A systems perspective on cybersecurity in the cloud : frameworks, metrics and migration strategy
Author(s)
Raina, Ravi
DownloadFull printable version (19.10Mb)
Other Contributors
Massachusetts Institute of Technology. Engineering Systems Division.
Advisor
Stuart Madnick.
Terms of use
Metadata
Show full item recordAbstract
Cloud computing represents the next generation of disruptive technologies in computing. However, there are several barriers to massive adoption of cloud and among them security remains one of the principal concerns. Traditional failure analysis and prevention frameworks fall exceedingly short to address cybersecurity as is evident by every increasing cybersecurity breaches. New frameworks for cybersecurity are required which take a holistic view of the problem and a systems perspective. Migrating to cloud also represents a key decision point for CEO/CTO's today, especially from security perspective. The objective of this thesis is to illustrate the effectiveness of taking a Systems Approach to cybersecurity and provide a framework for migration to cloud with specific emphasis on critical cybersecurity issues pertaining to various cloud deployment models and delivery services. The thesis is divided into three phases. Firstly, it will aim to explore the major security threats and critical areas of focus for security in cloud. It will explore the major security frameworks, metrics and controls, especially the major ones from NIST, CIS and CSA. SLA's for different cloud service models will then be presented. A high level cloud migration framework strategy and framework, with special emphasis on cybersecurity will also be discussed. In the second phase, System- Theoretic Accident Model and Processes (STAMP) which is based on Systems Theory will be applied to Target security breach and key recommendations as well as new insights will be presented. The analysis will highlight the need for holistic approach and Systems Thinking to cybersecurity and new insights that are not produced by traditional methods will be presented. Finally, in the third phase, the cloud migration framework discussed in phase one will be applied to Target. A case will be made that in certain scenarios, moving the less critical applications to cloud and utilizing the security benefits of cloud can actually reduce the threat vectors and security exposures and bring IT systems from a higher risk state to lower risk state. The thesis integrates cybersecurity methods and frameworks as well as security metrics with the cloud migration strategy. Additionally, it also presents STAMP/CAST failure model for cybersecurity breaches and highlights the need for integrated view of safety and security and Systems Thinking in cybersecurity both in traditional systems and cloud.
Description
Thesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, School of Engineering, System Design and Management Program, Engineering and Management Program, 2016. Cataloged from PDF version of thesis. Includes bibliographical references (pages 119-124).
Date issued
2016Department
Massachusetts Institute of Technology. Engineering and Management Program; System Design and Management Program.Publisher
Massachusetts Institute of Technology
Keywords
Engineering and Management Program., System Design and Management Program., Engineering Systems Division.