Strategy for Developing Effective Cyber Security on Cloud for SMEs

Author: Rayan Omar S Abuhasha

Abuhasha, Rayan Omar S, 2017 Strategy for Developing Effective Cyber Security on Cloud for SMEs, Flinders University, School of Computer Science, Engineering and Mathematics

Terms of Use: This electronic version is (or will be) made publicly available by Flinders University in accordance with its open access policy for student theses. Copyright in this thesis remains with the author. You may use this material for uses permitted under the Copyright Act 1968. If you are the owner of any included third party copyright material and/or you believe that any material has been made available without permission of the copyright owner please contact copyright@flinders.edu.au with the details.

Abstract

ABSTRACT

Cloud computing is a relatively new paradigm that presents significant business benefits and enormous opportunities for small and micro enterprises. As the information technology (IT) landscape evolves, SMEs need to find effective strategies for meeting business demands However, many SMEs are reluctant to adopt cloud computing technology due to the inherent security, privacy, and trust issues, as well as regulatory risks and compliance implications. Preliminary studies show increasing numbers of cybersecurity attacks targeting SMEs in cloud environments (Symantec, 2016; U.S. State of Cybercrime Survey, 2013; Verizon.com, 2016). To address the security threats, there is need to establish best practices, standards, and guidelines that SMEs can follow. The aim of this study is to develop effective cloud security strategies for SMEs. The study addresses two research objectives: (i) to identify the security threats and challenges facing SMEs in cloud environments and determine the best mitigation strategies and, (ii) to develop a security strategy framework for SMEs in the context of cloud computing. The study followed the design research paradigm incorporating an extensive literature review which informed the development of the proposed model for SME security in the cloud. The overarching contribution of this study is the proposed model, which integrates four strategic components: Cloud Model, Security Model, Compliance Model, and Security Major Component. Although there is no single path for business success with cloud computing, the proposed model can serve as a guide for best practices and strategies for SMEs when deploying cloud-based solutions. It is

recommended that SMEs use the conceptual model as a guide for migrating to the hyper-cloud solution

Keywords: cloud computing, cyber security, small and micro sized enterprises, SMEs,

Subject: Computer Science thesis

Thesis type: Masters
Completed: 2017
School: School of Computer Science, Engineering and Mathematics
Supervisor: Dr. Anna Shillabeer