AbstractRecent studies have provided information on usage of Enterprise Security Architecture and related risk and security controls in a Cloud Computing environment in general, but less concerning the deployment of Enterprise Security Architecture within a Software As A Service Cloud Computing service model.
The purpose of this study is to explore to what extent Enterprise Security Architecture can be used to map/model risk and security controls in a Software As A Service Cloud Computing service model from a Cloud Service Customer point of view.
To answer this research question, an exploratory and descriptive, holistic multi-case study approach was adopted. Data is collected by conducting a combined method of survey and semi-structured interview with key stakeholders of selected Small and Medium sized Enterprises.
Research findings show that Cloud Service Providers will cover many aspects of physical, infrastructure, and application security elements while Cloud Service Customers remains responsible for certain areas of security and control like compliance, user access and data. Cloud Service Customers can use Enterprise Security Architecture to manage the areas of security and risk control for which they remain responsible, although Enterprise Security Architecture is only used to a very limited extend within Small and Medium sized Enterprises.
|Date of Award||1 Sep 2021|
|Supervisor||Rik Bos (Examiner) & Lianne Cuijpers (Co-assessor)|
- Enterprise Security Architecture (ESA)
- Cloud Computing
- Software as a Service (SAAS)
- Small and Medium sized Enterprise (SME)