The increase in the number of cloud data centers is due to an increase in the number of companies migrating to cloud computing. There are many advantages that companies get when migrating to the cloud, but there are also many disadvantages. Multitenancy security and privacy are important challenges for cloud migration users. This study proposes a way to assess the risks that may arise in the cloud migration process for logistics business applications. The research method used is semi-quantitative with a 3-phase approach, namely before migration, during migration, and after migration by considering the criteria for risk aspects and environmental aspects that will have an impact on the company, so that companies can make risk mitigation plans. The results of this study identified 11 (eleven) threats in the cloud that occupy the top ranking and identify as many as 17 (seventeen) indicators obtained from the identification of indicators in the previous model or framework used to assess risks in logistics business applications that will be implemented. migrated to the cloud. Based on the experimental results in this study, the application risk value during migration and after migration has a higher value than before migration, and the risk value during migration are higher than the risk value after migration.

[1] C. Pahl, H. Xiong, and R. Walshe, “A comparison of on-premise to cloud migration approaches,” Comput. Sci., vol. 8135 LNCS, no. ESOCC 2013, pp. 212–226, 2013, DOI: 10.1007/978-3-642-40651-5_18.

[2] D. Rountree and I. Castrillo, The Basics of Cloud Computing Understanding the Fundamentals of Cloud Computing in Theory and Practice, Syngress. Hai Jiang, 2013.

[3] R. J. Priyadarsini and L. Arokiam, “Failure Management In Cloud : An Overview,” Int. J. Adv. Res. Comput. Commun. Eng., vol. 2, no. 10, 2013.

[4] P. Gupta and C. Gupta, “Evaluating the Failures of Data Centers in Cloud Computing,” Int. J. Comput. Appl., vol. 108, no. 4, pp. 29–34, 2014, [Online]. Available: https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.671.5978&rep=rep1&type=pdf.

[5] K. Ren, C. Wang, and Q. Wang, “Security Challenges for the Public Cloud,” IEEE Internet Comput., vol. 16, no. 1, pp. 69–73, 2012.

[6] R. Patil, H. Dudeja, and C. Modi, “Designing in-VM-assisted lightweight agent-based malware detection framework for securing virtual machines in cloud computing,” Int. J. Inf. Secure., vol. 19, pp. 147–162, 2019, DOI: 10.1007/s10207-019-00447-w.

[7] R. Felani, M. N. Al Azam, D. P. Adi, A. Widodo, and A. B. Gumelar, “Optimizing Virtual Resources Management Using Docker on Cloud Applications,” IJCCS (Indonesian J. Comput. Cybern. Syst., vol. 14, no. 3, pp. 319–330, 2020, DOI: 10.22146/ijccs.57565.

[8] S. Islam, S. Fenz, E. Weippl, and H. Mouratidis, “A Risk Management Framework for Cloud Migration Decision Support,” J. Risk Finance. Manag., vol. 10, no. 2, pp. 1–24, 2017, DOI: 10.3390/jrfm10020010.

[9] A. D. Kozlov and N. L. Noga, “Risk Management for Information Security of Corporate Information Systems Using Cloud Technology,” in 2018 Eleventh International Conference “Management of large-scale system development” (MLSD), 2018, pp. 1–5, DOI: 10.1109/MLSD.2018.8551947.

[10] O. Akinrolabu, S. New, and A. Martin, “Assessing the Security Risks of Multicloud SaaS Applications: A Real-World Case Study,” Proc. - 6th IEEE Int. Conf. Cyber Secure. Cloud Comput. CSCloud 2019 5th IEEE Int. Conf. Edge Comput. Scalable Cloud, EdgeCom 2019, pp. 81–88, 2019, DOI: 10.1109/CSCloud/EdgeCom.2019.00-14.

[11] J. Zaki, S. M. R. Islam, N. S. Alghamdi, M. Abdullah-Al-Wadud, and K. S. Kwak, “Introducing Cloud-Assisted Micro-Service-Based Software Development Framework for Healthcare Systems,” IEEE Access, vol. 10, pp. 33332–33348, 2022, DOI: 10.1109/ACCESS.2022.3161455.

[12] S. Sarmah, A. Li, and S. S. Sarmah, “Cloud Migration-Risks and Solutions,” Sci. Technol., vol. 2019, no. 1, pp. 7–11, 2019, DOI: 10.5923/j.scit.20190901.02.

[13] N. Ahmad, Q. N. Naveed, and N. Hoda, “Strategy and procedures for Migration to the Cloud Computing,” 2018 IEEE 5th Int. Conf. Eng. Technol. Appl. Sci., pp. 1–5, 2018.

[14] Guide, “Risk management — Vocabulary ISO/IEC CD 2 Guide 73,” no. 30. Geneva 20, pp. 1–12, 2008.

[15] ITA, “IT Risk Management Framework - Governance & Standards Division,” in IT Risk Management Framework, 1.0., Oman, 2017, p. 23.

[16] R. A. Caralli, J. F. Stevens, L. R. Young, and W. R. Wilson, “Introducing OCTAVE Allegro : Improving the Information Security Risk Assessment Process,” Qatar, 2007. [Online]. Available: https://resources.sei.cmu.edu/asset_files/TechnicalReport/2007_005_001_14885.pdf.

[17] J. M. C. Brook, V. Chin, S. Lumpe, and A. Ulskey, “Top Threats to Cloud Computing Security: The Egregious Eleven,” Asia Pacific, 2020. [Online]. Available: https://cloudsecurityalliance.org/artifacts/top-threats-to-cloud-computing-egregious-eleven/.

[18] N. Amara, H. Zhiqui, and A. Ali, “Cloud Computing Security Threats and Attacks with their Mitigation Techniques,” in 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2017, pp. 244–251, DOI: 10.1109/CyberC.2017.37.

[19] Y. A. Singgalen, H. D. Purnomo, and I. Sembiring, “Exploring MSMEs Cybersecurity Awareness and Risk Management : Information Security Awareness,” IJCCS (Indonesian J. Comput. Cybern. Syst., vol. 15, no. 3, pp. 233–244, 2021, DOI: 10.22146/ijccs.67010.