Without the ability to test the cloud computing insider threat risk assessment framework through the development of best practice recommendations for controlling these risks, this framework would be all but useless, and thus the concrete and practical nature of the second research purpose is important internally to the research as well as to the real-world business and technology communities. Research that is immediately and practically useful tends to find greater support and also leads to more extensive and meaningful discussions while also promoting more related research, and this purpose is considered valuable for this element, as well. Through the practical recommendations made in the fulfillment of this second research purpose, the academic and the practical knowledge gained in this area will both be greatly enhanced. These research purposes will directly address the problems identified as central to this research. Through the creation of a risk assessment framework for insider threats to cloud computing and the making of recommendations to address identified threats, the problem of a lack of appropriate understanding and knowledge will be directly tackled. As it is the purpose of all research to address problems identified by knowledge gaps, and ideally to provide recommendations of a practical nature, it is believed these research purposes will make this research endeavor highly successful.

Research Questions

What specific risks do companies face from insider threats in cloud computing situations?

This basic question was selected because it is a fundamental piece of knowledge that must be obtained before the research problem can be more adequately and specifically addressed. Identifying risks is necessary for developing a reliable framework and for making recommendations for combating those risks. This will add to current literature...

A variety of malicious and accidental risks are expected to be strongly represented in the findings.
How can costs be effectively associated with risks?

This question is important for both research purposes, as well, providing another fundamental piece of the framework needed to fulfill the first research purpose and also ensuring that recommendations made in the fulfillment of the second research purpose are cost-effective and proportional. Answering this research question will thus enable the research problem to be directly addressed -- is in fact a part of directly addressing this problem -- and will further add to the literature in the area by providing a list of mechanisms, associations, and modeled reactions that assign monetary figures to risks. This understanding will greatly enhance other research in the area as well as providing significant practical benefit to current businesses. It is expected that costs will all have multiple factors affecting their values for individual business and scenarios.

References

Chow, R., Golle, P., Jakobsson, M., Shi, J… & Molina, J. (2009). Controlling data in the cloud: outsourcing computation without outsourcing control. Proceedings of the 2009 ACM workshop on Cloud computing security: 85-90.

Jansen, W. (2011). Cloud Hooks: Security and Privacy Issues in Cloud Computing. 44th Hawaiian International Conference on System Sciences.

Joshi, J. & Ahn, G. (2010). Security and Privacy Challenges in Cloud Computing Environments. Security & Privacy, IEEE 8(6): 24-31.

Subashini, S. & Kabitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications 34(1): 1-11.