Abstract
The growth of cloud computing become one of the fastest technologies adopted in the industry. Nevertheless, cloud computing security issues are still debated and organizations are struggling in safeguarding the security of cloud computing. Moreover, challenges in identifying and evaluating risks in cloud computing are add-on factors. In this study, we identified threats in cloud computing using judgment-based assessment. Twenty experts were selected to assess the likelihood of threats. The fuzzy Delphi method was used to analyze the assessment results and the list of threats was ranked and discussed in the results. The findings show that security risks are highlighted as the top-ranked compared to organizational or non-cloud-related threats.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Hong, J.B., Nhlabatsi, A., Kim, D.S., Hussein, A., Fetais, N., Khan, K.M.: Systematic identification of threats in the cloud: a survey. Comput. Netw. 150, 46–69 (2019). https://doi.org/10.1016/j.comnet.2018.12.009
Khajeh-Hosseini, A., Sommerville, I., Bogaerts, J., Teregowda, P.: Decision support tools for cloud migration in the enterprise. In: 2011 IEEE 4th International Conference on Cloud Computing, pp. 541–548, July 2011. https://doi.org/10.1109/CLOUD.2011.59
Aleem, A., Ryan Sprott, C.: Let me in the cloud: analysis of the benefit and risk assessment of cloud platform. J. Financ. Crime (2012). https://doi.org/10.1108/13590791311287337
Singh, A., Chatterjee, K.: Cloud security issues and challenges: a survey. J. Netw. Comput. Appl. 79, 88–115 (2017). https://doi.org/10.1016/j.jnca.2016.11.027
Ackermann, T.: IT Security Risk Management. Springer Fachmedien Wiesbaden, Wiesbaden (2013)
Hussain, S.A., Fatima, M., Saeed, A., Raza, I., Shahzad, R.K.: Multilevel classification of security concerns in cloud computing. Appl. Comput. Inform. 13, 57–65 (2017). https://doi.org/10.1016/j.aci.2016.03.001
Drissi, S., Houmani, H., Medromi, H.: Survey: risk assessment for cloud computing. Int. J. Adv. Comput. Sci. Appl. 4(12), 143–148 (2013). https://doi.org/10.14569/IJACSA.2013.041221
Cayirci, E., Garaga, A., Santana de Oliveira, A., Roudier, Y.: A risk assessment model for selecting cloud service providers. J. Cloud Comput. 5(1), 1–12 (2016). https://doi.org/10.1186/s13677-016-0064-x
Sen, A., Madria, S.: Risk assessment in a sensor cloud framework using attack graphs. IEEE Trans. Serv. Comput. 10(6), 942–955 (2017). https://doi.org/10.1109/TSC.2016.2544307
Catteddu, D., Hogben, G.: Cloud computing - benefits, risks and recommendations for information security, pp. 1–2 (2012)
Michael, J., Field, S.: The Treacherous 12 Cloud Computing Top Threats in 2016, Security, pp. 1–34 (2016). http://www.cloudsecurityalliance.org/topthreats
Saripalli, P., Walters, B.: QUIRC: a quantitative impact and risk assessment framework for cloud security (2010). https://doi.org/10.1109/CLOUD.2010.22
Tanimoto, S., Hiramoto, M., Iwashita, M., Sato, H., Kanai, A.: Risk management on the security problem in cloud computing. In: Proceedings of the - 1st ACIS/JNU International Conference on Computers, Networks, Systems and Industrial Engineering, CNSI 2011, pp. 147–152 (2011). https://doi.org/10.1109/CNSI.2011.82
Albakri, S.H., Shanmgam, B., Samy, G.N., Idris, N.B., Ahmed, A.: A case study for the cloud computing security threats in a governmental organization. In: 1st International Conference on Computer, Communications, and Control Technology, I4CT 2014, no. I4ct, pp. 452–457 (2014). https://doi.org/10.1109/I4CT.2014.6914225
Drissi, S., Benhadou, S., Medromi, H.: A new shared and comprehensive tool of cloud computing security risk assessment. In: Sabir, E., Medromi, H., Sadik, M. (eds.) Advances in Ubiquitous Networking: Proceedings of the UNet’15, pp. 155–167. Springer, Singapore (2016). https://doi.org/10.1007/978-981-287-990-5_13
Akinrolabu, O., New, S., Martin, A.: CSCCRA: a novel quantitative risk assessment model for saas cloud service providers. Computers 8(3), 1–17 (2019). https://doi.org/10.3390/computers8030066
Theoharidou, M., Tsalis, N., Gritzalis, D.: In cloud we trust: risk-assessment-as-a-service. In: Fernández-Gago, C., Martinelli, F., Pearson, S., Agudo, I. (eds.) Trust Management VII, pp. 100–110. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38323-6_7
Youssef, B.C., Nada, M., Elmehdi, B., Boubker, R.: Intrusion detection in cloud computing based attacks patterns and risk assessment. In: Proceedings of the 2016 3rd International Conference on Systems of Collaboration, SysCo 2016 (2017). https://doi.org/10.1109/SYSCO.2016.7831341
Stergiopoulos, G., Gritzalis, D., Kouktzoglou, V.: Using formal distributions for threat likelihood estimation in cloud-enabled IT risk assessment. Comput. Netw. 134, 23–45 (2018). https://doi.org/10.1016/j.comnet.2018.01.033
Houmb, S.H.: Decision Support for Choice of Security Solution: The Aspect-Oriented Risk Driven Development (AORDD) Framework (2007)
Zadeh, L.A.: Fuzzy sets and systems. In: Fox, J. (ed.) System Theory. Microwave Research Institute Symposia Series XV, pp. 29–37. Polytechnic Press, Brooklyn (1965). Reprinted in Int. J. Gen. Syst. 17, 129–138 (1990)
Garatti, M., Costa, R., Reghizzi, S.C., Rohou, E.: The impact of alias analysis on VLIW scheduling. In: Zima, H.P., Joe, K., Sato, M., Seo, Y., Shimasaki, M. (eds.) ISHPC 2002. LNCS, vol. 2327, pp. 93–105. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-47847-7_10
Samantra, C., Datta, S., Shankar Mahapatra, S.: Risk assessment in IT outsourcing using fuzzy decision-making approach: an Indian perspective. Expert Syst. Appl. (2014). https://doi.org/10.1016/j.eswa.2013.12.024
Xia, H.C., Li, D.F., Zhou, J.Y., Wang, J.M.: Fuzzy LINMAP method for multiattribute decision making under fuzzy environments. J. Comput. Syst. Sci. 72(4), 741–759 (2006). https://doi.org/10.1016/j.jcss.2005.11.001
Catteddu, D.: Cloud computing: benefits, risks and recommendations for information security. In: Serrão, C., Aguilera Díaz, V., Cerullo, F. (eds.) IBWAS 2009. CCIS, vol. 72, p. 17. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16120-9_9
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Zainuddin, N., Yusuff, R.C.M., Samy, G.N. (2022). Assessing Cloud Computing Security Threats in Malaysian Organization Using Fuzzy Delphi Method. In: Ghazali, R., Mohd Nawi, N., Deris, M.M., Abawajy, J.H., Arbaiy, N. (eds) Recent Advances in Soft Computing and Data Mining. SCDM 2022. Lecture Notes in Networks and Systems, vol 457. Springer, Cham. https://doi.org/10.1007/978-3-031-00828-3_25
Download citation
DOI: https://doi.org/10.1007/978-3-031-00828-3_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-00827-6
Online ISBN: 978-3-031-00828-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)