Migration of Information security risk assessment from On-premise to Cloud

The migration of information security risk assessment (ISRA) from on-premise to cloud environments presents a complex array of challenges and opportunities for modern organizations. As businesses increasingly adopt cloud computing to leverage its scalability, cost-efficiency, and flexibility, they must also navigate the unique security risks inherent in these platforms. Traditional ISRA frameworks, well-suited to static and controlled on-premise environments, often fall short when applied to the dynamic and decentralized nature of cloud computing. This thesis explores the inherent differences in risk profiles between on-premise and cloud-based infrastructures, evaluating the effectiveness of existing risk assessment methodologies in the context of cloud migration. Through a combination of theoretical analysis and empirical research, this study proposes a framework specifically tailored to enhance ISRA for cloud environments. To gather comprehensive insights, the research methodology included 23 in-depth interviews with industry experts and a detailed survey distributed to security professionals across various sectors. The interviews provided qualitative data on the challenges and strategies experienced by organizations during their transition to the cloud, highlighting gaps in traditional risk assessment approaches. The survey offered quantitative data on the effectiveness of current methodologies and specific security incidents encountered in cloud environments. Key findings emphasize the necessity for ongoing surveillance, real-time risk assessment, and the integration of advanced technologies such as machine learning and artificial intelligence to improve threat identification and response. This research underscores the need for a holistic and adaptive ISRA framework to address evolving threats and vulnerabilities in cloud computing, ultimately contributing to the development of more resilient and secure cloud infrastructures.