Olusola Akinrolabu scite author profile

Assessing and managing cloud risks can be a challenge, even for the cloud service providers (CSPs), due to the increased numbers of parties, devices and applications involved in cloud service delivery. The limited visibility of security controls down the supply chain, further exacerbates this risk assessment challenge. As such, we propose the Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, a quantitative risk assessment model which is supported by cloud supplier security assessment (CSSA) and cloud supply chain mapping (CSCM). Using the CSCCRA model, we assess the risk of a Customer Relationship Management (CRM) application, mapping its supply chain to identify weak links, evaluating its security risks and presenting the risk value in dollar terms, with this, promoting cost-effective risk mitigation and optimal risk prioritisation.

show abstract

CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers

Akinrolabu

New

Martin

2019

Computers

View full text Add to dashboard Cite

Security and privacy concerns represent a significant hindrance to the widespread adoption of cloud computing services. While cloud adoption mitigates some of the existing information technology (IT) risks, research shows that it introduces a new set of security risks linked to multi-tenancy, supply chain and system complexity. Assessing and managing cloud risks can be a challenge, even for cloud service providers (CSPs), due to the increased numbers of parties, devices and applications involved in cloud service delivery. The limited visibility of security controls down the supply chain, further exacerbates this risk assessment challenge. As such, we propose the Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, a quantitative risk assessment model which is supported by supplier security posture assessment and supply chain mapping. Using the CSCCRA model, we assess the risk of a SaaS application, mapping its supply chain, identifying weak links in the chain, evaluating its security risks and presenting the risk value in monetary terms (£), with this, promoting cost-effective risk mitigation and optimal risk prioritisation. We later apply the Core Unified Risk Framework (CURF) in comparing the CSCCRA model with already established methods, as part of evaluating its completeness.

show abstract

Can Improved Transparency Reduce Supply Chain Risks in Cloud Computing?

Akinrolabu

New

2017

OSCM: An Int. Journal

View full text Add to dashboard Cite

As organisations move sensitive data to the cloud, their risk profile increases due to the integrated supply chain utilised in cloud computing. The risk is made visible in situations where a cloud offering is federated, with customer data located in multiple datacenters, under the control of multiple providers and sub-providers in different jurisdictions. This problem is further exacerbated by the disposition of cloud providers to keep details of suppliers, data location, architecture, and security of infrastructure confidential from the cloud customers. As such, the shallowness of transparency amongst cloud providers makes it difficult for customers to assess the risk of cloud adoption. In this study, we report on our research into finding out how much customers know about their supply chain. We evaluate the transparency of cloud providers based on their published information and determine the resultant risk of limited visibility of the supply chain. In the course of the research, we identified eight transparency features, which, at a minimum, cloud providers should make available to their current or prospective customers, which we argue had no adverse impact on the competitiveness or profitability of the provider. The study concludes that ultimately, cloud supply chain transparency remains a customer-driven process.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.