Security in Legacy Systems Migration to the Cloud: A Systematic Mapping Study

Luis Márquez Alcañiz, David G. Rosado, Daniel Mellado, Eduardo Fernández-Medina


While cloud computing emerges as a major trend in IT industry, early providers and adopters are paving the path with concerns and solutions. One of the most worrisome challenges that face the corporate clients of this new form of IT provision is how to maintain the security of their most important every day apps in the new environment, that is how to migrate securely their legacy systems that run on data centres fully controlled by the organization's IT department to a less clearly controlled infrastructure that is managed at least partly outside the scope of the clients premises and even completely off-shore. This paper presents a Systematic Mapping Study on the issue as the first step to analyze the different existing approaches in the literature about migration process to Cloud computing where taking into account the security aspects that have to be also moved to Cloud. We propose four research questions dealing with the existing strategies to migrate legacy, how they relate to common security issues as well as security issues specific to the cloud environment, and how the proposals are aligned with security standards.


  1. Buyya, R., et al., Cloud computing and emerging IT platforms: Vision, hype,and reality for delivering computing as the 5th utility. Future Generation Comp. Syst., 2009. 25(6): p. 599-616.
  2. NIST, The NIST Definition of Cloud Computing, P. Mell and T. Grance, Editors. 2009, National Institute of Standards and Technology.
  3. Vaquero, L.M., et al., A break in the clouds: towards a cloud definition. SIGCOMM Comput. Commun. Rev., 2008. 39: p. 50-55.
  4. Wang, L., et al., Scientific Cloud Computing: Early Definition and Experience. High Performance Computing and Communications, 2008: p. 825-830.
  5. Smith, D.M., Hype Cycle for Cloud Computing, in Gartner Research Report. 2011. p. 9-11.
  6. KPMG, From Hype to Future. KPMG's 2010 Cloud Computing Survey. 2010.
  7. Christiansen, C.A., et al., Identity and Access Management for Approaching Clouds, in IDC White Paper. 2010.
  8. Gens, F., IT Cloud Services User Survey, pt.2: Top Benefits & Challenges, in IDC Exchange. 2008.
  9. The Open Group, The Open Group Cloud Computing Survey. 2011.
  10. Jansen, W. and T. Grance, Guidelines on Security and Privacy in Public Cloud Computing, NIST Special Publication 800-144, Editor. 2011.
  11. Winkler, V., Securing the Cloud. Cloud Computer Security Techniques and Tactics. 2011: Elsevier Inc.
  12. Tobin, M. and B. Bass, Federal Application Modernization Road Trip: Express Lane or Detour Ahead? 2011, Meritalk.
  13. Petersen, K., et al., Systematic mapping studies in software engineering, in Proceedings of the 12th international conference on Evaluation and Assessment in Software Engineering. 2008, British Computer Society: Italy. p. 68-77.
  14. Kitchenham, B. and S. Charters, Guidelines for performing Systematic Literature Reviews in Software Engineering. Version 2.3. 2007, University of Keele (Software Engineering Group, School of Computer Science and Mathematics) and Durham (Department of Conputer Science).
  15. Brodie, M.L. and M. Stonebraker, eds. Migrating Legacy Systems: Gateways, Interfaces & the Incremental Approach. ed. M.K.S.i.D.M. Systems. Vol. 1st Ed. 1996, Morgan Kaufmann Pub.
  16. Seacord, R., D. Plakosh, and G. Lewis, Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices. 1st ed. 2003: Addison Wesley.
  17. Bisbal, J., et al., Legacy Information Systems: Issues and Directions. IEEE Softw., 1999. 16(5): p. 103-111.
  18. Heckel, R., et al., Architectural Transformations: From Legacy to Three-Tier and Services. Software Evolution, 2008: p. 139-170.
  19. NASCIO, Digital Stakes at Risk! Modernizing Legacy Systems. 2008.
  20. Frey, S. and W. Hasselbring, The CloudMIG Approach: Model-Based Migration of Software Systems to Cloud-Optimized Applications, . International Journal on Advances in Software, 2011. 4(3 & 4): p. 342-353.
  21. Zhang, W., et al., Migrating Legacy Applications to the Service Cloud, in 14th Conference companion on Object Oriented Programming Systems Languages and Applications (OOPSLA 2009). 2009: Orlando, Florida, USA. p. 59-68.
  22. Simmhan, Y., et al., An Analysis of Security and Privacy Issues in Smart Grid Software Architectures on Clouds, in IEEE International Conference on Cloud Computing, CLOUD 2011. 2011: Washington, DC, USA.
  23. Hajjat, M.Y., et al., Cloudward bound: planning for beneficial migration of enterprise applications to the cloud, in Proceedings of the ACM SIGCOMM 2010 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, New Delhi, India, August 30 -September 3, 2010. 2010, The Association for Computing Machinery, Inc.: New York, USA. p. 243-254.
  24. Parastoo, M., et al., Reuse and Migration of Legacy Systems to Interoperable Cloud Services- The REMICS project. 4th Workshop on Modeling, Design, and Analysis for the Service Cloud (Mda4ServiceCloud'10), 2010.
  25. Khajeh-Hosseini, A., et al., Decision Support Tools for Cloud Migration in the Enterprise, in IEEE 4th International Conference on Cloud Computing. 2011: Washinton DC, USA.
  26. Kaisler, S. and W.H. Money, Service Migration in a Cloud Architecture, in 44th Hawaii International International Conference on Systems Science (HICSS-44 2011), Proceedings, 4-7 January 2011, Koloa, Kauai, HI, USA. 2011, IEEE Computer Society: Washington, DC, USA. p. 1-10.
  27. Hao, W., I.-L. Yen, and B. Thuraisingham, Dynamic Service and Data Migration in the Clouds, in Proceedings of the 33rd Annual IEEE International Computer Software and Applications Conference, COMPSAC 2009, Seattle, Washington, USA, 20-24 July 2009. 2009, IEEE Computer Society: Washington, DC, USA. p. 134-139.
  28. Frey, S., W. Hasselbring, and B. Schnoor, Automatic conformance checking for migrating software systems to cloud infrastructures and platforms. Journal of Software Maintenance and Evolution Research and Practice, 2012.

Paper Citation

in Harvard Style

Márquez Alcañiz L., Rosado D., Mellado D. and Fernández-Medina E. (2014). Security in Legacy Systems Migration to the Cloud: A Systematic Mapping Study . In Proceedings of the 11th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2014) ISBN 978-989-758-031-4, pages 26-37. DOI: 10.5220/0004979900260037

in Bibtex Style

author={Luis Márquez Alcañiz and David G. Rosado and Daniel Mellado and Eduardo Fernández-Medina},
title={Security in Legacy Systems Migration to the Cloud: A Systematic Mapping Study},
booktitle={Proceedings of the 11th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2014)},

in EndNote Style

JO - Proceedings of the 11th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2014)
TI - Security in Legacy Systems Migration to the Cloud: A Systematic Mapping Study
SN - 978-989-758-031-4
AU - Márquez Alcañiz L.
AU - Rosado D.
AU - Mellado D.
AU - Fernández-Medina E.
PY - 2014
SP - 26
EP - 37
DO - 10.5220/0004979900260037