Article Preview
Top1. Introduction
Cloud computing provides several benefits to the organization particularly in the recent economic downtime. The adoption of cloud computing has speed up in the last few years and small to large companies rush to migrate into cloud by using virtual machine through internet for their data and applications. But, there are substantial challenges due to the unique cloud computing characteristics and users’ dependencies on the Cloud Service Provider (CSP) to support the business (Mouratidis et al., 2013; Kalloniatis et al., 2014; Gruschka and Iacono, 2009; Ristenpart et al., 2009; Pearson, 2009). These downsides are not well understood and pose risks that could obstruct the benefits of wider cloud adoption. Therefore, it is necessary to understand the risks associated for cloud adoption based on an organizational context and control these risks accordingly.
Recently, cloud migration and security issues associated in cloud have gained a lot of attention by both the research and industry communities. There are studies that consolidate the research in the area of cloud migration, security, and cloud technologies (Jamshidi et al., 2013; Ardagna, 2015; Rong et al., 2013; Sriram and Khajeh-Hosseini, 2010) and survey results for identifying mainly benefits and risks in cloud (ENISA Survey, 2009; Microsoft Survey, 2012; Hitachi, 2014). But, there is no study that consolidates risks and risks management approaches in cloud computing. It makes difficult to assess the maturity of the domain, effectiveness of risk management practice and future directions. The novelty of the presented work is threefold. Firstly, it contributes to review the state of the art works towards the risk management in cloud. We follow systematic literature review along with social commentary to review both academic papers and industry practices relating to the cloud computing risks. The papers are selected by looking at the coverage, timeliness and quality of the context. Secondly, it performs a survey with the experience practitioners from UK and Malaysia to identify the goals and risks in cloud migration. We follow Delphi survey method and select practitioners from both public and private sector organization for the survey purpose. We identify the research trends, gaps and future directions based on the analysis of state of the art review and survey results. Finally, we propose a risk assessment method to quantify the risk based on their influenced on the prioritized migration goals. We consider six main migration goals for this purpose, i.e., business value, organization function, confidentiality, integrity, availability, and transparency based on the review results and determine the relative importance of these goals using Analytic Hierarch Process (AHP). The prioritized goals are then used to assess the risks using a semi-quantitative approach to determine the net risk level. The reason for considering the migration goals for risk assessment is that risk is defined as a negation of a migration goal. Organizations that intend to migrate their data or application into the cloud have certain goals or objectives that they want to achieve with the migration decision, and risks certainly obstruct these goals. We consider two real migration use cases to determine the relative importance of the goals and compare the results.