3/21/2014

(T. Baars, M. Spruit) Analysing the Security Risks of Cloud Adoption Using the SeCA Model: ACase Study

Search
Special Issues Submission Procedure Aims and Scope Board of Editors What's New

Submission Procedure

Share Share Share Share Share Share Share | More share: Share

Volume 18 / Issue 12
available in: PDF (164 kB) PS (3 MB) Read comments Write a comment Number of Comments:1 get: Links into Future get: Similar Docs BibTeX

Follow us Share Share Share Share Articles by Topics Articles by Author Geographical Mashup List of Topics Printed Publications Volume 20 (2014) Volume 19 (2013) Volume 18 (2012) Issue 1 Issue 2 Issue 3 Issue 4 Issue 5 Issue 6 Issue 7 Issue 8 Issue 9 Issue 10 Issue 11 Issue 12 Issue 13 Issue 14 Issue 15 Issue 16 Issue 17 Issue 18 Issue 19 Issue 20 Volume 17 (2011) Volume 16 (2010) Volume 15 (2009) Volume 14 (2008) Volume 13 (2007) Volume 12 (2006) Volume 11 (2005) Volume 10 (2004)

DOI: 10.3217/jucs-018-12-1662

Analysing the Security Risks of Cloud Adoption Using the SeCA Model: A Case Study
Thijs Baars (Utrecht University, The Netherlands) Marco Spruit (Utrecht University, The Netherlands) Abstract: When IS/IT needs to be replaced, cloud systems might provide a feasible solution. However, the adoption process thus far has gone undocumented and enterprise architects are troubled with proper hands-on tools missing, until very recently. This single case study describes a large Dutch utility provider in their effort to understand the facets of the cloud and identifying the risks associated with it. In an action research setting, the SeCA model was used to analyse the cloud solutions and identify the risks with specific data classifications in mind. The results show how decision makers can use the SeCA model in various ways to identify the security risks associated with each cloud solution analysed. The analysis assumes that data classifications are in place. This research concludes that by using the SeCA model, a full understanding of the security risks can be gained on an objective and structural level; this is a further validation of prior empirical research that the SeCA model is a proper hands-on tool for cloud security analysis. Keywords: SeCA model, case study, cloud computing, cloud security, information security Categories: H.2, H.3.7, H.5.4

http://www.jucs.org/jucs_18_12/analysing_the_security_risks

1/2

3/21/2014

(T. Baars, M. Spruit) Analysing the Security Risks of Cloud Adoption Using the SeCA Model: ACase Study

Volume 9 (2003) Volume 8 (2002) Volume 7 (2001) Volume 6 (2000) Volume 5 (1999) Volume 4 (1998) Volume 3 (1997) Volume 2 (1996) Volume 1 (1995) Volume 0 (1994) Collection of other papers

http://www.jucs.org/jucs_18_12/analysing_the_security_risks

2/2