Quantitative Risk Assessment for Cloud‐Based Software Migration Processes

ABSTRACT Cloud migration is the process of moving data, files, and applications to a cloud computing environment. With the success of cloud computing, cloud migration is becoming fashionable. However, different cloud service providers have their own migration processes as currently, no standard cloud‐based software migration procedure exists to guide how to move digital resources to the cloud. Moreover, there are serious security risks associated with cloud migration processes that threaten business processes that have not been systematically analyzed. In addition, no formal models and security metrics exist to evaluate and analyze these risks. Therefore, it is necessary to develop a generic approach with real customer use cases. In this study, firstly, we will develop a general cloud‐based software migration procedure to help organizations migrate their digital resources to cloud platforms. Secondly, we will develop a risk assessment model for analyzing migration processes. Thirdly, on the basis of this risk assessment model, we use stochastic colored Petri nets to describe the dynamic behavior of the model, thus the concurrency, synchronization, mutual exclusion, and conflicts can be analyzed to assess the risks of migration automatically. Fourthly, security metrics will be defined to quantitatively evaluate the risks and vulnerabilities of the organizations. We believe that this study can help chief information officers identify which risk will have more opportunity to occur during the migration processes and make informed decisions about software migration and security.