Dear Sulayman,

Not sure whether the following two publications might be of assistance in understanding the application of 'risk management methodologies' within the context of 'cloud computing projects'. I have taken the liberty of extracting the actual purpose of the named study from the abstract fields. Given that you have not specified the 'industry' base of context of the study, its very difficult to narrow down the search of where these 'customers' might be situated.

Gill, A.Q. and Bunker, D. (2013) "Towards the development of a cloud‐based communication technologies assessment tool: An analysis of practitioners' perspectives", VINE, Vol. 43 Iss: 1, pp.57 – 77.

Purpose - In distributed adaptive development environments (DADE), a primary concern is that of human communication and knowledge sharing among developers. Developers' task performance will be enhanced when their task needs are aligned with the communication media or technology capabilities of the development environment. What are actual communication needs of developers; and how do we enable developers to self-assess and select appropriate communication technology for their tasks in the DADE. The purpose of this paper is to investigate and present research based on the developers' needs for communication technologies in the context of DADE.

Aleem, A. and Sprott, C.R. (2013) "Let me in the cloud: analysis of the benefit and risk assessment of cloud platform", Journal of Financial Crime, Vol. 20 Iss: 1, pp.6 - 24.

Purpose – The purpose of this paper is to critically examine the vulnerabilities of the cloud platform affecting businesses trading on the internet. It aims to examine the appropriateness of the cloud computing, its benefits to the industry and helps to identify security concerns for businesses that plan to deploy one of the cloud platforms.

Kind regards,

Nicholas

Hi Nicholas

Thank you for the recommendations I have already had one of the publications and they are a good head-start, To be specific about the industry and area of business; is a Telecommunication  and Internet Service Provider (ISP) company wishing to outsource its billing department to the cloud. I have been also looking at the ISO27K series, do you they are a good base for the cloud approach?

Kind regards

Sulayman

Dear Sulayman,

Whereas the ISO 27000 series might provide guidance on issues related to the management of the organisation’s assets such as different types of information (i.e. employee and financial data), as with every system, there are risks associated with undertaking decisions within any given business environment. The following publication might help you reach a good decision as it includes detailed information on a range of issues associated with implementing cloud computing:

Kouatli, I. (2014) "A comparative study of the evolution of vulnerabilities in IT systems and its relation to the new concept of cloud computing", Journal of Management History, Vol. 20 Iss: 4, pp.409 – 433.

The first article is more IT focused and identifies the vulnerabilities associated with cloud computing. The second article also worth looking at, and mainly focused on the drivers and processes associated with outsourcing is as follows:

McIvor, R. (2003) "Outsourcing: insights from the telecommunications industry", Supply Chain Management: An International Journal, Vol. 8 Iss: 4, pp.380 – 394.

Let me know whether you are unable to access these articles.

Kind regards,

Nicholas

Thank you for the lead once again; I have been able to access all articles  and have managed to go through them all.(Kouatli, I. 2014) encapsulates most issues about  cloud vulnerabilities  and surely  will constitute in my narrowing down process.

Regards,

Sulaymn