CLOUD SECURITY RISK MANAGEMENT IN SMES: CHALLENGES, LIMITATIONS, AND STRATEGIC RESPONSES
Abstract
cloud computing provides small and medium-sized enterprises (SMEs) scalability, cost efficiency, and access to advanced features, it also presents security challenges that are not always addressed by these businesses. This research investigates the critical issues and constraints of cloud security risk management in SMEs, quantifies their exposure to selected cloud security risks and assesses the cloud security strategies available to them for the purpose of enhancing their cloud security. In order to reach a comprehensive understanding of the challenges SMEs encounter when dealing with cybersecurity, a mixed-methods design was implemented, which involved a structured survey conducted among 200 SMEs from various sectors and semi-structured interviews with IT managers, owners, and cybersecurity professionals. Each threat was not just ranked by the severity of the threat but evaluated based on a risk exposure score (Likelihood × Impact) and placed in the cloud shared-responsibility model for IaaS, PaaS and SaaS. Results from the analysis suggest that data breaches, resource misconfiguration, and regulatory non-compliance are the top risks, while limited resources, skills gaps, and reliance on third-party providers are considered as constant constraints. The findings also reveal that the security burden is lowest for SMEs on SaaS and highest on IaaS, and that there are still several effective strategic ways to respond, including the use of multi-factor authentication, encryption and certified providers, which are still under-adopted compared to their perceived effectiveness. Finally, the study suggests a framework for risk management and some practical recommendations for SMEs and policymakers, providing both an analytical perspective to prioritize cloud security risks and actionable advice for resource-limited firms.
Keywords : cloud security, risk management, SMEs, shared responsibility, strategic responses, risk exposure.
