A framework for assuring conformance of cloud-based email at higher education institutions
- Authors: Willett, Melanie
- Date: 2013
- Subjects: Cloud computing -- Security measures , Computer networks -- Security measures , Web services , Education, Higher -- Technological innovations
- Language: English
- Type: Thesis , Doctoral , PhD
- Identifier: vital:9815 , http://hdl.handle.net/10948/d1018664
- Description: Cloud computing is a relatively immature computing paradigm that could significantly benefit users. Cloud computing solutions are often associated with potential benefits such as cost reduction, less administrative hassle, flexibility and scalability. For organisations to realize such potential benefits, cloud computing solutions need to be chosen, implemented, managed and governed in a way that is secure, compliant with internal and external requirements and indicative of due diligence. This can be a challenge, given the many concerns and risks commonly associated with cloud computing solutions. One cloud computing solution that is being widely adopted around the world is cloud-based email. One of the foremost adopters of this cloud computing solution is higher education institutions. These higher education institutions stand to benefit greatly from using such services. Cloud-based email can be provisioned to staff and students at these institutions for free. Additionally, cloud service providers (CSPs) are able to provide a better email service than some higher education institutions would be able to provide if they were required to do so in-house. CSPs often provide larger inboxes and many extra services with cloud-based email. Cloud-based email is, therefore, clearly an example of a cloud computing solution that has the potential to benefit organisations. There are however, risks and challenges associated with the use of this cloud computing solution. Two of these challenges relate to ensuring conformance to internal and external (legal, regulatory and contractual obligations) requirements and to providing a mechanism of assuring that cloud-based email related activities are sound. The lack of structured guidelines for assuring the conformance of cloud-based email is putting this service at risk at higher education institutions in South Africa. This work addresses this problem by promoting a best practice based approach to assuring the conformance of cloud-based email at higher education institutions. To accomplish this, components of applicable standards and best practice guidelines for IT governance, IT assurance and IT conformance are used to construct a framework for assuring the conformance of cloud-based email. The framework is designed and verified using sound design science principles. The utility and value of the framework has been demonstrated at a higher education institution in South Africa. This framework can be used to assist higher education institutions to demonstrate due diligence in assuring that they conform to legal and best practice requirements for the management and governance of cloud-based email. This is a significant contribution in the relatively new field of cloud computing governance.
- Full Text:
- Date Issued: 2013
- Authors: Willett, Melanie
- Date: 2013
- Subjects: Cloud computing -- Security measures , Computer networks -- Security measures , Web services , Education, Higher -- Technological innovations
- Language: English
- Type: Thesis , Doctoral , PhD
- Identifier: vital:9815 , http://hdl.handle.net/10948/d1018664
- Description: Cloud computing is a relatively immature computing paradigm that could significantly benefit users. Cloud computing solutions are often associated with potential benefits such as cost reduction, less administrative hassle, flexibility and scalability. For organisations to realize such potential benefits, cloud computing solutions need to be chosen, implemented, managed and governed in a way that is secure, compliant with internal and external requirements and indicative of due diligence. This can be a challenge, given the many concerns and risks commonly associated with cloud computing solutions. One cloud computing solution that is being widely adopted around the world is cloud-based email. One of the foremost adopters of this cloud computing solution is higher education institutions. These higher education institutions stand to benefit greatly from using such services. Cloud-based email can be provisioned to staff and students at these institutions for free. Additionally, cloud service providers (CSPs) are able to provide a better email service than some higher education institutions would be able to provide if they were required to do so in-house. CSPs often provide larger inboxes and many extra services with cloud-based email. Cloud-based email is, therefore, clearly an example of a cloud computing solution that has the potential to benefit organisations. There are however, risks and challenges associated with the use of this cloud computing solution. Two of these challenges relate to ensuring conformance to internal and external (legal, regulatory and contractual obligations) requirements and to providing a mechanism of assuring that cloud-based email related activities are sound. The lack of structured guidelines for assuring the conformance of cloud-based email is putting this service at risk at higher education institutions in South Africa. This work addresses this problem by promoting a best practice based approach to assuring the conformance of cloud-based email at higher education institutions. To accomplish this, components of applicable standards and best practice guidelines for IT governance, IT assurance and IT conformance are used to construct a framework for assuring the conformance of cloud-based email. The framework is designed and verified using sound design science principles. The utility and value of the framework has been demonstrated at a higher education institution in South Africa. This framework can be used to assist higher education institutions to demonstrate due diligence in assuring that they conform to legal and best practice requirements for the management and governance of cloud-based email. This is a significant contribution in the relatively new field of cloud computing governance.
- Full Text:
- Date Issued: 2013
Cloud information security : a higher education perspective
- Authors: Van der Schyff, Karl Izak
- Date: 2014
- Subjects: Cloud computing -- Security measures , Information technology -- Security measures , Data protection , Internet in higher education , Education, Higher -- Technological innovations
- Language: English
- Type: Thesis , Masters , MSc
- Identifier: vital:4692 , http://hdl.handle.net/10962/d1011607 , Cloud computing -- Security measures , Information technology -- Security measures , Data protection , Internet in higher education , Education, Higher -- Technological innovations
- Description: In recent years higher education institutions have come under increasing financial pressure. This has not only prompted universities to investigate more cost effective means of delivering course content and maintaining research output, but also to investigate the administrative functions that accompany them. As such, many South African universities have either adopted or are in the process of adopting some form of cloud computing given the recent drop in bandwidth costs. However, this adoption process has raised concerns about the security of cloud-based information and this has, in some cases, had a negative impact on the adoption process. In an effort to study these concerns many researchers have employed a positivist approach with little, if any, focus on the operational context of these universities. Moreover, there has been very little research, specifically within the South African context. This study addresses some of these concerns by investigating the threats and security incident response life cycle within a higher education cloud. This was done by initially conducting a small scale survey and a detailed thematic analysis of twelve interviews from three South African universities. The identified themes and their corresponding analyses and interpretation contribute on both a practical and theoretical level with the practical contributions relating to a set of security driven criteria for selecting cloud providers as well as recommendations for universities who have or are in the process of adopting cloud computing. Theoretically several conceptual frameworks are offered allowing the researcher to convey his understanding of how the aforementioned practical concepts relate to each other as well as the concepts that constitute the research questions of this study.
- Full Text:
- Date Issued: 2014
- Authors: Van der Schyff, Karl Izak
- Date: 2014
- Subjects: Cloud computing -- Security measures , Information technology -- Security measures , Data protection , Internet in higher education , Education, Higher -- Technological innovations
- Language: English
- Type: Thesis , Masters , MSc
- Identifier: vital:4692 , http://hdl.handle.net/10962/d1011607 , Cloud computing -- Security measures , Information technology -- Security measures , Data protection , Internet in higher education , Education, Higher -- Technological innovations
- Description: In recent years higher education institutions have come under increasing financial pressure. This has not only prompted universities to investigate more cost effective means of delivering course content and maintaining research output, but also to investigate the administrative functions that accompany them. As such, many South African universities have either adopted or are in the process of adopting some form of cloud computing given the recent drop in bandwidth costs. However, this adoption process has raised concerns about the security of cloud-based information and this has, in some cases, had a negative impact on the adoption process. In an effort to study these concerns many researchers have employed a positivist approach with little, if any, focus on the operational context of these universities. Moreover, there has been very little research, specifically within the South African context. This study addresses some of these concerns by investigating the threats and security incident response life cycle within a higher education cloud. This was done by initially conducting a small scale survey and a detailed thematic analysis of twelve interviews from three South African universities. The identified themes and their corresponding analyses and interpretation contribute on both a practical and theoretical level with the practical contributions relating to a set of security driven criteria for selecting cloud providers as well as recommendations for universities who have or are in the process of adopting cloud computing. Theoretically several conceptual frameworks are offered allowing the researcher to convey his understanding of how the aforementioned practical concepts relate to each other as well as the concepts that constitute the research questions of this study.
- Full Text:
- Date Issued: 2014
Guidelines for secure cloud-based personal health records
- Authors: Mxoli, Ncedisa Avuya Mercia
- Date: 2017
- Subjects: Cloud computing -- Security measures , Computer security Data mining Medical records -- Data processing
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: http://hdl.handle.net/10948/14134 , vital:27433
- Description: Traditionally, health records have been stored in paper folders at the physician’s consulting rooms – or at the patient’s home. Some people stored the health records of their family members, so as to keep a running history of all the medical procedures they went through, and what medications they were given by different physicians at different stages of their lives. Technology has introduced better and safer ways of storing these records, namely, through the use of Personal Health Records (PHRs). With time, different types of PHRs have emerged, i.e. local, remote server-based, and hybrid PHRs. Web-based PHRs fall under the remote server-based PHRs; and recently, a new market in storing PHRs has emerged. Cloud computing has become a trend in storing PHRs in a more accessible and efficient manner. Despite its many benefits, cloud computing has many privacy and security concerns. As a result, the adoption rate of cloud services is not yet very high. A qualitative and exploratory research design approach was followed in this study, in order to reach the objective of proposing guidelines that could assist PHR providers in selecting a secure Cloud Service Provider (CSP) to store their customers’ health data. The research methods that were used include a literature review, systematic literature review, qualitative content analysis, reasoning, argumentation and elite interviews. A systematic literature review and qualitative content analysis were conducted to examine those risks in the cloud environment that could have a negative impact on the secure storing of PHRs. PHRs must satisfy certain dimensions, in order for them to be meaningful for use. While these were highlighted in the research, it also emerged that certain risks affect the PHR dimensions directly, thus threatening the meaningfulness and usability of cloud-based PHRs. The literature review revealed that specific control measures can be adopted to mitigate the identified risks. These control measures form part of the material used in this study to identify the guidelines for secure cloud-based PHRs. The guidelines were formulated through the use of reasoning and argumentation. After the guidelines were formulated, elite interviews were conducted, in order to validate and finalize the main research output: i.e. guidelines. The results of this study may alert PHR providers to the risks that exist in the cloud environment; so that they can make informed decisions when choosing a CSP for storing their customers’ health data.
- Full Text:
- Date Issued: 2017
- Authors: Mxoli, Ncedisa Avuya Mercia
- Date: 2017
- Subjects: Cloud computing -- Security measures , Computer security Data mining Medical records -- Data processing
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: http://hdl.handle.net/10948/14134 , vital:27433
- Description: Traditionally, health records have been stored in paper folders at the physician’s consulting rooms – or at the patient’s home. Some people stored the health records of their family members, so as to keep a running history of all the medical procedures they went through, and what medications they were given by different physicians at different stages of their lives. Technology has introduced better and safer ways of storing these records, namely, through the use of Personal Health Records (PHRs). With time, different types of PHRs have emerged, i.e. local, remote server-based, and hybrid PHRs. Web-based PHRs fall under the remote server-based PHRs; and recently, a new market in storing PHRs has emerged. Cloud computing has become a trend in storing PHRs in a more accessible and efficient manner. Despite its many benefits, cloud computing has many privacy and security concerns. As a result, the adoption rate of cloud services is not yet very high. A qualitative and exploratory research design approach was followed in this study, in order to reach the objective of proposing guidelines that could assist PHR providers in selecting a secure Cloud Service Provider (CSP) to store their customers’ health data. The research methods that were used include a literature review, systematic literature review, qualitative content analysis, reasoning, argumentation and elite interviews. A systematic literature review and qualitative content analysis were conducted to examine those risks in the cloud environment that could have a negative impact on the secure storing of PHRs. PHRs must satisfy certain dimensions, in order for them to be meaningful for use. While these were highlighted in the research, it also emerged that certain risks affect the PHR dimensions directly, thus threatening the meaningfulness and usability of cloud-based PHRs. The literature review revealed that specific control measures can be adopted to mitigate the identified risks. These control measures form part of the material used in this study to identify the guidelines for secure cloud-based PHRs. The guidelines were formulated through the use of reasoning and argumentation. After the guidelines were formulated, elite interviews were conducted, in order to validate and finalize the main research output: i.e. guidelines. The results of this study may alert PHR providers to the risks that exist in the cloud environment; so that they can make informed decisions when choosing a CSP for storing their customers’ health data.
- Full Text:
- Date Issued: 2017
A cloud adoption framework for South African SMEs
- Authors: Mudzamba, Ronald Ratidzo
- Date: 2020
- Subjects: Cloud computing , Cloud computing -- Security measures , Small business -- Technological innovations -- South Africa -- Eastern Cape , Small business -- Information technology -- South Africa -- Eastern Cape , Information technology -- South Africa -- Eastern Cape , Technology-Organisation-Environment (TOE) framework , Small to Medium Enterprises (SMEs)
- Language: English
- Type: text , Thesis , Masters , MCom
- Identifier: http://hdl.handle.net/10962/148574 , vital:38751
- Description: Small to Medium Enterprises (SMEs) have been touted as key enablers to the economic development of most countries. Despite growing evidence that most SMEs fail within their initial years, ICTs have been found to add substantial value in facilitating their success. However, in most developing countries, ICT adoption by SMEs has been plagued with a plethora of challenges ranging from poor electricity supply, high ICT costs, lack of ICT expertise to lack of government support. While this might seem problematic for SMEs, the adoption and the use of cloud services mitigates some of these challenges. The problem, however, is that a limited amount of literature has provided guidance with regard to how the cloud adoption process should be carried out by SMEs. The objective of this research, was therefore, to address this by developing a framework that can be used by SMEs to guide them through the cloud adoption process. To this end, thirteen (13) semi-structured interviews were conducted across nine (9) SMEs in the Eastern Cape. The resultant interview transcripts were analysed using an established thematic approach; the result of which allowed for the development of a rich interpretive narrative about SME cloud adoption. Combined with theory from extant literature, this culminated in the development of a framework for cloud services adoption for SMEs in the Eastern Cape.
- Full Text:
- Date Issued: 2020
- Authors: Mudzamba, Ronald Ratidzo
- Date: 2020
- Subjects: Cloud computing , Cloud computing -- Security measures , Small business -- Technological innovations -- South Africa -- Eastern Cape , Small business -- Information technology -- South Africa -- Eastern Cape , Information technology -- South Africa -- Eastern Cape , Technology-Organisation-Environment (TOE) framework , Small to Medium Enterprises (SMEs)
- Language: English
- Type: text , Thesis , Masters , MCom
- Identifier: http://hdl.handle.net/10962/148574 , vital:38751
- Description: Small to Medium Enterprises (SMEs) have been touted as key enablers to the economic development of most countries. Despite growing evidence that most SMEs fail within their initial years, ICTs have been found to add substantial value in facilitating their success. However, in most developing countries, ICT adoption by SMEs has been plagued with a plethora of challenges ranging from poor electricity supply, high ICT costs, lack of ICT expertise to lack of government support. While this might seem problematic for SMEs, the adoption and the use of cloud services mitigates some of these challenges. The problem, however, is that a limited amount of literature has provided guidance with regard to how the cloud adoption process should be carried out by SMEs. The objective of this research, was therefore, to address this by developing a framework that can be used by SMEs to guide them through the cloud adoption process. To this end, thirteen (13) semi-structured interviews were conducted across nine (9) SMEs in the Eastern Cape. The resultant interview transcripts were analysed using an established thematic approach; the result of which allowed for the development of a rich interpretive narrative about SME cloud adoption. Combined with theory from extant literature, this culminated in the development of a framework for cloud services adoption for SMEs in the Eastern Cape.
- Full Text:
- Date Issued: 2020
- «
- ‹
- 1
- ›
- »