Securing Cloud Computing Through IT Governance

Salman M. Faizi and Shawon Rahman


Lack of alignment between information technology (IT) and the business is a problem facing many organizations. Most organizations, today, fundamentally depend on IT. When IT and the business are aligned in an organization, IT delivers what the business needs and the business is able to deliver what the market needs. IT has become a strategic function for most organizations, and it is imperative that IT and business are aligned. IT governance is one of the most powerful ways to achieve IT to business alignment. Furthermore, as the use of cloud computing for delivering IT functions becomes pervasive, organizations using cloud computing must effectively apply IT governance to it. While cloud computing presents tremendous opportunities, it comes with risks as well. Information security is one of the top risks in cloud computing. Thus, IT governance must be applied to cloud computing information security to help manage the risks associated with cloud computing information security. This study advances knowledge by extending IT governance to cloud computing and information security governance.


Business alignment, cloud computing, cloud computing security, information security, IT governance.


A. Buchwald, N. Urbach, and F. Ahlemann, "Business value through controlled IT: Toward an integrated model of IT governance success and its impact," Journal of Information Technology, vol. 29, pp. 128-147, 2014.

J. E. Mbowe, S. S. Msanjila, G. S. Oreku, and K. Kalegele, "On Development of Platform for Organization Security Threat Analytics and Management (POSTAM) Using Rule-Based Approach," Journal of Software Engineering and Applications, vol. 09, no. 12, pp. 601-623, 2016.

H. Gangwar and H. Date, "Critical factors of cloud computing adoption in organizations: An empirical study," Global Business Review, vol. 17, pp. 886-904, 2016.

B. C. M. A. Nathan, S. Hare, and P. C. M. A. Raju, "Establishing IT governance," (in English), Strategic Finance, vol. 99, no. 8, pp. 62-63, Feb 20182018-07-02 2018.

S. Ali and P. Green, "Effective information technology (IT) governance mechanisms: An IT outsourcing perspective," Information Systems Frontiers, vol. 14, pp. 179-193, 2012.

J. C. F. Tai, E. T. G. Wang, and H.-Y. Yeh, "A study of IS assets, IS ambidexterity, and IS alignment: the dynamic managerial capability perspective," Information & Management, 2018.

K. Jairak and P. Praneetpolgrang, "Applying IT Governance Balanced Scorecard and Importance-performance Analysis for Providing IT Governance Strategy in University," Information Management & Computer Security, vol. 21, pp. 228-249, 2013.

J. Magnusson and B. Bygstad, "Why I act differently: studying patterns of legitimation among CIOs through motive talk," Inf. Technol. People, vol. 26, pp. 265-282, 2013.

A. A. Ettish, S. M. El-Gazzar, and R. A. Jacob, "Integrating internal control frameworks for effective corporate information technology governance," (in English), Journal of Information Systems and Technology Management: JISTEM, vol. 14, no. 3, pp. 361-370, SepDecSep-Dec 20172018-02-28 2017.

R. v. Solms and S. H. B. v. Solms, "Information security governance: Due care," Computers & Security, vol. 25, pp. 494-497, 2006.

R. V. Aguilera, W. Q. Judge, and S. A. Terjesen, "Corporate governance deviance," Academy of Management Review, Article vol. 43, no. 1, pp.

87-109, 2018.

Y. C. Zhu, P. Liu, and J. T. Wang, "Enterprise data security research in public cloud computing," Applied Mechanics and Materials, vol. 198- 199, pp. 435-438, 2012.

M. Bayramusta and V. A. Nasir, "A fad or future of IT?: A comprehensive literature review on the cloud computing research," International Journal of Information Management, vol. 36, pp. 635-644, 2016.

R. von Solms and M. Willett, "Cloud computing assurance – a review of literature guidance," (in English), Information and Computer Security, vol. 25, no. 1, pp. 26-46, 20172018-08-29 2017.

RightScale Inc. (2018). RightScale 2018 state of the cloud report uncovers cloud adoption trends. Available:

J. L. Schnase et al., "MERRA Analytic Services: Meeting the Big Data challenges of climate science through cloud-enabled Climate Analyticsas-a-Service," Computers, Environment and Urban Systems, vol. 61, pp. 198-211, 2017.

C. Feijóo, S. Ramos, C. Armuña, A. Arenal, and J.-L. Gómez-Barroso, "A study on the deployment of high-speed broadband networks in NUTS3 regions within the framework of digital agenda for Europe," Telecommunications Policy, 2017.

F. Mohammed, O. Ibrahim, and N. Ithnin, "Factors influencing cloud computing adoption for e-government implementation in developing countries," (in English), Journal of Systems and Information Technology, vol. 18, no. 3, pp. 297-327, 20162018-09-30 2016.

M. Stieninger and D. Nedbal, "Characteristics of Cloud Computing in the Business Context: A Systematic Literature Review," Global Journal of Flexible Systems Management, Article vol. 15, no. 1, pp. 59-68, 2014.

P. Mell and T. Grance, "The NIST definition of cloud computing recommendations of the National Institute of Standards and Technology," NIST Special Publication, vol. 145, p. 7, 2011.

A. Jula, E. Sundararajan, and Z. Othman, "Cloud computing service composition: A systematic literature review," Expert Systems with Applications, vol. 41, pp. 3809-3824, 2014.

M. Stieninger, D. Nedbal, W. Wetzlinger, G. Wagner, and M. Erskine, "Factors influencing the organizational adoption of cloud computing: A survey among cloud workers," International Journal of Information Systems and Project Management, vol. 6, no. 1, pp. 5-23, 2018.

O. Yigitbasioglu, "Modelling the intention to adopt cloud computing services: A transaction cost theory perspective," Australasian Journal of Information Systems, vol. 18, pp. 193-210, 2014.

E. Schouten. (2014, 10/14/2018). Cloud computing defined: Characteristics & service levels. Available:

O. Rebollo, D. Mellado, and E. Fernández-Medina, "A Systematic Review of Information Security Governance Frameworks in the Cloud Computing Environment," Journal of Universal Computer Science, vol. 18, pp. 798-815, 2012.

S. Singh, Y. S. Jeong, and J. H. Park, "A survey on cloud computing security: Issues, threats, and solutions," Journal of Network and Computer Applications, vol. 75, pp. 200-222, 2016.

The OWASP Foundation, "OWASP Secure Coding Practices Quick Reference Guide," 2010.

Cisco Systems, "Cisco Annual Cybersecurity Report,"Available: 00160&oid=anrsc005679&ecid=8196&elqTrackId=686210143d34494fa 27ff73da9690a5b&elqaid=9452&elqat=2

The OWASP Foundation, "OWASP Top 10 - 2017: The Ten Most Critical Web Application Security Risks," 2017, Available: 2017_%28en%29.pdf.pdf.

J. Zhu, J. Xie, H. R. Lipford, and B. Chu, "Supporting secure programming in web applications through interactive static analysis," J Adv Res, vol. 5, no. 4, pp. 449-62, Jul 2014.

M. Whitney, H. R. Lipford, B. Chu, and T. Thomas, "Embedding Secure Coding Instruction Into the IDE: Complementing Early and Intermediate CS Courses With ESIDE," Journal of Educational Computing Research, vol. 56, no. 3, pp. 415-438, 2017.

A. Singh and K. Chatterjee, "Cloud security issues and challenges: A survey," Journal of Network and Computer Applications, vol. 79, pp. 88- 115, 2017.

M. A. A. Khan, "A survey of security issues for cloud computing," Journal of Network and Computer Applications, vol. 71, pp. 11-29, 2016.

S. Iqbal et al., "On cloud security attacks: A taxonomy and intrusion detection and prevention as a service," Journal of Network and Computer Applications, vol. 74, pp. 98-120, 2016.

Y. Shin, D. Koo, and J. Hur, "A survey of secure data deduplication schemes for cloud storage systems," ACM Computing Surveys, vol. 49, no. 4, pp. 1-38, 2017.

S. Chandna, R. Singh, and F. Akhtar, "Data scavenging threat in cloud computing," International Journal of Advances In Computer Science and Cloud Computing, vol. 2, no. 2, pp. 106-111, 2014.

Microsoft Azure. (2018, 10/6/2018). Azure DDoS Protection. Available:

D. Plastina. (2015). Azure Key Vault—Making the Cloud Safer. Available:

J. Wu, L. Ding, Y. Wu, N. Min-Allah, S. U. Khan, and Y. Wang, "C2detector: A covert channel detection framework in cloud computing," Security & Communication Networks, Article vol. 7, no. 3, pp. 544-557, 03// 2014.

P. Mishra, E. S. Pilli, V. Varadharajan, and U. Tupakula, "Intrusion detection techniques in cloud environment: A survey," Journal of Network and Computer Applications, vol. 77, pp. 18-47, 2017.

T. B. Waghela, "Botnet: Switching c & c servers using RaspberryPI," vol. 14, pp. 100-104, 2016.

L. Ablon and M. Libicki, "Hackers' Bazaar: The Markets for Cybercrime Tools and Stolen Data," Defense Counsel Journal, vol. 82, pp. 143-152, 2015.

K. Huang, M. Siegel, and S. Madnick, "Systematically understanding the cyber attack business: A survey," ACM Computing Surveys, Article vol. 51, no. 4, pp. 1-36, 2018.

C. Jadala Vijaya, A. Tingilikar, and B. Prathusha, "Challenges and defenses for network and cloud security from risks, threats and attacks in cloud computing," (in English), International Journal of Advanced Research in Computer Science, vol. 8, no. 9, Nov 20172017-12-27 2017.

M. Mavani and K. Asawa, "Modeling and analyses of IP spoofing attack in 6LoWPAN network," Computers & Security, vol. 70, pp. 95-110, 2017.

J. Luftman, K. Lyytinen, and Z. Tal ben, "Enhancing the measurement of information technology (IT) business alignment and its influence on company performance," (in English), Journal of Information Technology, vol. 32, no. 1, pp. 26-46, Mar 20172018-04-24 2017.

Z. Alreemy, V. Chang, R. Walters, and G. Wills, "Critical success factors (CSFs) for information technology governance (ITG)," International Journal of Information Management, vol. 36, pp. 907-916, 2016.

H. Hassan, M. Herry, M. Nasir, and N. Khairudin, "Cloud computing adoption in organisations: Review of empirical literature," (in English), vol. 34, 2017 2017.

A. Prasad and P. Green, "Governing cloud computing services: Reconsideration of IT governance structures," International Journal of Accounting Information Systems, vol. 19, pp. 45-58, 2015.

ENISA. (2018). About ENISA. Available:

E. Cayirci, A. Garaga, A. Santana De Oliveira, and Y. Roudier, "A risk assessment model for selecting cloud service providers," (in English), Journal of Cloud Computing, vol. 5, no. 1, pp. 1-12, Sep 20162017-02- 09 2016.

ISO. (2018). About ISO. Available:

COSO. (2018). Welcome to COSO. Available:

ISACA. (2018, 10/3/2018). What we offer & whom we serve. Available:

CSA. (2018). About Cloud Security Alliance. Available:

NIST. (2018). NIST general information. Available:

J. Webb, A. Ahmad, S. B. Maynard, and G. Shanks, "A situation awareness model for information security risk management," Computers & Security, vol. 44, pp. 1-15, 2014.

P. P. Tallon, R. V. Ramirez, and J. E. Short, "The Information artifact in IT governance: Toward a theory of information governance," Journal of Management Information Systems, vol. 30, pp. 141-178, 2013.

D. Roberts, Unleashing the Power of IT: Bringing People, Business, and Technology Together, 2nd Edition [VitalSource Bookshelf version], 2014. [Online]. Available:

C. Low and Y. Chen, "Criteria for the evaluation of a cloud-based hospital information system outsourcing provider," Journal of Medical Systems, vol. 36, pp. 3543-3553, 2012.

M. Gerber and R. v. Solms, "Information security requirements – Interpreting the legal aspects," Computers & Security, vol. 27, pp. 124- 135, 2008.

Full Text: PDF


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.

IT in Innovation IT in Business IT in Engineering IT in Health IT in Science IT in Design IT in Fashion

IT in Industry @ (2012 - ) . . ISSN (Online): 2203-1731; ISSN (Print): 2204-0595