A FRAMEWORK FOR ASSESSING SECURITY IN A SAAS CLOUD PARADIGM FOR SMES
Rupra, Satwinder S.
MetadataShow full item record
Cloud storage is becoming a fast emerging resource used for storage of information by corporates and organizations as a substitute to get data available anywhere and anytime. The extremely scalable nature of cloud computing allows its users to access huge amounts of data and use distributed computational resources via different interfaces. Cloud entities such as cloud service providers, users and business associates share the offered resources at diverse levels of technological operations. The cloud computing model is considered to be a very capable and able internet-based computing platform which offers numerous benefits like mobility, flexibility, reliability and cost effectiveness. However, like any other technology, cloud computing is not without a challenge or as problem free as it may seem. Many clients, especially SMEs, worry about their susceptibility to attack if their businesses’ crucial IT resources and information are outside the firewall. Numerous security and privacy concerns like loss of control, lack of trust and multi-tenancy issues appear with the usage of cloud. These challenges, if left unaddressed, could lead to severe data breaches and possible business losses. The lack of knowledge, governance and improper policies can also sometimes create further vulnerabilities in the cloud. This paper is intended on proposing a framework for implementing security in (SaaS) cloud computing paradigm and, therefore, aid SMEs to counter the possible threats and vulnerabilities associated with the cloud. The researcher devised security checks to counter the cloud threats, which included Cloud provider’s security and risk management, backups, internal human resources security, access control, software security and encryption, logging and compliance with legislation. The framework is a vital tool for SMEs to test and rate their cloud security and, therefore, make improvements to mitigate the security threats associated with cloud computing.