Abstract
Many companies are adapting cloud computing technology because moving to the cloud has an array of benefits. During decision-making, having processed for adopting cloud computing, the importance of risk management is progressively recognized. However, traditional risk management methods cannot be applied directly to cloud computing when data are transmitted and processed by external providers. When they are directly applied, risk management processes can fail by ignoring the distributed nature of cloud computing and leaving numerous risks unidentified. In order to fix this backdrop, this paper introduces a new risk management method, Enterprise Risk Management for Operationally Critical Threat, Asset, and Vulnerability Evaluation (ERMOCTAVE), which combines Enterprise Risk Management and Operationally Critical Threat, Asset, and Vulnerability Evaluation for mitigating risks that can arise with cloud computing. ERMOCTAVE is composed of two risk management methods by combining each component with another processes for comprehensive perception of risks. In order to explain ERMOCTAVE in detail, a case study scenario is presented where an Internet seller migrates some modules to Microsoft Azure cloud. The functionality comparison with ENISA and Microsoft cloud risk assessment shows that ERMOCTAVE has additional features, such as key objectives and strategies, critical assets, and risk measurement criteria.
Highlights
Cloud computing is a technology that uses virtualized resources to deliver IT services through the Internet
As an example of ERMOCTAVE application, we suggest a case study scenario of an Internet seller who migrates a part of their web system to a cloud system, Microsoft Azure
Since cloud computing is a popular IT technology with uncertainly, we suggest a combination of OCTAVE and Enterprise Risk Management (ERM) with supplements like mitigation plan step
Summary
Cloud computing is a technology that uses virtualized resources to deliver IT services through the Internet. It can be defined as a model that allows network access to a pool of computing resources such as servers, applications, storage, and services, which can be quickly offered by service providers [1]. One of properties of the cloud is its distributed nature [2]. Data in the cloud environments had become gradually distributed, moving from a centralized model to a distributed model. That distributed nature causes cloud computing actors to face problems like loss of data control, difficulties to demonstrate compliance, and additional legal risks as data migration from one legal jurisdiction to another. An example is Salesforce.com, which suffered a huge outage, locking more than 900,000 subscribers out of important resources needed for business transactions with customers [3]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
