International Journal of Management Science and Information Technology IJMSIT
E-ISSN: 2774-5694
P-ISSN: 2776-7388
Volume 6 .
January-June 2026, 29-38 DOI: https://doi.
org/10.
35870/ijmsit.
Implementation of Data Security Framework in Microservices Cloud Computing Architecture for E-Learning Platform Fika Ulfa Widowati 1* 1* Faculty of Economics and Business.
Digital Business Study Program.
Universitas 17 Augustus 1945 Semarang.
Semarang City.
Central Java Province.
Indonesia Email: fikaulfa-widowati@untagsmg.
id 1* Abstract Article history:
Received February 12, 2026 Revised February 16, 2026 Accepted February 16, 2026 Secure cloud infrastructure is necessary for Indonesia's e-learning to undergo a digital transition.
This study examines how a data security framework is implemented on a microservices architecture based on Platform-as-a-Service (PaaS).
Using a kualitatif approach through case studies, this study integrates the principles of Arsitektur Zero Trust, endto-end encoding, and service isolation.
According to the research findings, this integrated framework can enhance system resilience, speed up security incident response by 65%, and lower the chance of data breaches by up to 87%.
The PaaS model's high scalability and inadequate resource control make this framework easily applicable to a variety of other large-scale digital platforms.
When creating an e-learning ecosystem that is resistant to cyberattacks, developers and educational institutions can use this research as a strategic guide.
Keywords:
E-learning.
Cloud Computing.
Microservices.
Data Security.
Zero Trust Architecture.
INTRODUCTION
Digital transformation has fundamentally changed the landscape of information technology infrastructure in educational institutions.
E-learning platforms have become a critical component of the modern education ecosystem, particularly following the COVID-19 pandemic, which accelerated the adoption of digital-based learning across Indonesia.
According to the Ministry of Education and Culture, more than 70 percent of national educational institutions have adopted e-learning platforms, but only 35 percent have implemented comprehensive data security protocols.
This gap creates significant urgency, given that broadband traffic for online learning in Indonesia surged by up to 16% during the crisis, often without adequate cyber defense system upgrades.
Previous research has shown that cloud computing offers exceptional scalability and cost-efficiency (Buyya et al.
, 2.
However, a study by Hashizume et al.
revealed that data security remains a major barrier to adoption of this technology.
Microservice architecture, while providing flexibility, creates a broader and more complex attack surface.
Recent data shows that 68 percent of security incidents on elearning platforms in Southeast Asia stem from vulnerabilities at the microservice layer.
There is a significant research gap related to the unique challenges in Indonesia, where limited user technical skills and a lack of IT resources in many institutions exacerbate cybersecurity risks.
Most existing studies remain broadly theoretical and fail to offer an integrated framework tailored specifically to Indonesia's diverse geographic and infrastructure context.
This research identifies a specific problem: how to design and implement a comprehensive and effective data security framework in a microservice cloud computing architecture for an e-learning platform to optimally mitigate risks.
The main objectives are to analyze specific threats, design a Zero Trust Architecture (ZTA)-based framework, implement it in a real-world case study, and evaluate its effectiveness in improving system resilience.
Volume 6 .
January-June 2026, 29-38.
DOI: https://doi.
org/10.
35870/ijmsit.
RESEARCH METHOD
Research Design and Approach This research uses a qualitative approach with an in-depth single-case study design.
This design was chosen based on the need to comprehensively understand how data security frameworks are implemented in the specific context of cloud computing microservices architectures on e-learning platforms.
The qualitative approach allows for an in-depth exploration of the implementation process, technical challenges, and organizational factors that influence system security (Yin, 2.
This design aligns with the research objectives, which focus on practical analysis and implementation rather than statistical generalization.
Research Population and Sample The research population covers the entire infrastructure and system components of a leading e-learning platform in Indonesia that utilizes a microservices architecture.
This specific platform was selected as the case study based on its critical relevance: it serves over 500,000 active users, manages a highly complex microservices ecosystem, and represents the typical cybersecurity challenges faced by large-scale educational institutions in the region.
The selection ensures that the findings possess high practical significance for similar digital transitions in Southeast Asia.
The research sample was selected using purposive sampling to ensure a holistic perspective.
System Infrastructure: Thirty-two .
microservices distributed across a production cloud computing cluster, providing a technical baseline for framework implementation.
Technical Stakeholders: Eighteen .
respondents, including system administrators, security engineers, and management stakeholders, to provide insights into technical governance and decision-making.
End-User Stakeholders: Ten .
representatives from the user base, consisting of faculty members and students, to evaluate the frameworkAos impact on user experience, system accessibility, and perceived data Technical Documentation: Forty-five .
documents, including system configuration files, security architecture blueprints, and security logs spanning a six-month period.
Inclusion and Exclusion Criteria Technical respondents were required to have a minimum of two years of experience in cloud management and direct involvement in security protocols.
Inclusion of end-users was based on frequent interaction with the platform .
inimum 10 hours per wee.
Exclusion criteria applied to personnel without administrative access or those not involved in the systemAos security decision-making Method of collecting data Data were collected through three triangulation methods to increase the validity and reliability of the In-depth Interview Semi-structured interviews were conducted with eighteen respondents over a threemonth period.
Each interview lasted 60Ae90 minutes and included the following questions: .
How are current data security strategies implemented in microservices architectures?, .
What are the most common security threats faced in managing e-learning platforms?, .
What challenges are faced in integrating security protocols across multiple microservices?, .
How is the monitoring and incident response process carried out?.
All interviews were recorded with the participants' permission and transcribed verbatim for further analysis.
System Observation Technical observations were conducted over four months, directly monitoring security gateway configurations, encryption implementation in microservices APIs, inter-service communication protocols, and system log files.
Researchers accessed the platform's monitoring and analytics dashboard to observe real-time security metrics.
Document Analysis Researchers analyzed forty-five technical documents including: system flow diagrams, security architecture blueprints, incident report logs, policy documentation, and security standard operating procedures (SOP.
that had been implemented.
Research Procedures and Timeline The research was conducted in five phases: Phase 1 (Month 1-.
: Preparation and Desk Research Literature collection, stakeholder identification, and negotiation of access to the e-learning platform system.
Phase 2 (Month 2-.
: Initial Data Collection Interviews with key respondents and observations of existing infrastructure systems.
Phase 3 (Month 4-.
: Threat Analysis and Framework Design In-depth analysis of collected data and design of a security framework based on Zero Trust Architecture.
Phase 4 (Month 5-.
Framework Implementation Framework implementation on staging and production environments with intensive monitoring.
Phase 5 (Month 6-.
: Evaluation and Documentation Measuring the effectiveness of the framework through security metrics and completion of research documentation.
Volume 6 .
January-June 2026, 29-38.
DOI: https://doi.
org/10.
35870/ijmsit.
Data Analysis Techniques Qualitative data was analyzed using the thematic coding method with the following steps:
Coding and Categorization Interview transcripts and technical documents were manually coded using NVivo 12 software to identify key themes related to data security, microservices architecture, and implementation challenges.
Coding was conducted in three stages: open coding, axial coding, and selective coding.
Data Reduction Data is grouped based on key dimensions: .
type of security threat, .
mitigation mechanisms, .
implementation effectiveness, and .
organizational factors affecting security.
Pattern Recognition Patterns of consistency and inconsistency are identified to understand the relationship between security framework elements and implementation outcomes.
System Log Analysis Security logs were quantitatively analyzed to calculate: the number of incidents per month, response time, mitigation success rate, and the effectiveness of security protocols.
Log data was processed using Python with the library and matplotlib for visualization of security trends.
The main security metrics measured include: .
Mean Time to Detect (MTTD), .
Mean Time to Respond (MTTR), .
Incident rate, and .
Security patch deployment time.
Table 1.
Comparison of Security Metrics Before and After Framework Implementation Security Metrics Baseline (Pre-Implementatio.
Post-Implementation Improvement(%) MTTD .
MTTR .
Incident Rate .
er mont.
Patch Deployment Time .
Ethical Considerations This research has received approval from the Research Ethics Committee of the researcher's home institution under approval number IRB-2024-0847.
All research procedures adhere to the following research ethics principles.
Informed Consent Each respondent signed an informed consent form explaining the study's purpose, methodology, risks, and benefits of participation.
Respondents were given the opportunity to ask questions before giving consent.
Confidentiality and Anonymity The identities of respondents and case study institutions are kept confidential using identification codes (R-01 to R-.
Sensitive data related to system configuration and security information is encoded and stored on an encrypted server accessible only to the research team.
Data Protection All research data is stored in encrypted storage with strict access controls.
Data will be deleted 12 months after publication of the research results, in accordance with GDPR and Indonesian data protection regulations.
Minimize Risk The implementation of the security framework is carried out on a staging environment first to ensure there is no negative impact on the ongoing operation of the e-learning platform.
Research Limitations Several methodological limitations are acknowledged in this study:
Limited Generalization: The single case study design provides in-depth understanding but is limited in its generalizability to other educational institution contexts.
However, the principles of the security framework can be adapted to different contexts.
Observation Period: System monitoring was conducted over a six-month period, which may not capture the full range of seasonal cyber threats.
To address this limitation, the study recommends long-term monitoring of at least 12 months.
Respondent Limitations: The number of respondents .
was relatively small, but was selected based on their expertise and critical role in security implementation, so that the data collected remained high External Control Variables: External factors such as the development of cyber threats and regulatory changes cannot be fully controlled in this study.
To overcome these limitations, this study uses data triangulation and methods to increase the reliability of findings and recommendations for further research including multi-site case studies.
RESULTS AND DISCUSSION
Research Result Volume 6 .
January-June 2026, 29-38.
DOI: https://doi.
org/10.
35870/ijmsit.
Baseline System and Infrastructure Characteristics An initial analysis of the case study's e-learning platform revealed a complex microservices architecture with 32 independent services spread across a cloud computing cluster.
The baseline infrastructure revealed several significant vulnerabilities in the data security implementation.
Table 2 presents the technical characteristics of the infrastructure before the implementation of the proposed security framework.
Tabel 2.
Infrastructure Characteristics and Baseline Security Status System Components Technical Specifications Security Status Number of Microservices API Gateway Transit Data Encryption Rest Data Encryption Authentication Method Access Control Model Security Monitoring Incident Response Time 32 services Not yet isolated Nginx Reverse Proxy TLS 1.
AES-128
Username/Password Role-Based Access Control (RBAC) ELK Stack 5 jam Basic authentication Partial implementation Legacy standard No MFA Manual configuration Limited visibility Unstructured The data in Table 2 shows that the pre-implementation system used outdated security standards, with minimal encryption strength (AES-.
and no multi-factor authentication (MFA).
Analysis of system logs during the baseline period .
he first 3 month.
recorded 24 detected security incidents, with an average detection time of 24.
5 hours and a response time of 18.
3 hours.
Security Threat Identification and Vulnerability Assessment Based on the results of in-depth interviews with 18 respondents and analysis of technical documentation, the study identified five main categories of security threats in the microservices architecture of e-learning platforms:
Vulnerability in API Endpoints Respondent R-03 (Security Enginee.
stated: "We found 47 API endpoints that lacked rate limiting and strict authentication.
This allowed for potential brute-force attacks and denial-of-service attacks on critical services.
" Vulnerability scan analysis using OWASP ZAP identified 18 high-risk vulnerabilities related to improper input validation and inadequate logging.
Data Leakage via Inter-Service Communication This finding was confirmed by respondent R-07 (System Administrato.
: "Communication between microservices uses the HTTP protocol without end-to-end Sensitive data such as student academic information can be intercepted in transit between " Network traffic analysis showed 1,247 instances of unencrypted data transmission per day during peak hours.
Inadequate Access Control at the Database Layer Respondent R-12 (Database Administrato.
stated: "All microservices use the same database credentials, making it difficult to perform fine-grained access control and a comprehensive audit trail.
" This creates the risk of unauthorized data access and difficulty in tracing security incidents.
Insufficient Monitoring and Alerting Respondent R-05 (DevOps Enginee.
explained: "Our monitoring system only covers availability and performance metrics.
We don't have real-time alerting for suspicious activities or anomalous behavior patterns that could indicate a compromise.
" Log analysis shows that 62% of security incidents go undetected within the first 48 hours.
Lack of Incident Response Framework Respondent R-15 (Information Security Manage.
stated: "We don't have a structured incident response procedure.
When an incident occurs, our team works ad-hoc without a clear escalation path and communication protocol.
The results of the vulnerability assessment are presented in Figure 1.
Vulnerability Distribution based on Severity Level.
Total Vulnerabilities Found: 81 Figure 1.
Distribution of Vulnerability Assessments in the Microservices Baseline Architecture Volume 6 .
January-June 2026, 29-38.
DOI: https://doi.
org/10.
35870/ijmsit.
Security Framework Design and Implementation The integrated security framework is designed by integrating the principles of Zero Trust Architecture, least privilege access, and defense in depth.
The framework consists of five security layers, as illustrated in Figure 2.
Figure 2.
Five-Layer Security Framework Architecture for Microservices Cloud Computing The framework implementation follows the following equation to calculate the security effectiveness score.
cOycoycnycycnyciycaycyceycc y ycOyc ) .
aycyycyceycyceycuycyceycc y ycOycn ) .
cNycyceyccycycayceycc y ycOyc ) ycIyaycI = y 100%.
cOycycuycycayco y ycOyc ) .
aycaycaycyceycoycnycuyce y ycOycn ) .
cNycaycaycyceycoycnycuyce y ycOyc ) Where:
Oe SES = Security Effectiveness Score Oe V_.
= Number of vulnerabilities successfully mitigated Oe V_.
= Total vulnerabilities identified Oe I_.
= Number of incidents successfully prevented Oe I_.
= Number of incidents in the baseline period Oe T_.
= Reduction of response time to incidents Oe T_.
= Baseline response time Oe W_v.
W_i.
W_t = Weight factors for vulnerability, incident, and time reduction Based on Equation .
, the SES calculation results after implementing the framework reached 84.
which indicates a significant increase in the security posture of the system.
Security Metrics and Quantitative Analysis The security framework was implemented over a four-month period (SeptemberAeDecember 2.
in a production environment with intensive monitoring.
Table 3 presents a comparison of key security metrics between the baseline and post-implementation periods.
Volume 6 .
January-June 2026, 29-38.
DOI: https://doi.
org/10.
35870/ijmsit.
Table 3.
Comparison of Security Metrics Before and After Framework Implementation Baseline (PrePostStatistical Security Metrics Change(%) Implementatio.
Implementation Significance Mean Time to Detect .
5 A 8.
6 A 2.
p < 0.
Mean Time to Respond 3 A 6.
4 A 1.
p < 0.
Incident Rate .
er bula.
2 A 2.
1 A 0.
p < 0.
Failed Authentication 342 A 78
28 A 12
p < 0.
Attempts Unauthorized Access
156 A 41
p < 0.
Attempts Data Breach Incidents 2 per bulan 0 per bulan -100% N/A Patch Deployment Time 7 A 4.
5 A 1.
p < 0.
Security Alert Volume .
er 1,247 A 342
156 A 45
p < 0.
< 0.
001 indicates very high statistical significance.
data were analyzed using paired t-test with n=120 observations per perio.
* Statistical analysis using paired t-tests showed that all improvements in security metrics were statistically significant .
< 0.
Effect sizes (Cohen's .
for most metrics ranged from 1.
8 to 2.
indicating substantial practical significance.
Qualitative Analysis Results and Main Themes Thematic analysis of interview transcripts .
otal 18 interviews, 27 hours of recording.
identified four main themes related to security framework implementation:
Theme 1: Improving Security Awareness and Organizational Culture.
Respondent R-02 (IT Manage.
stated: "The process of implementing the security framework has increased our team's awareness of the importance of security best practices.
Now security is not just the responsibility of the security team, but has become the mindset of the entire organization.
" This statement was confirmed by other respondents who consistently expressed changes in security culture.
Respondent R-09 (Application Develope.
"We now conduct security reviews on every code deployment and consider the security implications of every architectural decision".
Theme 2: Technical Challenges and Performance Trade-offs.
Respondent R-08 (Performance Enginee.
identified a technical challenge: "Implementing end-to-end encryption and security monitoring adds computational overhead.
Latency for API calls increases by an average of 12-15% due to encryption/decryption operations.
" However, this respondent also stated that this trade-off is acceptable considering the security benefits gained.
The response time for the 95th percentile API latency previously increased from 450ms to 518ms post-implementation.
Theme 3: Effectiveness of Automated Threat Detection.
Respondent R-11 (Security Analys.
praised the effectiveness of the implemented behavioral analytics: "Our anomaly detection system successfully identified suspicious patterns that would have been impossible to detect manually.
For example, we found accounts accessing data from geographical locations that did not match typical usage patterns.
" The implementation of machine learning-based anomaly detection using the Isolation Forest algorithm successfully identified 23 suspicious activities within 4 months of implementation.
Theme 4: The Need for Continuous Improvement and Training.
All respondents acknowledged that the security framework requires continuous maintenance and team training.
Respondent R-14 (Security Team Lea.
stated: "This framework is not a set-and-forget solution.
We need to continuously provide security updates, monitor the latest cyber threat trends, and conduct periodic security assessments.
" The security team recommended allocating adequate resources for the framework's long-term sustainability.
Figure 3.
Frequency Distribution of Main Themes from Interview Analysis Comparative Study with Industry Best Practices The study compared the implemented framework with cloud security best practices from the NIST Cybersecurity Framework and the Cloud Security Alliance (CSA).
Table 4 presents the comparative results.
Volume 6 .
January-June 2026, 29-38.
DOI: https://doi.
org/10.
35870/ijmsit.
Table 4.
Comparison of Security Frameworks with International Industry Best Practices Security Dimensions NIST Framework CSA Guidelines Our Framework Suitability (%) Identify Protect Detect Respond Recover Risk assessment tools Access control.
Encryption Continuous monitoring Incident response plan Backup & disaster recovery Asset inventory Data protection Threat detection IR procedures Business continuity Implemented Implemented Implemented Implemented Implemented The comparative results show that the implemented framework is consistently aligned with international best practices, with an average conformance of 88.
Discussion Interpretation of Findings Against Research Questions This research is designed to answer the main research question: "How to design and implement a comprehensive and effective data security framework on a cloud computing microservices architecture for an e-learning platform?" The research findings consistently support the hypothesis that implementing an integrated security framework based on Zero Trust Architecture can significantly improve security posture and threat prevention mechanisms in microservices architectures.
Specifically.
Table 3 shows that the incident rate decreased by 6%, unauthorized access attempts decreased by 94.
2%, and the mean time to detect decreased by 64.
These results far exceeded the study's initial target of a minimum 50% improvement in key security metrics.
The findings also indicate that the security framework is not only effective in the technical dimension but also contributes to the organizational dimension by increasing security awareness and maturing incident response capabilities.
This aligns with previous research by Shameli-Sendi et al.
, which emphasized the importance of a holistic approach to managing cybersecurity that integrates the technical, organizational, and human dimensions.
Contribution to the Body of Knowledge This research makes significant contributions to the information security management literature in three Theoretical Contribution This study develops and validates an integrated security model specifically for microservices architectures in e-learning platforms.
This model combines the principles of Zero Trust Architecture with the concepts of defense in depth and least privilege access in a context that has not been widely explored in Indonesian academic literature.
Previous studies by Newman .
and Nadareishvili et al.
discussed microservices from an architectural patternAos perspective, but integration with a comprehensive security framework is still limited.
Practical Contribution The developed framework provides concrete and measurable implementation guidance for educational institutions in securing their cloud infrastructure.
From a practitioner perspective, this framework is valuable because it provides step-by-step implementation guidance and clear metrics for measuring security improvements.
Respondent R-16 (CIO of an E-Learning Platfor.
stated: "This framework gives us a clear roadmap for security implementation.
We now know exactly what to do and how to measure success.
Methodological Contribution This study demonstrates the effectiveness of a mixed-method approach .
combination of qualitative and quantitative analysi.
in evaluating the security of complex systems.
The use of data triangulation through interviews, system observations, and technical documentation analysis yields a more holistic understanding than a single-method approach.
Practical and Theoretical Implications Practical Implications: The research findings have significant practical implications for stakeholders:
Educational institution leaders can use this framework as a blueprint for developing their institution's security Implementation priorities can be tailored to each institution's maturity level and risk appetite.
For example, institutions with a solid existing security infrastructure can focus on optimization and automation, while those with a weaker security posture can follow the five-layer implementation sequence presented in Figure 2.
Security and information technology teams can use the security metrics identified in the study as a basis for establishing a security monitoring dashboard and Key Performance Indicators (KPI.
The implementation timeline and resource requirements presented in the study can serve as a reference for budgeting and resource planning.
Theoretical Implications: The research findings also provide valuable theoretical insights.
First, this study validates that Zero Trust Architecture principles can be effectively applied in the context of cloudbased e-learning platforms, whereas previously most Zero Trust implementations were carried out in Volume 6 .
January-June 2026, 29-38.
DOI: https://doi.
org/10.
35870/ijmsit.
traditional enterprise networks.
Second, the study shows that the effectiveness of a security framework depends not only on technical sophistication, but also on organizational readiness and the maturity level of the security culture.
Respondents from institutions with a mature security culture reported higher adoption rates and fewer implementation challenges.
Unexpected Findings and Explanations The study identified two somewhat unexpected findings.
Expected Finding 1: Minimal Performance Overhead The initial expectation was that the implementation of encryption and security monitoring would cause significant performance degradation (>20%).
However, empirical results show a performance impact of only 12-15% for API latency and <8% for overall system throughput.
Explanations for this phenomenon include: .
optimizing the caching strategy for encryption keys, .
implementing hardware acceleration for cryptographic operations, and .
efficient design of security monitoring agents that do not use excessive system resources.
Unexpected Finding 2: Minimal Organizational Resistance Based on the literature (Henninger & Sternberg, 2.
, change resistance in organizational security implementation usually ranges from 30-40% of In this study, resistance was only found in <10% of personnel, with the majority of respondents even showing a positive attitude towards the framework implementation.
Perhaps the most important factors are: .
comprehensive change management and training programs implemented, .
clear communication about the security risks and benefits of the framework, and .
involvement of the front-line team in the design and implementation process from the beginning.
Limitations in Analysis and Interpretation Although this study provides valuable insights, some limitations need to be acknowledged.
Limitation 1: Limited Generalizability Single-site case studies may not be fully representative of the diversity of Indonesian educational institutions.
For example, large institutions with dedicated security teams may have different implementation experiences than smaller institutions with limited IT resources.
To address this limitation, further research should utilize multi-site case studies or a survey approach involving multiple Limitation 2: Temporal Limitation The observation period was only 4 months post-implementation, which may not be sufficient to observe sophisticated cyber attacks that may take longer to develop.
Continuous monitoring for at least 12-24 months is recommended for a comprehensive threat landscape Limitation 3: Measurement Limitations Some security metrics, such as "prevented incidents," are estimates based on blocked attempts and suspicious alerts.
Actual incident prevention rates may differ from these estimates.
To improve measurement accuracy, further research can use red team testing or penetration testing to validate the effectiveness of security controls.
Comparison with Previous Research This study presents results that are consistent with, but more detailed than, previous research by Hashizume et al.
, which identified security as a major barrier to cloud adoption, and validates that a comprehensive security framework can significantly address this barrier.
However, while Hashizume et al.
focused on identifying security threats, this study provides a concrete implementation framework and empirical evidence of its effectiveness.
Newman .
discusses the architectural benefits of microservices, but relatively little attention is paid to security implications.
This study fills this gap with a detailed analysis of how microservices architecture complicates security management and how a well-designed security framework can mitigate these complexities.
Research by Ardi and Suryanto .
reports that 68% of security incidents in Southeast Asia stem from microservices-level vulnerabilities.
Our research provides a concrete solution to the problem identified by Ardi and Suryanto, with empirical evidence that this solution can reduce microservices-related incidents CONCLUSION This research has successfully developed and implemented a comprehensive data security framework on a microservices cloud computing architecture for an e-learning platform.
Through in-depth qualitative analysis and quantitative metric evaluation, the research demonstrates that a systematic approach to cloud security management based on Zero Trust Architecture can significantly improve a systemAos security posture.
Empirical evidence shows an 86.
6% reduction in incident rates and a 94.
2% reduction in unauthorized access attempts, results that far exceed industry benchmarks.
Furthermore, the framework resulted in a positive organizational transformation through increased security awareness and the maturation of incident response Volume 6 .
January-June 2026, 29-38.
DOI: https://doi.
org/10.
35870/ijmsit.
The developed framework is designed for high scalability, making it a viable reference model for educational institutions of various sizes.
Due to its modular, container-based architecture, the framework can be efficiently scaled from small-scale private platforms to large-scale national e-learning infrastructures in Indonesia and other developing countries.
Its platform-agnostic nature allows for seamless integration across different cloud providers, ensuring that institutions with varying budget and technical constraints can adopt robust security standards.
The sustainability of this framework relies on a shift from a "one-time setup" to a model of continuous security monitoring.
Given the ever-evolving nature of cyber threats, the research emphasizes that long-term resilience is only achievable through ongoing automated audits and real-time threat intelligence.
This requires sustained commitment from all stakeholdersAiorganizational leadership.
IT professionals, security teams, and end usersAito maintain a proactive culture of security excellence in Indonesian educational ACKNOWLEDGEMENTS The researcher would like to express her deepest gratitude to the Rector and Head of the Educational Institution that served as the case study location for providing access to cloud computing infrastructure and elearning platforms for the purposes of this research.
The researcher also appreciates the invaluable contributions of the eighteen respondents consisting of system administrators, security engineers, database administrators, and management stakeholders who have taken the time to participate in in-depth interviews and share insights on the implementation of the security framework.
Deep gratitude is also expressed to Dr.
[Name of Superviso.
as academic supervisor who has provided guidance and constructive feedback in every stage of the research, as well as to [Name of Funding Institutio.
who has provided financial support through a research grant with number [Grant Numbe.
to facilitate comprehensive data collection and analysis.
Special appreciation is given to the technical team who has assisted in the implementation of the security framework and the collection of technical data for the system, as well as to the Research Ethics Committee who has granted approval for this research.
Without the support and collaboration of all parties, this research would not have been able to be completed properly.
REFERENCES