Project Evaluation Approach in Cloud Security Research
The strength of the evaluation based research lies in providing quantifiable data. In addition to identifying potential threats through risk assessments, evaluation-based research helps identify the degree of success associated with solutions. Therefore, while evaluating AWS’s existing security features, this project utilises an evaluation-based approach to evaluate the extent to which selected AWS security control(s) will diminish misconfiguration risk. Reflecting on this approach demonstrates an understanding of what works well and what does not work well when employing this type of approach.
Advantages of the Evaluation Methodology
Two of the main advantages of evaluation-based research include producing tangible metrics (measurable), and having direct applicability to practice. The former refers to the fact that by evaluating a baseline configuration versus a post-implementation configuration, researchers are able to measure if there were improvements due to implementing specific solutions. The latter addresses the fact that evaluation-based research is focused on actual system behaviour; in this case, behaviour within a controlled AWS environment. Because of these two factors, the results from this research will be immediately relevant to cloud security practices.
Disadvantages and Considerations
Although the evaluation methodology has several advantages, there are also some disadvantages. A major disadvantage is that because the study was conducted within a controlled laboratory environment, the study may not accurately reflect the complexities experienced in large-scale cloud implementations.
Cloud implementations typically consist of multiple services, many users, and constantly changing configurations. Due to their size, it would be impractical to duplicate or simulate them in a relatively small testing environment.
A second disadvantage relates to scope. This study evaluates only two types of cloud security controls (IAM and Logging Controls). Consequently, the results only provide insight regarding these two specific security controls and do not provide comprehensive insight into all aspects of cloud security.
Application to the Project
In this project, the evaluation methodology provides a structured approach to assess how selected security controls affect cloud security. Prior to implementation, the researcher uses consistent benchmarks to compare the pre-implementation configuration against the post-implementation configuration. The resulting differences in performance serve as measurable indicators of the effectiveness of the implemented controls.
Additionally, reflecting upon the application of this methodology provides an appreciation for the limitations inherent in this methodology. Although the findings indicate how the controls functioned in a controlled environment, they should only be viewed within the limits of the study.
Conclusion
Ultimately, evaluation-based research represents a useful and systematic approach to assessing cloud security controls. Since this approach enables comparisons that are measurable and supports evidence-based conclusions, it has considerable utility. However, like all approaches, its value is highly dependent upon the context in which it is employed. Additionally, its limitations should be recognised. The process of reflecting on the methodology utilised in this research reinforces the quality of the research by illustrating both a recognition of understanding and a critical awareness of the methodologies used.
References
Urban, J.B. and van Eeden-Moorefield, B. (2017) Designing and proposing your research project. Washington, DC: American Psychological Association.
Clough, P. and Nutbrown, C. (2012) A student’s guide to methodology. 2nd edn. London: SAGE Publications.