Abstract
Cloud computing services have become important to IS/IT recently. Cloud service providers (CSPs) support different types of cloud computing services (Infrastructure as a Service, Platform as a Service, and Software as a Service). There are many challenges and concerns in using cloud computing services that may cause many risks. These risks need addressing while using cloud computing. CSPs provide procedures in order to control risk areas while providing their services. There are many studies that assess risks in cloud computing services. They provide evaluation tools and/or frameworks to manage the risk in cloud computing services. Moreover, IS/IT governance is one of the most powerful ways to achieve IS/IT business alignment. The main goals of IS/IT governance are to ensure that the investments in IS/IT generate business values and to mitigate the risks associated with IS/IT. Even though there are various risks in cloud computing services, there is no comprehensive framework to support risk assessment according to user’s needs. In this paper, we aim to provide a conceptual framework for governance in cloud computing services. This framework will focus on cloud client (CC) requirements to achieve the governance.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Müller SD, Holm SR, Søndergaard J (2015) Benefits of cloud computing: literature review in a maturity model perspective. Commun Assoc Inf Syst 37(1):851–878. https://doi.org/10.17705/1cais.03742
Mell P, Grance T (2011) The NIST-National Institute of Standards and Technology definition of cloud computing. NIST Spec Publ 7:800–145
Ashraf I (2014) An overview of service models of cloud computing. Int J Multidiscip Curr Res 2:779–783
Diaby T, Rad BB (2017) Cloud computing: a review of the concepts and deployment models. Int J Inf Technol Comput Sci 9(6):50–58. https://doi.org/10.5815/ijitcs.2017.06.07
Guide P, Edition F A guide to the project management body of knowledge
Lainhart JW (2012) COBIT 5: a business framework for the governance and management of enterprise IT COBIT 5
Lourenco J, Santos-Pereira C, Rijo R, Cruz-Correia R (2014) Service level agreement of information and communication Technologies in Portuguese hospitals. Proc Technol 16:1397–1402. https://doi.org/10.1016/j.protcy.2014.10.158
Sultana A, Raghuveer K (2017) Security risks in cloud delivery models
Sultana A (2017) Security risks in cloud delivery models, pp 2637–2640
Singh S, Jeong YS, Park JH (2016) A survey on cloud computing security: issues, threats, and solutions. J Netw Comput Appl 75:200–222. https://doi.org/10.1016/j.jnca.2016.09.002
Fox A et al (2009) Above the clouds: a berkeley view of cloud computing. Department of Electrical Engineering and Computer Sciences, University of California, Berkeley, Rep. UCB/EECS 28.13 (2009)
Sharma PK, Kaushik PS, Agarwal P, Jain P, Agarwal S, Dixit K (2017) Issues and challenges of data security in a cloud computing environment. In: 2017 IEEE 8th annual ubiquitous computing electronics mobile communication conference UEMCON 2017, vol 2018 Jan, pp 560–566. https://doi.org/10.1109/UEMCON.2017.8249113
Ramachandra G, Iftikhar M, Khan FA (2017) A comprehensive survey on security in cloud computing. Proc Comput Sci 110(2012):465–472. https://doi.org/10.1016/j.procs.2017.06.124
Sen AK, Tiwari PK (2018) Security issues and solutions in cloud computing. Security issues and solutions in cloud computing, Mar 2018. https://doi.org/10.9790/0661-1902046772
Tunc et al C (2017) Cloud security automation framework. In: Proceedings of 2017 IEEE 2nd international workshop foundations application Self* Systems FAS*W 2017. IDC, pp 307–312. https://doi.org/10.1109/FAS-W.2017.164
Cayirci E, Garaga A, Santana de Oliveira A, Roudier Y (2016) A risk assessment model for selecting cloud service providers. J Cloud Comput 5(1):1–12. https://doi.org/10.1186/s13677-016-0064-x
Kalaiprasath R, Elankavi R, Udayakumar R (2017) Cloud security and compliance–a semantic approach in end to end security. Int J Smart Sens Intell Syst 2017:482–494. https://doi.org/10.21307/ijssis-2017-265
Tsaregorodtsev AV et al (2018) (2018) Information security risk estimation for cloud infrastructure. Int J Inf Technol Secur 10(4)
Medhioub M, Hamdi M, Kim TH (2017, Mar) Adaptive risk management framework for cloud computing. In: 2017 IEEE 31st international conference on advanced information networking and applications (AINA). IEEE, pp 1154–1161
Patel K, Alabisi A (2019) Cloud computing security risks: identification and assessment. ERA J Ideas 17(2):11–19
Vijayakumar K, Arun C (2019) Continuous security assessment of cloud based applications using distributed hashing algorithm in SDLC. Cluster Comput 22(s5):10789–10800. https://doi.org/10.1007/s10586-017-1176-x
Chiou S-F, Pan H-T, Cahyadi EF, Hwang M-S (2019) A context establishment framework for cloud computing information security risk management based on the STOPE view. Int J Netw Secur 21(1):100. https://doi.org/10.6633/IJNS.201901
Kristiani E, Yang CT, Wang YT, Huang CY (2019) Implementation of an edge computing architecture using openstack and kubernetes. Lect Notes Electr Eng 514:675–685. https://doi.org/10.1007/978-981-13-1056-0_66
Al-ruithe M, Benkhelifa E, Hameed K (2016) A conceptual framework for designing data governance for cloud computing. Proc Comput Sci 94:160–167. https://doi.org/10.1016/j.procs.2016.08.025
Brandis K, Dzombeta S, Colomo-Palacios R, Stantchev V (2019) Governance, risk, and compliance in cloud scenarios. Appl Sci 9(2):1–21. https://doi.org/10.3390/app9020320
Faizi SM, Rahman SSM (2019) Securing cloud computing through IT governance. SSRN Electron J 7(1). https://doi.org/10.2139/ssrn.3360869
Al-Ruithe M, Benkhelifa E (2017) Analysis and classification of barriers and critical success factors for implementing a cloud data governance strategy. Proc Comput Sci 113:223–232. https://doi.org/10.1016/j.procs.2017.08.352
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Gamal, M., Helal, I.M.A., Mazen, S.A., Elhennawy, S. (2022). IS Risks Governance for Cloud Computing Service. In: Magdi, D.A., Helmy, Y.K., Mamdouh, M., Joshi, A. (eds) Digital Transformation Technology. Lecture Notes in Networks and Systems, vol 224. Springer, Singapore. https://doi.org/10.1007/978-981-16-2275-5_4
Download citation
DOI: https://doi.org/10.1007/978-981-16-2275-5_4
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-2274-8
Online ISBN: 978-981-16-2275-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)