<![CDATA[Digital transformation has driven organizations to adopt cloud computing as a flexible and efficient IT infrastructure solution. However, differences between public and private cloud models create challenges in maintaining information security and compliance. This study employs a descriptive–comparative approach through an extensive literature review of journals, conference papers, and standards such as ISO/IEC 27001 and the NIST Cybersecurity Framework (CSF). Findings show that public clouds, while offering cost efficiency and scalability, are more vulnerable to external threats due to limited control and multi-tenancy, whereas private clouds provide stronger governance and customization but demand higher internal resources. The hybrid model emerges as a strategic alternative balancing flexibility and control. Integrating the Confidentiality, Integrity, and Availability (CIA) framework enables a structured evaluation of security risks and governance mechanisms across cloud models. The study highlights that effective governance depends on risk-based policies, compliance alignment, and adaptive controls. It concludes that combining ISO/IEC 27001’s prescriptive management system with NIST CSF’s flexible structure can optimize resilience, compliance, and operational sustainability. This integrated governance approach ensures that cloud security aligns with organizational goals and regulatory requirements while addressing evolving digital risks]]>
Copyrights © 2025
