Online from: 1993
Subject Area: Accounting and Finance
Options: To add Favourites and Table of Contents Alerts please take a Emerald profile
|Title:||Let me in the cloud: analysis of the benefit and risk assessment of cloud platform|
|Author(s):||Azeem Aleem, (Institute of Criminal Justice Studies, University of Portsmouth, Portsmouth, UK), Christopher Ryan Sprott, (Eastern Caribbean Central Bank, Bird Rock, West Indies)|
|Citation:||Azeem Aleem, Christopher Ryan Sprott, (2013) "Let me in the cloud: analysis of the benefit and risk assessment of cloud platform", Journal of Financial Crime, Vol. 20 Iss: 1, pp.6 - 24|
|Keywords:||Cloud, Cloud computing, Computing, Cyber crime, Data security, Disruptive technology, Information technology, Internet|
|Article type:||Research paper|
|DOI:||10.1108/13590791311287337 (Permanent URL)|
|Publisher:||Emerald Group Publishing Limited|
|Acknowledgements:||The authors are grateful to the following organisations and partners who proactively contributed towards the survey exercise: Centre for Counter Fraud Group: www.port.ac.uk/departments/academic/icjs/centreforcounterfraudstudies/. The Security Institute IT Security Group: www.security-institute.org/ and the Information Security Awareness Forum: www.theisaf.org/kzscripts/default.asp?|
Purpose – The purpose of this paper is to critically examine the vulnerabilities of the cloud platform affecting businesses trading on the internet. It aims to examine the appropriateness of the cloud computing, its benefits to the industry and helps to identify security concerns for businesses that plan to deploy one of the cloud platforms. It helps to identify areas where businesses should focus before choosing an appropriate Cloud Service Provider (CSP).
Design/methodology/approach – This paper presents the findings of an original research survey (200 IT professionals working both in the public and private sectors) undertaken to examine their privacy, and data security concerns associated with the cloud platform. Views of those who have yet to deploy cloud were analysed to detect the patterns of common security issues. Cyber fraud and trust concerns of the organisations are addressed and deployment of the secured cloud environment is outlined.
Findings – The survey analysis highlighted that the top concerns for organisations on cloud were security (93.8 per cent), governance (61.1 per cent) and a lack of control over service availability (56.6 per cent). The survey highlighted that the majority of IT professionals were not aware that some CSPs currently control the decryption keys that enable them to decrypt their client's data. This should be considered as a major security concern and it is one of the factors that should be looked into while vetting the service level agreement (SLA). Data loss and leakage (73.5 per cent) were voted as the top threat to cloud computing by respondents; this was followed by account, service and traffic hijacking (60.8 per cent). The paper examines various types of cloud threats companies have encountered.
Research limitations/implications – The vast majority of the data are drawn from IT professionals with businesses mainly in the UK and the USA.
Practical implications – The paper advocates a proactive and holistic cloud-cyber security prevention typology to prevent e-crime, with guidance of what features to look for when choosing an appropriate cloud service provider.
Originality/value – This is the first analysis done that includes IT auditors, physical security personnel as well as IT professionals. The paper is of value to companies considering adoption or implementation of a cloud platform. It helps to assess the cloud by evaluating a detailed comparison of benefits and risk associated with the platform.
Existing customers: login
to access this document
To purchase this item please login or register.
Complete and print this form to request this document from your librarian