Information Security is very important for businesses and national security of any country. In the Middle East, especially with the current geopolitical tensions and unbalanced situation resulting from terrorism rising, cybersecurity is very important to protect the nation’s economy and security.
This research investigates with a deep look inside hybrid cloud security deployments, which is new to the Middle East region with focusing on Infrastructure as service security (IaaS). Furthermore, it assesses the current practice when it comes to cloud data adoption in an IaaS environment, whether it is on-premises or hosted by a third party, dedicated or shared across multitenant.
This research aims to develop two templates to be followed by IT professionals whether they have the required expertise for cloud adoption or not to guide them through the whole data cloud adoption process. According to the risk appetite of the organization and their acceptable risk level, the template is chosen.
These templates contain a guide to design the cloud security infrastructures, the placement of information in different IaaS deployment models (e.g. private IaaS, public IaaS, community IaaS, etc.), and what controls recommended to establish controls and governance in the cloud realm. These templates were developed based on the recommendation and guidelines National Institute of Standards and Technology (NIST), Cloud Security Alliance (CSA), and European Union Agency for Network and Information Security (ENISA).
Table of Contents
1.0 Chapter 1: Introduction
1.1 Aims and Objectives
1.2 Brief Outline
2.0 Chapter 2: Literature Review
2.1 Cloud definition and Characteristics
2.2 Cloud service models
2.3 Cloud deployments model
2.4 Cloud benefits
2.5 Risk Management Framework for Cloud Ecosystem
2.6 Cloud Associated Risks
2.7 IaaS Security
2.7.1 VM Security
2.7.2 Hypervisor Security
2.7.3 Datacenter Security
2.8 Countermeasures
2.9 Service level of Agreement (SLA)
2.10 Conclusion
3.0 Chapter 3: Research Methodology
3.1 Observation Research Methods.
3.2 Interviews Research method
3.3 Surveys Research method.
3.3.1 Open-ended questions:
3.3.2 Closed-ended questions:
3.4 Methodological triangulation validation
4.0 Chapter 4: Observation
4.1 Observation Findings and data analysis.
4.1.1 Expected growth:
4.1.2 Responsibilities of parties:
4.1.3 Cloud Protection Scheme.
4.1.4 Threat Model
4.1.5 Governance & Compliance
4.1.6 Controls Used
4.2 Table summary
5.0 Chapter 5: Experts Interviews & Data Analysis
5.1 Introduction
5.2 Data Analysis
5.2.1 Expected Growth
5.2.2 Responsibility distribution and protection scheme
5.2.3 Threat Landscape, Practices and Controls used
5.2.4 Governance and compliance
5.3 Table summary
5.4 triangular validation and confirmation
6.0 chapter 6: Discussions
6.1 Low-risk appetite template.
6.2 High-risk appetite template.
Chapter 7: Data Collection & Analysis
7.1 Introduction
7.2 Data Analysis
Chapter 8: Summary
8.1 Summary
8.2 Conclusion
8.3 Recommendations
Objectives and Research Scope
This dissertation aims to provide IT professionals in the Middle East with a safer approach for cloud adoption, specifically focusing on Infrastructure as a Service (IaaS) within hybrid deployment models. By assessing current cloud security practices and identifying regional challenges, the research seeks to develop and validate risk-based security templates to guide cloud adoption.
- Investigation of hybrid cloud security deployments and IaaS in the Middle East.
- Development of two security templates categorized by organizational risk appetite (low-risk and high-risk).
- Application of methodological triangulation to validate findings through literature review, observations, expert interviews, and surveys.
- Formulation of guidelines for designing cloud security infrastructure and selecting appropriate controls.
Excerpt from the Book
2.1 Cloud definition and Characteristics
Mell and Grance (2011) state that Cloud Computing is a model of enabling convenient on-demand access to a shared pool of self-managed configurable resources such as Network, servers, storage, and applications that are rapidly provisioned, accessed broadly and can be measured. It has main characteristics such as the following:
• On-demand Self-service: cloud user can get cloud benefits based on his needs without human interaction, for example, the consumer can schedule provisioning of the resources within their peak time only and de-provision them later automatically (Krutz and Vines, 2010).
• Broad Network access: Cloud services are available from anywhere over a different kind of links whether these links are internet or WAN or fibre or Microwave (Mell and Grance, 2011).
• Rapid Elasticity: or in another word, quickly scalable based on demand up and down (Krutz and Vines, 2010).
• Resource Pooling: the cloud computing whether it is physical and virtual resources are shared across multi-cloud users that dynamic assigned based on the cloud user needs (Mell and Grance, 2011).
• Measured service: the resources of that are used by the tenants are changing with time; however, it is monitored, metered, controlled and reported in a transparent manner (Krutz and Vines, 2010).
The mentioned characteristics can be restated in more critic way by saying that it is the technology that enables the consumer to lower their starting cost. This lowering of cost is achieved due to one of cloud’s main characteristics which is resource sharing. The concept of sharing IaaS resource allows the consumer to get the benefit of high tech technology, starts quickly and procuring cloud computing with the minimum possible amount of investment.
Summary of Chapters
1.0 Chapter 1: Introduction: Discusses the emergence of cloud computing, its benefits for business agility, and the specific security challenges faced in the Middle East region due to geopolitical tensions.
2.0 Chapter 2: Literature Review: Explores definitions, service models, and the risk management framework for the cloud ecosystem, highlighting security concerns related to IaaS.
3.0 Chapter 3: Research Methodology: Outlines the combination of research methods, including literature review, observations, expert interviews, and surveys, used to validate the study findings.
4.0 Chapter 4: Observation: Details the author's observations on expected growth in cloud adoption, responsibility distribution, and the IaaS cloud protection scheme.
5.0 Chapter 5: Experts Interviews & Data Analysis: Presents insights from IT experts in the Middle East, confirming the need for a formal adoption strategy and validating the identified risks.
6.0 chapter 6: Discussions: Proposes specific security templates for organizations based on their risk appetite, incorporating trust zone isolation and NIST-aligned controls.
Chapter 7: Data Collection & Analysis: Documents the survey results used to validate the proposed templates and their practical applicability for IT professionals.
Chapter 8: Summary: Consolidates the research, reiterating the necessity of a structured template for safe cloud adoption and offering recommendations for regional infrastructure development.
Keywords
Cloud Computing, Cloud Security, Private Cloud, Public Cloud, Cloud Security Strategy, Infrastructure as a Service security, IaaS, hybrid Cloud, Risk Management, Information Security, Middle East, Virtualization, Data Classification, Network Security, Governance and Compliance.
Frequently Asked Questions
What is the core focus of this dissertation?
The dissertation focuses on developing a safe, structured approach for IT professionals in the Middle East to adopt Infrastructure as a Service (IaaS) cloud solutions through the use of standardized security templates.
What are the primary thematic areas covered in this work?
The work covers cloud architecture, IaaS-specific security risks, threat modeling, responsibility distribution between consumers and providers, and the implementation of governance and compliance frameworks.
What is the primary research objective?
The objective is to guide IT professionals in designing secure IaaS infrastructure, selecting appropriate security defenses, and protecting sensitive data in the cloud by utilizing tailored templates based on the organization's risk appetite.
Which scientific methods were applied in this research?
The research employed a methodological triangulation approach, combining literature reviews, direct observations, semi-structured expert interviews, and quantitative surveys to validate the findings.
What does the main body of the research address?
The main body examines current cloud adoption trends, analyzes regional security postures, details specific threat models, and presents actionable templates for low-risk and high-risk organizational profiles.
Which keywords best characterize this research?
Key terms include Cloud Computing, IaaS Security, Risk Management, Middle East Cloud Adoption, and Security Frameworks.
How are the security templates differentiated?
The templates are differentiated based on an organization's risk appetite: low-risk appetite templates for conservative organizations and high-risk appetite templates for organizations with higher tolerance for risk.
What is the role of 'Trust Zones' in this research?
Trust zones are used as a model for network segmentation and isolation, ensuring that different cloud management, security, and traffic functions are properly separated to prevent unauthorized access.
What specific impact does the author expect for the Middle East?
The author identifies a significant need for formal guidance due to the regional lack of specialized cloud security expertise, expecting that these templates will compensate for these gaps and facilitate safer cloud growth.
- Citar trabajo
- Haitham Ismail (Autor), 2018, How to utilize the IaaS cloud safely? Developing cloud security for cloud adoption in the Middle East, Múnich, GRIN Verlag, https://www.grin.com/document/455215
