Managing Cloud Computing risks in financial services institutions

Paul Rohmeyer, Tal Ben-Zvi

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

5 Scopus citations

Abstract

The integration of Cloud Computing with information systems architectures continues to grow at a rapid pace due to the availability of high quality, low cost computing services and organizational efforts to improve efficiency and productivity. Enterprises are increasingly comfortable turning to the Cloud for IT solutions, where teams of dedicated, specialized experts deliver important capabilities and outcomes, instead of investing in the development of internal architectures. While data and systems security concerns remain, for many firms the economic arguments are so compelling in favor of Cloud deployments that adoption tends to proceed regardless of security and assurance worries. As a result, enterprise IT functions find themselves managing an array of risk issues in an environment of diminished transparency and with limited opportunities to directly treat observed risks. The mechanisms for managing technology risks associated with Cloud models differ from traditional approaches taken to control risk in internal architectures. This paper examines emerging threats in Cloud Computing within a financial services organization. This includes consideration of insider threats, data leakage, insecure software, and new Cloud attack patterns. The nature and characteristics of the threats are explained and the paper explores the risk treatment options chosen by the sample organization. The authors' observations are synthesized in a general model that describes Cloud Risks and Controls for financial services institutions.

Original languageEnglish
Title of host publicationPICMET 2015 - Portland International Center for Management of Engineering and Technology
Subtitle of host publicationManagement of the Technology Age, Proceedings
EditorsTugrul U. Daim, Dilek Cetindamar Kozanoglu, Dundar F. Kocaoglu, Timothy R. Anderson, Gary Perman, Kiyoshi Niwa
Pages519-526
Number of pages8
ISBN (Electronic)9781890843328
DOIs
StatePublished - 21 Sep 2015
EventPortland International Center for Management of Engineering and Technology, PICMET 2015 - Portland, United States
Duration: 2 Aug 20156 Aug 2015

Publication series

NamePortland International Conference on Management of Engineering and Technology
Volume2015-September

Conference

ConferencePortland International Center for Management of Engineering and Technology, PICMET 2015
Country/TerritoryUnited States
CityPortland
Period2/08/156/08/15

Fingerprint

Dive into the research topics of 'Managing Cloud Computing risks in financial services institutions'. Together they form a unique fingerprint.

Cite this