Industry in all sectors is experiencing a profound digital transformation that puts software at the core of their businesses. To react to continuously changing user requirements and dynamic markets, companies need to build robust workflows that allow them to increase their agility in order to remain competitive. This increasingly rapid transformation, especially in domains such as Internet of things or cloud computing, poses significant challenges to guarantee high-quality software, since dynamism and agile short-term planning reduce the ability to detect and manage risks. In this study, the authors describe the main challenges related to managing risk in agile software development, building on the experience of more than 20 agile coaches operating continuously for 15 years with hundreds of teams in industries in all sectors. They also propose a framework to manage risks that consider those challenges and supports collaboration, agility, and continuous development. An implementation of that framework is then described in a tool that handles risks and mitigation actions associated with the development of multi-cloud applications. The methodology and the tool have been validated by a team of evaluators that were asked to consider its use in developing an urban smart mobility service and an airline flight scheduling system.

In an environment where cyber attacks are increasing, both in frequency and complexity, novel ways to shield data, users, and procedures have to be envisioned. Physical unclonable functions (PUFs) are the physical equivalent of one-way mathematical transformations with the exception that their inherent physical complexity renders them resilient to cloning. One interesting deployment scenario includes PUFs as random key generators. The deterministic nature of their operation alleviates the necessity to store the keys in non-volatile means. Along the same lines, blockchain is inherently resistant to modification of the data once stored while their overall security depends on the quality and secrecy of users’ keys. Here, the authors propose a novel optical PUF implementation that can be combined with private blockchain modalities in order to cyber-harden Internet of things ecosystems. PUF-related experimental results are presented, alongside implementation scenarios.

Cloud computing is used to connect several number of remote servers through Internet to accumulate and recover large data anywhere and anytime. As of the conventional privacy defending process, there is a possibility for malevolent assault on the sensitive information accumulated in the cloud. In this research, the authors have proposed a competent large data convert among privacy defending by Hadoop map reduce in the cloud. The procedure exploits fuzzy C-means clustering (FCM) algorithm grouping the data. For dimensionality reduction, map reduce framework will be used. In evaluation module, the recommended technique performed with the aid of K-nearest neighbour (KNN) classification algorithm in this phase using KNN technique to check the convolution process based on the threshold value, which is improving the utility of the privacy data. The consequence acquired illustrates that authors’ proposed scheme has enhanced the clustering exactness and also accomplishes the effectual convolution procedure to improve the privacy. From the experimental results, the proposed research achieved an effective clustering accuracy 76.07% and the existing K-means approach gets the clustering accuracy of 73.5% which is minimum value when compared to the proposed researches. The suggested technique is implemented in JAVA with Cloud Sim platform.

Healthcare systems have been improved in order to provide support to cross-border situations where one citizen from one country travels to another country and requires the use of their health records. Several initiatives have been carried out to tackle this problem. This is the case for the OpenNCP which is supported by the European Commission by providing a common network and an infrastructure to connect different national healthcare systems which most of the times are cloud-based systems. The OpenNCP plays a key role in communicating health records among European Union's member states, and therefore it manages sensitive information. Therefore, this study provides a security analysis of this platform and a prototype is developed for identifying secure patterns in source code.

In this study, the requirements elicitation approach employed in the context of the KONFIDO project is presented. KONFIDO introduces a technical paradigm for secure and interoperable cross-border health data exchange by leveraging novel approaches and cutting-edge technologies, such as homomorphic encryption and blockchains. Being a key part of the overall user requirements engineering methodology, requirements elicitation focused on producing high-level, end-user goals following a systematic procedure. First, the main business processes were identified based on the project's pilot scenarios. These business processes were the subject of a threat analysis, which identified the respective assets and a list of security risks/threats. Threats were further elaborated, considering the outcome of relevant projects and applicable best practices/standards. As a result, a set of user goals were identified and analysed in detail. Finally, a meta-analysis of the produced goals against the employed information sources was applied, highlighting the importance of standards as a guide for defining requirements, as well as the complexity concerning the interdependencies among the elaborated business processes, assets, threats, and user goals. As the deployment of the technical solution may be cloud-based, implications and challenges imposed by the adoption of cloud computing in this setting are also presented.

Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This study presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system service level agreement and in their continuous monitoring and enforcement at runtime.

Cloud Computing (CC) has gained popularity in industry and academia. CC is implemented by the industries on a large scale. Still, a lot of efforts in research for cloud computing are required. Improving security helps in abolishing the major problems of a domain. Therefore, research and development in security techniques are required. It is important to state the existing status of research. As publications are practically multiplying since 2008, a bibliometric analysis is a need of the hour. This study provides a comprehensive view of cloud security for a relevant time frame. Total 15,591 publications related to security of CC were investigated based on the Scopus database. This study analyses research publications on various parameters such as (i) publishing patterns (e.g. contributing authors, affiliations), (ii) analysis of common key terms, (iii) key term bunching to identify domain of interest, (iv) citation patterns, (v) publications medium, and (vi) researchers who aid in exploring research productivity in this specific domain. It analyses the literature based on the quantitative features and characteristics of cloud security based on meta-perspectives. The proposed analytical study will serve as an important tool for significant debate on future research schemas.