A Risk Management Approach for a Sustainable Cloud Migration
National Audit Department, Persiaran Timur 3, 71760 Bandar Baru Enstek, Negeri Sembilan, Malaysia
School of Architecture, Computing and Engineering, University of East London, London E16 2RD, UK
Department of Information and Communication Systems Engineering, University of the Aegean, Mytilene 81100, Greece
Authors to whom correspondence should be addressed.
J. Risk Financial Manag. 2017, 10(4), 20; https://doi.org/10.3390/jrfm10040020
Received: 26 September 2017 / Revised: 27 October 2017 / Accepted: 30 October 2017 / Published: 9 November 2017
(This article belongs to the Section Sustainability and Finance)
Cloud computing is not just about resource sharing, cost savings and optimisation of business performance; it also involves fundamental concerns on how businesses need to respond on the risks and challenges upon migration. Managing risks is critical for a sustainable cloud adoption. It includes several dimensions such as cost, practising the concept of green IT, data quality, continuity of services to users and clients, guarantee tangible benefits. This paper presents a risk management approach for a sustainable cloud migration. We consider four dimensions of sustainability, i.e., economic, environmental, social and technology to determine the viability of cloud for the business context. The risks are systematically identified and analysed based on the existing in house controls and the cloud service provider offerings. We use Dempster Shafer (D-S) theory to measure the adequacy of controls and apply semi-quantitative approach to perform risk analysis based on the theory of belief. The risk exposure for each sustainability dimension allows us to determine the viability of cloud migration. A practical migration use case is considered to determine the applicability of our work. The results identify the risk exposure and recommended control for the risk mitigation. We conclude that risks depend on specific migration case and both Cloud Service Provider (CSP) and users are responsible for the risk mitigation. Inherent risks can evolve due to the cloud migration.