Article Preview
TopIntroduction
The COVID-19 pandemic (Wu et al., 2020) becomes a force accelerator in business and society because of the dramatic remote work shift. However, this flexible ways of working also increases data security risks stemming from the remote workers. Many companies are challenging how they manage these growing risks without impeding agility in their business.
Enterprises (Reza et al., 2017; Ramchand et al., 2021) began to adopt cloud computing in their business, such as application portfolio profiling and assessment. Cloud giants, such as Amazon, Google and Microsoft, provide comprehensive resources including business applications, services, and even infrastructure in the cloud. As a result, many companies has adopted diverse cloud services in their businesses.
Cloud computing (Vouk, 2008; Kim, 2009; Parrilli, 2010) has emerged as a new enterprise business platform because of its scalability and lower operating costs. It becomes one of the major advances in the history of computing (Marston, 2011) after the client-server computing architecture. It promises to deliver all the functionality of services and storage, but still it can reduce the upfront computing costs (Staten, 2009). With the advancement of cloud computing (Vouk, 2008; NIST, 2009; Kim, 2009; Parrilli, 2010), many companies has adopted diverse cloud services in their businesses. Cloud computing is one of the major advances in the history of computing (Marston, 2011) as the next generation paradigm in computing after the client-server computing architecture. It promises to deliver all the functionality of existing information technology services including infrastructure, platform, application, and storage, but still it can reduce the upfront computing costs (Staten, 2009).
At the same time, security and privacy issues (Morsy et al., 2010; Mahmood, 2011; Subashini and Kavitha, 2011; Rao, 2012) has emerged in the cloud. Maniah et al (2019) surveyed several types of threats in the cloud services. They identified those threats using the five steps in the category of both users and service providers in cloud computing. In the wake of the rapid cloud adoption, it is more important to manage the cloud data security and privacy risks for protecting a firm’s business assets. So, adapting a risk management framework and using its approaches are gaining more importance.
The main purpose of this paper is to understand risk management and attempt to apply its approaches in the cloud. The paper is organized as follows. Next section briefly overview current cloud computing. In the Third Section, we discuss risk management including concept and process. We then introduce three risk management approaches and attempt to apply them to the cloud. Finally, we discuss managerial implication and the limitation of this study as concluding remarks.