How to utilize the IaaS cloud safely? Developing cloud security for cloud adoption in the Middle East

Masterarbeit, 2018
91 Seiten, Note: B

Informatik - IT-Security

Leseprobe

1.0 Chapter 1: Introduction

1.1 Aims and Objectives

1.2 Brief Outline

2.0 Chapter 2: Literature Review

2.1 Cloud definition and Characteristics

2.2 Cloud service models

2.3 Cloud deployments model

2.4 Cloud benefits

2.5 Risk Management Framework for Cloud Ecosystem

2.6 Cloud Associated Risks

2.7 IaaS Security

2.7.1 VM Security

2.7.2 Hypervisor Security

2.7.3 Datacenter Security

2.8 Countermeasures

2.9 Service level of Agreement (SLA)

2.10 Conclusion

3.0 Chapter 3: Research Methodology

3.1 Observation Research Methods.

3.2 Interviews Research method

3.3 Surveys Research method.

3.3.1 Open-ended questions:

3.3.2 Closed-ended questions:

3.4 Methodological triangulation validation

4.0 Chapter 4: Observation

4.1 Observation Findings and data analysis.

4.1.1 Expected growth:

4.1.2 Responsibilities of parties:

4.1.3 Cloud Protection Scheme.

4.1.4 Threat Model

4.1.5 Governance & Compliance

4.1.6 Controls Used

4.2 Table summary

5.0 Chapter 5: Experts Interviews & Data Analysis

5.1 Introduction

5.2 Data Analysis

5.2.1 Expected Growth

5.2.2 Responsibility distribution and protection scheme

5.2.3 Threat Landscape, Practices and Controls used

5.2.4 Governance and compliance

5.3 Table summary

5.4 triangular validation and confirmation

6.0 chapter 6: Discussions

6.1 Low-risk appetite template.

6.2 High-risk appetite template.

Chapter 7: Data Collection & Analysis

7.1 Introduction

7.2 Data Analysis

Chapter 8: Summary

8.1 Summary

8.2 Conclusion

8.3 Recommendations

Objectives and Research Scope

This dissertation aims to provide IT professionals in the Middle East with a safer approach for cloud adoption, specifically focusing on Infrastructure as a Service (IaaS) within hybrid deployment models. By assessing current cloud security practices and identifying regional challenges, the research seeks to develop and validate risk-based security templates to guide cloud adoption.

Investigation of hybrid cloud security deployments and IaaS in the Middle East.
Development of two security templates categorized by organizational risk appetite (low-risk and high-risk).
Application of methodological triangulation to validate findings through literature review, observations, expert interviews, and surveys.
Formulation of guidelines for designing cloud security infrastructure and selecting appropriate controls.

Excerpt from the Book

2.1 Cloud definition and Characteristics

Mell and Grance (2011) state that Cloud Computing is a model of enabling convenient on-demand access to a shared pool of self-managed configurable resources such as Network, servers, storage, and applications that are rapidly provisioned, accessed broadly and can be measured. It has main characteristics such as the following:

• On-demand Self-service: cloud user can get cloud benefits based on his needs without human interaction, for example, the consumer can schedule provisioning of the resources within their peak time only and de-provision them later automatically (Krutz and Vines, 2010).

• Broad Network access: Cloud services are available from anywhere over a different kind of links whether these links are internet or WAN or fibre or Microwave (Mell and Grance, 2011).

• Rapid Elasticity: or in another word, quickly scalable based on demand up and down (Krutz and Vines, 2010).

• Resource Pooling: the cloud computing whether it is physical and virtual resources are shared across multi-cloud users that dynamic assigned based on the cloud user needs (Mell and Grance, 2011).

• Measured service: the resources of that are used by the tenants are changing with time; however, it is monitored, metered, controlled and reported in a transparent manner (Krutz and Vines, 2010).

The mentioned characteristics can be restated in more critic way by saying that it is the technology that enables the consumer to lower their starting cost. This lowering of cost is achieved due to one of cloud’s main characteristics which is resource sharing. The concept of sharing IaaS resource allows the consumer to get the benefit of high tech technology, starts quickly and procuring cloud computing with the minimum possible amount of investment.

Summary of Chapters

1.0 Chapter 1: Introduction: Discusses the emergence of cloud computing, its benefits for business agility, and the specific security challenges faced in the Middle East region due to geopolitical tensions.

2.0 Chapter 2: Literature Review: Explores definitions, service models, and the risk management framework for the cloud ecosystem, highlighting security concerns related to IaaS.

3.0 Chapter 3: Research Methodology: Outlines the combination of research methods, including literature review, observations, expert interviews, and surveys, used to validate the study findings.

4.0 Chapter 4: Observation: Details the author's observations on expected growth in cloud adoption, responsibility distribution, and the IaaS cloud protection scheme.

5.0 Chapter 5: Experts Interviews & Data Analysis: Presents insights from IT experts in the Middle East, confirming the need for a formal adoption strategy and validating the identified risks.

6.0 chapter 6: Discussions: Proposes specific security templates for organizations based on their risk appetite, incorporating trust zone isolation and NIST-aligned controls.

Chapter 7: Data Collection & Analysis: Documents the survey results used to validate the proposed templates and their practical applicability for IT professionals.

Chapter 8: Summary: Consolidates the research, reiterating the necessity of a structured template for safe cloud adoption and offering recommendations for regional infrastructure development.

Keywords

Cloud Computing, Cloud Security, Private Cloud, Public Cloud, Cloud Security Strategy, Infrastructure as a Service security, IaaS, hybrid Cloud, Risk Management, Information Security, Middle East, Virtualization, Data Classification, Network Security, Governance and Compliance.

Frequently Asked Questions

What is the core focus of this dissertation?

The dissertation focuses on developing a safe, structured approach for IT professionals in the Middle East to adopt Infrastructure as a Service (IaaS) cloud solutions through the use of standardized security templates.

What are the primary thematic areas covered in this work?

The work covers cloud architecture, IaaS-specific security risks, threat modeling, responsibility distribution between consumers and providers, and the implementation of governance and compliance frameworks.

What is the primary research objective?

The objective is to guide IT professionals in designing secure IaaS infrastructure, selecting appropriate security defenses, and protecting sensitive data in the cloud by utilizing tailored templates based on the organization's risk appetite.

Which scientific methods were applied in this research?

The research employed a methodological triangulation approach, combining literature reviews, direct observations, semi-structured expert interviews, and quantitative surveys to validate the findings.

What does the main body of the research address?

The main body examines current cloud adoption trends, analyzes regional security postures, details specific threat models, and presents actionable templates for low-risk and high-risk organizational profiles.

Which keywords best characterize this research?

Key terms include Cloud Computing, IaaS Security, Risk Management, Middle East Cloud Adoption, and Security Frameworks.

How are the security templates differentiated?

The templates are differentiated based on an organization's risk appetite: low-risk appetite templates for conservative organizations and high-risk appetite templates for organizations with higher tolerance for risk.

What is the role of 'Trust Zones' in this research?

Trust zones are used as a model for network segmentation and isolation, ensuring that different cloud management, security, and traffic functions are properly separated to prevent unauthorized access.

What specific impact does the author expect for the Middle East?

The author identifies a significant need for formal guidance due to the regional lack of specialized cloud security expertise, expecting that these templates will compensate for these gaps and facilitate safer cloud growth.

Ende der Leseprobe aus 91 Seiten - nach oben

Details

Titel: How to utilize the IaaS cloud safely? Developing cloud security for cloud adoption in the Middle East
Hochschule: Anglia Ruskin University
Veranstaltung: Dissertation
Note: B
Autor: Haitham Ismail (Autor:in)
Erscheinungsjahr: 2018
Seiten: 91
Katalognummer: V455215
ISBN (eBook): 9783668890244
ISBN (Buch): 9783668890251
Sprache: Englisch
Anmerkungen: All information is available on the first page.
Schlagworte: IaaS Security Cloud Security Hybrid cloud computing cloud Security Strategy risk in cloud risk appetite NIST Cloud CSA
Produktsicherheit: GRIN Publishing GmbH
Preis (Ebook): US$ 42,99
Preis (Book): US$ 55,99

Arbeit zitieren: Haitham Ismail (Autor:in), 2018, How to utilize the IaaS cloud safely? Developing cloud security for cloud adoption in the Middle East, München, Page::Imprint:: GRINVerlagOHG, https://www.diplomarbeiten24.de/document/455215