Cloud Computing Dissertation Research Proposal - 3025 Words

Cloud Computing Dissertation Research Proposal (Research Proposal Sample) Content: Dissertation Research ProposalFor aMBA in I.T ManagementStudent nameInstitutionDateProposed TitleCloud Computing: Managing the Security Risks in Small and Medium Enterprises in the United Arab EmiratesSummaryCloud computing, in its present form, is a fairly new and evolving paradigm showing huge potential to grow in information technology industry. This is mainly due to the sheer attractiveness of providing very expensive server computing technology to smaller businesses that find it completely impractical to invest in this type of infrastructure when their needs are, for the most part, sporadic with usage requirements that are difficult to forecast. It is also useful for the larger companies that have their own servers for day to day operations, but require increased computing power for relatively short periods of time in their business cycles (Chee Franklin, 2010). The ability to pay for the services as required without the costly infrastructure expenses is a good business model.The relative newness of this type of service, while highly beneficial, has the potential for huge risks for the customers including security risks. This paradigm is a network in which the primary users have minimal control of the structure, shared users, and overall security, particularly in relation to data that is processed or stored in the external servers.This mixed method study will discover and examine the issues that arise from the risks identified and discussed in the literature, particularly in relation to security for the small and medium business owners in the United Arab Emirates who access cloud computing technology to support their internet-based businesses. Data will be collected, from a convenience sample of information technology mangers in small and medium enterprises that conduct some or all of their business using the internet in the United Arab Emirates, using an on-line survey instrument that will be designed to collect both quantitative and qual itative data about their cloud computing experiences and issues.The risks will always exist, but this researcher intends to discern which risks are the most problematic for end users in this country. The researcher will determine what mitigations are already being employed by information technology professionals that are supporting these internet-based businesses and how effective they are in minimizing security issues. And finally, the researcher will determine what issues persist and the types and levels of risk these issues bring to business owners and operators in the United Arab Emirates. Discovering the nature and severity of these risks will enable the information technology industry, the support organizations for small and medium enterprises, and perhaps even government to develop technology or policy to secure the cloud for end users in this country.The potential for business growth will only increase as more small and medium enterprises access cloud-computing services and technology and this research will contribute to the ability of small and medium enterprises in the United Arab Emirates to minimize their risks associated with conducting business using this type of technology.Literature ReviewCloud Computing: A DefinitionThe services offered by providers that deliver either hardware or software over the internet are referred to as cloud computing (Armbrust et al., 2010). Cloud computing provides business access to off-site resources that are efficient and agile (what is needed, when it is needed). Marstona et al. (2011) define cloud computing as:An information technology service model where computing services (both hardware and software) are delivered on-demand to customers over a network in a self-service fashion, independent of device and location. The resources required to provide the requisite quality-of-service levels are shared, dynamically scalable, rapidly provisioned, virtualized and released with minimal service provider interaction. User s pay for the service as an operating expense without incurring any significant initial capital expenditure, with the cloud services employing a metering system that divides the computing resource in appropriate blocks.Mell Gance (2011) of National Institute of Standards and Technology in the United States drafted a lengthy definition of cloud computing, including this first line: Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.à ¢Ã¢â€š ¬Ã‚ Deployment ModelsOgigău-NeamÃ…Â £iu (2012) describes four deployment models for cloud computing. The private cloud is infrastructure designed and operated for only one business user. It can be hosted externally and managed by a third party, but in effect is a company's p rivate server. This model does not have any of the benefits outlined in the next section. The public cloud is infrastructure made available to subscribers or pay-per-use customers by a third party cloud service provider. The community cloud is infrastructure purchased and managed by a consortium of users. It is similar to the private cloud, but the costs are shared by all the members of the consortium. The hybrid cloud is a combination of two or more of the other models and users have both on-site and off-site infrastructure to support their computing requirements. Advantages of Cloud ComputingArmbrust et al. (2010) explain how a 'pay as you go' utilization of accessing an external server for utility computing makes more economic sense than tying up capital resources in a server that will be under-utilized much of the time. Cloud computing now permits a business to purchase server hours on demand and as needed, such as for peak load times or when the organization needs additio nal server time to perform batch analytics. Additionally, when a business is unable to determine how much server time/capacity they may require (e.g., during a new Web startup), cloud computing does not require up-front commitments and will support spikes and the business will not be penalized (at least not from the public cloud) when there is a reduction in demand. Marstona et al. (2011) reported that six corporate data centres who participated in a survey conducted by Gartner Research showed they were using only 10-30% of their available computing power. The businesses were responsible for 100% of the maintenance and service costs, however and this has been shown to be up to two-thirds of an 'average corporate IT staffing budget.' The cloud permits smaller businesses to benefit from "computational exercises [that] typically involve large amounts of computing power for relatively short amounts of time" without having to invest in high-cost server resources. In fact purchasing cloud computing services can provide a business "immediate access to hardware resources with no upfront capital investment" as well as to innovative applications (Antonopoulos Gillam, 2010).The opportunity for cost reduction while still enjoying optimal, efficient, and fully scalable computing resources that can be provisioned immediately and on demand, implemented according to business needs, decommissioned when no longer required, scaled up when business requirements peak, and scaled down when requirements wane is very attractive indeed. However, this burgeoning newer method of sharing technological resources had brought a plethora of privacy, security, reliability, access, and regulation issues (Rittinghouse Ransome, 2010). Security Issues in the CloudWhile the benefits of cloud computing delivering business-supporting technology are vast, there are a number of issues and security challenges that must be acknowledged and addressed. Marstona et al. (2011) insist there is an "urgent need for understanding the business related issues surrounding cloud computing."The Cloud Security Alliance (2013) and Samson (2013) identify and discuss nine top threats to security as a result of cloud security The 'Top Threats Working Group' conducted a survey of industry experts and compiled a list of nine critical threats to cloud security (ranked in order of severity):1. Data Breaches2. Data Loss3. Account Hijacking4. Insecure APIs5. Denial of Service6. Malicious Insiders7. Abuse of Cloud Services8. Insufficient Due Diligence9. Shared Technology Issues ObjectiveThis project seeks to discover the experience of managers providing information technology services to small and medium enterprises that serve their customers using the internet. Specifically, this research will gather feedback from information technology managers on their utilization of cloud computing services, the specific issues they have encountered, the mitigation activity resulting from encountered issu es, the efforts they have undertaken to ensure security of their cloud enabled business interests and data storage, and their perceptions on the value of cloud computing to their respective businesses. Project OutcomesThe purpose of this mixed methods study is to evaluate the current state of cloud computing in the United Arab Emirates. The researcher will gather quantitative and qualitative data from identified stakeholders in order to determine the specific risk factors, and associated mitigation in relation to security, associated with utilizing cloud computing technology and services to support internet-based businesses in this country in 2013. By examining the experiences of businesses currently engaged in this practice, this study hopes to discover commonalities in the issues experienced by the selected stakeholders. The resu...