A Cloud Computing Security Assessment Framework for Small and Medium Enterprises

Abstract

Cloud computing plays a very important role in the development of business and competitive edge for many organisations including SMEs (Small and Medium Enterprises). Every cloud user continues to expect maximum service, and a critical aspect to this is cloud security which is one among other specific challenges hindering adoption of the cloud technologies. The absence of appropriate, standardised and self-assessing security frameworks of the cloud world for SMEs becomes an endless problem in developing countries and can expose the cloud computing model to major security risks which threaten its potential success within the country. This research presents a security framework for assessing security in the cloud environment based on the Goal Question Metrics methodology. The developed framework produces a security index that describes the security level accomplished by an evaluated cloud computing environment thereby providing the first line of defence. This research has concluded with an eight-step framework that could be employed by SMEs to assess the information security in the cloud. The most important feature of the developed security framework is to devise a mechanism through which SMEs can have a path of improvement along with understanding of the current security level and defining desired state in terms of security metric value.