Let me in the cloud: analysis of the benefit and risk assessment of cloud platform

Purpose - The purpose of this paper is to critically examine the vulnerabilities of the cloud platform affecting businesses trading on the internet. It aims to examine the appropriateness of the cloud computing, its benefits to the industry and helps to identify security concerns for businesses that plan to deploy one of the cloud platforms. It helps to identify areas where businesses should focus before choosing an appropriate Cloud Service Provider (CSP). Design/methodology/approach - This paper presents the findings of an original research survey (200 IT professionals working both in the public and private sectors) undertaken to examine their privacy, and data security concerns associated with the cloud platform. Views of those who have yet to deploy cloud were analysed to detect the patterns of common security issues. Cyber fraud and trust concerns of the organisations are addressed and deployment of the secured cloud environment is outlined. Findings - The survey analysis highlighted that the top concerns for organisations on cloud were security (93.8 per cent), governance (61.1 per cent) and a lack of control over service availability (56.6 per cent). The survey highlighted that the majority of IT professionals were not aware that some CSPs currently control the decryption keys that enable them to decrypt their client's data. This should be considered as a major security concern and it is one of the factors that should be looked into while vetting the service level agreement (SLA). Data loss and leakage (73.5 per cent) were voted as the top threat to cloud computing by respondents; this was followed by account, service and traffic hijacking (60.8 per cent). The paper examines various types of cloud threats companies have encountered. Research limitations/implications - The vast majority of the data are drawn from IT professionals with businesses mainly in the UK and the USA. Practical implications - The paper advocates a proactive and holistic cloud‐cyber security prevention typology to prevent e‐crime, with guidance of what features to look for when choosing an appropriate cloud service provider. Originality/value - This is the first analysis done that includes IT auditors, physical security personnel as well as IT professionals. The paper is of value to companies considering adoption or implementation of a cloud platform. It helps to assess the cloud by evaluating a detailed comparison of benefits and risk associated with the platform.