Cloud security challenges: Investigating policies, standards, and guidelines in a fortune 500 organization

Grispos George, Glisson William Bradley, Storer Tim

Research output: Contribution to conferencePaperpeer-review

13 Scopus citations

Abstract

Cloud computing is quickly becoming pervasive in today's globally integrated networks. The cloud offers organizations opportunities to potentially deploy software and data solutions that are accessible through numerous mechanisms, in a multitude of settings, at a reduced cost with increased reliability and scalability. The increasingly pervasive and ubiquitous nature of the cloud creates an environment that is potentially conducive to security risks. While previous discussions have focused on security and privacy issues in the cloud from the end-users perspective, minimal empirical research has been conducted from the perspective of a corporate environment case study. This paper presents the results of an initial case study identifying real-world information security documentation issues for a Global Fortune 500 organization, should the organization decide to implement cloud computing services in the future. The paper demonstrates the importance of auditing policies, standards and guidelines applicable to cloud computing environments along with highlighting potential corporate concerns. The results from this case study has revealed that from the 1123 'relevant' statements found in the organization's security documentation, 175 statements were considered to be 'inadequate' for cloud computing. Furthermore, the paper provides a foundation for future analysis and research regarding implementation concerns for corporate cloud computing applications and services.

Original languageEnglish (US)
StatePublished - 2013
Externally publishedYes
Event21st European Conference on Information Systems, ECIS 2013 - Utrecht, Netherlands
Duration: Jun 5 2013Jun 8 2013

Conference

Conference21st European Conference on Information Systems, ECIS 2013
Country/TerritoryNetherlands
CityUtrecht
Period6/5/136/8/13

Keywords

  • Cloud computing
  • Corporate policy
  • Guidelines
  • Information security
  • Requirements
  • Standard

ASJC Scopus subject areas

  • Information Systems

Fingerprint

Dive into the research topics of 'Cloud security challenges: Investigating policies, standards, and guidelines in a fortune 500 organization'. Together they form a unique fingerprint.

Cite this