951 |
Intelligent autoscaling in Kubernetes : the impact of container performance indicators in model-free DRL methods / Intelligent autoscaling in Kubernetes : påverkan av containerprestanda-indikatorer i modellfria DRL-metoderPraturlon, Tommaso January 2023 (has links)
A key challenge in the field of cloud computing is to automatically scale software containers in a way that accurately matches the demand for the services they run. To manage such components, container orchestrator tools such as Kubernetes are employed, and in the past few years, researchers have attempted to optimise its autoscaling mechanism with different approaches. Recent studies have showcased the potential of Actor-Critic Deep Reinforcement Learning (DRL) methods in container orchestration, demonstrating their effectiveness in various use cases. However, despite the availability of solutions that integrate multiple container performance metrics to evaluate autoscaling decisions, a critical gap exists in understanding how model-free DRL algorithms interact with a state space based on those metrics. Thus, the primary objective of this thesis is to investigate the impact of the state space definition on the performance of model-free DRL methods in the context of horizontal autoscaling within Kubernetes clusters. In particular, our findings reveal distinct behaviours associated with various sets of metrics. Notably, those sets that exclusively incorporate parameters present in the reward function demonstrate superior effectiveness. Furthermore, our results provide valuable insights when compared to related works, as our experiments demonstrate that a careful metric selection can lead to remarkable Service Level Agreement (SLA) compliance, with as low as 0.55% violations and even surpassing baseline performance in certain scenarios. / En viktig utmaning inom området molnberäkning är att automatiskt skala programvarubehållare på ett sätt som exakt matchar efterfrågan för de tjänster de driver. För att hantera sådana komponenter, container orkestratorverktyg som Kubernetes används, och i det förflutna några år har forskare försökt optimera dess autoskalning mekanism med olika tillvägagångssätt. Nyligen genomförda studier har visat potentialen hos Actor-Critic Deep Reinforcement Learning (DRL) metoder i containerorkestrering, som visar deras effektivitet i olika användningsfall. Men trots tillgången på lösningar som integrerar flera behållarprestandamått att utvärdera autoskalningsbeslut finns det ett kritiskt gap när det gäller att förstå hur modellfria DRLalgoritmer interagerar med ett tillståndsutrymme baserat på dessa mätvärden. Det primära syftet med denna avhandling är alltså att undersöka vilken inverkan statens rymddefinition har på prestandan av modellfria DRL-metoder i samband med horisontell autoskalning inom Kubernetes-kluster. I synnerhet visar våra resultat distinkta beteenden associerade med olika uppsättningar mätvärden. Särskilt de set som uteslutande innehåller parametrar som finns i belöningen funktion visar överlägsen effektivitet. Dessutom våra resultat ge värdefulla insikter jämfört med relaterade verk, som vår experiment visar att ett noggrant urval av mätvärden kan leda till anmärkningsvärt Service Level Agreement (SLA) efterlevnad, med så låg som 0, 55% överträdelser och till och med överträffande baslinjeprestanda i vissa scenarier.
|
952 |
Cloud Computing and Sensitive Data : A Case of Beneficial Co-Existence or Mutual Exclusiveness?Vaskovich, Daria January 2015 (has links)
I dag anses molntjänster vara ett omtalat ämne som har ändrat hur IT-tjänster levereras och som skapat nya affärsmodeller. Några av molntjänsternas mest frekvent nämnda fördelar är flexibilitet och skalbarhet. Molntjänster är i dagsläget extensivt använda av privatpersoner genom tjänster så som Google Drive och Dropbox. Å andra sidan kan en viss försiktighet gentemot molntjänster uppmärksammas hos de organisationer som innehar känslig data. Denna försiktighet kan anses leda till en långsammare tillämpningshastighet för dessa organisationer. Detta examensarbete har som syfte att undersöka sambandet mellan molntjänster och känslig data för att kunna erbjuda stöd och kunskapsbas för organisationer som överväger en övergång till molntjänster. Känslig data är definierat som information som omfattas av den svenska Personuppgiftslagen. Tidigare studier visar att organisationer värdesätter en hög säkerhetsgrad vid en övergång till molntjänster och ofta föredrar att leverantören kan erbjuda ett antal säkerhetsmekanismer. En molntjänsts lagliga överensstämmelse är en annan faktor som uppmärksammas. Datainsamlingen skedde genom en enkät, som var riktad till 101 av de svenska organisationerna i syfte att kartlägga användningen av molntjänster samt att identifiera möjliga bromsande faktorer. Dessutom genomfördes tre (3) intervjuer med experter och forskare inom IT-lag och/eller molnlösningar. En analys och diskussion, baserad på resultaten, har genomförts, vilket ledde till slutsatserna att en molnlösning av hybrid karaktär är bäst lämpad för den försiktiga organisationen, de olika villkoren i serviceavtalet bör grundligt diskuteras innan en överenskommelse mellan parter uppnås samt att i syfte att undvika att lösningen blir oförenlig med lagen bör främst en leverantör som är väl etablerad i Sverige väljas. Slutligen, bör varje organisation utvärdera om molntjänster kan tillgodose organisationens säkerhetsbehov, då det i stor mån berör ett risktagande. / Cloud computing is today a hot topic, which has changed how IT is delivered and created new business models to pursue. The main listed benefits of Cloud computing are, among others, flexibility and scalability. It is widely adopted by individuals in services, such as Google Drive and Dropbox. However, there exist a certain degree of precaution towards Cloud computing at organizations, which possess sensitive data, which may decelerate the adoption. Hence, this master thesis aims to investigate the topic of Cloud computing in a combination with sensitive data in order to support organizations in their decision making with a base of knowledge when a transition into the Cloud is considered. Sensitive data is defined as information protected by the Swedish Personal Data Act. Previous studies show that organizations value high degree of security when making a transition into Cloud computing, and request several measures to be implemented by the Cloud computing service provider. Legislative conformation of a Cloud computing service is another important aspect. The data gathering activities consisted of a survey, directed towards 101 Swedish organizations in order to map their usage of Cloud computing services and to identify aspects, which may decelerate the adoption. Moreover, interviews with three (3) experts within the fields of law and Cloud computing were conducted. The results were analyzed and discussed, which led to conclusions that hybrid Cloud is a well chosen alternative for a precautious organization, the SLA between the organizations should be thoroughly negotiated and that primarily providers well established on the Swedish market should be chosen in order to minimize the risk of legally non-consisting solution. Finally, each organization should decide whether the security provided by the Cloud computing provider is sufficient for organization’s purposes.
|
953 |
Utilizing Cloud Computing : Critical Success Factors for Large EnterprisesFogelberg, Sara, Almarstrand, Therese January 2023 (has links)
Cloud computing is one of the fastest expanding technologies and is being integrated into all sorts of industries worldwide. New cloud service updates occur multiple times per year compared to traditionally one, or less, times per year in on-premises solutions. The cloud allows for many benefits such as scalability and flexibility. Also, cloud computing is seen as an enabler for implementing other modern technologies. Despite its many benefits, organizations often struggle to adapt to the technology since it requires the business to make large adjustments to their previous ways of working. Failing to adapt the organization results in an underutilization of the technology’s benefits, which in turn can have negative effects on performance and cost effectiveness. To provide clarity to organizations in terms of how to make the changes needed and where to place focus, the aim of this study is therefore to identify Critical Success Factors for utilizing cloud computing. Succeeding within these factors intends to enhance the continuous maintenance of cloud computing. A qualitative approach was employed in this case study of a company which operates in the socially important agricultural industry. The primary data collection consisted of semi-structured interviews with IT employees from the case company’s different divisions. Complementing the primary data, a previous pilot study report was also analyzed. By conducting a thematic data analysis, a discussion of the themes, with regards to the dimensions within the Technology-Organization-Environment (TOE) framework, resulted in four proposed Critical Success Factors: automated testing, Cloud Center of Excellence, cloud strategy, and trading partner support. The findings are expected to guide organizations to a successful utilization of cloud computing which enables them to further optimize their resources and thus better take advantage of the technology’s benefits. In an increasingly digital business landscape, the Critical Success Factors can aid in maintaining competitive advantage by increasing the organization’s adaptability. Lastly, this study also contributes to literature in the areas of Cloud Computing Adoption in large enterprises and extends previous research by adding a longer-term perspective beyond the initial adoption phase. / Molntjänster är en av de snabbast växande teknologierna och integreras i alla branscher världen över. Nya uppdateringar sker flera gånger per år jämfört med traditionellt sett en eller färre gånger per år när man använder fysiska lösningar (on-premises). Molntjänster möjliggör många fördelar såsom skalbarhet och flexibilitet. Det ses också som en möjliggörare för att implementera andra moderna teknologier. Trots dess många fördelar har organisationer ofta svårt att anpassa sig till teknologin eftersom det kräver att verksamheten anpassar sina tidigare sätt att arbeta på. Att misslyckas med att anpassa organisationen resulterar i ett underutnyttjande av teknikens fördelar, vilket i sin tur kan ha negativa effekter på prestanda och kostnadseffektivitet. För att ge organisationer klarhet i hur de ska genomföra de förändringar som behövs och var de ska lägga sitt fokus så är därför syftet med denna studie att identifiera kritiska framgångsfaktorer för att utnyttja molntjänster. Att lyckas inom dessa faktorer avser att förbättra det kontinuerliga underhållet av teknologin. Ett kvalitativt tillvägagångssätt användes i denna fallstudie av ett företag som är verksamt inom den samhällsviktiga jordbruksindustrin. Insamling av primärdata skedde genom semistrukturerade intervjuer med IT-anställda från det studerade företagets olika divisioner. För att komplettera den primära datan analyserades även en förstudierapport. Genomförandet av en tematisk analys och den efterföljande diskussionen av identifierade teman, med avseende på ramverket Technology-Organization-Environment (TOE), resulterade i fyra föreslagna kritiska framgångsfaktorer: automatiserad testning, Cloud Center of Excellence, molnstrategi samt stöd från handelspartners. Resultaten förväntas vägleda organisationer till ett framgångsrikt utnyttjande av molntjänster som gör det möjligt för dem att ytterligare optimera sina resurser och därmed bättre dra nytta av teknologins fördelar. I ett allt mer digitalt affärslandskap kan framgångsfaktorerna hjälpa till att upprätthålla konkurrensfördelar genom att öka organisationens anpassningsförmåga. Slutligen bidrar denna studie också till litteraturen inom områdena kring anskaffning av molntjänster i stora företag, genom att tillföra ett långsiktigt perspektiv bortom den initiala anskaffningsfasen.
|
954 |
Cloud Computing Referenzarchitektur: IT-Dienstleistungszentren der Öffentlichen Verwaltung in der ebenenübergreifenden Verzahnung Digitaler InfrastrukturenBurow, Stephan 18 July 2024 (has links)
Nach wie vor fehlen grundlegende, in der Praxis validierte Konzepte, Modelle und Ansätze, die eine Transformation und sichere Anwendung des Cloud-Computing bei Bund, Land und Kommune erlauben. Referenzmodelle, eine ebenenübergreifende einheitliche Infrastrukturlösung und zentral verwaltete Datenbestände sind notwendig, um IT-Dienstleistungszentren der öffentlichen Verwaltung zu befähigen, die qualitativen und quantitativen Ansprüche an die IT-Diensterbringung nachhaltig zu erfüllen (vgl. von Lucke 2015: 232). Vor diesem Hintergrund und im Kontext der Wirtschaftsinformatik zielt der hier vorliegende Beitrag auf die Entwicklung eines Ansatzes zur wissenschaftlichen Herleitung einer, aus strategischer, technologischer und organisatorischer Sicht, geeigneten Cloud Computing Referenzarchitektur (CCRA) für die digitale Vernetzung der föderalen Verwaltungsebenen ab. Ausgewählte Enterprise Architecture Frameworks (EAF), vergleichbare CCRA und einschlägige Studien sollen einem neu zu beschreibenden Ansatz zu Grunde gelegt werden, der zeigt, wie eine zu entwickelnde CCRA mit Hilfe von Enterprise Architecture Management (EAM) in die meist heterogen aufgestellte Mehr-Ebenen-Architektur öffentlicher IT-Dienstleister von Bund, Land und Kommune ganzheitlich integriert werden kann.:Inhaltsverzeichnis
Bibliographische Beschreibung II
Vorwort III
Inhaltsverzeichnis IV
Abbildungsverzeichnis VII
Tabellenverzeichnis X
Abkürzungsverzeichnis XI
Zusammenfassung XV
1 Einführung 1
1.1 Ausgangslage und Motivation der Arbeit 2
1.2 Zielsetzung und Forschungsfragen 6
1.3 Aufbau der Arbeit 8
2 Wissenschaftstheoretische Einordnung 10
2.1 Forschungsmethodisches Vorgehen 10
2.2 Systematische Literaturanalyse 13
2.2.1 Vorgehen und Aufbau der Literaturanalyse 13
2.2.2 Durchführung der Literaturanalyse 13
2.2.3 Ergebnisdarstellung und Auswertung der Literaturanalyse 20
2.3 Einordnung in den Kontext der Wirtschaftsinformatik 30
2.4 Begriff und Klassifikation einer Referenzarchitektur 34
2.5 Zusammenfassung 42
3 IT-Dienstleistungszentren der Öffentlichen Verwaltung im Mehrebenensystem 43
3.1 Grundlagen der Öffentlichen Verwaltung im Mehrebenensystem 43
3.2 Rechtlicher Rahmen für IT-Kooperationen 47
3.3 Informations- und Kommunikationstechnik der Öffentlichen Verwaltung 55
3.3.1 Soziotechnische Entwicklung 55
3.3.2 Wirtschaftliche Entwicklung und Disruption 59
3.4 Stand der digitalen Transformation im Mehrebenensystem 63
3.5 IT-Dienstleistungszentren der Öffentlichen Verwaltung (Domäne) 71
3.5.1 Begriffsbestimmung der Domäne 71
3.5.2 Rechts- und Organisationsformen 73
3.5.3 IT-Steuerung und IT-Strategie 77
3.5.4 Architekturmanagement 90
3.5.5 Cloud Computing 97
3.6 Zusammenfassung 118
4 Methodische Herleitung und Analyse der Anforderungen 119
4.1 Methodenentwicklung 119
4.1.1 Methodenauswahl- und beschreibung 119
4.1.2 Methodendesign 121
4.2 Vorgehensmodell und Entwicklung der CCRA 124
4.2.1 Phase I – Analyse und Entwicklung der Domäne 126
4.2.1.1 Umfeld- und Stakeholderanalyse 128
4.2.1.2 Domänenabgrenzung 137
4.2.2 Phase II - Anforderungsanalyse 137
4.2.3 Phase III - Architekturanalyse 142
4.2.4 Phase IV - Referenzmodellierung 149
4.2.5 Phase V - Wiederverwendung und Patterns 153
4.3 Zusammenfassung 155
5 Cloud Computing Referenzarchitektur (CCRA) für IT-Dienstleister der Öffentlichen Verwaltung 156
5.1 Beschreibung der CCRA 156
5.1.1 Ebenen der CCRA 157
5.1.1.1 Strategische Ebene 158
5.1.1.2 Geschäftsarchitektur und übergreifende Geschäftsprozesse 158
5.1.1.3 Anwendungsarchitektur 158
5.1.1.4 Informationsarchitektur 158
5.1.1.5 Technologische Infrastruktur 159
5.1.2 Rollenkonzept 159
5.1.3 Schnittstellen der CCRA 161
5.2 Anwendungsmethodik für die Referenzarchitektur 162
5.2.1 Annahmen für eine exemplarische Anwendung 162
5.2.2 Anwendungsmodell für die CCRA 165
5.3 Zusammenfassung 166
6 Evaluation der Cloud Computing Referenzarchitektur 167
6.1 Anforderungsklassifikation 169
6.2 Forschungsbegleitende Evaluation 177
6.3 Analytische, merkmalsbasierte Evaluation 179
6.4 Expertenbefragung und qualitative Inhaltsanalyse 184
6.4.1 Methodik und Vorgehen 185
6.4.2 Leitfadengestützte Expertenbefragung 185
6.4.2.1 Interviewleitfaden 186
6.4.2.2 Expertenauswahl 187
6.4.2.3 Experteninterviews 189
6.4.3 Qualitative Inhaltsanalyse 191
6.4.4 Quantitative Bewertung 213
6.5 Fallstudie 217
6.5.1 Beschreibung der Fallstudie 218
6.5.2 Auswertung der Fallstudie 222
6.6 Zusammenfassung 224
7 Zusammenfassung und Ausblick 225
7.1 Zusammenfassung der Arbeit 225
7.2 Ausblick 229
Literaturverzeichnis CCXXX
Anhang CCLXV
Anhang A Dokumentation der Literatursuche CCLXV
Anhang B Feedbackbogen – Expertenbefragung CCLXXXIV
Anhang C Codierte Themenmatrix CCXC
Curriculum Vitae 1
Selbständigkeitserklärung 3
|
955 |
Extending the Cutting Stock Problem for Consolidating Services with Stochastic WorkloadsHähnel, Markus, Martinovic, John, Scheithauer, Guntram, Fischer, Andreas, Schill, Alexander, Dargie, Waltenegus 16 May 2023 (has links)
Data centres and similar server clusters consume a large amount of energy. However, not all consumed energy produces useful work. Servers consume a disproportional amount of energy when they are idle, underutilised, or overloaded. The effect of these conditions can be minimised by attempting to balance the demand for and the supply of resources through a careful prediction of future workloads and their efficient consolidation. In this paper we extend the cutting stock problem for consolidating workloads having stochastic characteristics. Hence, we employ the aggregate probability density function of co-located and simultaneously executing services to establish valid patterns. A valid pattern is one yielding an overall resource utilisation below a set threshold. We tested the scope and usefulness of our approach on a 16-core server with 29 different benchmarks. The workloads of these benchmarks have been generated based on the CPU utilisation traces of 100 real-world virtual machines which we obtained from a Google data centre hosting more than 32000 virtual machines. Altogether, we considered 600 different consolidation scenarios during our experiment. We compared the performance of our approach-system overload probability, job completion time, and energy consumption-with four existing/proposed scheduling strategies. In each category, our approach incurred a modest penalty with respect to the best performing approach in that category, but overall resulted in a remarkable performance clearly demonstrating its capacity to achieve the best trade-off between resource consumption and performance.
|
956 |
Information Sharing and Storage Behavior via Cloud Computing: Security and Privacy in Research and Practice and Users' TrustAl Smadi, Duha 05 1900 (has links)
This research contributes to the cloud computing (CC) literature and information science research by addressing the reality of information sharing and storage behavior (ISSB) of the users' personal information via CC. Gathering information about usage also allows this research to address the paradox between the research and practice. Additionally, this research explores the concept of trust and its role in the behavioral change relative to CC. The findings help reconcile the paradox between the two realms.
Essay1 develops and tests cloud computing usage model (CCUM) that assesses ISSB. This model considers the main adoption determinants and the main drawbacks of CC. The study measures the main concerns of users found in the literature, perceived security and perceived privacy. The findings prove surprising on these concerns. Using multiple regression to analyze 129 valid survey responses, the results find that CC users are less concerned about the major issues of security and privacy and will use the technology based on peer usage. Essay 2 examines why users ignore the technology issues and elect to replace the traditional mechanisms for handling their personal information. The results of an interview-based study conducted on 11 normal users and 11 IT professionals clarify their perceptions about CC and examine its readiness to handle their information from an end-user perspective. Essay 3 explores the CC literature to identify the major factors associated with the users' trust beliefs. The research conducted in this essay groups these factors into three categories. The posited and tested model examines the effect of perceived trust on ISSB. A structural equation modeling approach is used to analyze 1228 valid responses and tests the developed cloud computing trust model. The results provide multiple implications for CC researchers, managers, and service providers.
|
957 |
The Acceptance and Use of Cloud Computing Services by Small and Medium Enterprises in Lagos, NigeriaAzogu, Olajumoke Oluwaseye 05 1900 (has links)
This study explored the acceptance of cloud computing (CC) services by small and medium enterprises (SMEs) in Lagos, Nigeria, which has been missing from CC services literature. It aimed to understand the motivations for adoption, the uses of the services, and the benefits they derive from it. The uses and gratification theory was applied as the theoretic framework for this endeavor. An online survey with close-ended and open-ended questions was distributed to 1200 randomly selected participants through email. In total, 392 valid responses were collected and analyzed using descriptive statistics and categories. The results found that SMEs in Lagos, Nigeria had a low level of awareness and appreciation of CC services. The adoption rate was also low. Unlike their counterparts in other regions, SMEs primary concerns were service downtime, stable power supply, and better internet access. The study found that SMEs were not taking full advantage of the capabilities of CC services. Some sections, however, were doing better than others, such as the information and communications sub-sector. This study suggested that targeted interventions should be conducted to raise the awareness of CC services in SMEs, and to improve their efficient and effective use of CC services. The uses and gratification theory was appropriate for guiding this study to understand the acceptance and use of CC services by SMEs in Lagos, Nigeria.
|
958 |
Cloud computing and innovation: its viability, benefits, challenges and records management capabilitiesBassett, Cameron January 2015 (has links)
This research investigated the potential benefits, risks and challenges, innovation properties and viability of cloud computing for records management on an Australian organisation within the mining software development sector. This research involved the use of a case study results analysis as well as a literature analysis. The literature analysis identified the ten potential benefits of cloud computing, as well as the ten risks and challenges associated with cloud computing. It further identified aspects, which needed to be addressed when adopting cloud computing in order to promote innovation within an organisation.
The case study analysis was compared against a literature review of ten potential benefits of cloud computing, as well as the ten risks and challenges associated with cloud computing. This was done in order to determine cloud computing’s viability for records management for Company X (The company in the case study). Cloud computing was found to be viable for Company X. However, there were certain aspects, which need to be discussed and clarified with the cloud service provider beforehand in order to mitigate possible risks and compliance issues. It is also recommended that a cloud service provider who complies with international standards, such as ISO 15489, be selected. The viability of cloud computing for organisations similar to Company X (mining software development) followed a related path. These organisations need to ensure that the service provider is compliant with laws in their local jurisdiction, such as Electronic Transactions Act 1999 (Australia, 2011:14-15), as well as laws where their data (in the cloud) may be hosted. The benefits, risks and challenges of records management and cloud computing are applicable to these similar organisations. However, mitigation of these risks needs to be discussed with a cloud service provider beforehand.
From an innovation perspective, cloud computing is able to promote innovation within an organisation, if certain antecedents are dealt with. Furthermore, if cloud computing is successfully adopted then it should promote innovation within organisations. / Information Science / M. Inf.
|
959 |
Information-Theoretic Secure Outsourced Computation in Distributed SystemsWang, Zhaohong 01 January 2016 (has links)
Secure multi-party computation (secure MPC) has been established as the de facto paradigm for protecting privacy in distributed computation. One of the earliest secure MPC primitives is the Shamir's secret sharing (SSS) scheme. SSS has many advantages over other popular secure MPC primitives like garbled circuits (GC) -- it provides information-theoretic security guarantee, requires no complex long-integer operations, and often leads to more efficient protocols. Nonetheless, SSS receives less attention in the signal processing community because SSS requires a larger number of honest participants, making it prone to collusion attacks. In this dissertation, I propose an agent-based computing framework using SSS to protect privacy in distributed signal processing. There are three main contributions to this dissertation. First, the proposed computing framework is shown to be significantly more efficient than GC. Second, a novel game-theoretical framework is proposed to analyze different types of collusion attacks. Third, using the proposed game-theoretical framework, specific mechanism designs are developed to deter collusion attacks in a fully distributed manner. Specifically, for a collusion attack with known detectors, I analyze it as games between secret owners and show that the attack can be effectively deterred by an explicit retaliation mechanism. For a general attack without detectors, I expand the scope of the game to include the computing agents and provide deterrence through deceptive collusion requests. The correctness and privacy of the protocols are proved under a covert adversarial model. Our experimental results demonstrate the efficiency of SSS-based protocols and the validity of our mechanism design.
|
960 |
An investigation to determine incremental risks to software as a service from a user’s perspectiveIpland, Frederick Ferdinand 12 1900 (has links)
Thesis (MComm)--Stellenbosch University, 2011. / ENGLISH ABSTRACT: Software as a Service (SaaS) – which is a deployment model of cloud computing – is a
developing trend in technology that brings with it new potential opportunities and
consequently potential risk to enterprise. These incremental risks need to be identified in order
to assist in risk management and therefore information technology (IT) governance.
IT governance is a cornerstone of enterprise-wide corporate governance. For many entities
corporate governance has become a statutory requirement, due to the implementation of
legislation such as Sarbanes-Oxley Act of the United States of America.
The research aims to assist in the IT governance of SaaS, by identifying risks and possible
controls.
By means of an in-depth literature review, the study identified 30 key risks relating to the use
and implementation of SaaS from the user’s perspective. Different governance and risk
frameworks were considered, including CobiT and The Risk IT Framework. In the extensive
literature review, it was found that CobiT would be the most appropriate framework to use in
this study. Mapping the risks and technologies from the user's perspective to one or more of
the processes of the CobiT framework, the research found that not all processes where
applicable. Merely 18 of 34 CobiT processes where applicable.
The study endeavoured to identify possible controls and safeguards for the risks identified. By
using the technologies and risks that were mapped to the CobiT processes, a control framework
was developed which included 11 key controls to possibly reduce, mitigate or accept the risks
identified. Controls are merely incidental if it is not linked to a framework. / AFRIKAANSE OPSOMMING: Software as a Service (SaaS) – ‘n ontplooiingsmodel van cloud computing – is ‘n ontwikkelende
tegnologiese tendens wat verskeie moontlikhede, maar daarby ook verskeie risiko’s vir
ondernemings inhou. Hierdie addisionele risiko’s moet geïdentifiseer word om te help met die
bestuur van risiko’s en daarom ook die beheer van Informasie Tegnologie (IT).
IT beheer is ‘n belangrike deel van die grondslag van ondernemingswye korporatiewe beheer.
As gevolg van die implimentering van wetgewing soos die Sarbanes-Oxley wetsontwerp van die
Verenigde State van Amerika, het korporatiewe beheer ‘n statutêre vereiste geword vir
verskeie ondernemings.
Hierdie studie poog om die IT beheer van SaaS by te staan, deur risiko’s en moontlike
beheermaatreëls te identifiseer.
Deur middel van ‘n indiepte literatuur ondersoek het die studie 30 sleutelrisiko’s geïdentifiseer
wat verband hou met die gebruik en implimentering van SaaS vanuit ‘n gebruikersoogpunt.
Verskeie korporatiewe- en risiko raamwerke, insluitende CobiT en The Risk IT Framework, was
oorweeg. Die literatuur ondersoek het egter bevind dat CobiT die mees toepaslikste raamwerk
vir dié studie sal wees. Deur die risiko’s en tegnologieë vanuit ‘n gebruikers perspektief te laat
pas met een of meer CobiT prosesse, het die navorsing bevind dat nie alle prosesse in CobiT van
toepassing is nie. Slegs 18 van die 34 prosesse was van toepassing.
Die studie het ook gepoog om moontlike beheer- en voorsorgmaatreëls vir die risiko’s te
identifiseer. Deur die tegnologieë en risiko’s te gebruik wat gepas is teen die CobiT prosesse, is
‘n beheer raamwerk ontwikkel wat 11 sleutel beheermaatreëls insluit, wat die geïdentifiseerde
risiko’s kan verminder, temper of aanvaar. Beheermaatreëls is slegs bykomstig as dit nie direk
aan ‘n raamwerk gekoppel is nie.
|
Page generated in 0.0642 seconds