Search results

This paper aims to provide guidance on cloud computing assurance from an IT governance point of view. The board and executive management are tasked with ensuring proper governance of organizations, which should in the end contribute to a sense of assurance. Assurance is understood to be a part of corporate governance which provides stakeholders with confidence in a subject matter by evaluating evidence about that subject matter. Evidence will include proof that proper controls and structures are in place, that risks are managed and that compliance with internal and external requirements is demonstrated with regard to the subject matter. Decisions regarding the use of cloud computing in organizations bring these responsibilities to the fore.

The design of this paper is based on an extensive review of literature, predominantly best practices and standards, from the fields covering IT governance, cloud computing and assurance.

The results from this paper can be used to formulate cloud computing assurance evidence statements, as part of IT governance mandates.

This paper aims to add value by highlighting the responsibility of managers to ensure assurance when exploiting opportunities presented through IT advances, such as cloud computing; serving to inform management about the advances that have and are being made in the field of cloud computing guidelines; and motivating that these guidelines be used for assurance on behalf of organizations adopting and using cloud computing.

In recent times, high demand for cloud-based services has led to substantial focus in extant literature from technological and business perspectives. However, the prevailing market imperfections have not drawn much interest. This study aims to emphasize on potential sources of market imperfections from new institutional economics (NIE) perspective and attempts to bring forth the importance of public policy in cloud computing ecosystem.

This study takes a review-based deductive approach to present a set of propositions which highlight potential causes leading to suboptimal performance of cloud-based services.

Lack of clarity around ownership and property rights, high asset specificity, existence of information asymmetry and bounded rationality of the provider and consumer, lead to higher transaction cost for providers and consumers, discouraging participation. This would lead to moral hazard and adverse selection and create market imperfections. Appropriate contractual guidelines, standards, legal framework and policy measures will reduce the risk of such imperfections.

As the focus of the study is to forward the propositions and not to empirically test them, future researchers can adopt data-driven studies to validate those propositions.

To ensure equity in the cloud-market, government and industry bodies should work towards enabling both the small and large players to use cloud-based services efficiently and effectively. Appropriate public policy measures can help remove potential market imperfections, encourage better participation and adoption of cloud-based services.

This study identifies potential market imperfections in cloud computing ecosystem through the lens of the theoretical frameworks of NIE.

The purpose of this paper is to critically examine the vulnerabilities of the cloud platform affecting businesses trading on the internet. It aims to examine the appropriateness of the cloud computing, its benefits to the industry and helps to identify security concerns for businesses that plan to deploy one of the cloud platforms. It helps to identify areas where businesses should focus before choosing an appropriate Cloud Service Provider (CSP).

This paper presents the findings of an original research survey (200 IT professionals working both in the public and private sectors) undertaken to examine their privacy, and data security concerns associated with the cloud platform. Views of those who have yet to deploy cloud were analysed to detect the patterns of common security issues. Cyber fraud and trust concerns of the organisations are addressed and deployment of the secured cloud environment is outlined.

The survey analysis highlighted that the top concerns for organisations on cloud were security (93.8 per cent), governance (61.1 per cent) and a lack of control over service availability (56.6 per cent). The survey highlighted that the majority of IT professionals were not aware that some CSPs currently control the decryption keys that enable them to decrypt their client's data. This should be considered as a major security concern and it is one of the factors that should be looked into while vetting the service level agreement (SLA). Data loss and leakage (73.5 per cent) were voted as the top threat to cloud computing by respondents; this was followed by account, service and traffic hijacking (60.8 per cent). The paper examines various types of cloud threats companies have encountered.

The vast majority of the data are drawn from IT professionals with businesses mainly in the UK and the USA.

The paper advocates a proactive and holistic cloud‐cyber security prevention typology to prevent e‐crime, with guidance of what features to look for when choosing an appropriate cloud service provider.

This is the first analysis done that includes IT auditors, physical security personnel as well as IT professionals. The paper is of value to companies considering adoption or implementation of a cloud platform. It helps to assess the cloud by evaluating a detailed comparison of benefits and risk associated with the platform.

The security of archival privacy data in the cloud has become the main obstacle to the application of cloud computing in archives management. To this end, aiming at XML archives, this paper aims to present a privacy protection approach that can ensure the security of privacy data in the untrusted cloud, without compromising the system availability.

The basic idea of the approach is as follows. First, the privacy data before being submitted to the cloud should be strictly encrypted on a trusted client to ensure the security. Then, to query the encrypted data efficiently, the approach constructs some key feature data for the encrypted data, so that each XML query defined on the privacy data can be executed correctly in the cloud.

Finally, both theoretical analysis and experimental evaluation demonstrate the overall performance of the approach in terms of security, efficiency and accuracy.

This paper presents a valuable study attempting to protect privacy for the management of XML archives in a cloud environment, so it has a positive significance to promote the application of cloud computing in a digital archive system.

A growing body of research has identified time pressure as a key driver of cybersecurity (CS) risks and vulnerabilities. To strengthen CS, organizations use CS documents (e.g. best practices, guidelines and policies) intended to strengthen CS. The purpose of this paper is to provide an overview of how specifically time pressure is addressed by CS documents.

The authors conducted a systematic search for CS documents followed by a content analysis of the identified documents. First, the authors carried out a systematic Web search and identified 92 formal and informal CS documents (e.g. security policies, procedures, guidelines, manuals and best practices). Second, they systematically analyzed the resulting documents (n = 92), using a structured approach of data familiarization and low-/high-level coding for the identification and interpretation of themes. Based on this analysis, the authors formulated a conceptual framework that captures the sources and effects of time pressure along the themes of industry, operations and users.

The authors developed a conceptual framework that outlines the role of time pressure for the CS industry, threats and operations. This provides a shared frame of reference for researchers and practitioners to understand the antecedents and consequences of time pressure in the organizational CS context.

While the analyzed documents acknowledge time pressure as an important factor for CS, the documents provide limited information on how to respond to these concerns. Future research could, hence, consult with CS experts and policymakers to inform the development of effective guidelines and policies on how to address time pressure in the identified areas. A dedicated analysis within each area will allow to investigate the corresponding aspects of time pressure in-depth along with a consideration for targeted guidelines and policies. Last, note that a differentiation between CS document types (e.g. formal vs informal and global vs regional) was beyond the scope of this paper and may be investigated by future work.

This study makes three main contributions to the CS literature. First, this study broadens the understanding of the role of time pressure in CS to consider the organizational perspective along the themes of industry, threats and operations. Second, this study provides the first comprehensive assessment of how organizations address time pressure through CS documents, and how this compares to existing research in academic literature. Third, by developing a conceptual framework, this study provides a shared frame of reference for researchers and practitioners to further develop CS documents that consider time pressure’s role in secure behavior.

On account of its easy and intuitive usage as well as obvious advantages (e.g. access to work data from anywhere, at any time and through any means) the evolutionary cloud computing paradigm favors the use of shadow IT. Since many employees are not aware of the associated risks and possible legal violations, unauthorized use of cloud computing services could result in substantial risk exposure for any company. The purpose of this paper is to explore and to extend the body of knowledge concerning the topic of cloud computing with regard to shadow IT.

The aim of this contribution is to identify the reasons for the use of cloud computing services and the resulting shadow IT from an employee’s perspective, to demonstrate the counteractions a company may take against the unauthorized use of cloud computing services and to elaborate on the inherent opportunities and risks. We follow a mixed-methods approach consisting of a systematic literature review, a cloud computing awareness study, a vignette study and expert interviews.

Based on a triangulation of the data sets, the paper at hand proposes a morphological box as well as a two-piece belief-action-outcome model, both from an employee’s and employer’s point of view. Our findings ultimately lead to recommendations for action for employers to counteract the risk exposure. Furthermore, also employees are sensitized by means of insights into the topic of unauthorized usage of cloud computing services in everyday working life.

The limitations of the triangulation reflect the limitations of each applied research method. These limitations justify why a mixed-methods approach is favored – rather than relying on a single source of data – because data from various sources can be triangulated.

The paper includes recommendations for action for the handling of the unauthorized usage of cloud computing services within a company, e.g., the set up of a company-wide cloud security strategy and the conduction of an anonymous employee survey to identify the status quo.

This paper fulfills an identified need to explore the usage of cloud computing services within the context of shadow IT.

Information technology infrastructure library (ITIL) is a commonly utilized IT service management execution technique that helps IT services to be planned, designed, selected, operated and continuously improved. ITIL procedures are utilized to measure the efficiency of IT service management procedures and their association with the accelerated system development of cloud systems. The challenges faced in IT deployment and maintenance management significantly restrict cloud computing services' reliability. Therefore, this article aims to review a comprehensive study of the role of cloud computing on the ITIL processes.

Each enterprise strives to stay competitive in the market and offers the services its consumers are looking for, all in line with cost-effectiveness and client needs. The ITIL framework provides best practice guidance for IT service management that includes a collection of ample publications supplying detailed guidelines on the management of IT functions, processes, responsibilities and roles associated with IT service management. On the other hand, the way companies employ IT services with an effect on the role of enterprise infrastructure is altered by cloud computing. Hence, the investigation makes utilization of a systematic literature review (SLR) detailing crucial success factors of cloud computing execution in ITIL. The authors have recognized 35 valuable contributions, providing a comprehensive view of study in this field, of which 22 papers were found according to some filters that have been analyzed in this article. Selected articles are presented in two groups, including cloud service and cloud service providers.

Owing to the overall expense of execution and problems with combining the ITIL approach with the existing organizational IT strategic strategy, ITIL adoption has begun to wane over the last few years. An established methodology for ITIL deployment that will assure long-term success for those wanting to use private cloud procurement will be the most important inference that can be taken from this article. ITIL offers a perfect platform to execute and support cloud applications effectively. IT will prevent cloud sprawl and instability, reduce the likelihood of service interruption and optimize customer loyalty by merging humans, procedures and technologies into hybrid environments.

This survey is more aimed at specialists such as IT experts; so, further evaluations must also be carried out in order to understand the company's views on the risks and advantages of adopting ITIL. In addition, non-English articles are not discussed in this article.

The study outcomes would help suppliers of cloud computing services assess their service quality and ensure customer satisfaction with the quality of cloud computing services. The outcomes will also supply a reference for cloud infrastructure customers to assess and choose various kinds of cloud computing services.

An SLR with perspectives from ITIL professionals and business studies is the benefit of this report. By offering a more thorough framework that helps companies achieve efficiency, effectiveness and creativity in ITIL execution, this article would be useful for ITIL clients, decision-makers and developers.

The purpose of this paper is to propose a model to map the on-premise computing system of the university with cloud computing for achieving an effective and reliable university e-governance (e-gov) system.

The proposed model incorporates the university’s internal e-gov system with cloud computing in order to achieve better reliability, accessibility and availability of e-gov services while keeping the recurring expenditure low. This model has been implemented (and tested on a university e-gov system) in the University of Kashmir (UOK); case study of this implementation has been chosen as the research methodology to discuss and demonstrate the proposed model.

According to the results based on practical implementation, the proposed model is ideal for e-governed systems as it provided adequate cost savings and high availability (HA) with operational ease, apart from continuing to have the necessary security in place to maintain confidential information such as student details, grades, etc.

The implication of this study is to achieve HA and to reduce the cost from using external clouds, mapping internal IT servers of the university with the external cloud computing services.

Because no established mapping model for universities has been provided for effective, low-cost, highly available university e-gov system, the proposed mapping model through this paper closes this gap and provides guidelines to implement a hybrid-mapped e-gov model for universities while keeping the recurring expenditure on cloud computing minimal. The paper provides the perceptions of its adoption at UOK for achieving high reliability, accessibility and uptime of its e-gov applications while keeping the recurring expenditure on cloud computing minimal.

A large number of systematic reviews (SRs) studies have been performed in the cloud computing field, demonstrating miscellaneous outcomes and utilizing different approaches. Accordingly, a meta-review of cloud SRs is needed to appraise the results of such studies and create an integrated understanding. The paper aims to discuss these issues.

A tertiary study was conducted using a systematic method to analyze SRs including two stages: searching and screening the SRs and thematic synthesis of results. As a qualitative data management tool, Nvivo software was used to support the research process, for data coding and synthesis.

First, by searching electronic sources between the year of 2011–2016, out of a total of 142 identified articles, 94 articles were included according to pre-determined criteria, of which 76 articles were approved after qualitative evaluation. In the second stage, identifying the research themes, a map of the concepts and issues related to each theme was drawn up. The analysis shows that the quality of articles has improved but can be further enhanced using methodological guidelines as well as supporting tools. The research has focused more on the technical aspect, although there is an equal demand for synthesizing of cloud governance concepts.

This is the first tertiary study which presents the main research themes and concepts of cloud SRs in form of thematic maps by using the thematic synthesis and SR methods. This paper also provides some recommendations to improve reviews after evaluating the quality of papers. This study can support reviewers for future SRs in the field and also helps practitioners and managers to have a better understanding of different aspects of cloud computing.

The purpose of this paper is to investigate a framework for management of digital records on the cloud in South Africa.

This qualitative case study used semi-structured interviews and document analysis to collect data from regulatory documents, records practitioners and chief information officers in the national government departments in South Africa.

This study reveals that despite the advent of cloud computing, government is still struggling with manual paper-based records challenges, as they have not developed a government-owned cloud in which to manage and dispose records.

Technological advancements have brought about dramatic changes to the management and disposition of records since cloud computing emerged. The traction gained by cloud computing influences how records are managed and disposed in the cloud storage. Currently, the South African Government manages and disposes records in the government premises as stipulated by the National Archives and Records Service of South Africa Act (1996). This is enforced by the National Archives and Records Service of South Africa, which is the government records regulator because records are on paper-based, microfilms and audio-visual formats. It is hoped that the recommendations and framework proposed in this study may assist the government and related sectors in the adoption and implementation of the cloud computing system for records management and disposal. This may assist in resolving challenges such as missing files, damaged records and archives and long turnaround time for retrieval of records.

In South Africa, the digital records are securely stored in storage mediums such as hard drives and USBs, to mention but a few. In addition to digital obsolescence faced by the storage mediums, global access to information is hindered because information is limited to those who can visit the archival holdings. The alternative option is to manage and dispose of records in the cloud. The framework and recommendations in this study may also assist in improving information, archives and records management policies and service delivery to the community at large. The framework proposed may be applied as a theory for framing future studies in the same area of cloud computing and used as a resource to guide other future studies and policymakers.

This study provides a framework for management of digital records on the cloud in South Africa. It also proposes the promulgation of the Cloud Act to promote unlimited access to state heritage, regardless of time and location. This study is framed on the Digital Curation Centre Life Cycle Model.