Cloud Adoption in Enterprises: Security Issues and Strategies

Introduction

With the recent advancements in cloud computing, cloud services are being offered by numerous small, medium and large companies from the information technology (IT) sector. This has raised much interest among researchers and consumers from information systems (IS) adoption viewpoint. Recent cloud developments and marketing drive have triggered eagerness on the part of organizations to move their operations into the cloud platform. Similar to energy and water utilities, cloud computing is aimed to provide on-demand computing services with cost-savings through 'pay-as-you-go' pricing models that are flexible and scalable based on an organization’s IT service requirements that keep dynamically changing from time to time. However, there are many security and privacy risks associated with the multi-faceted dimensions of cloud computing that require clear understanding and business strategic planning before jumping into the cloud.

The recently escalating concerns related to privacy, security, as well as control and governance of the cloud have demanded the need for establishing convincing guidelines to address the current cloud computing risks. These concerns seem to slow down the cloud adoption as compared to the market projections of a high expected growth. There is lack of comprehensive strategic framework or specific guidelines that could serve all its key players in having an integrated understanding of their security requirements for cloud adoption in enterprises. While there is growing maturity in terms of cloud computing capabilities and service provider offerings, there is comparatively less work studying the complexities and risks of the cloud that impede on its adoption. Hence, the main aim of this chapter is to explore the various facets of cloud computing dimensions and propose a security and migration framework with business strategic guidelines for the key players, namely, cloud service providers, cloud architects and consumers. We provide a comprehensive set of step-wise guidelines along with the key cloud players' roles and responsibilities in providing a security and migration framework that would benefit cloud adoption in enterprises.

This chapter gives emphasis to the risks and benefits that form two sides of a coin of cloud computing and provides the reader with deep insights into the main types of cloud services along with a security and migration framework that serves as a business strategy for successful cloud implementations. While the chapter does not serve to be a complete reference for security implementations in the cloud, the main objective here is to identify the security and privacy risks involved in cloud service levels and the need for a security and migration framework for a strategic cloud adoption in enterprises.