ISSN 2320 - 2602 Volume 5 No.11, November 2016 Martin ShikukuInternational Gwara et al., International Journal Advances in Computer Science and Technology, 5(11), November 2016, 151- 159 Journal ofofAdvances in Computer Science and Technology
Available Online at http://www.warse.org/IJACST/static/pdf/file/ijacst015112016.pdf
A Framework for Assessing Cloud Computing Security for Cloud Adoption in Microfinance Banks Martin Shikuku Gwara1, George Okeyo2, Michael Kimwele3 School of Computing and Information Technology, Jomo Kenyatta University of Agriculture and Technology, Kenya martingwara@gmail.com 2 School of Computing and Information Technology, Jomo Kenyatta University of Agriculture and Technology, Kenya gokeyo@icsit.jkuat.ac.ke 3 School of Computing and Information Technology, Jomo Kenyatta University of Agriculture and Technology, Kenya mkimwele@jkuat.ac.ke 1
ABSTRACT
vendor lock in [15], loss of governance [3], malicious insider and data location [15], data recovery [9], account, service and traffic hijacking , virtualization, legal issues [3], cloud service termination or failure [2], [6], data loss [12], [15], physical interruption, data segregation and auditing issues [6], data breach [12], resource exhaustion [11], software vulnerabilities, personnel security issues, responsibility ambiguity, data privacy issues, intellectual property issues, unsafe network architecture, network attacks and application security issues [4], [6].
Cloud computing is an important element of success to microfinance banks. While significant progress has taken place in the adoption of cloud services, there still remains security challenges which have to be addressed immediately. Many microfinance banks adopt cloud computing without considering what security measures has been offered by the cloud service providers, their level of security readiness for cloud adoption which always leads to weak implementation and or total failure. Therefore, this paper aims to develop a framework for assessing cloud computing security for cloud adoption in microfinance banks that covers all the aspects relating to the security of cloud computing which are to be necessarily examined by microfinance banks intending to use cloud solutions prior to entering into a contract with a cloud service provider. In particular, this framework ensures the development of a clear, consistent and simplified criteria to be used in assessing cloud security and in the onset define the risks/ challenges to be considered, the security controls, measurement metrics and provide an iterative process for assessing cloud security and or improvement by addition of new security controls/ measures. In addition, this paper discusses the security challenges, requirements and barriers in the cloudification of microfinance bank business. This paper will assist microfinance banks in resolving the problems confronting the cloud security for cloud adoption.
Microfinance banks do not always understand all the cloud security challenges and how the cloud service provider (CSP) have dealt with this challenges which leads to half hazard contracting that leaves the microfinance banks at a great disadvantage. In dealing with these issues, this paper is organized into five sections. The rest of this paper is organized as follows. Section 2 presents related work. Section 3 describes the framework development. Section 4 presents the framework validation. Finally, Section 5 is the conclusion and future work directions. 2. RELATED WORK According to [5], as data moves to the cloud, companies will need to enforce the same security, compliance, and governance policies that they do for data stored on premises. It is for this reason that organizations are going flat out to find a safe simple way to secure the cloud through cloud security frameworks.
Keywords: Cloud security challenges, security requirements, cloud security framework, microfinance banks. 1. INTRODUCTION Security involves confidentiality, privacy, integrity and availability which aid the development of secure systems. There is so much concern about security within cloud computing environment. Literature has revealed that security is the biggest management issue with cloud computing [6]. Some of the security challenges include 1
Reference [13] stated that the Cloud security alliance group provided actionable best practices for businesses to transition to cloud services while mitigating the risk involved in doing so which has critical areas of focus in cloud computing being divided into fourteen domains.
Martin Shikuku Gwara 151