A CLOUD COMPUTING SECURITY ASSESSMENT FRAMEWORK FOR SMALL AND MEDIUM ENTERPRISES IN KENYA
Abstract
Cloud computing plays a very important role in the development of business and competitive edge for many organisations including SMEs. Cloud computing is considered to be a very capable and able internet-based computing platform which offers numerous benefits like mobility, flexibility, reliability and cost effectiveness. Every cloud user continues to expect maximum service, and a critical aspect to this is cloud security which is one among other specific challenges hindering adoption of the cloud technologies. The absence of appropriate, standardised and self-assessing security frameworks of the cloud world for SMEs becomes an endless problem in developing countries and can expose the cloud computing model to major security risks which threaten its potential success within the country. It is further noted that security issues arise from either human error (people), lack of implementing appropriate technology or external factors like cloud providers or legislation. Security metrics can be seen as tools for providing information about the security status of a certain environment. With that in mind, this research presents a security framework for assessing security in the cloud environment based on the Goal Question Metrics methodology. The developed framework produces a security index that describes the security level accomplished by an evaluated cloud computing environment thereby providing the first line of defence. The framework was developed by first investigating the challenges faced by Small and Medium Enterprises in Kenya who use cloud computing and also by determining backend challenges in a practical manner using OwnCloud. The data was collected from the top 100 SMEs using questionnaires and further, SPSS was used to interpret the data. The data collected from the questionnaires and the experimental study were analysed through Goal Question Metrics simulation method that was used in formulating a framework on how SaaS Cloud Computing can be securely used for assessment in a SME infrastructure. This study has concluded with an eight-step framework that could be employed by SMEs to assess improved information security in the cloud. The most important feature of the developed Security framework is to devise a mechanism through which SMEs can have a path of improvement along with understanding of the current security level and defining desired state in terms of security metric value.