Information Security is very important for businesses and national security of any country. In the Middle East, especially with the current geopolitical tensions and unbalanced situation resulting from terrorism rising, cybersecurity is very important to protect the nation’s economy and security.
This research investigates with a deep look inside hybrid cloud security deployments, which is new to the Middle East region with focusing on Infrastructure as service security (IaaS). Furthermore, it assesses the current practice when it comes to cloud data adoption in an IaaS environment, whether it is on-premises or hosted by a third party, dedicated or shared across multitenant.
This research aims to develop two templates to be followed by IT professionals whether they have the required expertise for cloud adoption or not to guide them through the whole data cloud adoption process. According to the risk appetite of the organization and their acceptable risk level, the template is chosen.
These templates contain a guide to design the cloud security infrastructures, the placement of information in different IaaS deployment models (e.g. private IaaS, public IaaS, community IaaS, etc.), and what controls recommended to establish controls and governance in the cloud realm. These templates were developed based on the recommendation and guidelines National Institute of Standards and Technology (NIST), Cloud Security Alliance (CSA), and European Union Agency for Network and Information Security (ENISA).
Inhaltsverzeichnis (Table of Contents)
- Abstract
- Table of Contents
- List of tables
- Keywords
- 1.0 Chapter 1: Introduction
- 1.1 Aims and Objectives
- 1.2 Brief Outline
- 2.0 Chapter 2: Literature Review
- 2.1 Cloud definition and Characteristics
- 2.2 Cloud service models
- 2.3 Cloud deployments model
- 2.4 Cloud benefits
- 2.5 Risk Management Framework for Cloud Ecosystem
- 2.6 Cloud Associated Risks
- 2.7 IaaS Security
- 2.7.1 VM Security
- 2.7.2 Hypervisor Security
- 2.7.3 Datacenter Security
- 2.8 Countermeasures
- 2.9 Service level of Agreement (SLA)
- 2.10 Conclusion
- 3.0 Chapter 3: Research Methodology
- 3.1 Observation Research Methods
- 3.2 Interviews Research method
- 3.3 Surveys Research method
- 3.3.1 Open-ended questions:
- 3.3.2 Closed-ended questions:
- 3.4 Methodological triangulation validation
- 4.0 Chapter 4: Observation
- 4.1 Observation Findings and data analysis
- 4.1.1 Expected growth:
- 4.1.2 Responsibilities of parties:
- 4.1.3 Cloud Protection Scheme
- 4.1.4 Threat Model
- 4.1.5 Governance & Compliance
- 4.1.6 Controls Used
- 4.2 Table summary
- 5.0 Chapter 5: Experts Interviews & Data Analysis
- 5.1 Introduction
- 5.2 Data Analysis
- 5.2.1 Expected Growth
- 5.2.2 Responsibility distribution and protection scheme
- 5.2.3 Threat Landscape, Practices and Controls used
- 5.2.4 Governance and compliance
- 5.3 Table summary
- 5.4 triangular validation and confirmation
- 6.0 chapter 6: Discussions
- 6.1 Low-risk appetite template.
- 6.2 High-risk appetite template
- Chapter 7: Data Collection & Analysis
- 7.1 Introduction
- 7.2 Data Analysis
- Chapter 8: Summary
- 8.1 Summary
- 8.2 Conclusion
- 8.3 Recommendations
- References
- Appendix 1 - Research Work Flow
- Appendix 2 - Interview Questions
- Appendix 3 - Interviews transcript
- Interview 1.
- Interview 2
- Interview 3
- Interview 4
- Interview 5
- Appendix 4 - Surveys Questions
- List of tables
Zielsetzung und Themenschwerpunkte (Objectives and Key Themes)
This dissertation explores cloud security for cloud adoption in the Middle East, focusing on Infrastructure as a Service (IaaS) security. The research aims to develop practical templates for IT professionals to guide them through the cloud adoption process, considering both low and high-risk appetite organizations.
- Hybrid cloud security deployments and IaaS security in the Middle East
- Current practices for cloud data adoption in IaaS environments
- Development of cloud security infrastructure design templates
- Recommendations and guidelines for establishing controls and governance in the cloud realm
- Risk assessment and risk appetite considerations for cloud adoption
Zusammenfassung der Kapitel (Chapter Summaries)
- Chapter 1: Introduction: This chapter introduces the research topic, outlines the aims and objectives, and provides a brief overview of the dissertation structure.
- Chapter 2: Literature Review: This chapter delves into the literature on cloud computing, its various models and deployment strategies, the benefits and risks associated with cloud adoption, and specific security considerations for IaaS environments.
- Chapter 3: Research Methodology: This chapter explains the research methods used in the study, including observation, interviews, and surveys. The chapter details the data collection and analysis techniques employed.
- Chapter 4: Observation: This chapter presents findings from the observational research, focusing on the expected growth of cloud adoption, the responsibilities of different parties involved in cloud deployment, and the current threat landscape and security controls used in the Middle East.
- Chapter 5: Experts Interviews & Data Analysis: This chapter analyzes data gathered from interviews with industry experts, examining key findings related to cloud adoption, threat landscapes, and security practices in the Middle East.
- Chapter 6: Discussions: This chapter discusses the research findings and their implications for developing two cloud security infrastructure templates: one for low-risk appetite organizations and another for high-risk appetite organizations.
Schlüsselwörter (Keywords)
This research focuses on cloud security, IaaS security, cloud adoption, risk management, governance, compliance, and the development of practical templates for IT professionals in the Middle East. The research draws upon guidelines and recommendations from organizations like NIST, CSA, and ENISA to address the specific security challenges of cloud adoption in the region.
- Quote paper
- Haitham Ismail (Author), 2018, How to utilize the IaaS cloud safely? Developing cloud security for cloud adoption in the Middle East, Munich, GRIN Verlag, https://www.grin.com/document/455215