Cloud-GMR: A Qualitative Framework for Governance and Risk Management of Cloud-hosted Public Services

2020 XLVI Latin American Computing Conference (CLEI) Pub Date : 2020-10-01 DOI:10.1109/CLEI52000.2020.00041

Denys A. Flores, Guillermo Morocho

{"title":"Cloud-GMR: A Qualitative Framework for Governance and Risk Management of Cloud-hosted Public Services","authors":"Denys A. Flores, Guillermo Morocho","doi":"10.1109/CLEI52000.2020.00041","DOIUrl":null,"url":null,"abstract":"The rapid adoption of Cloud Computing in the last decade has promoted the development and innovation of IT services around the world. This includes the provision of on-demand hardware and software infrastructures, reducing administrative costs, and saving endless deployment efforts. However, public organizations are still reluctant to move towards this computing model due to inherent issues related to the loss of governance and increased IT risks. In this research, we introduce a straightforward 3-phase framework named Cloud-GMR for assisting the decision-making process of determining whether or not moving public services to the Cloud. Our proposal integrates COBIT v.5, ISO 27005 and OCTAVE-S methodologies into a unified qualitative framework for governance and risk management. The novelty of Cloud-GMR is the provision of guidelines for aligning business objectives, identifying migration requirements and assessing risks before adopting any Cloud strategy in the public sector. We also evaluate the applicability of our proposal inside an Ecuadorian public institution.","PeriodicalId":413655,"journal":{"name":"2020 XLVI Latin American Computing Conference (CLEI)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 XLVI Latin American Computing Conference (CLEI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CLEI52000.2020.00041","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

The rapid adoption of Cloud Computing in the last decade has promoted the development and innovation of IT services around the world. This includes the provision of on-demand hardware and software infrastructures, reducing administrative costs, and saving endless deployment efforts. However, public organizations are still reluctant to move towards this computing model due to inherent issues related to the loss of governance and increased IT risks. In this research, we introduce a straightforward 3-phase framework named Cloud-GMR for assisting the decision-making process of determining whether or not moving public services to the Cloud. Our proposal integrates COBIT v.5, ISO 27005 and OCTAVE-S methodologies into a unified qualitative framework for governance and risk management. The novelty of Cloud-GMR is the provision of guidelines for aligning business objectives, identifying migration requirements and assessing risks before adopting any Cloud strategy in the public sector. We also evaluate the applicability of our proposal inside an Ecuadorian public institution.

查看原文本刊更多论文

Cloud-GMR:云托管公共服务治理和风险管理的定性框架

近十年来，云计算的迅速普及推动了全球IT服务的发展和创新。这包括提供随需应变的硬件和软件基础设施，降低管理成本，并节省无尽的部署工作。然而，公共组织仍然不愿意转向这种计算模型，原因是缺乏治理和增加IT风险等固有问题。在本研究中，我们介绍了一个名为Cloud- gmr的简单的三阶段框架，用于帮助确定是否将公共服务迁移到云的决策过程。我们的建议将COBIT v.5、ISO 27005和OCTAVE-S方法集成到治理和风险管理的统一定性框架中。Cloud- gmr的新颖之处在于，在公共部门采用任何云策略之前，它提供了调整业务目标、识别迁移需求和评估风险的指导方针。我们还评估我们的建议在厄瓜多尔公共机构内的适用性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 XLVI Latin American Computing Conference (CLEI)

自引率

0.00%

发文量