Show simple item record

Clearing the Cloudiness of SaaS: A SaaS Continuity Control Certification Framework

dc.rights.licenseCC-BY-NC-ND
dc.contributor.advisorJansen, S.
dc.contributor.advisorEspana, S.
dc.contributor.authorXavier, N.P.
dc.date.accessioned2020-08-25T18:00:37Z
dc.date.available2020-08-25T18:00:37Z
dc.date.issued2020
dc.identifier.urihttps://studenttheses.uu.nl/handle/20.500.12932/37080
dc.description.abstractWithin the inter-dependent hierarchical structure of the cloud, its foundation, data centers, store data from Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS) providers who offer their services as computing utilities. The SaaS business model offers SaaS customers with software solutions along with the required computing infrastructure, all within a quick and easy to install, and supposedly cheap package. Small and medium SaaS customers are typically not aware or do not have the resources to assess the risks involved when entering into a potential vendor lock-in situation with a SaaS provider. The unseen risks become evident when a SaaS provider's services stop as a result of a disruption event (natural or man-made), or bankruptcy. Only when a SaaS customer is unable to access their data and services are continuity options for their SaaS services queried. Loss of business-critical data and services can mark the beginning of the end for these businesses. As such, it is beneficial to all parties within the SaaS ecosystem to raise awareness of continuity risks by certifying SaaS providers through an assessment of the risk level associated with their system's continuity controls. Successfully doing so can improve SaaS customers' trust in the services they consume, and improve the overall health of the ecosystem. To achieve this, a research approach consisting of a multivocal literature review (MLR), expert evaluations, and case studies is applied to create and evaluate a SaaS continuity control framework. and two case studies to create and evaluate a SaaS continuity control framework. This framework assesses eight domains within a SaaS system using 125 questions to extract insights used to award a risk assurance certification mark. The promising evaluation of this framework demonstrates the ability of the applied scientific methodology, methods, techniques, and tools in the creation of a security control certification framework. The SaaS continuity control framework can be downloaded from www.saascontinuityframework.com, allowing practitioners to benefit from its useful insights.
dc.description.sponsorshipUtrecht University
dc.format.extent4922088
dc.format.mimetypeapplication/pdf
dc.language.isoen
dc.titleClearing the Cloudiness of SaaS: A SaaS Continuity Control Certification Framework
dc.type.contentMaster Thesis
dc.rights.accessrightsOpen Access
dc.subject.keywordsCloud Security Controls, Software-as-a-Service, Risk Assessment, Business Continuity, Disaster Recovery, Certification Framework
dc.subject.courseuuBusiness Informatics


Files in this item

Thumbnail
Name:
Thesis_Final.pdf
Size:
4.694Mb
Format:
PDF
View/Open

This item appears in the following Collection(s)

Show simple item record