Evaluating the Effectiveness of Processes in the Cloud by Optimizing the IT Architecture
Information
Författare: Tilda Myrsell, Sofie HultebergBeräknat färdigt: 2023-06
Handledare: Yasith Wickramasinghe
Handledares företag/institution: Vattenfall IT AB
Ämnesgranskare: Davide Vega D'aurelio
Övrigt: -
Presentationer
Presentation av Tilda MyrsellPresentationstid: 2023-06-01 10:15
Presentation av Sofie Hulteberg
Presentationstid: 2023-06-01 11:15
Opponenter: Sara Morén, Michiel Noback
Abstract
Cloud computing is an area that many companies use in order to stay in line with technological development. In order to keep these systems productive and easily managed, a reference architecture can be used as a framework and also as a manual on how to structure an organization to suit its specific needs and goals. The reference architecture can make it easier to divide responsibility as well as working tasks within an organization. One company facing the challenges that comes with cloud based systems is Vattenfall, one of the biggest energy companies in Europe. An organization like Vattenfall handles a great load of customer data which is to be controlled and protected in every way. In order to keep on making sure that these systems are efficient and secure, a reference architecture could be a helpful tool.
With the purpose of investigating how a section within Vattenfall’s IT department can use a reference architecture to more easily determine the ownership of customers’ personal data, an interview study was conducted. The interviews focused on evaluation of how employees reason when handling customers’ personal data within cloud environments. Whilst performing interviews, a suitable reference architecture was also studied and evaluated. After researching multiple reference architectures, the one found most suitable for handling personal data was the international standard ISO/IEC 17789. This reference architecture describes multiple work roles within cloud computing which can make the process of handling sensitive information more clear and easy. The data collected from the interviews was later applied to this reference architecture in order to see how it can be used in order to more easily divide responsibility. This, can in order be used to determine the data ownership more easily since employees in the organization have a definite responsibility and also clearer data flows. The study could in the end present a number of recommendations as to how the department should divide responsibilities and raise awareness regarding the topic amongst employees in order to increase the data security.
Finally, the expected value created from implementing these recommendations and applying the reference architecture to the organization is expected to be high. The thesis concluded that the chosen reference architecture can be applied to the Vattenfall organization. With a few organizational changes, the responsibility regarding customers’ personal data can be divided more easily amongst the employees and the security can be improved. The recommendations presented could benefit the organization and to raise awareness of the topic amongst employees.