Liquid computing : a structured approach to identifying incremental risks and controls resulting from autonomous synchronisation

Visser, Alwyn Jacobus Nicolaas (2017-03)

Thesis (MCom)--Stellenbosch University, 2017.

Thesis

ENGLISH SUMMARY : The millennial generation is entering the labour market. This generation has never known any era before hyper-connectivity. They want to be constantly connected. This results in changes in the business environment. Employers allow employees to connect to networks, using their own personal mobile devices. These devices are the property of the employees and not governed by the security and other policies of the employer. Constant synchronisation of data to and from these employee-owned devices enables users of these devices to always have relevant, timeous data on their devices and to handoff computing tasks seamlessly from one device to another in a scalable computer environment. This is liquid computing. Liquid computing results from the way users use the underlying enabling technologies. With each new technology, comes new risks. In order to understand the risks incremental to liquid computing, the components and enabling technologies of a liquid computing environment must be fully understood. A comprehensive literature study was conducted on the enabling technologies. The purpose of this study is to define liquid computing and then use an established control framework in order to identify the risks incremental to this technology. The risks are mapped to the control framework. The identified risks consist mainly of risks pertaining to the privacy and integrity of data. The risks are quantified and controls are recommended to mitigate the risks incremental to liquid computing. These controls are also quantified. The unmitigated risk remaining, after implementing mitigating controls, is calculated. These risk and control matrixes will assist businesses in understanding and quantifying the risks related to a liquid computing environment and will help management to evaluate whether an organisation has sufficient control redundancy to address the risks.

AFRIKAANSE OPSOMMING : Die millennial generasie begin die arbeidsmark betree. Hierdie generasie het nooit ‘n era geken voor hiper-konnektiwiteit nie. Hierdie generasie wil konstant gekonnekteer wees. Hierdie veranderende kultuur het veroorsaak dat die besigheidsomgewing verander het. Werkgewers laat hulle werknemers toe om persoonlike toestelle aan netwerke te koppel. Hierdie toestelle is die eiendom van die werknemers en word nie beheer deur die werkgewer se sekuriteits- en ander beleide nie. Konstante sinchronisasie van data na en van hierdie toestelle wat deur werknemers besit word, stel gebruikers in staat om altyd tydige, relevante data op hierdie toestelle te hê en om take sonder moeite tussen toestelle te oorhandig in ‘n rekenaaromgewing met wisselende grootte. Dit is ‘n vloeibare rekenaaromgewing. ‘n Vloeibare rekenaaromgewing is die resultaat van die manier waarop gebruikers die onderliggende tegnologieë gebruik. Saam met elke nuwe tegnologie, kom daar nuwe risiko. Die komponente, en onderliggende tegnologieë van ‘n vloeibare rekenaaromgewing moet behoorlik verstaan word, sodat die risikos inkrementeel aan ‘n vloeibare rekenaaromgewing verstaan kan word. Die onderliggende tegnologieë is bestudeer deur ‘n omvattende literatuurstudie. Die doel van hierdie studie is om ‘n vloeibare rekenaaromgewing te definieer en dan ‘n gevestigde kontroleraamwerk te gebruik om die risikos inkrementeel aan hierdie tegnologie te verstaan. Die risikos is gekoppel aan die kontroleraamwerk. Die risikos bestaan hoofsaaklik uit risikos wat verband hou met die privaatheid en integriteit van data. Die risikos is gekwantifiseer en kontroles voorgestel vir die risikos wat inkrementeel tot ‘n vloiebare rekenaaromgewing is. Hierdie kontroles is ook gekwantifiseer. Die oorblywende risiko, nadat die kontroles implementer is, is bereken. Hierdie risiko- en kontrole matrikse sal besighede help om die risikos inkrementeel aan ‘n vloeibare rekenaaromgewing te verstaan en kwantifiseer en sal bestuur help om te beoordeel of die onderneming voldoende oortolligheid in kontroles het, om die risikos aan te spreek.

Please refer to this item in SUNScholar by using the following persistent URL: http://hdl.handle.net/10019.1/101417
This item appears in the following collections: