A Data Security Implementation Model For Cloud Computing In Government Parastatals

Abstract

Cloud computing has transformed the way organisations approach technology enabling them to introduce new business models, provide more services and reduce IT costs. This research project aims at investigating the types of cloud implemented, analyse challenges and techniques used to overcome and finally design a data security implementation model for cloud computing in government parastatals. Cloud computing technologies can be implemented in a wide variety of architectures, under different service and deployment models and can coexist with other technologies and software design approaches. Cloud computing presents a huge dilemma for security professionals. Maintaining control over cloud data is paramount to cloud success. It is a strike between risks involved and the economic benefits. There are many concerns that arise while seeking to implement cloud technologies. They include security and privacy, identification and authentication, authorisation, confidentiality, integrity, non repudiation and availability among others. This research identified six government parastatals that are IT- enabled and have hosted some of their applications on cloud. The target group of respondents for this research are managers and employees in the Information Technology departments in randomly selected governmental parastatals. The proposed model borrows most of its content from other developed frameworks and from the results of the survey. This assists in the mapping out of data security areas and controls that will be of use to prospective cloud users. A thorough quantitative analysis will be undertaken to ensure credibility. Excel tool will be used to analyse data. The research design is descriptive. The data collection technique is a purposive survey research using sampling and questionnaires. Our sample size is 42 respondents. Questionnaires were used with 22 respondents giving valid feedback. They agreed that it is paramount to ensure data security during implementation of cloud solutions, the model covers the following areas discovery of cloud services and deployment models, CSP , defining governance, risk compliance and access management procedures, drawing SLA, QoS, ownership contracts, data life cycle security procedures, developing capacity plans, resource management, provisioning, cloud management and monitoring plans, testing different cloud layers data security metrics and finally implementing the cloud solution. The implication of this research is that government parastatals can now regain their trust in this paradigm and consider implementing more system in the cloud and those that have vast ICT resource to offer those that do not inform of cloud solution where as CSP thereby maximizing on the benefits that cloud computing offers and reducing government expenditure on new infrastructure, hardware, software and manpower. Since data security is one of the major hindrance in the implementation of cloud computing, this research proposes a six step model that could be employed by government parastatals to ensure data security in their cloud