsibilities of all consumers of the services. Thus, the paper prescribes techniques which could help cloud users maintain control of their data at rest or in transit within the cloud networks rather than outsource control to external vendors as usual.