CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers
Security and privacy concerns represent a significant hindrance to the widespread adoption of cloud computing services. While cloud adoption mitigates some of the existing information technology (IT) risks, research shows that it introduces a new set of security risks linked to multi-tenancy, supply...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
MDPI AG
2019-09-01
|
Series: | Computers |
Subjects: | |
Online Access: | https://www.mdpi.com/2073-431X/8/3/66 |
_version_ | 1811298116526145536 |
---|---|
author | Olusola Akinrolabu Steve New Andrew Martin |
author_facet | Olusola Akinrolabu Steve New Andrew Martin |
author_sort | Olusola Akinrolabu |
collection | DOAJ |
description | Security and privacy concerns represent a significant hindrance to the widespread adoption of cloud computing services. While cloud adoption mitigates some of the existing information technology (IT) risks, research shows that it introduces a new set of security risks linked to multi-tenancy, supply chain and system complexity. Assessing and managing cloud risks can be a challenge, even for cloud service providers (CSPs), due to the increased numbers of parties, devices and applications involved in cloud service delivery. The limited visibility of security controls down the supply chain, further exacerbates this risk assessment challenge. As such, we propose the Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, a quantitative risk assessment model which is supported by supplier security posture assessment and supply chain mapping. Using the CSCCRA model, we assess the risk of a SaaS application, mapping its supply chain, identifying weak links in the chain, evaluating its security risks and presenting the risk value in monetary terms (£), with this, promoting cost-effective risk mitigation and optimal risk prioritisation. We later apply the Core Unified Risk Framework (CURF) in comparing the CSCCRA model with already established methods, as part of evaluating its completeness. |
first_indexed | 2024-04-13T06:14:54Z |
format | Article |
id | doaj.art-df1cb269f5f34b3c86bea70b88e740ea |
institution | Directory Open Access Journal |
issn | 2073-431X |
language | English |
last_indexed | 2024-04-13T06:14:54Z |
publishDate | 2019-09-01 |
publisher | MDPI AG |
record_format | Article |
series | Computers |
spelling | doaj.art-df1cb269f5f34b3c86bea70b88e740ea2022-12-22T02:58:53ZengMDPI AGComputers2073-431X2019-09-01836610.3390/computers8030066computers8030066CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service ProvidersOlusola Akinrolabu0Steve New1Andrew Martin2Department of Computer Science, University of Oxford, Oxford OX1 2JD, UKSaïd Business School, University of Oxford, Oxford OX1 2JD, UKDepartment of Computer Science, University of Oxford, Oxford OX1 2JD, UKSecurity and privacy concerns represent a significant hindrance to the widespread adoption of cloud computing services. While cloud adoption mitigates some of the existing information technology (IT) risks, research shows that it introduces a new set of security risks linked to multi-tenancy, supply chain and system complexity. Assessing and managing cloud risks can be a challenge, even for cloud service providers (CSPs), due to the increased numbers of parties, devices and applications involved in cloud service delivery. The limited visibility of security controls down the supply chain, further exacerbates this risk assessment challenge. As such, we propose the Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, a quantitative risk assessment model which is supported by supplier security posture assessment and supply chain mapping. Using the CSCCRA model, we assess the risk of a SaaS application, mapping its supply chain, identifying weak links in the chain, evaluating its security risks and presenting the risk value in monetary terms (£), with this, promoting cost-effective risk mitigation and optimal risk prioritisation. We later apply the Core Unified Risk Framework (CURF) in comparing the CSCCRA model with already established methods, as part of evaluating its completeness.https://www.mdpi.com/2073-431X/8/3/66cloud computingquantitative risk assessmentsupply chaintransparencysecurity rating servicedecision support analysis |
spellingShingle | Olusola Akinrolabu Steve New Andrew Martin CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers Computers cloud computing quantitative risk assessment supply chain transparency security rating service decision support analysis |
title | CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers |
title_full | CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers |
title_fullStr | CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers |
title_full_unstemmed | CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers |
title_short | CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers |
title_sort | csccra a novel quantitative risk assessment model for saas cloud service providers |
topic | cloud computing quantitative risk assessment supply chain transparency security rating service decision support analysis |
url | https://www.mdpi.com/2073-431X/8/3/66 |
work_keys_str_mv | AT olusolaakinrolabu csccraanovelquantitativeriskassessmentmodelforsaascloudserviceproviders AT stevenew csccraanovelquantitativeriskassessmentmodelforsaascloudserviceproviders AT andrewmartin csccraanovelquantitativeriskassessmentmodelforsaascloudserviceproviders |