| Abstract: | Cloud computing is one of the fast growing technological phenomena being adopted by many organizations ranging from small to large and even individuals, due to the advantage that no need of infrastructure deployment needed by customers to meet their computational demands. In this research the various components of cloud computing such as service delivery models, types of cloud computing, security issues and security mechanisms used were discussed in detail. There are various security vulnerabilities and risks in the cloud environment introduced due to the fact that users do not have mechanisms of control over their confidential data in the cloud. The major security concerns raised by Cloud Service Consumers (CSCs) as seen from literatures were insufficient data security, compliance and legal issues and loss of governance on data. The aim of this research is, therefore, to provide solutions for the above mentioned security issues.
Various mechanisms were used for data gathering such as interviews and document analysis to get the full picture of the cloud security mechanisms deployed at Cloud Service Providers (CSPs) and CSCs, and analyzed them whether they address security issues and concerns faced by CSCs. Based on the data gathered it was evident that the organizations under the study that use cloud were provided with only technical security controls which are not enough to deem they are alone enough to ensure cloud security and address CSCs concerns of getting services that are secured, transparent and managed in formal manner.
Thus, in order to address these security concerns and issues, the researcher proposed a framework that encompasses end-to-end cloud environment by combining technical cloud security solutions with IT governance solutions. The proposed framework was evaluated using two methods, the first was by presenting it to the various individuals who participated in the interviews that ware conducted and IT security professionals from other organizations. The other validation technique utilized was comparing the proposed framework with other cloud security frameworks. Based on the validations conducted the framework was given positive feedbacks about addressing the issues faced by CSCs and improve its adoptability. |
