A Framework for the Development of Risk-Based Guidelines for Cloud Service Subscribers

Authors

  • Noraida Haji Ali Faculty of Ocean Engineering Technology and Informatics, Universiti Malaysia Terengganu, 21030 Terengganu, Malaysia
  • Masita Jalil Faculty of Ocean Engineering Technology and Informatics, Universiti Malaysia Terengganu, 21030 Terengganu, Malaysia
  • Ahmad Dahari Jarno CyberSecurity Malaysia, 63000 Cyberjaya, Malaysia
  • Norahana Salimin Bank Muamalat, Malaysia Berhad, 50100 Kuala Lumpur, Malaysia
  • Mohammed Alamiah Faculty of Information Technology, Aqaba University of Technology, Aqaba 11947, Jordan

DOI:

https://doi.org/10.37934/araset.48.2.136147

Keywords:

Cloud Service Subscriber, risk-based guideline, cloud security, public cloud services

Abstract

Cloud computing provides services for Cloud Service Subscriber (CSS) to allow flexible IT solutions to be deployed without the need to procure physical IT infrastructures such as servers, storage, and processing components. Such benefits particularly in terms of cost savings coupled with the need to embrace digitization and a remote workforce have contributed to a surge in cloud service adoption. However, the increase in users and cloud computing service providers’ statistics comes with higher rates of security incidents and cyber-attacks targeting cloud computing infrastructure. Therefore, adequate security controls are essential to ensure the confidentiality, integrity, and availability of customer data can be controlled and protected. This paper presents a framework for developing a risk-based guideline for Cloud Service Subscribers (CSS). This framework aims to formalize a generic set of guidelines on cloud security measures and controls for easy reference by CSS. The framework is based on the analysis of existing cloud security literature and existing ISO/IEC, including other best practices and related activities that have been carried out to generate guidelines for cloud security. The outcome is a cloud security guideline modelled into three (3) main stages and seven (7) activities that detail the set of actions. The framework is focused on an IT security perspective covering pre-subscription, during-subscription, and post-subscription of the cloud services. The framework may also serve as the guidelines for organizations or agencies to develop similar guidelines for different service perspectives or different cloud models.

Downloads

Download data is not yet available.

Author Biographies

Noraida Haji Ali, Faculty of Ocean Engineering Technology and Informatics, Universiti Malaysia Terengganu, 21030 Terengganu, Malaysia

aida@umt.edu.my

Masita Jalil, Faculty of Ocean Engineering Technology and Informatics, Universiti Malaysia Terengganu, 21030 Terengganu, Malaysia

masita@umt.edu.my

Ahmad Dahari Jarno, CyberSecurity Malaysia, 63000 Cyberjaya, Malaysia

dahari@cybersecurity.my

Norahana Salimin, Bank Muamalat, Malaysia Berhad, 50100 Kuala Lumpur, Malaysia

norahana@muamalat.com.my

Published

2024-07-18

Issue

Section

Articles