Abstract
Despite the attractive benefits of cloud-based business processes, security issues, cloud attacks, and privacy are some of the challenges that prevent many organizations from using this technology. This review seeks to know the level of integration of security risk management process at each phase of the Business Process Life Cycle (BPLC) for securing cloud-based business processes; usage of an existing risk analysis technique as the basis of risk assessment model, usage of security risk standard, and the classification of cloud security risks in a cloud-based business process. In light of these objectives, this study presented an exhaustive review of the current state-of-the-art methodology for managing cloud-based business process security risk. Eleven electronic databases (ACM, IEEE, Science Direct, Google Scholar, Springer, Wiley, Taylor and Francis, IEEE cloud computing Conference, ICSE conference, COMPSAC conference, ICCSA conference, Computer Standards and Interfaces Journal) were used for the selected publications. A total of 1243 articles were found. After using the selection criteria, 93 articles were selected, while 17 articles were found eligible for in-depth evaluation. For the results of the business process lifecycle evaluation, 17% of the approaches integrated security risk management into one of the phases of the business process, while others did not. For the influence of the results of the domain assessment of risk management, three key indicators (domain applicability, use of existing risk management techniques, and integration of risk standards) were used to substantiate our findings. The evaluation result of domain applicability showed that 53% of the approaches had been testing run in real-time, thereby making these works reusable. The result of the usage of existing risk analysis showed that 52.9% of the authors implemented their work using existing risk analysis techniques while 29.4% of the authors partially integrated security risk standards into their work. Based on these findings and results, security risk management, the usage of existing security risk management techniques, and security risk standards should be integrated with business process phases to protect against security issues in cloud services.
Highlights
Business Process Management (BPM) is a described as a field that merges knowledge from information technology and management sciences to the usefulness of business processes [1]
53% of the evaluated works were tested in real time and the works were validated
Work was based on the comparison between the Common Vulnerability Scoring System (CVSS) and the Common Weakness Risk Assessment Framework (CWRAF) for risk analysis
Summary
Business Process Management (BPM) is a described as a field that merges knowledge from information technology and management sciences to the usefulness of business processes [1]. It is used in the formal presentation of business processes (BPs) for analysis and advancement purposes [2,3]. The most effective means of achieving BPM’s purpose is to use cloud computing (CC) facilities for business processes. This is because of the resource-based availability of the cloud computing. Suppose that the company is not itself an information service provider for outside consumers, the services are provided to meet their needs; the quality triangle is presented in terms of effectiveness, service price, and the risks involved in the process of sourcing information for services
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
