Abstract
Cloud computing has provided new dimensions and opportunities to telecom providers to enhance their ability in creating new revenue streams, reduce operational costs and increase customer satisfaction. In recent years, the progression of evolving cloud computing systems is huge. Conversely, it also encountered a lot of new challenges to the institutions utilizing cloud systems. It is critical to evaluate the change in organizational risk profile before deciding the level of cloud adoption. The conventional risk assessment framework of telecom providers may be unsuitable for cloud computing owing to the difficulties in the configuration. This paper aims to propose a system to quantify the influences of cloud adoption in telecom risk profile. This study also provides a comparison of overall risk profile change between clouds enabled infrastructure, traditional on-premises information technology solutions, and a combination of both in the telecom sector. The result encourages the selective adoption of the hybrid cloud model which demonstrated a relatively low organizational risk score. This work contributes to cloud computing business research by providing a holistic risk comparison model which reflects the distinctiveness of telecom service provider’s assets and capabilities.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Gopalakrishnan, S., & Alli, P. (2021). Trust based approach and risk management for IT systems in cloud service selection. Wireless Personal Communications, 117, 3109–3127. https://doi.org/10.1007/s11277-020-07796-z
Nieuwenhuis, L. J., Ehrenhard, M. L., & Prause, L. (2018). The shift to cloud computing: The impact of disruptive technology on the enterprise software business ecosystem. Technological Forecasting and Social Change, 129, 308–313. https://doi.org/10.1016/j.techfore.2017.09.037
Bazm, M. M., Lacoste, M., Südholt, M., & Menaud, J. M. (2019). Isolation in cloud computing infrastructures: new security challenges. Annals of Telecommunications, 74(3), 197–209. doi https://doi.org/10.1007/s12243-019-00703-z.
Oesterle, S., Jöhnk, J., Keller, R., Urbach, N., & Yu, X. (2020). A contingency lens on cloud provider management processes. Business Research, 13, 1451–1489. https://doi.org/10.1007/s40685-020-00128-8
Khosravi-Farmad, M., & Ghaemi-Bafghi, A. (2020). Bayesian decision network-based security risk management framework. Journal of Network and Systems Management, 28, 1794–1819. https://doi.org/10.1007/s10922-020-09558-5
Hosseini Shirvani, M., Rahmani, A. M., & Sahafi, A. (2018). An iterative mathematical decision model for cloud migration: A cost and security risk approach. SoftwPract xper., 2018(48), 449–485. https://doi.org/10.1002/spe.2528
Peter M. Mell, Timothy Grance (2011). SP 800-145. The NIST Definition of Cloud Computing, National Institute of Standards & Technology, Gaithersburg, MD.
Mekawie, N., & Yehia, K. (2021). Challenges of deploying cloud computing in eHealth. Procedia Computer Science, 181, 1049–1057. https://doi.org/10.1016/j.procs.2021.01.300
Varadharajan, V., & Tupakula, U. (2014). Security as a service model for cloud environment. IEEE Transactions on Network and Service Management, 11, 60–75.
Machado, C. C., Granville, L. Z., & Schaeffer-Filho, A. (2016). ANSwer: Combining NFV and SDN features for network resilience strategies. In IEEE symposium on computers and communication (ISCC), Messina (pp. 391–396).
Merna, T., & Al-Thani, F. F. (2008). Corporate risk management. Wiley.
Woods, M. (2011). Risk management in organizations. 1st edn. Routledge. eBook ISBN9780203815922. https://doi.org/10.4324/9780203815922
Albakri, S. H., Shanmugam, B., Samy, G. N., Idris, N. B., & Ahmed, A. (2014). Security risk assessment framework for cloud computing environments. Security and Communication Networks, 7(11), 2114–2124.
Wangen, G., Hallstensen, C., & Snekkenes, E. (2017). A framework for estimating information security risk assessment method completeness. International Journal of Information Security, 17(6), 681–699. https://doi.org/10.1007/s10207-017-0382-0
Gupta, S., & Saini, A. K. (2018). An artificial intelligence based approach for managing risk of IT systems in adopting cloud. International Journal of Information Technology. https://doi.org/10.1007/s41870-018-0204-2
Cayirci, E., & Oliveira, A. S. D. (2018). Modelling trust and risk for cloud services. Journal of Cloud Computing. https://doi.org/10.1186/s13677-018-0114-7
Gbadeyan, A., Butakov, S., & Aghili, S. (2017). IT governance and risk mitigation approach for private cloud adoption: Case study of provincial healthcare provider. Annals of Telecommunications, 72(5–6), 347–357. https://doi.org/10.1007/s12243-017-0568-5
Chen, X., & Wen, N. (2010). Information security risk assessment model based on OCTAVE for E-Government. In 2010 International conference on internet technology and applications, Wuhan (pp. 1–5).
Zhao, X., Hwang, B.-G., & Low, S. P. (2015) Risk management and enterprise risk management. Enterprise risk management in international construction operations, pp. 33–83.
Quon, T. K., Zeghal, D., & Maingot, M. (2012). (2012) Enterprise risk management and firm performance. Procedia—Social and Behavioral Sciences, 62, 263–267.
Kyleen, P., & Terry, A. (2018). COSO’s updated enterprise risk management framework—A quest for depth and clarity. The Journal of Corporate Accounting and Finance, 29, 16–22.
Ho, J., Ooi, J., Wan, Y., & Andiappan, V. (2021). Synthesis of wastewater treatment process (WWTP) and supplier selection via Fuzzy Analytic Hierarchy Process (FAHP). Journal of Cleaner Production. https://doi.org/10.1016/j.jclepro.2021.128104
Misra, S. C., Kumar, V., & Kumar, U. (2007). A strategic modeling technique for information security risk assessment. Information Management and Computer Security, 15(1), 64–77.
Wangen, G., Hallstensen, C., & Snekkenes, E. (2018). A framework for estimating information security risk assessment method completeness. International Journal of Information Security, 17, 681–699. https://doi.org/10.1007/s10207-017-0382-0
Jack, F., & Jones, J. (2014). Measuring and managing information risk: A FAIR approach (1st ed.). Butterworth-Heinemann Press.
Chavez, P. J. A., & Seow, C. (2012). Managing food quality risk in global supply chain: A risk management framework. International Journal of Engineering Business Management, 4, 3.
Laine, V., Goerlandt, F., Banda, O., Baldauf, M., Koldenhof, Y., & Rytkönen, J. (2021). A risk management framework for maritime Pollution Preparedness and Response: Concepts, processes and tools. Marine Pollution Bulletin. https://doi.org/10.1016/j.marpolbul.2021.112724
Ronald, S. (2018). Risk management framework for information systems and organizations: A system life cycle approach for security and privacy, Special Publication (NIST SP), 800-37 Rev. 2
Wynn, J., Whitmore, G., Upton, L., Spriggs, D., McKinnon, R., McInnes, R., Graubart, L., & Clausen, J. (2011). Threat assessment and remediation analysis (TARA) methodology description version 1.0. Bedford, MA.
Kumar, R. R., Kumari, B., & Kumar, C. (2020). CCS-OSSR: A framework based on Hybrid MCDM for optimal service selection and ranking of cloud computing services. Cluster Computing. https://doi.org/10.1007/s10586-020-03166-3
Muralidharan, C., & Anitha, R. (2019). Risk analysis of cloud service providers by analyzing the frequency of occurrence of problems using E-Eclat algorithm. Wireless Networks. https://doi.org/10.1007/s11276-019-02191-4
Rizvi, S., Ryoo, J., Kissell, J., Aiken, W., & Liu, Y. (2018). A security evaluation framework for cloud security auditing. The Journal of Supercomputing., 74, 5774–5796. https://doi.org/10.1007/s11227-017-2055-1
Tissir, N., El Kafhali, S., & Aboutabit, N. (2020). Cybersecurity management in cloud computing: Semantic literature review and conceptual framework proposal. Journal of Reliable Intelligent Environments., 7, 69–84. https://doi.org/10.1007/s40860-020-00115-0
Arogundade, O. T., Abayomi-Alli, A., & Misra, S. (2020). An ontology-based security risk management model for information systems. Arabian Journal for Science and Engineering, 45, 6183–6198. https://doi.org/10.1007/s13369-020-04524-4
Edelmann, D., Móri, T. F., & Székely, G. J. (2020). On relationships between the Pearson and the distance correlation coefficients. Statistics and Probability Letters. https://doi.org/10.1016/j.spl.2020.108960
Saaty, T. L. (2004). Fundamentals of the analytic network process—multiple networks with benefits, costs, opportunities and risks. Journal of Systems Science and Systems Engineering, 13–3, 348–379.
Cox, R., Sanchez, J., & Revie, C. W. (2013). Multi-criteria decision analysis tools for prioritising emerging or re-emerging infectious diseases associated with climate change in Canada. PLoS ONE, 8, 1–16. https://doi.org/10.1371/journal.pone.0068338
Charity, O. (2015). Markov chain models in discrete time space and application to personnel management. Journal for Studies in Management and planning, 1, 351–358.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Jose, B., Ramanan, T.R. & Kumar, S.D.M. A risk comparison framework for evaluating the impact of telecom cloudification in organizational risk profile. Telecommun Syst 78, 421–437 (2021). https://doi.org/10.1007/s11235-021-00827-5
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11235-021-00827-5