TY - GEN
T1 - Managing Cloud Computing risks in financial services institutions
AU - Rohmeyer, Paul
AU - Ben-Zvi, Tal
N1 - Publisher Copyright:
© 2014 Portland International Conference on Management of Engineering and Technology.
PY - 2015/9/21
Y1 - 2015/9/21
N2 - The integration of Cloud Computing with information systems architectures continues to grow at a rapid pace due to the availability of high quality, low cost computing services and organizational efforts to improve efficiency and productivity. Enterprises are increasingly comfortable turning to the Cloud for IT solutions, where teams of dedicated, specialized experts deliver important capabilities and outcomes, instead of investing in the development of internal architectures. While data and systems security concerns remain, for many firms the economic arguments are so compelling in favor of Cloud deployments that adoption tends to proceed regardless of security and assurance worries. As a result, enterprise IT functions find themselves managing an array of risk issues in an environment of diminished transparency and with limited opportunities to directly treat observed risks. The mechanisms for managing technology risks associated with Cloud models differ from traditional approaches taken to control risk in internal architectures. This paper examines emerging threats in Cloud Computing within a financial services organization. This includes consideration of insider threats, data leakage, insecure software, and new Cloud attack patterns. The nature and characteristics of the threats are explained and the paper explores the risk treatment options chosen by the sample organization. The authors' observations are synthesized in a general model that describes Cloud Risks and Controls for financial services institutions.
AB - The integration of Cloud Computing with information systems architectures continues to grow at a rapid pace due to the availability of high quality, low cost computing services and organizational efforts to improve efficiency and productivity. Enterprises are increasingly comfortable turning to the Cloud for IT solutions, where teams of dedicated, specialized experts deliver important capabilities and outcomes, instead of investing in the development of internal architectures. While data and systems security concerns remain, for many firms the economic arguments are so compelling in favor of Cloud deployments that adoption tends to proceed regardless of security and assurance worries. As a result, enterprise IT functions find themselves managing an array of risk issues in an environment of diminished transparency and with limited opportunities to directly treat observed risks. The mechanisms for managing technology risks associated with Cloud models differ from traditional approaches taken to control risk in internal architectures. This paper examines emerging threats in Cloud Computing within a financial services organization. This includes consideration of insider threats, data leakage, insecure software, and new Cloud attack patterns. The nature and characteristics of the threats are explained and the paper explores the risk treatment options chosen by the sample organization. The authors' observations are synthesized in a general model that describes Cloud Risks and Controls for financial services institutions.
UR - http://www.scopus.com/inward/record.url?scp=84955570793&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84955570793&partnerID=8YFLogxK
U2 - 10.1109/PICMET.2015.7273004
DO - 10.1109/PICMET.2015.7273004
M3 - Conference contribution
AN - SCOPUS:84955570793
T3 - Portland International Conference on Management of Engineering and Technology
SP - 519
EP - 526
BT - PICMET 2015 - Portland International Center for Management of Engineering and Technology
A2 - Daim, Tugrul U.
A2 - Kozanoglu, Dilek Cetindamar
A2 - Kocaoglu, Dundar F.
A2 - Anderson, Timothy R.
A2 - Perman, Gary
A2 - Niwa, Kiyoshi
T2 - Portland International Center for Management of Engineering and Technology, PICMET 2015
Y2 - 2 August 2015 through 6 August 2015
ER -