Migration Goals and Risk Management in Cloud Computing: A Review of State of the Art and Survey Results on Practitioners

Migration Goals and Risk Management in Cloud Computing: A Review of State of the Art and Survey Results on Practitioners

Shareeful Islam (School of Architecture, Computing and Engineering, University of East London, London, UK), Stefan Fenz (SBA Research gGmbH, Vienna, Austria), Edgar Weippl (SBA Research gGmbH, Vienna, Austria) and Christos Kalloniatis (Cultural Informatics Laboratory, University of the Aegean, Mitilini, Greece)
Copyright: © 2016 |Pages: 30
DOI: 10.4018/IJSSE.2016070103
OnDemand PDF Download:


Organizations are now seriously considering adopting cloud into the existing business context, but migrating data, application and services into cloud doesn't come without substantial risks. These risks are the significant barriers for the wider cloud adoption. There are works that consolidate the existing work on cloud migration and technology. However, there is no secondary study that consolidates the state of the art research and existing practice on risk management in cloud computing. It makes difficult to understand the risks management trend, maturity, and research gaps. This paper investigates the state of the art research and practices relating to risk management in cloud computing and discusses survey results on migration goals and risks. The survey participants are practitioners from both public and private organizations of two different locations, i.e., UK and Malaysia. The authors identify and classify the relevant literature and systematically compare the existing works and survey results. The results show that most of the existing works do not consider the existing organization and business context for the risk assessment. The authors' study results also reveal that risk management in cloud computing research and practice is still not in a mature stage but gradually advancing. Finally, they propose a risk assessment approach and determine the relative importance of the migration goals from two real migration use cases.
Article Preview

1. Introduction

Cloud computing provides several benefits to the organization particularly in the recent economic downtime. The adoption of cloud computing has speed up in the last few years and small to large companies rush to migrate into cloud by using virtual machine through internet for their data and applications. But, there are substantial challenges due to the unique cloud computing characteristics and users’ dependencies on the Cloud Service Provider (CSP) to support the business (Mouratidis et al., 2013; Kalloniatis et al., 2014; Gruschka and Iacono, 2009; Ristenpart et al., 2009; Pearson, 2009). These downsides are not well understood and pose risks that could obstruct the benefits of wider cloud adoption. Therefore, it is necessary to understand the risks associated for cloud adoption based on an organizational context and control these risks accordingly.

Recently, cloud migration and security issues associated in cloud have gained a lot of attention by both the research and industry communities. There are studies that consolidate the research in the area of cloud migration, security, and cloud technologies (Jamshidi et al., 2013; Ardagna, 2015; Rong et al., 2013; Sriram and Khajeh-Hosseini, 2010) and survey results for identifying mainly benefits and risks in cloud (ENISA Survey, 2009; Microsoft Survey, 2012; Hitachi, 2014). But, there is no study that consolidates risks and risks management approaches in cloud computing. It makes difficult to assess the maturity of the domain, effectiveness of risk management practice and future directions. The novelty of the presented work is threefold. Firstly, it contributes to review the state of the art works towards the risk management in cloud. We follow systematic literature review along with social commentary to review both academic papers and industry practices relating to the cloud computing risks. The papers are selected by looking at the coverage, timeliness and quality of the context. Secondly, it performs a survey with the experience practitioners from UK and Malaysia to identify the goals and risks in cloud migration. We follow Delphi survey method and select practitioners from both public and private sector organization for the survey purpose. We identify the research trends, gaps and future directions based on the analysis of state of the art review and survey results. Finally, we propose a risk assessment method to quantify the risk based on their influenced on the prioritized migration goals. We consider six main migration goals for this purpose, i.e., business value, organization function, confidentiality, integrity, availability, and transparency based on the review results and determine the relative importance of these goals using Analytic Hierarch Process (AHP). The prioritized goals are then used to assess the risks using a semi-quantitative approach to determine the net risk level. The reason for considering the migration goals for risk assessment is that risk is defined as a negation of a migration goal. Organizations that intend to migrate their data or application into the cloud have certain goals or objectives that they want to achieve with the migration decision, and risks certainly obstruct these goals. We consider two real migration use cases to determine the relative importance of the goals and compare the results.

Complete Article List

Search this Journal:
Open Access Articles: Forthcoming
Volume 8: 4 Issues (2017): 1 Released, 3 Forthcoming
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing