Discuss about the Management of Security Risks in Commonwealth Bank of Australia after Cloud Implementation.
The multi-contributor cloud based solution employed for critical business applications in CBA makes their applications to be transferred recurrently between the cloud contributors. Since CBA moved its in-house framework to cloud strategy, the administration charges and time for executive the business processes are significantly reduced by 40% ((Cavoukian & Crompton, 2001). For the implementation of cloud, CBA requires intrinsic abilities for designing complicated information technology solutions, for administering the external cloud contributors, and thereby for dominating the crafting of applications.
Benefits and Risks of Cloud Computing
The responsibility of the Information Technology is transformed by the implementation of Cloud Computing. The role of “IT negotiator” is performed by the IT utility by moving their organization’s business departments to an external, cloud based IT solution rather than the domestic IT components. According to the cloud computing research conducted by Forester, the international promotion became $15 billion in the year 2010, in 2014 it was $78 billion, and the international market will accomplish about $240 billion in the year 2020 after the deployment of cloud computing technology.
The cloud contributors like IBM, Amazon, Microsoft, and Google have persuaded the advantage and importance of cloud computing to most of the IT companies around the globe. Yet the firms having delegation crucial safety requirements like banks and other financial organizations are also transferring their own IT services to the cloud. The forceful contentions of cloud computing include efficiency, cost reduction, prospects for prompt development, and litheness.
More IT organizations are claiming that the cloud computing made their IT processes easier and enhanced the information security. According to many business managers, the cloud transformation enabled the innovation and modified the organizational infrastructure.
In addition to that, many concerns arise after the deployment of cloud computing. Data dominion issues and other security issues related to the region where the cloud is deployed are addressed by the cloud service providers. Even then, some cloud computing problems stay behind. The IT managers agonize that the misplaced IT abilities, long-term business agreements, and technological padlock results in higher reliance on cloud providers.
After the deployment of cloud computing, the IT managers cannot possess abilities to manage the IT platform directly. Even though the deployment of cloud computing increases the performance of Commonwealth Bank of Australia (CBA), the compatibility and other problems arise for the IT managers working in the organization as it embedded the cloud computing (Hall & Liedtka, 2007).
The IT framework costs and application provision and development costs are reduced by the employment of external cloud solution.
The imminent provided by CBA’s cloud approach is enlisted below.
The cloud criteria are defined and imposed across the cloud service contributors for permitting the toggling between the contributors.
The flexible short-term indenture made with the cloud contributors are negotiated for providing the market pricing provision for organization at all times.
The highly efficient IT solutions can be obtained by completely retaining all the intrinsic capacities of the IT department in CBA. By this way, they become effective “IT mediators” for assimilating the extrinsic and intrinsic IT components.
The business applications, which are unable to be outsourced to the cloud, are kept external from the cloud life cycle incidents and the cloud mitigation must be prioritized.
The CBA embraces and implements the corporate-level high cloud standards (Horrigan, 2008).
Commonwealth Bank of Australia Overview
CBA is one of the largest international banks that have headquarters situated in Sydney, Australia. It is established in the year 1911 by the federal government of Australia. And the bank was privatized in the year 1991 (Pearson, Casassa, Crane & Herrmann, 2005). There was about 50,000 employees in 2014, where there are 6000 employees belonging to IT and operations segments. The total properties administered by CBA are about 750 billion dollars (Jensen, Schwenk, Gruschka & Iacono, 2014).
CBA is the reputed organization which is one of the consumers in the topmost 20 IT across the globe. Many IT projects are accomplished by CBA for attaining this status. The major IT project accomplished by CBA is “Which New Bank” project drafted during the year 2003-2005. An additional important project done by CBA is CBA’s core banking system developed during the year 2007-2012 (Google App Engine, 2017). With the evolution of cloud computing methodology, the CBA become successful in their business which will be discussed in the following sections.
Resource genres of CBA’s IT
The most complicated IT environment is in financial industrially especially banks. Achieving the customer conviction is difficult in banks. And, the conviction depends on the IT acquiescence, IT systems accessibility, and data security that are impacted by the cloud computing technology. For instance, the achieving IT acquiescence is more difficult in banks while employing cloud computing. Many authoritarian requirements are designed and CBA is functioning based on the corresponding regulatory needs. The financial data storage in other regions except Australia is prohibited by the Australian Federation law.
After leading the way to cloud computing, CBA faced many challenges and risks become of the operation of cloud service providers in other country i.e. USA. Even though the factors like accessibility, acquiescence, and data security created the complications for proceeding with cloud computing solution, they do not depressed the approach (Rose, 2011).
Before the implementation of cloud computing approach, CBA employed two 2 types of extrinsic IT resourcing genres. The CBA contracted out the IT requirements of the organization to Enterprise Data Systems or Hewlett-Packard Enterprise Systems for 10-year agreement in the first sourcing genre.
Cost constituents were placed in the single contributor contract but they placed long-term contracts containing fixed charges and assured capacity.
When the first genre was followed by CBA, it has reduced the amount of intrinsic IT employees since Enterprise Data Systems has offered most of the IT services to CBA. And because of this working condition, CBA has mislaid some of the domestic IT abilities. This capacity loss imposes certain confusions in the cooperation of new amenities. The IT related concerns are faced by CBA within the internal departments of the bank and with the enterprise data system. After facing these confronts, CBA decided to implement a schema for creating an IT hallucination, reconstructing the IT functionality, and for retaining the IT potential. The CBA is evoked for successfully finishing the major IT tasks after the implementation of the schema.
CBA exploited the retained IT potentials to transmit its IT services in the multi service contributor in the second genre. By using this type of genre, the bank was able to administer all the cloud providers using unique service level agreements.
After enhancing the technical expertise in multi provider type of environment, CBA started to examine the cloud infrastructures by means of effective virtualization. This resulted in higher productivity and cost savings. It made the virtual desktops to be employed quicker and manages them easily when compared to the corporeal desktops. The IT division employees of CBA scrap various virtual desktops through the application of insignia to a corporeal server.
But the inefficiency is encountered somewhere, since the employment of virtual desktops in organization requires additional storage size when compared to the space of corporeal desktops. However, the use of virtual desktops resulted in cost savings and productivity.
By the end of the year 2000, some IT framework costs were recurred. In order to promote further cost reductions, the employment of cloud computing promoted a pay as you utilize and cost efficient model and assists the bank to promote new business applications. A new IT hallucination is created by CBA for distributing the IT as service by the implementation of cloud computing.
The effectiveness and accessibility of cloud computing were very appealing to CBA since the number of exertions in CBA is not predictable. The cloud computing has pledged CBA for removing the additional hardware requirements and for enhancing the amalgamation of operational process and application development.
Shifting to Cloud Computing
The intrinsic IT department is lead by the CIO of CBA during the year 2006-2014, Michael Harte and his employees. The cloud computing was discussed by Harte in various technical forums and influenced the cloud service contributors to update their delivery and deployment models (Osterwalder, 2011).
Oracle Grid environment is the first cloud environment administered by CBA. It has dispersed the effective and standardized database structures for the business requirements. A new database object creation is done by modifying the configuration for knowing the source of the physical device. The database source segregation from other database constitution is the main decision criteria.
The new database objects are created immediately and inexpensively by using this configuration in CBA. Many databases inclusive of the business critical and more exertion contained in CBA have been moved to the cloud platform. Encouragement for drafting an administration layer between the IT applications and IT infrastructure is mainly proffered by the Oracle Platform (The Royal Academy of Engineering, 2007).
Oracle has strengthened the cloud apparition and the CBA’s turn is upheld to the cloud through positive involvement. Be that as it may, The IT requirements past databases are contained in the advancement and operations offices. The different IT stages are institutionalized by the Oracle stage. Running starting from fundamental stages like an institutionalized LINUX condition to states related to an institutionalized SAP ERP server was created by Oracle. A stage demonstration needs by be actualized by CBA to its Prophet stage through the last advances. However, it can be accomplished by the incorporation of the model having the capacity to coordinate outside mists and in addition inside IT segment (Mowbray, 2009).
Fig 1: Adaption of Cloud in CBA for the year 2012-2014
Numerous suppliers are responsible for competitive expenses in the market rather than the couple of suppliers with forthright understanding
Figuring of cloud by using internal social boundaries
The showcase time diminishment by the rapid arrangement of new conditions
Concerns related to accessibility and safety
Variable exertions with higher aggregate volume of IT
Certain information stockpiling options are disallowed in the regulatory system of the cloud
Duty related cloud acquirement of IT initiative sense
Few versatility is percept to be the current domestic hallucination
Adaptability and versatile guaranteed expansion due to Multi-supplier cloud
Few adaptability is provided by the perception of current regular multiprovider cloud genre
Table 1: Influences and Hindrances of multi-provider cloud model
For instance, from the table above, the multi-supplier IT genre mode is compared with the domestic infrastructure. The boundaries that must be overcome is depicted alongside the real drivers of CBA moving to a multi contributor cloud IT sourcing genre are abridged in Table 1.
Multi-Contributor Prototype of CBA
Cloud Model Framework of CBA
The "stateless" applications are sent which enables the execution of multi contributor cloud genre during the year 2011 whenever it is picked. The new applications scope for the purpose of providing versatile space is due to the composing season.
The CBA's IT costs near genuine pay for consumption is the main advantage achieved in this model. That is, the supplanted recuperate as a consume IT costs beforehand settled or ventured the costs recurred in IT functionality.
Likewise, the IT assets consequently scaling upon with CBA’s variable exertions are utilized by the applications running in the cloud. At long last, significant improvement, generation conditions, and verifications are performed by this model for appointing in minutes rather than long term like weeks, so as to diminish time for showcase the saving money applications and administrations (Cohen, Lindvall & Costa, 2004).
The model execution is done by the group dedicatedly formed by CBA's IT division for taking a shot at the execution of the model. The different offices (e.g., for lawful mastery) provided valuable assistance to these formed groups. Remotely, a few cloud suppliers and other industry accomplices are cooperatively worked with CBA to create and command cloud benchmarks, such as application programming interfaces (APIs), suppliers, and crosswise over applications. This implied that, CBA required cloud suppliers to acknowledge its own measures (Lindell & Pinkas, 2002) rather than tolerating the cloud suppliers' measures. In this manner, the cloud supplier characteristics are gauged by the CBA to turn out this model as the common cloud show.
Likewise, a group of cloud suppliers made adaptable on-request agreements with CBA. The CBA-made market for IT supply does not offer authoritative adaptability to those who are unfit for acknowledging the guidelines. The new applications needed to utilize the cloud gauges are implied by the CBA to be as "administered towards the cloud. (Rousseau, Sitkin, Burt & Camerer, 2011).
The cloud benchmarks are embraced by the best layer (CBA's applications) comprising an arrangement of applications. The cloud-facilitated applications end clients are CBA's business units or clients (despite the fact that they will regularly not care about the applications presently keep running in the cloud). Distinctive gauges are utilized by these applications contingent upon their individual necessities. For instance, CBA's SQL server standard should be agreed and confirmed if an application needs a SQL server. The CBA's web server principles should be confirmed with an application requiring a web server (McKinley, Samimi, Shapiro & Chiping, 2006).
Rather than committed processing assets, the business applications depend on the focal multi-supplier cloud administration framework to progressively assign the figuring limits they require. The model along these lines enables CBA to move applications and their exertions in a hurry, contingent upon costs, execution and administration level assentions for security, consistence or accessibility.
The upper layer applications are coordinated with the multi-supplier cloud administration framework to the distributed computing lower layer foundation. The administration framework basic objective was propelled in the year 2012 for powerfully figuring out the supplier to execute an application and to dole out the application to that corresponding supplier. The firewall incorporated inside the CBA contains the cloud administration framework stays so as to oversee and control the organizational framework. As per the cloud administration framework's dynamic distributions, the real figuring could be happened on either side of the CBA’s firewall.
The applications are provided with on-request foundation along these lines that are sourced from any foundation gauges supported by the cloud supplier. The administration framework manufactured based on ServiceMesh’s product technology is responsible for the effective execution of CBA's IT division (Berney, 2010). The CBA's arrangements and contracts administration framework are systematized and powerfully exported to export the applications and their exertions to cloud suppliers.
The constant expenses, broad security, consistence and accessibility needs are accessed by this administration framework. The designation crosswise the enhancement of the framework over the suppliers on an on-going premise inside these limitations. The costs can be diminished and the accessibility and execution of utilizations are provided by the programmed enhancement of the framework.
The Amazon, Fujitsu, Hewlett- Packard and a few other cloud suppliers are incorporated in the layer of this framework. The multi-supply display was additionally administered by the CBA's claim IT section. Several cloud conditions are imposed by the suppliers in the bank, locally in Australia or across several regions for example, the U.S. or the Singapore. The administration sorts required by the CBA are not necessarily offered by the cloud service suppliers. Be that as it may, the offered administrations must consent with the guidelines defined by CBA.
Advantages of CBA Cloud Service Model
The capacity to move applications between suppliers on a compensation as-you-go premise is one of the key highlights of CBA's multi-supplier cloud demonstration at any point in time. The key empowering influence, online coordination is attained by moving applications and exertions promptly. Besides, the CBA is empowered by this model to stay away from high forthright expenses and long haul responsibilities.
The ability to move applications and exertions consequently in the perspective of standard stages enables the bank for catching the considerable esteem from distributed computing by making "contestability" anytime. The CBA was enabled by this model for utilizing the limits of various suppliers productively for the purpose of costs diminishment and adaptability increment.
As far as adaptability and versatility, the interior IT suppliers lies behind the multi-supplier cloud IT sourcing model and the single-supplier courses of action or sets of non-incorporated cloud suppliers. The physical inhouse registering limit imperatives are confronted by the internal suppliers.
Conventional Domestic Sourcing
CBA’s Cloud Prototype
Original Reimburse as you utilize service
Adaptability and Compliance
Limited to domestic ability (Kohl, 2007)
Boundless Compliancy is achieved
No competitive advantage. The competiveness is based on the intrinsic IT functionality
Competitive advantage is attained fully by CBA
More number of security concerns are encountered inside the IT segment
The data storage will be personalized according to the business requirements, safety standards, and location of the cloud contributors
Table 2: Assessment of Non-Cloud, Multi-Provider, and Single Provider Cloud Models
Examples of CBA’s Cloud Advantages
The official site of CBA, commbank.com.au is utilized by people and retail saving money clients and is currently conveyed through the institutionalized web server stage. The site can be enabled to be executed on the cloud stage by an institutionalized site as opposed to on specific devoted equipment. The expenses of about $650,000 every year are detailed by the CBA prior to the deployment of the cloud prototype and about $30,000 after the implementation of cloud model.
Adequately computerized arrangements of programming advancement situations are satisfied by the CBA's and the cloud suppliers through the utilization of diagram norms for those situations. The time take for making the condition arrangements are reduced while before the implementation of cloud and now it takes just 10 minutes. In general, these outcomes are lessened so as to showcase the new applications of around 4 a month and a half with the cloud demonstration (Solove, 2006).
Difficulties of Moving to a Multi-Provider Cloud Model
For setting up the multi-supplier cloud platform, CBA needs to defeat a few difficulties. The suppliers, culture and their innovation are identified by these challenges. In order to initiate with just a piece of applications portfolio, the bank could use the cloud display. A few CBA’s applications were not prepared for being deployed in the cloud environment.
A social change occurred in CBA is responsible for a moment challenge. A move in mentalities and dynamic change administration by IT authority causes the move to distributed computing. The examples of remote and intrinsic communication between the individuals are modified by the term “Distributed computing”. Scopes of outsiders are presently integrated with the CBA's IT office rather than a solitary outsourcing accomplice.
The cloud suppliers can be persuaded by the CBA for placing exertion in order to acknowledge the customer idea of side institutionalization. The cloud principles provide by suppliers with strong anxiety are embraced by the bank.
The cloud administration framework layer of the cloud demonstration is actualized by the third test for locating the privilege innovation. The ServiceMesh's product was tweaked to fuse some of its own product improvements (Solove, 2006).
Cloud Risks and Vulnerabilities confronted in CBA
Numerous risks associated with cloud computing are identified with information security, similarity, security standard insufficiency, and openness mainly in financial organizations, e.g. CBA. In institutionalized and security discerning circumstances, the types of threats like anecdotal administrations are the central focuses.
Fig 2: Risks related to cloud deployment in banks
An investigation delineates the CBA security issues recognized in cloud computing. The National Finance Security Association indicated that “The risks experienced with residential foundation can be effectively controlled and operationally redressed when contrasted with cloud innovation”. A summary on perils on the measure from 1 to 5 must be positioned by the organizations, since the security concerns are the key idea while grasping the cloud considerations.
The cloud based banks like CBA are related to specific type of threats and vulnerabilities. The security dangers associated with CBA are especially worried on data arrangement, data burst, inconsistency, and true blue issues. The banks should produce profound acknowledgement on the organization misfortune, inaccessibility of straightforwardness, and inadequate risk assessment.
The highest vulnerabilities according to the cloud service contributors are the openness nature, data break, and responsiveness. According to the security agencies, the inaccessibility of the lawful security procedures is the noteworthy security concern.
Subsequently, the essential compelling segment for choosing the cloud techniques in CBA is security concerns. For creating the related solution, the suitable reactions are inspected and the security agencies are focusing more on the perils when contrasted with cloud donors. Hence, the most perceived security vulnerabilities are the nonappearance of straightforwardness, unavailability of mechanisms for exploring hazard features, and loss of data control and reliability (Osterwalder, 2011).
CBA Risk Assessment
CBA ought to know about the specific risks related with the use of appropriated processing. The direction prerequisites gave by security department depends on the assessment and qualification. The organized corporate peril evaluation for distributed computing is not built by 46% of the respondents (Rose, 2011).
Indeed, even large amounts of budgetary associations have not made a corporate danger organization strategy. A totally composed cloud procedure is not included by 42% of banks. As per a current overview directed on the cloud use, 88% of the banks contain successfully used cloud organizations while 47% have not developed even a nutty abrasive corporate peril assessment (Google App Engine, 2017).
The conditions can be improved by advance heading from the security offices and the gatherings of cloud benefits are empowered, in order to meet the regulatory requirements. Notwithstanding that, the cloud administration rules issued by the financial expert of Australia are useful for the respondents for dealing with the current and creating inventive threats.
There is some disparity between the essential troubles perceived by the cloud vendors and CBA. From the point of view of banks, the imparted managerial duties underline more in the midst of the development to cloud-based organizations. As indicated by the cloud benefit donors, the most complex hazard is recognized because of the migration of repeated trading courses of action.
Then again, keeping in mind that the end goal to look at the dangers in banks like CBA, the recurrent trading courses of action influence them to not to relocate the business applications to the cloud. Around 34% of the banks analyze that cloud examination and log gathering are the issues experienced particularly in the general population mists. In any case, the cloud service suppliers judge the trial of log gathering as absolutely unessential and they do not have the comparable supposition as that of banks. Consequently, the banks are in the need of organizing risk control of the malevolent events in the cloud.
Security Requisites and Recommended Threat Alleviation Measures
This area offers the security investigation from both the points of view of cloud benefit donors and CBA. The easing measures that are consolidated in the back division are additionally examined. The budgetary establishments need certain necessities while arranging the appropriation of cloud administrations.
In the wake of isolating the appropriate responses from minimum amount of cloud benefit supporters, an impression is made that the budgetary associations demand for more luxuries from the smaller cloud service sellers (Cohen, Lindvall and Costa, 2004). The cloud suppliers require significant assent assessment if an event of a scene is experienced. In addition to that, the client data can't be moved into the surges of small cloud dealers by the money related undertakings. In addition, the approved discipline arrangements are promptly accessible to the little cloud patrons yet which is not on account of bigger merchants.
Fig 3: CBA Security Requirements
Various security offices' worries with respect to the gathering of cloud based organizations by banks are talked about in the past segment. Those worries are reflected in the way that all the banks are asked for by the security relationship to take after strict security necessities, starting with the danger assessment of wellbeing endeavors to be executed.
Because of the stringent supervision and essentials set by Australian security offices, consistency is thought to be the basic working need for CBA (Rousseau, Sitkin, Burt and Camerer, 2011). The cloud choice is considered inside the module of keeping up regulatory consistency.
Other than the experience picked up by the cloud patrons, the best obstructions in overcoming the peril of conveyed processing, are started from the confused judgments about the cloud advancement. The cloud benefit supporters pick up straightforwardness about their cloud offerings (Lindell and Pinkas, 2002).
Threat Alleviation Measures
The bank’s status to secure the cloud organization show prompts specific features and capacities with respect to assuaging the threats displayed by the determination of circulated figuring. A portion of the depicted features are required keeping in mind the end goal to improve the trust while others are required with the end goal of guaranteeing consistence and security.
The anecdotal association, CBA, require nearly higher security features than the budgetary associations. Be that as it may, the areas fascinated by the anecdotal firms at any rate are e-disclosure and criminology. Those features are considered as basic by the banks.
At the point when some data identified with the execution of threat alleviation measures are secured in the midst of the migration to cloud benefits, the respondents are expected to get some information about their agreement conditions from their cloud specialist co-ops. The agreement conditions incorporate making leave strategies, reasonable to audit, require information and security attestations, realized wellbeing endeavors, and doubtlessly portrayed administration level assertions.
A significantly stringent approach is required by the Australian security offices since their slant depends on the sensibility and not on the advantages directed (McKinley, Samimi, Shapiro and Chiping, 2006). In addition, the security firms are less reluctant about moving the client data to the cloud gave that the peril assessment has been performed and the risks are sufficient. The power of banks that have not exchanged the client data to the cloud is more dependable with the amount of financial organizations that have not ever developed a point by point corporate risk assessment for cloud based banks.
To wind up with, some bank endeavors are settling on from their prior decisions of not utilizing the cloud for ensuring confidential data. Or maybe they are building their own models for building up the hazard examination and threat evaluations.
Follow are the suggestions to other organizations who want to follow the cloud model of CBA:
The efforts for setting the security standards need to be accomplished.
Four principle adjustments are accomplished by CBA from the perspective of its benchmarks based and multi-supplier clouds prototypes as given below:
The genuine pay for consumption of IT administration is completely followed by the CBA for achieving full contestability. By this way, the forthright and running application expenses are diminished by the empowerment of market efficiencies.
The cloud prototypes are adaptable in order to access the IT assets of CBA. Hence, a superior fit was guaranteed with its dynamic exertions.
The rapid movement of applications between the cloud suppliers can results in unwavering quality. But the applications can be executed simultaneously for maintaining a strategic distance between the execution or accessibility issues associated with one cloud service supplier. The diverse suppliers depending on specific application requirements and current cloud supplier execution is proffered by the CBA's cloud protoype.
Borking, J., & Raab, C. (2010). Law, PETs and Other Technologies for Privacy Protection. Journal of Information, Law and Technology, 20 (1), February 28, 2001.
Cavoukian, A., & Crompton, M. (2001). Web Seals: A review of Online Privacy Programs, 22nd International Conference on Privacy and Data Protection, 3(4), 40-70.
Berney, A. (2010). Cloud Security Alliance. Top Threats to Cloud Computing, 1(2),10-50.
Cohen, D., Lindvall, S., and Costa, P. (2004). An introduction to agile methods. Advances in Computers, 10(12), 1-66.
Greenberg, A. (2008, February 19). Cloud Computing's Stormy Side. Retrieved from https://www.forbes.com/2008/02/17/web-application-cloudtech-intel-cx_ag_0219cloud.html.
Hall, J.A., & Liedtka, S.L. (2007). The Sarbanes-Oxley Act: implications for large-scale IT outsourcing. Communications of the ACM, 50(3), 95-100.
Horrigan, B. (2008, September 15). Use of cloud computing applications and services. Retrieved from https://www.pewinternet.org/pdfs/PIP_Cloud.Memo.pdf
Kohl, U. (2007). Jurisdiction and the Internet. England: Cambridge University.
Mowbray, M. (2009). The Fog over the Grimpen Mire: Cloud Computing and the Law. Script-ed Journal of Law Technology and Society, 6(1).
McKinley, P.K., Samimi, F.A., Shapiro, J.K., & Chiping, T. (2006). Service Clouds: A Distributed Infrastructure for Constructing Autonomic Communication Services. Dependable Autonomic and Secure Computing IEEE, 341-348.
Google App Engine (2017, September 26), Retrieved from https://code.google.com/appengine.
Rousseau, D., Sitkin, S., Burt, R., & Camerer, C. (2011). Not so Different after All: a Cross-discipline View of Trust. Academy of Management Review, 20(3), 393-404.
The Royal Academy of Engineering (2007, March 15). Dilemmas of Privacy and Surveillance: Challenges of Technological Change. Retrieved from www.raeng.org.uk/policy/reports/default.htm.
Solove, D.J. (2006). A Taxonomy of Privacy. University of Pennyslavania Law Review, 54(3), 477.
Osterwalder, D. (2011). Trust Through Evaluation and Certification?. Social Science Computer Review, 19 (1), 32-46.
Pearson, S., Casassa, M., Crane, S., & Herrmann, P. (2005). Persistent and Dynamic Trust: Analysis and the Related Impact of Trusted Platforms, Trust Management Proc. iTrust 2005 LNCS 3477, 355-363.
Jensen, M., Schwenk, J., Gruschka, N., & Iacono, L. (2014). On Technical Security Issues in Cloud Computing. IEEE Internation Conference on CloudComputing. 2(1), 109–120.
Rose, J. (2011, August 20). Cloudy with a chance of zero day. Retrieved from www.owasp.org/images/1/12/Cloudy_with_a_chance_of_0_day_Jon_Rose-Tom_Leavey.pdfGoogle Scholar.
Salesforce. (2011, March 25). Salesforce Security Statement. Retrieved from salesforce.com/company/privacy/security.jsp