Ensuring Security and Compliance in Agile Cloud Infrastructure Projects

Authors

  • Sunil Kumar Suvvari

DOI:

https://doi.org/10.47941/ijce.2222

Keywords:

Cloud Security, Agile Methodologies, DevSecOps, Compliance, Cybersecurity Automation

Abstract

Purpose: This research paper investigates strategies for ensuring security and compliance in agile cloud infrastructure projects.

Methodology: The study synthesizes current literature, industry reports, and expert insights to provide a comprehensive overview of the topic.

Findings: Key challenges identified include rapid deployment cycles, shared responsibility models, and data sovereignty concerns. The research proposes strategies such as shift-left security approaches, continuous compliance monitoring, and automated security testing. The importance of organizational culture shifts and the evolving role of cloud service providers in shared security responsibilities are highlighted.

Unique Contribution to Theory, Policy and Practice: The paper offers recommendations for practitioners navigating the complex landscape of security and compliance in agile cloud projects. It provides insights into integrating security and compliance into agile methodologies, leveraging cloud-native security tools, and the potential impact of AI and machine learning on cloud security.

Downloads

Download data is not yet available.

Author Biography

Sunil Kumar Suvvari

Independent Researcher

References

Alkhaldi, F. M., & Alosaimi, R. (2022). Cloud computing adoption barriers in small and medium enterprises (SMEs): A systematic literature review. Journal of Information Systems and Technology Management, 19, e202219002. https://doi.org/10.4301/S1807-1775202219002

Barton, D., Garbani, J., & Kalra, S. (2021). Cloud adoption to accelerate IT modernization. McKinsey & Company. https://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/cloud-adoption-to-accelerate-it-modernization

Casalicchio, E., & Iannucci, S. (2020). The state-of-the-art in container technologies: Application, orchestration and security. Concurrency and Computation: Practice and Experience, 32(17), e5668. https://doi.org/10.1002/cpe.5668

Cloud Security Alliance. (2021). Cloud Controls Matrix v4. https://cloudsecurityalliance.org/research/cloud-controls-matrix/

Deloitte. (2021). DevSecOps and the cyber imperative. https://www2.deloitte.com/us/en/insights/focus/tech-trends/2021/devsecops-and-the-cyber-imperative.html

Gai, K., Qiu, M., & Zhao, H. (2018). Privacy-preserving data encryption strategy for big data in mobile cloud computing. IEEE Transactions on Big Data, 6(3), 384-395. https://doi.org/10.1109/TBDATA.2018.2829886

Gartner. (2022). Gartner forecasts worldwide public cloud end-user spending to reach nearly $500 billion in 2022. https://www.gartner.com/en/newsroom/press-releases/2022-04-19-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-reach-nearly-500-billion-in-2022

IBM. (2021). Cost of a data breach report 2021. https://www.ibm.com/security/data-breach

ISO/IEC. (2015). ISO/IEC 27017:2015 Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services. https://www.iso.org/standard/43757.html

Khalil, I. M., Khreishah, A., & Azeem, M. (2014). Cloud computing security: A research. Computers, 3(1), 1-35. https://doi.org/10.3390/computers3010001

NIST. (2020). Security and Privacy Controls for Information Systems and Organizations (NIST Special Publication 800-53, Revision 5). https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf

Ponemon Institute. (2021). 2021 Cost of a Data Breach Report. IBM Security. https://www.ibm.com/security/data-breach

Rong, C., Nguyen, S. T., & Jaatun, M. G. (2013). Beyond lightning: A research on security challenges in cloud computing. Computers & Electrical Engineering, 39(1), 47-54. https://doi.org/10.1016/j.compeleceng.2012.04.015

Subramanian, N., & Jeyaraj, A. (2018). Recent security challenges in cloud computing. Computers & Electrical Engineering, 71, 28-42. https://doi.org/10.1016/j.compeleceng.2018.06.006

Verizon. (2021). 2021 Data Breach Investigations Report. https://www.verizon.com/business/resources/reports/dbir/

Downloads

Published

2024-09-08

How to Cite

Suvvari, S. K. (2024). Ensuring Security and Compliance in Agile Cloud Infrastructure Projects. International Journal of Computing and Engineering, 6(4), 54–73. https://doi.org/10.47941/ijce.2222

Issue

Vol. 6 No. 4 (2024)

Section

Articles

License

Copyright (c) 2024 Sunil Kumar Suvvari

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution (CC-BY) 4.0 License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.