APPLICABILITY OF CLOUD SECURITY FRAMEWORKS AND MODELS IN THE KENYAN-BANKING SECTOR: A REVIEW
Abstract
The years from 2007 has seen the Banking industry in Kenya has experience growth and transformation when it comes to technology and this is mostly attributed to the integration of cloud computing. A comprehensive literature review that goes through the multifaceted landscape of cloud security within the Kenyan banking sector has been provided in this article. By Conducting through Framework and model analysis that include KLDAP-RBAC,SRA(Security Reference Architecture), Integrated Intrusion Detection and Prevention System (IDPS), Multifactor authentication and Multi-Cloud Databases (MCDB), this review gives a comprehensive assessment of their strengths, their weaknesses and their ways of application. Cloud security governance concept is examined by using the shared security responsibility model. Mobile cloud computing security integration further characterizes augments of the discussion, addressing the challenges faced by the mobile banking sector. This review is as a foundational resource for banks and stakeholders who have the aim to strengthen their cloud security setup in the dynamic and fast-evolving Kenyan banking setting. Drawing upon these insights, the banking industry can come up with a secure and resilient path toward continued innovation and customer-centric services.
Keywords: Cloud security, Data Security, Security Frameworks, Security Reference Architecture, Banks, KCB, Kenya
References
[2] K. M. Kituku, Adoption of cloud computing in Kenya by firms listed in the Nairobi Stock Exchange)., 2012.
[3] R. Mugyenyi, Adoption of cloud computing services for sustainable development of commercial banks in Uganda., 2018.
[4] S. Musau, S. Muathe, and L. Mwangi, "Financial inclusion, bank competitiveness and credit risk of commercial banks in Kenya," International Journal of Financial Research, vol. 9, no. 1, pp. 203-218, 2018.
[5] J. Koori, N. Wanjiku and G. Atheru, "Technological Banking Innovations and Financial Inclusion by Commercial Banks in Nairobi County, Kenya.," International Journal of Current Aspects in Finance, Banking and Accounting, vol. 2, no. 1, pp. 1-27, 2020.
[6] G. Yan, "Application of Cloud Computing in Banking: Advantages and Challenges.," In 2017 2nd International Conference on Politics, Economics and Law (ICPEL 2017), 2017.
[7] S. Singh, Y. S. Jeong and J. H. Park, "Singh, S., Jeong, Y. S., & Park, J. H. (2016). A survey on cloud computing security: Issues, threats, and solutions.," Journal of Network and Computer Applications, pp. 200-222., 2016.
[8] Y. Alghofaili, A. Albattah, N. Alrajeh, and B. A. S. Al-Rimy, "Secure cloud infrastructure: A survey on issues, current solutions, and open challenges," Applied Sciences, vol. 11, no. 19, 2021.
[9] N. Akhtar, B. Kerim, Y. Perwej and A. P. Tiwari, "A Comprehensive Overview of Privacy and Data Security for Cloud Storage.," International Journal of Scientific Research in Science Engineering and Technology., 2021.
[10] P. A. F. Vitti, D. R. dos Santos, C. Westphall, C. M. Westphall and K. M. Vieira, "Current issues in cloud computing security and management.," SECURWARE, 2014.
[11] I. Senarathna, C. Wilkin, M. Warren, and W. Yeoh, "Factors that influence the adoption of cloud computing: An empirical study of Australian SMEs.," Australasian Journal of Information Systems, 2018.
[12] D. B. Balanagalakshmi and D. S. K. Bullard, "Cloud computing technology-security issues in banks-an overview.," European Journal of Molecular & Clinical Medicine, vol. 7, no. 2, pp. 5299-5304, 2020.
[13] B. Alouffi, M. Hasnain, A. Alharbi and W. Alosaimi, "A systematic literature review on cloud computing security: threats and mitigation strategies.," IEEE Access, pp. 57792-57807., 2021.
[14] E. O. Ekong, "Impact of Cyber-Security on Financial Fraud in Commercial Banks in Nigeria: A Case Study of Zenith Banks in Abuja," Doctoral dissertation, AUST, 2023.
[15] A. Mahalle, J. Yong, X. Tao, and J. Shen, "Data privacy and system security for banking and financial services industry based on cloud computing infrastructure.," In 2018 IEEE 22nd International Conference on Computer Supported Cooperative Work, 2018.
[16] F. Ghane, S. Gilaninia and M. Homayounfar, "The effect of cloud computing on the effectiveness of customer relation management in the electronic banking industry: a case study of Eghtesad novel bank.," in Arabian Journal of Business and M, 2016.
[17] F. A. Kamoun, "Rethinking the role of enterprise architecture during times of economic downturn: a dynamic capabilities approach," Journal of Information Technology Management, vol. 24, no. 1, 2013.
[18] N. I. Eltayb and O. A. Rayis, "Cloud Computing Security Framework Privacy Security., 6(2), " International Journal on Recent and Innovation Trends in Computing and Communication, vol. 6, no. 2, pp. 78-83, 2018.
[19] M. A. Kâafar, L. Benazzouz, F. Kamoun, and D. Males, "A Kerberos-based authentication architecture for Wireless Lans.," in In Networking 2004: Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications Third International IFIP-TC6 Networking Conference Athens, Greece, May 9–14, 2004, Proceedings 3, 2004.
[20] S. Khamitkar, Y. F. Al-Dubai, P. Bhalchandra, and P. Wasnik, "Kerberos authentication with cloud computing access control.," International Journal of Advanced Computational Engineering and Networking, pp. 2320-2106., 2015.
[21] Y. F. Al-Dubai and S. D. Khamitkar, "Kerberos: secure single sign-on authentication protocol framework for cloud access control," Global Journal of Computer Science and Technology: B Cloud and Distributed, 2014.
[22] E. B. Fernandez and R. Monge, "A security reference architecture for cloud systems.," in In Proceedings of the WICSA 2014 Companion, 2014.
[23] I. Homoliak, S. Venugopalan, D. Reijsbergen, Q. Hum, R. Schumi, and P. Szalachowski, "The security reference architecture for blockchains: Toward a standardized model for studying vulnerabilities, threats, and defenses.," EEE Communications Surveys & Tutorials, 2020.
[24] J. Moreno, M. A. Serrano, E. Fernandez-Medina and E. B. Fernandez, "Towards a Security Reference Architecture for Big Data." in In DOLAP., 2018.
[25] E. B. Fernandez, R. Monge, and K. Hashizume, "Building a security reference architecture for cloud systems.," Requirements Engineering, vol. 21, pp. 225-249, 2016.
[26] M. Azhagiri, A. Rajesh and S. Karthik, "Intrusion detection and prevention system: technologies and challenges," International Journal of Applied Engineering Research, vol. 10, no. 87, pp. 1-12, 2015.
[27] B. S. Kumar, T. C. Raju, M. Ratnakar, and N. Sudhakar, "Intrusion detection system-types and prevention," International Journal of Computer Science and Information Technologies, vol. 4, no. 1, pp. 77-82, 2013.
[28] R. Bose, S. Chakraborty, and S. Roy, "Explaining the workings principle of cloud-based multi-factor authentication architecture on banking sectors.," In 2019 Amity International Conference on Artificial Intelligence (AICAI), 2019.
[29] V. Maheshwari, S. Sahana, S. Das, I. Das and A. Ghosh, "Factors Influencing Security Issues in Cloud Computing.," in International Conference on Advanced Communication and Intelligent Systems, 2022.
[30] H. Tabrizchi and M. Kuchaki Rafsanjani, "A survey on security challenges in cloud computing: issues, threats, and solutions.," The Journal of supercomputing, vol. 76, no. 12, pp. 9493-9532, 2020.
[31] K. V. Raipurkar and A. V. Deorankar, "Improve data security in a cloud environment by using LDAP and two-way encryption algorithm.," In 2016 Symposium on Colossal Data Analysis and Networking (CDAN), 2016.
[32] S. Khamitkar, Y. Al-Dubai, P. Bhalchandra, and P. Wasnik, "Kerberos authentication with cloud computing access control.," International Journal of Advanced Computational Engineering and Networking, pp. 2320-2106, 2015.
[33] T. Muhammad, M. T. Munir, M. Z. Munir, and M. W. Zafar, "Elevating Business Operations: The Transformative Power of Cloud Computing.," International Journal of Computer Science and Technology, vol. 2, no. 1, pp. 1-21, 2018.
[34] A. Moralis, V. Pouli, S. Papavassiliou, and V. Maglaris, "A Kerberos security architecture for web services based instrumentation grids.," Future Generation Computer Systems, vol. 25, no. 7, pp. 804-818, 2009.
[35] M. C. Libicki, L. Ablon, and T. Webb, "The defender’s dilemma: Charting a course toward cybersecurity.," Rand Corporation, 2015.
[36] E. Fernandez and R. Monge, "A security reference architecture for cloud systems.," In Proceedings of the WICSA 2014 Companion, pp. 1-5, 2014.
[37] A. Rath, B. Spasic, N. Boucart and P. Thiran, "Security pattern for cloud saas: From system and data security to privacy case study in AWS and azure," Computers, vol. 8, no. 2, 2019.
[38] R. Bose, S. Chakraborty, and S. Roy, "Explaining the workings principle of cloud-based multi-factor authentication architecture on banking sectors.," in Amity International Conference on Artificial Intelligence (AICAI), 2019.
[39] S. Chakraborty, R. Bose, S. Roy, and D. Sarddar, "Auditing deployed software licenses on the cloud using a secure loopback protocol," Int. J. Recent. Technol. Eng, vol. 8, no. 3, pp. 1-5, 2019.
[40] A. I. Newaz, A. K. Sikder, M. A. Rahman and A. S. Uluagac, "A survey on security and privacy issues in modern healthcare systems: Attacks and defenses.," ACM Transactions on Computing for Healthcare, vol. 2, no. 3, pp. 1-44, 2021.
[41] M. Aldwairi and S. Aldhanhani, "Multi-factor authentication system," in In The 2017 International Conference on Research and Innovation in Computer Engineering and Computer Sciences (RICCES’2017). Malaysia Technical Scientist Association., 2017.
[42] V. Kakkad, M. Patel and M. Shah, "Biometric authentication and image encryption for image security in cloud framework.," Multiscale and Multidisciplinary Modeling, Experiments and Design, pp. 233-248, 2019.
[43] T. Campbell, "Protection of systems.," Practical Information Security Management: A Complete Guide to Planning and Implementation, pp. 155-177, 2016.
[44] A. Sarkar and B. K. Singh, "A review on performance, security and various biometric template protection schemes for biometric authentication systems.," Multimedia Tools and Applications, vol. 79, pp. 27721-27776., 2020.
[45] M. A. AlZain, B. Soh, and E. Pardede, "TMR-MCDB: Enhancing security in a multi-cloud model through the improvement of service dependability," International Journal of cloud computing and services science (IJ-CLOSER), vol. 3, no. 3, pp. 133-144, 2014.
[46] M. Ahmed, A. Litchfield and C. Sharma, "A distributed security model for cloud computing.," in Proceedings of the Americas Conference on Information Systems., 2016.
[47] M. A. Alzain and E. Pardede, "Using multi shares for ensuring privacy in database-as-a-service.," in In 2011 44th Hawaii international conference on System Sciences, 2011.
[48] S. Gupta, R. C. Poonia, V. Singh and L. Raja, "Tier application in multi-cloud databases to improve security and service availability.," in In Handbook of Research on cloud computing and Big Data Applications in IoT, 2019.
[49] M. S. Kiraz, "A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing," Journal of Ambient Intelligence and Humanized Computing, pp. 731-760, 2016.
[50] A. Sunyaev and A. Sunyaev, "Cloud computing.," Internet Computing: Principles of Distributed Systems and Emerging Internet-Based Technologies, pp. 195-236, 2020.
[51] C. Gurkok, "Securing cloud computing systems.," In Computer and Information Security Handbook, Morgan Kaufmann., 2017, pp. 897-922.
[52] M. A. Al Moteri, "Decision Support for Shared Responsibility of Cloud Security Metrics.," 2017.
[53] R. Yeluri and E. Castro-Leon, "Building the Infrastructure for Cloud Security: A Solutions View," Springer Nature., 2014.
[54] D. Blum, "Rational Cybersecurity for Business: The Security Leaders' Guide to Business Alignment," Springer Nature., 2020.
[55] R. P. Padhy, M. R. Patra and S. C. Satapathy, "Cloud computing: security issues and research challenges.," International Journal of Computer Science and Information Technology & Security (IJCSITS), pp. 136-146, 2011.
[56] J. Becker and E. Bailey, "A comparison of IT governance & control frameworks in cloud computing.," 2014.
[57] C. Tang and J. Liu, "Selecting a trusted cloud service provider for your SaaS program.," Computers & Security, pp. 60-73, 2015.
[58] K. Purohit and M. A. Rana, "AUTHENTICATION IN CLOUD COMPUTING.," 2016.
[59] M. Alsanea, J. Barth and R. Griffith, "Factors affecting the adoption of cloud computing in the government sector: a case study of Saudi Arabia.," International Journal of Cloud Computing and Service Science, vol. 36, pp. 1-16, 2014.
[60] U. C. Iwuchukwu, E. E. Atimati, C. I. Ndukwe, and O. C. Iwuamadi, "The state of cloud computing in Nigeria.," IOSR Journal of Electrical and Electronics Engineering, pp. 84-93, 2017.
[61] D. Puthal, B. P. Sahoo, S. Mishra and S. Swain, "Cloud computing features, issues, and challenges: a big picture." in In 2015 International Conference on computational intelligence and Networks, 2015.
[62] P. K. Senyo, E. Addae, and R. Boateng, "Cloud computing research: A review of research themes, frameworks, methods, and future research directions.," International Journal of Information Management, vol. 38, no. 1, pp. 128-139, 2018.
[63] A. A. Almazroi, An empirical study of factors that influence the adoption of cloud computing applications by students in Saudi Arabian Universities, Doctoral dissertation, Flinders University, School of Computer Science, Engineering and Mathematics, 2017.
[64] Z. Shana and E. S. Abulibdeh, Cloud computing issues for higher education: Theory of acceptance model., 2017.
[65] B. Nedelcu, M. E. Stefanet, I. F. Tamasescu, S. E. Tintoiu, and A. Vezeanu, "Cloud Computing and its Challenges and Benefits in the Bank System.," Database Systems Journal, vol. 6, no. 1, 2015.
[66] C. Agre, "Implementation of a cloud in the banking sector.," International Journal of Computer Science and Information Technology, vol. 3, no. 2, pp. 1168-1174., 2015.
[67] A. Elzamly, B. Hussin, S. Abu Naser, and K. Khanfar, "A new conceptual framework modeling for cloud computing risk management in banking organizations.," International Journal of Grid and Distributed Computing, 2016.
[68] E. M. Mohamed, H. S. Abdelkader, and S. El-Etriby, "Data security model for cloud computing," Journal of Communication and Computer, vol. 10, no. 8, pp. 1047-1062., 2013.
[69] J. R. Mlgheit, E. H. Houssein, and H. H. Zayed, "Security Model for Preserving Privacy over Encrypted Cloud Computing.," Journal of Computer and Communications, vol. 5, no. 6, 2017.
[70] U. M. Ismail, S. Islam, M. Ouedraogo, and E. Weippl, "A framework for security transparency in cloud computing.," Future Internet, 2016.
[71] M. A. Albahr, "Cloud Computing Security.," 2015.
[72] P. Shamsolmoali and M. Zareapoor, "DATA SECURITY MODEL IN CLOUD COMPUTING.," 2016.
[73] M. Jouini and L. B. Rabai, "A security framework for secure cloud computing environments.," in Cloud Security: Concepts, methodologies, tools, and applications, 2019, pp. 249-263.
[74] P. A. Vitti, D. R. dos Santos, C. Westphall and K. M. Vieira, "Current issues in cloud computing security and management.," SECURWARE, 2014.
[75] M. Alassafi, A. Alharthi, A. Alenezi, R. Walters and G. Wills, "Investigating the security factors in cloud computing adoption: Towards developing an integrated framework," Journal of Internet Technology and Secured Transactions (JITST), vol. 5, no. 2.