Towards smooth organisational adoption of cloud computing – a customer-provider security adaptation

Abstract

Cloud computing is daily becoming more and more accepted as a promising computing paradigm. For some years now, cloud computing has been in common use for such applications as Google apps (email, documents, etc), MSN Messenger (instant messaging), Skype (voice communications), and Flickr (image sharing). The idea of offering cloud computing facilities as a public utility began as early as the 1960s with John McCarthy. 1–4 Organisations and universities offered distributed computing starting in the late 1970s through dial-up access. 5 Grid computing was introduced in the early 1990s with the idea of providing access to shared computing power similar to the way electricity is shared through the electric power grid. In addition, open source platforms were first introduced by Eucalyptus, OpenNebula, and Nimbus for deploying private and hybrid clouds. 6–8 Although cloud computing has been available for some time, there is still some organisational resistance to its adoption, not least because of security concerns. Bilal Charif, of Lulea University of Technology, Sweden and Ali Ismail Awad of Lulea University and Al Azhar University, Egypt show that a number of organisations have no internal security responsibilities, nor do they have proper information security policies such as business and disaster recovery plans, all of which makes cloud adoption difficult. In contrast, cloud computing offers recovery plans for small and medium-sized organisations that will often otherwise not be implemented.