Abstract
As organisations are increasingly migrating workloads to the cloud, compliance with
data protection requirements becomes topical. There is a need for data protection
guidelines for cloud migration. This research identifies cloud migration requirements
and formulated a cloud migration framework for financial institutions in South Africa,
which facilitates compliance with data protection requirements. The study emphasises
the importance of management support, standardised frameworks and processes to
streamline cloud migration and ensure data protection. Furthermore, this research
illustrates the importance of adopting standards and good practices, such as ISO
27001 and the NIST cybersecurity framework, as well as the continuous testing and
automation of security controls. The shared responsibility model and its implication for
cloud computing security is emphasised, along with cloud service provider (CSP)
contract management. In addition, the challenges in securing data in the cloud,
including skills shortages and interoperability issues, are explored, although
improvements in CSP security tools are noted. The study recommends investment in
skills development and user education to enhance cloud security controls. Moreover,
risk management through the continuous assessment of vendors, penetration testing
and independent control assurance should be implemented, and institutions should
adopt data classification and adherence to data protection laws. Standardisation,
continuous assessment and optimisation are essential for data security in the cloud.
The research revolves around how organisations can secure their data as they migrate
workloads to the cloud. Governance is a crucial aspect of cloud migration; hence, it is
important to have a framework in place to guide the migration process. This study
demonstrates how the adoption of security good practices facilitates compliance with
regulatory requirements and emphasises the need for standardised processes,
frameworks and blueprints to ensure data protection during cloud migration.
Standardisation helps avoid human errors, streamlines processes and makes the
implementation and maintenance of the cloud environment more efficient. The paper
proposes a framework that provides guidelines for data protection when workloads are
migrated to the cloud.
Keywords: data protection, cloud migration, data classification, frameworks,
security, cloud security