Risk assessment processes for big data based on cloud computing technologies : a comparative study

Abstract

In recent years, the use of big data has dramatically increased in a variety of fields, for example, healthcare and management, among others. Because of the growing number of digital and linked devices and platforms, traditional data forms have shifted from structured to unstructured data, including various image and video formats, text, and other forms of data. As a result of the increasing volumes and frequency of data collection, improved data analysis, including risk assessment, is required to keep up with the times. Specifically, this study aims to give a comparative analysis of big data risk assessment approaches based on cloud computing technologies in four countries: Canada, Jordan, South Africa, and the UK. Additionally, cloud computing is examined in this study, which involves transporting information and computing from home and business computers to external data hubs. This study followed an embedded mixed research methodology to collect quantitative and qualitative data, where the quantitative data play a supportive role in the qualitative data. A structured questionnaire was administered in four countries, targeting experts to understand how they use and store big data and the risks associated with the different types of big data. In addition, the study used quantitative data as a secondary form of data to supplement information not provided by the qualitative data. The utilisation of Atlas.ti, descriptive statistics analysis using Statistical Package for Social Sciences (SPSS), and Excel iterations was a component of quantitative analysis. The Atlas.ti program was used to analyze the data in the following ways: preparation and importation of data, familiarisation of oneself with the data by creating word clouds, coding of the data, and retrieving and examining codes and quotations. According to Woods et al. (2016), the grounded theory procedure was used to convert all transcripts to the qualitative analysis program Atlas.ti (version 9.1) and narrative analysis. For all transcripts, this entailed producing word clouds, quotations, and codes, as well as looking for conceptual connections, differences, and the most important and relevant information. These descriptive statistics were utilised to illustrate the current state of knowledge on big data, cloud computing, and risk assessment management. This study found that the significant advantage of big data technologies is reducing the cost of storing, processing, and analysing massive volumes of data for organisations. Regarding risks in Canada, there are several requirements to comply with regulations. In Jordan, risks related to data loss due to malfunction or negligence with potential client lawsuits. Data loss, corruption, or disclosure in South Africa leads to legal issues. In addition, South Africa was the only country

challenged with risk assessment. South Africa and Jordan tend to run their big data applications on traditional storage systems. In the UK, individuals have the right to stop or restrict data processing. The study also noted several aspects to mitigate the risk by organisations, such as a mix of education and robust cybersecurity controls, the use of tools to automate the detection of unintended data access, implementation of secure keys, and following certificate management updates. The use of encryption at all points of the data journey and multifactor authentication was also highlighted. There are several implications from the findings of this study. For instance, organisations need to invest in big data and cloud storage systems to help discover cost-effective and efficient business policies by providing more accurate data. In addition, organisations need to empower a new generation of employees, improve reliability, improve data control, improve availability, ensure automated updates, and ensure easy data backup, recovery, and scalability. Organisations need to find means to reduce the costs of big data storage, particularly in the cloud system; educate employees about best practices and robust cybersecurity controls; invest in infrastructure that enhances encryption at all points of the data journey, and ensure the usage of secure channels for transmission. Most respondents from the four nations were found to have either intermediate or advanced levels of knowledge. Based on the countries, SA has 80%, Jordan has 60% of respondents having intermediate knowledge, while the UK has 70%, and Canada has 60% of respondents with an advanced understanding of cloud computing. Also, to find the existing risk assessment methods and policies in an organisation, the quantitative analysis of respondents’ answers revealed the level of knowledge of risk management in each country. The responses gathered reveal that 50% of respondents in SA had advanced knowledge of risk, 50% of respondents in the UK also had advanced knowledge, 60% of the respondents in Canada had expert-level knowledge, and in Jordan, 40% belonged to advanced and intermediate group respectively. Only SA has 20% of respondents in the limited experience domain and faces challenges in risk assessment.