View Item 
        •   Utrecht University Student Theses Repository Home
        • UU Theses Repository
        • Theses
        • View Item
        •   Utrecht University Student Theses Repository Home
        • UU Theses Repository
        • Theses
        • View Item
        JavaScript is disabled for your browser. Some features of this site may not work without it.

        Browse

        All of UU Student Theses RepositoryBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

        Clearing the Cloudiness of SaaS: A SaaS Continuity Control Certification Framework

        Thumbnail
        View/Open
        Thesis_Final.pdf (4.694Mb)
        Publication date
        2020
        Author
        Xavier, N.P.
        Metadata
        Show full item record
        Summary
        Within the inter-dependent hierarchical structure of the cloud, its foundation, data centers, store data from Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS) providers who offer their services as computing utilities. The SaaS business model offers SaaS customers with software solutions along with the required computing infrastructure, all within a quick and easy to install, and supposedly cheap package. Small and medium SaaS customers are typically not aware or do not have the resources to assess the risks involved when entering into a potential vendor lock-in situation with a SaaS provider. The unseen risks become evident when a SaaS provider's services stop as a result of a disruption event (natural or man-made), or bankruptcy. Only when a SaaS customer is unable to access their data and services are continuity options for their SaaS services queried. Loss of business-critical data and services can mark the beginning of the end for these businesses. As such, it is beneficial to all parties within the SaaS ecosystem to raise awareness of continuity risks by certifying SaaS providers through an assessment of the risk level associated with their system's continuity controls. Successfully doing so can improve SaaS customers' trust in the services they consume, and improve the overall health of the ecosystem. To achieve this, a research approach consisting of a multivocal literature review (MLR), expert evaluations, and case studies is applied to create and evaluate a SaaS continuity control framework. and two case studies to create and evaluate a SaaS continuity control framework. This framework assesses eight domains within a SaaS system using 125 questions to extract insights used to award a risk assurance certification mark. The promising evaluation of this framework demonstrates the ability of the applied scientific methodology, methods, techniques, and tools in the creation of a security control certification framework. The SaaS continuity control framework can be downloaded from www.saascontinuityframework.com, allowing practitioners to benefit from its useful insights.
        URI
        https://studenttheses.uu.nl/handle/20.500.12932/37080
        Collections
        • Theses
        Utrecht university logo