DESIGNING A COMPREHENSIVE FRAMEWORK FOR DATA AND NETWORK SECURITY IN CLOUD COMPUTING: CASE OF KENYAN BANKING INDUSTRY
Abstract
This study sought to develop a tailored framework for secure cloud computing implementation in the Kenyan banking industry, addressing the unique security challenges faced by these banks. Kenyan banks encounter distinct security challenges in cloud adoption, including concerns regarding data abstraction, multitenancy, and the increasing prevalence of cyber threats, particularly phishing attacks. Regulatory compliance adherence emerges as a critical consideration, with 87.3% of respondents recognizing its significance. Additionally, resilience and disaster recovery planning are identified as strategic imperatives, with 88.2% of participants prioritizing these aspects in their cloud adoption strategies. The framework is conceptualized based on a meticulous analysis of industry-specific requirements and an extensive literature review. It is built on the foundational principles of Identity and Access Management (IAM), Security Reference Architecture (SRA), and an Integrated Intrusion Detection and Prevention System (IDPS). Validation of the framework demonstrates its effectiveness in aligning with identified industry-specific gaps and challenges, offering a reliable solution to enhance cloud computing security. The proposed framework leverages IAM to establish robust access controls, extends SRA to create a tailored architectural blueprint, and integrates IDPS for proactive threat detection. These components operate synergistically, fortifying cloud security for the banking industry. The proposed framework stands as a blueprint for secure cloud computing implementation in the Kenyan banking industry, offering a robust solution to safeguard sensitive financial data in the cloud. By incorporating fine-grained access control, encryption, and the utilization of a Cloud Security Trusted Authority (CSTA), the framework ensures secure operations within the cloud environment. It addresses concerns regarding both data security and network security, providing a level of security equivalent to or surpassing traditional in-house IT environments.
Keywords: Cloud computing security, IAM, network security, CSTA.
References
Ahmed, M., & Hossain, M. A. (2014). Cloud computing and security issues in the cloud. International Journal of Network Security & Its Applications, 6(1, 25).
Al-Badi, A., Tarhini, A. & Al-Kaaf, W. (2017). Financial Incentives for Adopting Cloud Computing in Higher Educational Institutions. Asian Social Science. 13. 162-174. 10.5539/ass.v13n4p162.
Albahr, M.A. (2015). Cloud Computing Security. International Journal of Engineering, Management &Sciences (IJEMS), Volume-2, Issue-4.
Albugmi, A., Alassafi, M. O., Walters, R., & Wills, G. (2016). Data security in cloud computing. In 2016 Fifth international conference on future generation communication technologies (FGCT) (pp. 55-59). IEEE.
Aldwairi, M. & Aldhanhani, S. (2017). Multi-Factor Authentication System. Journal of Telecommunication, Electronic and Computer Engineering. Vol. X No. X.
Alkhater, N., Walters, R., & Wills, G. (2014, November). An investigation of factors influencing an organisation's intention to adopt cloud computing. In Information Society (i-Society), 2014 International Conference on (pp. 337-338). IEEE.
Al-Marsy, A., Chaudhary, P., & Rodger, J. A. (2021). A model for examining challenges and opportunities in use of cloud computing for health information systems. Applied System Innovation, 4(1).
Almazroi, A. (2017). An Empirical Study of Factors that Influence the Adoption of Cloud Computing Applications by Students in Saudi Arabian Universities. (PhD Dissertation, Flinders University).
Almubarak, S., S. (2018). Factors Influencing the Adoption of Cloud Computing by Saudi University Hospitals. International Journal of Advanced Computer Science and Applications, 8(1), 41–48.
Alsanea, M. and Barth, J. (2014). Factors Affecting the Adoption of Cloud Computing in the Government Sector: A Case Study of Saudi Arabia. International Journal of Cloud Computing and Services Science (IJ-CLOSER), Vol. x, No. x, pp. 1 – 16.
AlZain MA, Pardede E (2012). Using Multi Shares for Ensuring Privacy in Database-as-aService. Proceedings of the 2011 44th Hawaii International Conference on System Sciences (HICSS) (IEEE):1-9.
Alzain, M. A., Li, A. S., Soh, B., & Pardede, E. (2015). Multi-Cloud Data Management using Shamir’s Secret Sharing and Quantum Byzantine Agreement Schemes. International Journal of Cloud Applications and Computing, 5(3), 35-52.
Angeles, R (2014). Using the Technology-Organization-Environment Framework for Analyzing Nike’s “Considered Index” Green Initiative, a Decision Support System-Driven System. Journal of Management and Sustainability; Vol. 4, No. 1.
Asadi, S., Nilashi, M., Husin, A. R., & Yadegaridehkordi, E. (2017). Customers perspectives on adoption of cloud computing in banking sector. Information Technology and Management, 305-330.
Balanagalakshmi, D. B., & Bullard, D. S. (2020). Cloud computing technology-security issues in banks-an overview. European Journal of Molecular & Clinical Medicine, 7(2), 299-5304.
Bhadauria, R., & Sanyal, S. (2012). Survey on security issues in cloud computing and associated mitigation techniques. arXiv preprint arXiv:1204.0764.
Bonguet, A., & Bellaiche, M. (2017). A survey of denial-of-service and distributed denial of service attacks and defenses in cloud computing. Future Internet, 9(3).
Chen, L., Lee, W. K., Chang, C. C., Choo, K. K., & Zhang, N. (2019). Blockchain based searchable encryption for electronic health record sharing. 95. Future generation computer systems, 95, 420-429.
Dang-Pham, D., Hoang, A. P., Le Gia, B., & Nkhoma, M. (2020). Network Analytics for Improving Students’ Cybersecurity Awareness in Online Learning Systems. In 2020 RIVF International Conference on Computing and Communication Technologies (RIVF).
Fernandez, E. B., & Monge, R. (2014). A security reference architecture for cloud systems. e (pp. 1-5). In Proceedings of the WICSA 2014, (pp. 1-5).
Gyau, E. K., Owiredu-Ghorman, K., Amaning, N. K., & Kpimekuu, P. B. (2023). Qualitative Analysis on Costs and Benefits of Adopting a Cloud-Based Accounting Information System: A Case Study of Rural Banks in Ghana. European Journal of Accounting, Auditing and Finance Research.
Kacha, L., & Zitouni, A. (2018). An overview on data security in cloud computing. Cybernetics Approaches in Intelligent Systems: Computational Methods in Systems and Software, 250-261.
Li, F., Lu, H., Hou, M., Cui, K., & Darbandi, M. (2021). Customer satisfaction with bank services: The role of cloud services, security, e-learning and service quality. Technology in Society, 64.
Madhav, A. S., & Tyagi, A. K. (2022). The world with future technologies (Post-COVID-19): open issues, challenges, and the road ahead. Intelligent Interactive Multimedia Systems for e-Healthcare Applications, 411-452.
Mahalle, A., Yong, J., Tao, X., & Shen, J. (2018). Data privacy and system security for banking and financial services industry based on cloud computing infrastructure. In 2018 IEEE 22nd International Conference on Computer Supported Cooperative Work in Design ((CSCWD)).
Mahesh, K. (2020). Predicting Uncertainity of Cloud Service Provider towards Data Integrity and Economic.
Nassreldeen, & Osama. (2018). Cloud Computing Security Framework Privacy Security. International Journal on Recent and Innovation Trends in Computing and Communication, 6(2).
Rao, R. V., & Selvamani, K. (2015). Data security challenges and its solutions in cloud computing. Procedia Computer Science, 48, 204-209.
Senarathna, I., Wilkin, C., Warren, M., & Yeoh, W. (2018). Factors that influence adoption of cloud computing: An empirical study of Australian SMEs. Australasian Journal of Information Systems.
Sharma, M., Husain, S., & Ali, S. (2017). Cloud computing risks and recommendations for security. International Journal of Latest Research in Science and Technology,, 6(1), 52-56.
Sun, Y., Zhang, J., Xiong, Y., & Zhu, G. (2014). Data security and privacy in cloud computing. International Journal of Distributed Sensor Networks, 10(7).
Tiwari, S., Bharadwaj, S., & Joshi, S. (2021). A study of impact of cloud computing and artificial intelligence on banking services, profitability and operational benefits. Turkish Journal of Computer and Mathematics Education (TURCOMAT), 12(6), 1617-1627.
Upes, R. R. & Upes, A. T. (2016). An Integrated Intrusion Handling Model for Cloud Computing. International Journal of Computer Science Engineering (IJCSE). Vol. 5 No.03
Vitti, P. A., dos Santos, D. R., Westphall, C., Westphall, C. M., & Vieira, K. M. (2014). Current issues in cloud computing security and management. SECURWARE.
Yu, Z., Wang, Z., Wang, N., Su, X., & Ge, S. (2017). A Descriptive Literature Review about Cloud Computing Security Research in the IS Discipline. In 2017 International Conference on Computer Science and Application Engineering (CSAE 2017).
