Information Security and Risk Management of Cloud Services: Guidelines and Recommendations for Organizations

Pilviratkaisut ovat olleet standardi IT-alusta yli vuosikymmenen ajan, ja organisaatiot sekä kuluttajat ottavat niitä käyttöön yhä enenevissä määrin. Huolimatta kuluttajien ja organisaatioiden vahvasta suuntauksesta siirtyä pilviratkaisuihin, pilven tietoturva on edelleen merkittävä ongelma ja pitkä...

Täydet tiedot

Bibliografiset tiedot
Päätekijä: Törmänen, Tommi
Muut tekijät: Informaatioteknologian tiedekunta, Faculty of Information Technology, Jyväskylän yliopisto, University of Jyväskylä
Aineistotyyppi: Pro gradu
Kieli:eng
Julkaistu: 2024
Aiheet:
Linkit: https://jyx.jyu.fi/handle/123456789/96587
_version_ 1826225725826400256
author Törmänen, Tommi
author2 Informaatioteknologian tiedekunta Faculty of Information Technology Jyväskylän yliopisto University of Jyväskylä
author_facet Törmänen, Tommi Informaatioteknologian tiedekunta Faculty of Information Technology Jyväskylän yliopisto University of Jyväskylä Törmänen, Tommi Informaatioteknologian tiedekunta Faculty of Information Technology Jyväskylän yliopisto University of Jyväskylä
author_sort Törmänen, Tommi
datasource_str_mv jyx
description Pilviratkaisut ovat olleet standardi IT-alusta yli vuosikymmenen ajan, ja organisaatiot sekä kuluttajat ottavat niitä käyttöön yhä enenevissä määrin. Huolimatta kuluttajien ja organisaatioiden vahvasta suuntauksesta siirtyä pilviratkaisuihin, pilven tietoturva on edelleen merkittävä ongelma ja pitkäaikainen keskustelunaihe sekä tutkijoiden että ammattilaisten keskuudessa. Monet organisaatiot epäröivät edelleen ottaa pilviratkaisuja käyttöön tietoturvaongelmien vuoksi. Tämän pro gradu -tutkielman tavoitteena oli lisätä organisaatioiden tietoisuutta pilvipalveluihin liittyvistä tietoturvariskeistä sekä käytettävissä olevista menetelmistä ja työkaluista näiden riskien hallitsemiseksi. Tutkimuksen tavoitteena oli vastata yhteen päätutkimuskysymykseen: "Mitä organisaatioiden tulisi ottaa huomioon tietoturvan osalta pilvipalveluiden käyttöönotossa ja hallinnassa?”, sekä yhteen apututkimuskysymykseen: "Mitä tietoturvariskejä pilvipalveluiden käyttö voi aiheuttaa organisaatioille?". Opinnäytetyön rakenne käsittää perusteellisen kirjallisuuskatsauksen, jota seuraa empiirinen tapaustutkimus. Pilven tietoturvaan liittyvät lukuisat haasteet korostavat organisaatioiden kriittistä tarvetta toteuttaa vaikuttavia tietoturvakontrolleja, suorittaa kattavia riskinarviointeja, ja varmistaa pilviympäristöjensä jatkuva valvonta sekä kehitystyö. Organisaatioiden on tärkeää pysyä mukautuvina ja sitoutua jatkuvaan parantamiseen varmistaakseen, että pilven tietoturva kehittyy pilviympäristön ja ympäröivän uhkaympäristön mukana. Organisaatioiden tulisi omaksua kattava ja monitasoinen lähestymistapa pilven tietoturvaan noudattaen syvyyssuuntaisen suojauksen periaatteita. Tähän sisältyy sen varmistaminen, että tietoturva on integroitu pilviarkkitehtuurin jokaiseen kerrokseen suunnitellusti. Cloud solutions have been the standard IT platform for over a decade and are increasingly adopted by organizations and consumers. Despite the strong trend of users and organizations moving to cloud solutions, cloud security remains a significant issue and a longstanding debate among both academics and practitioners, and many organizations are still hesitant to adopt cloud solutions due to security concerns. The objective for this thesis was to improve awareness among organizations regarding the security risks associated with cloud computing and the methods and tools available to mitigate these risks. The study aimed to answer one main research question: “What should organizations take into account regarding information security when deploying and managing cloud services?”, and one sub-research question: “What information security risks can the use of cloud services cause for organizations?”. The structure of the thesis encompasses a thorough literature review, followed by an empirical case study. The numerous challenges associated with cloud security highlight the critical need for organizations to implement robust security controls, conduct comprehensive risk assessments, and ensure continuous monitoring and development of their cloud environments. It is essential for organizations to remain adaptive and commit to continuous improvement to ensure that cloud security evolves alongside the cloud environment and the surrounding threat landscape. Organizations should adopt a comprehensive and multilayered approach to cloud security, adhering to the defense-in-depth principles. This includes ensuring that security is integrated into every layer of the cloud architecture by design.
first_indexed 2024-08-14T20:04:21Z
format Pro gradu
free_online_boolean 1
fullrecord [{"key": "dc.contributor.advisor", "value": "Viinikainen, Ari", "language": null, "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "T\u00f6rm\u00e4nen, Tommi", "language": null, "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2024-08-13T12:54:11Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2024-08-13T12:54:11Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2024", "language": null, "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/96587", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Pilviratkaisut ovat olleet standardi IT-alusta yli vuosikymmenen ajan, ja organisaatiot sek\u00e4 kuluttajat ottavat niit\u00e4 k\u00e4ytt\u00f6\u00f6n yh\u00e4 eneneviss\u00e4 m\u00e4\u00e4rin. Huolimatta kuluttajien ja organisaatioiden vahvasta suuntauksesta siirty\u00e4 pilviratkaisuihin, pilven tietoturva on edelleen merkitt\u00e4v\u00e4 ongelma ja pitk\u00e4aikainen keskustelunaihe sek\u00e4 tutkijoiden ett\u00e4 ammattilaisten keskuudessa. Monet organisaatiot ep\u00e4r\u00f6iv\u00e4t edelleen ottaa pilviratkaisuja k\u00e4ytt\u00f6\u00f6n tietoturvaongelmien vuoksi. T\u00e4m\u00e4n pro gradu -tutkielman tavoitteena oli lis\u00e4t\u00e4 organisaatioiden tietoisuutta pilvipalveluihin liittyvist\u00e4 tietoturvariskeist\u00e4 sek\u00e4 k\u00e4ytett\u00e4viss\u00e4 olevista menetelmist\u00e4 ja ty\u00f6kaluista n\u00e4iden riskien hallitsemiseksi. Tutkimuksen tavoitteena oli vastata yhteen p\u00e4\u00e4tutkimuskysymykseen: \"Mit\u00e4 organisaatioiden tulisi ottaa huomioon tietoturvan osalta pilvipalveluiden k\u00e4ytt\u00f6\u00f6notossa ja hallinnassa?\u201d, sek\u00e4 yhteen apututkimuskysymykseen: \"Mit\u00e4 tietoturvariskej\u00e4 pilvipalveluiden k\u00e4ytt\u00f6 voi aiheuttaa organisaatioille?\". Opinn\u00e4ytety\u00f6n rakenne k\u00e4sitt\u00e4\u00e4 perusteellisen kirjallisuuskatsauksen, jota \nseuraa empiirinen tapaustutkimus. Pilven tietoturvaan liittyv\u00e4t lukuisat haasteet korostavat organisaatioiden kriittist\u00e4 tarvetta toteuttaa vaikuttavia tietoturvakontrolleja, suorittaa kattavia riskinarviointeja, ja varmistaa \npilviymp\u00e4rist\u00f6jens\u00e4 jatkuva valvonta sek\u00e4 kehitysty\u00f6. Organisaatioiden on t\u00e4rke\u00e4\u00e4 pysy\u00e4 mukautuvina ja sitoutua jatkuvaan parantamiseen varmistaakseen, ett\u00e4 pilven tietoturva kehittyy pilviymp\u00e4rist\u00f6n ja ymp\u00e4r\u00f6iv\u00e4n uhkaymp\u00e4rist\u00f6n mukana. Organisaatioiden tulisi omaksua kattava ja monitasoinen l\u00e4hestymistapa pilven tietoturvaan noudattaen syvyyssuuntaisen suojauksen periaatteita. T\u00e4h\u00e4n sis\u00e4ltyy sen varmistaminen, ett\u00e4 tietoturva on integroitu pilviarkkitehtuurin jokaiseen kerrokseen suunnitellusti.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Cloud solutions have been the standard IT platform for over a decade and are increasingly adopted by organizations and consumers. Despite the strong trend of users and organizations moving to cloud solutions, cloud security remains a significant issue and a longstanding debate among both academics and practitioners, and many organizations are still hesitant to adopt cloud solutions due to security concerns. The objective for this thesis was to improve awareness among organizations regarding the security risks associated with cloud computing and the methods and tools available to mitigate these risks. The study aimed to answer one main research question: \u201cWhat should organizations take into account regarding information security when deploying and managing cloud services?\u201d, and one sub-research question: \u201cWhat information security risks can the use of cloud services cause for organizations?\u201d. The structure of the thesis encompasses a thorough literature review, followed by an empirical case study. The numerous challenges associated with cloud security highlight the critical need for organizations to implement robust security controls, conduct comprehensive risk assessments, and ensure continuous monitoring and development of their cloud environments. It is essential for organizations to remain adaptive and commit to continuous improvement to ensure that cloud security evolves alongside the cloud environment and the surrounding threat landscape. Organizations should adopt a comprehensive and multilayered approach to cloud security, adhering to the defense-in-depth principles. This includes ensuring that security is integrated into every layer of the cloud \narchitecture by design.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by jyx lomake-julkaisija (jyx-julkaisija.group@korppi.jyu.fi) on 2024-08-13T12:54:11Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2024-08-13T12:54:11Z (GMT). No. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "86", "language": null, "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "CC BY 4.0", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.title", "value": "Information Security and Risk Management of Cloud Services: Guidelines and Recommendations for Organizations", "language": null, "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202408135464", "language": null, "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuuden maisteriohjelma", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Master's Degree Programme in Cyber Security", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.copyright", "value": "\u00a9 The Author(s)", "language": null, "element": "rights", "qualifier": "copyright", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://creativecommons.org/licenses/by/4.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}]
id jyx.123456789_96587
language eng
last_indexed 2025-02-18T10:54:31Z
main_date 2024-01-01T00:00:00Z
main_date_str 2024
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/1187fbcf-8afc-49f3-97fa-9af0d780988c\/download","text":"URN:NBN:fi:jyu-202408135464.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2024
record_format qdc
source_str_mv jyx
spellingShingle Törmänen, Tommi Information Security and Risk Management of Cloud Services: Guidelines and Recommendations for Organizations Kyberturvallisuuden maisteriohjelma Master's Degree Programme in Cyber Security
title Information Security and Risk Management of Cloud Services: Guidelines and Recommendations for Organizations
title_full Information Security and Risk Management of Cloud Services: Guidelines and Recommendations for Organizations
title_fullStr Information Security and Risk Management of Cloud Services: Guidelines and Recommendations for Organizations Information Security and Risk Management of Cloud Services: Guidelines and Recommendations for Organizations
title_full_unstemmed Information Security and Risk Management of Cloud Services: Guidelines and Recommendations for Organizations Information Security and Risk Management of Cloud Services: Guidelines and Recommendations for Organizations
title_short Information Security and Risk Management of Cloud Services: Guidelines and Recommendations for Organizations
title_sort information security and risk management of cloud services guidelines and recommendations for organizations
title_txtP Information Security and Risk Management of Cloud Services: Guidelines and Recommendations for Organizations
topic Kyberturvallisuuden maisteriohjelma Master's Degree Programme in Cyber Security
topic_facet Kyberturvallisuuden maisteriohjelma Master's Degree Programme in Cyber Security
url https://jyx.jyu.fi/handle/123456789/96587 http://www.urn.fi/URN:NBN:fi:jyu-202408135464
work_keys_str_mv AT törmänentommi informationsecurityandriskmanagementofcloudservicesguidelinesandrecommendationsfor