Security and Compliance in Cloud Environments

Kumar, Anmol and Sandbrink, Christoph (2024) Security and Compliance in Cloud Environments. KEEP ON PLANNING FOR THE REAL WORLD. Climate Change calls for Nature-based Solutions and Smart Technologies. Proceedings of REAL CORP 2024, 29th International Conference on Urban Development, Regional Planning and Information Society. pp. 457-468. ISSN 2521-3938

[img] Text (Security and Compliance in Cloud Environments)
CORP2024_55.pdf - Published Version
Download (672kB)
Official URL: https://www.corp.at/

Abstract

Security and resilience of smart city infrastructures and operations is one of today’s most relevant and challenged topics of smart city agendas in times of increasing cyber attacts and ubiquitous digital networks and data driven processes in all aspects of smart city planning and operations. Cloud environments play today and increasingly tomorrow a central role in smart city’s IT architectures and infrastructures. According to the reviewed literature on the subject of cloud and security, the main gap or problem is that while cloud provides a number of advantages and benefits, it also presents risks and challenges for businesses and organizations (Vacca, 2021). The key challenge is the risk associated with the user privileged accesses. It centers on the problem of inappropriate access control, which can lead to data leakage and unauthorized access of stored information, disruption, and compliance difficulties (Tamunobarafiri, et al., 2019). Further, it is observed during that one of the biggest challenges to all concepts related to cloud, security and compliance is monitoring and ineffective incident response, which is essential for maintaining security in cloud and hybrid environments (Cybellium Ltd, 2023). It is important that organizations ensure that they establish a clear, well-structured incident response plan and conduct regular security testing internally, or with support from third-party vendors (Bruinsma, 2023). In addition, the lack of thorough and practical approaches to resource scalability and cost optimization is one of the major research gaps in the field of cloud computing. Companies seek solutions that are capable of handling the whole range of resource scalability and cost optimization challenges, with regard to maintaining security and compliance, as current options are frequently inconsistent and fragmented (Verma, Cherkasova, & Campbell, 2011; Zhang, Cheng, & Boutaba, 2010; Calheiros, Ranjan, Beloglazov, DeRose, & Buyya, 2011). Finally, raising awareness and educating stakeholders and staff about the security protocols and cloud governance framework is another crucial challenge. Having training sessions, documentations, and establishing clear communication guidelines are important for organizations with the sole aim of reducing the security-related risks (Spair, 2023; Munir, Al-Mutairi, & Mohammed, 2015). The research objectives of this thesis revolve around some critical issues within the sphere of security and compliance in cloud and hybrid environment. The study aims to comprehensively shed light on the implications of excessive global administrative rights within organizations, investigating the potential risks and vulnerabilities associated with such practices. It also seeks to identify effective approaches for achieving a robust alignment between incident response and monitoring mechanisms, ensuring a proactive and coordinated approach to security threats. Additionally, the research will recommend strategies to enhance stability and optimize costs in context of information security, addressing the challenges that organizations face while maintaining security measures. Lastly, the study will explore the factors that impact the effectiveness of security training programs, providing awareness into how smart city administration and other organizations can better prepare their staff and workforce to mitigate security and compliance risks.

Item Type: Article
Uncontrolled Keywords: smart city, governance, compliance, security, cloud
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Q Science > QA Mathematics > QA76 Computer software
T Technology > T Technology (General)
Depositing User: REAL CORP Administrator
Date Deposited: 29 Apr 2024 08:06
Last Modified: 10 May 2024 09:18
URI: http://repository.corp.at/id/eprint/1112

Actions (login required)

View Item View Item
REAL CORP Repository is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.