Secure migration to compliant cloud services: A case study

摘要

Adoption of cloud computing technology in the financial sector is increasing to improve the efficiency of payment transactions, risk management, and business processes. This is occurring more rapidly in developed countries such as USA, Canada, and the UK while cloud implementation in less developed countries such as Saudi Arabia is still emerging. Implementation of cloud technologies in the financial sector requires diligent decisions such as selecting the most suitable secure cloud deployment model, service level agreement, and cloud vendor. In this paper, cloud migration using an information security, privacy, and compliance (ISPC) readiness model is presented. Several types of cloud services are available, therefore evaluating migration readiness and selecting an appropriate vendor is critical, as this will have an impact on the requirements of stakeholders such as local banks. Cloud migration decisions are obtained by analyzing ISPC requirements considering the strategic initiatives of the organization. A case study involving the Saudi Arabian central bank is presented to demonstrate the implementation of the ISPC readiness model.