Chiang Ku Fan; Chen-Mei Fan Chiang; Tong Liang Kao

Risk Management Strategies for the Use of Cloud Computing

Full Text (PDF, 813KB), PP.50-58

Views: 0 Downloads: 0

Author(s)

Chiang Ku Fan ^1,* Chen-Mei Fan Chiang ² Tong Liang Kao ³

1. Shih Chien University, Taipei, Taiwan

2. Tunghai University, Taichung City, Taiwan

3. Tamkang University, Tamsui, Taiwan

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2012.12.05

Received: 12 Mar. 2012 / Revised: 10 Jun. 2012 / Accepted: 2 Aug. 2012 / Published: 8 Nov. 2012

Index Terms

Cloud computing, risk management, risk identification, risk evaluation, Delphi method, analytic network process

Abstract

Cloud computing may lead to both cost-efficiency and flexibility, but it also inevitably triggers a certain degree of loss exposure. Unfortunately, there is little objective, scientific research focused on identifying and evaluating the loss exposure that results from cloud computing. In this study, a modified Delphi method and the analytic network process were employed to identify and evaluate risks of cloud computing. This research finds all solutions for "contract or agreements", "cross-cloud compatibility" and "social engineering" can only reduce the risks of recurrence (risk frequency) but not eliminate recurrences. In other words, risk is inevitable, but risks with severe consequences may be heavy burdens. Purchasing insurance, if possible, is also strongly recommended.

Cite This Paper

Chiang Ku Fan, Chen-Mei Fan Chiang, Tong Liang Kao, "Risk Management Strategies for the Use of Cloud Computing", International Journal of Computer Network and Information Security(IJCNIS), vol.4, no.12, pp.50-58, 2012. DOI:10.5815/ijcnis.2012.12.05

Reference

[1]Buyya R. and Parashar M. User requirements for cloud computing architecture, Proc. 10th IEEE/ACM International Conference on Cluster, Cloud and Grid Computing, Melbourne, Australia, 17-20 May 2010, pp. 625-630.
[2]Ahmed Sultan, N. Reaching for the cloud: How SMEs can manage, International Journal of Information Management, 2011. 31: p. 272-278.
[3]Chow, R., Golle, P., Jakobsson, M. Controlling data in the cloud: Outsourcing computation without outsourcing control', Fujitsu Laboratories of America, Chicago: Illinois, 2009.
[4]Rejda, G. E. Principles of risk management and insurance. 11th Edition, New Jersey: Prentice Hall, 2011.
[5]Awati, K. Cox's risk matrix theorem and its implications for project risk management, from http://eight2late.wordpress.com/2009/07/01/cox%E2%80%99s-risk-matrix-theorem-and-its-implications-for-project-risk-management/, accessed 18 Dec 2011.
[6]Cox, L. A. What's wrong with risk matrices? Risk Analysis, 2008. 28(2): p. 497-515.
[7]Lim, S. H. Risks in the North Korean special economic zone: context, identification, and assessment. Emerging Markets Finance & Trade, 2011. 47(1): p. 50-66.
[8]Picado, F., Barmen, G., Bengtsson, G. Cuadra, S., Jakobsson, K., and Mendoza, A. Ecological, groundwater, and human health risk assessment in a mining region of Nicaragua. Risk Analysis: An International Journal, 2010. 30(6): p. 916-933.
[9]Pintar, K. D. M., Charron, D. F., Fazil, A., McEwen, S. A., Pollari, F., Waltner-Toews, D. (2010) A risk assessment model to evaluate the role of fecal contamination in recreational water on the incidence of Cryptosporidiosis at the community level in Ontario. Risk Analysis: An International Journal, Jan2010. 30(1): p. 49-64.
[10]Aven, T. and Renn, O. The role of quantitative risk assessments for characterizing risk and uncertainty and delineating appropriate risk management options, with special emphasis on terrorism risk. Risk Analysis: An International Journal. 2009. 29(4): p. 587-600.
[11]Subashini, S. and Kavitha, V. A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 2011. 34:p. 1-11.
[12]Casale, J. Social networking, cloud computing bring new risk exposures. Business Insurance, 2010. 44(38):p. 17.
[13]Bublitz, E. (2010). Catching The Cloud: Managing Risk When Utilizing Cloud Computing. National Underwriter P & C, 2010. 114(39):p. 12-16.
[14]Paquette, S., Jaeger, P. T. and Wilson, S. C. Identifying the security risks associated with governmental use of cloud computing. Government Information Quarterly, 2010. 27:p. 245-53.
[15]Jaeger, P. T., Grimes, J. M., Lin, J. and Simmons, S. N. Where is the cloud? Geography. Economics, Environment, and Jurisdiction in Cloud Computing, 2009. 14(5):p. 4-15.
[16]Svantesson, D. and Clarke, R. Privacy and consumer risks in cloud computing, Computer Law & Security Review, 2010. 26:p. 391-397.
[17]Armburst, M., Fox, A., Griffith, R. Joseph, A. D., Katz, R. and Konwinski, A. et al. Above the clouds: a Berkley view of cloud computing, from http://radlab.cs.berkekey.edu/, accessed 5 Dec 2011.
[18]Saaty T. L. Decision making with dependence and feedback: The analytic network process. Pittsburgh: RWS Publications, 1996.
[19]Saaty T. L. The analytic hierarchy process. New York: McGraw Hill Publications. 1980.

International Journal of Computer Network and Information Security (IJCNIS)