A security framework for organizations in implementing systems on the cloud

Abstract

Over the last decade the cloud has created a major impact on the global IT ecosystem. Due to positive characteristics such as fast deployment, scalability, cost effectiveness and many more, cloud implementations are growing by the day. However security remains the number one barrier in cloud adoption for CIOs as per several surveys conducted on cloud adoption. When considering the research done on cloud security, most have focused on the security dependency according to the cloud service model (IaaS, PaaS, SaaS), and the cloud deployment models(Public, Private, Hybrid, Community). Research has also been done on security issues inherent to cloud deployments and how to overcome them. The Cloud Security Alliance (CSA), one of the leading organizations on cloud security together with the IEEE as presented 12 domains of cloud security that should be focused on, six of the domains would be considered as the base guidelines. The motivation behind this research was to provide a set of security guidelines and processes for local IT firms to adhere to when migrating to the cloud, in order to improve cloud adoption. The research was based on six domains of security provided by the CSA and security guidelines were developed along with the input of additional resources and security incidents. A step by step process for security assessment and implementation are presented along with security risk assessment matrix that will aid an organization to decide which resources are to be migrated to the cloud. The main contribution from