On Information Security Processes in Cloud Computing

Mahmoud, Suzan

January 2013

Cloud computing allows user access to virtual services (applications, servers and devices, digital storage and service packages sources) through a network using a web browser. Cloud computing is rapidly growing and has become an attractive and affordable service model among organizations. It has many benefits but is also associated with many risks and security challenges. In cloud computing users can connect with any device and use virtual computing services at any time and from anywhere, which has brought new challenges for enterprise security. The problem of securing data in the cloud and building trust in the cloud computing environment has become a widely discussed and important issue.This research aims to investigate how enterprises deal with security problems and protect their data in the cloud through security measures and processes. It also investigates what processes could be adapted to the security environment. To achieve this, an empirical study was performed. The empirical study consisted of interviews with a number of enterprises that use cloud computing in their business, with the purpose to give a deep picture of how they handle security issues related to their cloud services.During the empirical study it could be found differences and similarities in the security measures used by the different organizations, depending on the size of the organization and the type of services used or provided by the organizations. Information security should be managed in a series of processes or procedures, linked together in an environment such as the Information security management system (ISMS). On the basis of the evaluation of the interviews and literature, a cloud environment with different security processes is defined.

Cloud Computing

Information Security

Security Management

Cloud Computing Threats

Engineering and Technology

Teknik och teknologier