Abstract
Over the past decade, our reliance on the Internet has grown exponentially, driving the need for faster, more reliable, and better-performing online services to support our daily lives. Cloud computing has emerged as a solution, offering organizations affordable, flexible, and reliable IT services. However, while cloud services deliver significant advantages, their associated risks—both technological and economic—are becoming increasingly complex and sophisticated.
This thesis employs two complementary approaches to investigate cloud outsourcing risks and risk management strategies. First, we conduct a systematic literature review to analyze the state-of-the-art in academic research, identifying key risks and risk management techniques available to cloud consumers. Second, we use empirical Internet measurement data to examine how these risks and strategies manifest in real-world cloud environments.
Our risk assessment focuses on two major cyber threats: malware infections and DDoS attacks. We quantify cloud consumers’ exposure to these risks by evaluating the effectiveness of cloud-based malware detection services and analyzing the role of popularity and industry sector in DDoS victimization. Regarding risk management strategies, we examine both reactive and proactive approaches. We analyze how organizations respond to large-scale DDoS incidents affecting cloud providers, such as the Dyn DDoS incident in 2016, and assess how cloud consumers adjust their infrastructure proactively in anticipation of potential disruptions, such as those arising from the Russia-Ukraine conflict.
By bridging the gap between theoretical insights from academic literature and empirical data from real-world Internet measurements, this research provides a comprehensive perspective on cloud outsourcing risks. Our findings offer actionable recommendations to help organizations improve their risk assessment practices and develop more effective cloud security strategies.
This thesis employs two complementary approaches to investigate cloud outsourcing risks and risk management strategies. First, we conduct a systematic literature review to analyze the state-of-the-art in academic research, identifying key risks and risk management techniques available to cloud consumers. Second, we use empirical Internet measurement data to examine how these risks and strategies manifest in real-world cloud environments.
Our risk assessment focuses on two major cyber threats: malware infections and DDoS attacks. We quantify cloud consumers’ exposure to these risks by evaluating the effectiveness of cloud-based malware detection services and analyzing the role of popularity and industry sector in DDoS victimization. Regarding risk management strategies, we examine both reactive and proactive approaches. We analyze how organizations respond to large-scale DDoS incidents affecting cloud providers, such as the Dyn DDoS incident in 2016, and assess how cloud consumers adjust their infrastructure proactively in anticipation of potential disruptions, such as those arising from the Russia-Ukraine conflict.
By bridging the gap between theoretical insights from academic literature and empirical data from real-world Internet measurements, this research provides a comprehensive perspective on cloud outsourcing risks. Our findings offer actionable recommendations to help organizations improve their risk assessment practices and develop more effective cloud security strategies.
| Original language | English |
|---|---|
| Qualification | Doctor of Philosophy |
| Awarding Institution |
|
| Supervisors/Advisors |
|
| Award date | 3 Mar 2025 |
| Place of Publication | Enschede |
| Publisher | |
| Print ISBNs | 978-90-365-6483-0 |
| Electronic ISBNs | 978-90-365-6484-7 |
| DOIs | |
| Publication status | Published - 3 Mar 2025 |