Let me in the cloud: analysis of the benefit and risk assessment of cloud platform

Azeem Aleem and Christopher Ryan Sprott

Journal of Financial Crime, 2013, vol. 20, issue 1, 6-24

Abstract: Purpose - The purpose of this paper is to critically examine the vulnerabilities of the cloud platform affecting businesses trading on the internet. It aims to examine the appropriateness of the cloud computing, its benefits to the industry and helps to identify security concerns for businesses that plan to deploy one of the cloud platforms. It helps to identify areas where businesses should focus before choosing an appropriate Cloud Service Provider (CSP). Design/methodology/approach - This paper presents the findings of an original research survey (200 IT professionals working both in the public and private sectors) undertaken to examine their privacy, and data security concerns associated with the cloud platform. Views of those who have yet to deploy cloud were analysed to detect the patterns of common security issues. Cyber fraud and trust concerns of the organisations are addressed and deployment of the secured cloud environment is outlined. Findings - The survey analysis highlighted that the top concerns for organisations on cloud were security (93.8 per cent), governance (61.1 per cent) and a lack of control over service availability (56.6 per cent). The survey highlighted that the majority of IT professionals were not aware that some CSPs currently control the decryption keys that enable them to decrypt their client's data. This should be considered as a major security concern and it is one of the factors that should be looked into while vetting the service level agreement (SLA). Data loss and leakage (73.5 per cent) were voted as the top threat to cloud computing by respondents; this was followed by account, service and traffic hijacking (60.8 per cent). The paper examines various types of cloud threats companies have encountered. Research limitations/implications - The vast majority of the data are drawn from IT professionals with businesses mainly in the UK and the USA. Practical implications - The paper advocates a proactive and holistic cloud‐cyber security prevention typology to prevent e‐crime, with guidance of what features to look for when choosing an appropriate cloud service provider. Originality/value - This is the first analysis done that includes IT auditors, physical security personnel as well as IT professionals. The paper is of value to companies considering adoption or implementation of a cloud platform. It helps to assess the cloud by evaluating a detailed comparison of benefits and risk associated with the platform.

Keywords: Computing; Information technology; Data security; Internet; Cyber crime; Cloud computing; Cloud; Disruptive technology (search for similar items in EconPapers)
Date: 2013
References: Add references at CitEc
Citations:

Downloads: (external link)
https://www.emerald.com/insight/content/doi/10.110 ... d&utm_campaign=repec (text/html)
https://www.emerald.com/insight/content/doi/10.110 ... d&utm_campaign=repec (application/pdf)
Access to full text is restricted to subscribers

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:eme:jfcpps:13590791311287337

DOI: 10.1108/13590791311287337

Access Statistics for this article

Journal of Financial Crime is currently edited by Dr Li Hong Xing and Prof Barry Rider

More articles in Journal of Financial Crime from Emerald Group Publishing Limited
Bibliographic data for series maintained by Emerald Support ().