Cloud Computing Security and Privacy

Verified

Added on 2020/05/08

AI Summary

This assignment delves into the multifaceted challenges of security and privacy within cloud computing environments. It explores issues like data sensitivity, particularly concerning employee financial and performance data, and the implications of using multiple data centers for service providers. The analysis also examines the responsibilities of both individual employees and service providers in mitigating these risks through measures like encryption and adherence to legal and policy frameworks.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running Head: CLOUD PRIVACY 1
Cloud Privacy
<Student Id>
<Student Name>
<University Name>

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

CLOUD PRIVACY 2
Introduction:
The scenario considered for this report involves the Department of Administrative
Services (DAS) and its cloud first approach alongside prominent references to its data
migration policy. The other elements observed in the scenario include references to the
process of implementing the shared services such as SaaS HR and Personnel management
suite, PaaS SharePoint platform which can be accounted as the basis for the proposed WofG
Intranet platform and the SaaS performance management suite. The following report presents
a comprehensive analysis of the threats and risks associated with this project since it involves
the physical location of data centres at different geographical locations (Abbas & Khan,
2015).
The necessity of privacy and personal information management is perceived explicitly
in the case of Department of Administrative Services (DAS) decision to centralize its
functions and services for different government based entities through a US based cloud
service provider. The particular references to the recent emergence of profound threats due to
expansion of the internet and cloud based practices in the professional domain have to be
considered as significant determinants for introduction of policy guidelines. As per Gholami
& Laurem, the policy guidelines are indicated towards addressing the data breaches that have
been reported in context of sensitive areas such as governmental and financial domains
(Gholami & Laure, 2016). The objective of the cloud security framework should be aligned
with the personal information management of associated with particular references to security
and privacy of employee data that would be recorded in the HR and performance
management framework and the payroll information. These aspects would be provided
through the single link sign in portals available for employees on the intranet.
Security of Employee data:
Threats in the cloud migration infrastructure could be identified in the form of
Malware and Hacking, unintended disclosure, phishing emails, insider threat and employees
bringing their own devices to the workplace. As per Henze, et al, the threats from the
implications of employees bringing their own devices to the workplace could lead to
profound security threats. The threats arise from storage of sensitive company information in
the personal devices of employees could lead to data leakage since the devices could not have
appropriate security software (Henze, et al., 2016). The protection of personal information
could also be subject to the threat of phishing emails which could be targeted at the personal

CLOUD PRIVACY 3
emails of employees in order to access the details of the employee’s individual Single Link
Sign-in passwords. As per Kamarinou, Millard & Hon, employees could also be subject to
security risks through unintended disclosure according to which arise from human errors on
behalf of the service users, contractor and data processing centre (Kamarinou, Millard &
Hon, 2016). Such examples could be identified in the physical loss of devices by employees
that can be addressed by considering the education of employees regarding the common
threat vectors that would not involve references to education and training of employees
regarding the risks leading to intended disclosure such as downloading unknown software,
malicious links and checking the authenticity of the web addresses.
Privacy of employee data:
According to Merani, Barcellona & Tinnirello, the particular areas which affect the
privacy of employee data could be identified in the lack of monitoring the continuous updates
regarding applicable legal precedents. Furthermore, it is also essential to notice the pitfalls in
collection and processing of personal data related to employees and the lack of awareness of
the global process facilities regarding important changes (Merani, Barcellona & Tinnirello,
2015).
The privacy concerns could be addressed effectively through implementing a
comprehensive framework which supports authentication. The privacy of employee’s
personal data can be ensured through inducing a systemic approach that facilitates distinct
insights into the responsibilities and authorities of supervisory personnel. These precedents
would be considered in context of collection of personal information, processing, utilization
and transfer of personal data and the authentication of responsibility of the individuals to
undertake these processes.
Digital Identity Issues:
Digital identity concerns that could be observed in the case of the cloud migration
initiative of DAS to introduce HR and performance management suite, the payroll
management framework and management of data integration from different data processing
centres include identity theft, personal data theft, and misuse of identity, privilege escalation
and identity tampering. Identity theft is profoundly observed in the form of using the digital
identity of other individuals to access information or impersonating the person on the digital
platform. Since the web platform would be implicative of the requirements for management

CLOUD PRIVACY 4
of personal information on the basis of integrity of the data, it is essential to implement
suitable approaches such as encryption of digital identity based platforms that are used within
the organization (Reichel, et al., 2016).
Employees should be equally aware of personal data theft as a detrimental
consequence in digital identity issues. Therefore individual employees would be held
accountable for resolving issues in the digital identity pertaining to the cloud framework of
the organization. As per Soghoian, the creation of a legal environment, addressing privacy
concerns in the initial stages which is considered responsible for addressing the digital
identity concerns in an organization. Another prominent measure that could be observed in
the form of demarcating the digital identification approach from the authorisation and
authentication approaches (Soghoian, 2017).
Provider Solution Issues:
The provider solutions provided by the service provider are also accompanied with
prominent references to the multiple data centres of the organization. The particular
references to the processing centre at a single location would also be complicated for the
service provider to collect data from distinct sources, process the information regarding the
different departments of the Government (Xiao & Xiao, 2013). It is imperative for the
providers to align with the policy and legal requirements pertaining to the cloud services.
However, the limitations could arise profoundly in the form of conflicts between policy
precedents of the service provider and individual government agencies.
Data Sensitivity:
The concerns for data sensitivity could be identified in this case profoundly in the
form of lack of minimal control of physical security of data centres, employee’s financial
data and performance management data (Merani, Barcellona & Tinnirello, 2015). These
elements have to be associated with measures such as encryption in order to ensure security
of sensitive data. The notable classifications of the data into three categories on the basis of
sensitivity would enable employees to perceive the appropriate levels of encryption and
security precedents for each form of data. The three categories include profound references to
confidential data, regulated data and public data.
References

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

CLOUD PRIVACY 5
Abbas, A., & Khan, S. U. (2015). e-Health Cloud: Privacy Concerns and Mitigation
Strategies. In Medical Data Privacy Handbook (pp. 389-421). Springer International
Publishing.
Gholami, A., & Laure, E. (2016). Advanced cloud privacy threat modeling. arXiv preprint
arXiv:1601.01500.
Henze, M., Hermerschmidt, L., Kerpen, D., Häußling, R., Rumpe, B., & Wehrle, K. (2016).
A comprehensive approach to privacy in the cloud-based Internet of Things. Future
Generation Computer Systems, 56, 701-718.
Kamarinou, D., Millard, C., & Hon, W. K. (2016). Cloud privacy: an empirical study of 20
cloud providers' terms and privacy policies—Part I. International Data Privacy
Law, 6(2), 79-101.
Merani, M. L., Barcellona, C., & Tinnirello, I. (2015, June). Multi-cloud privacy preserving
schemes for linear data mining. In Communications (ICC), 2015 IEEE International
Conference on(pp. 7095-7101). IEEE.
Reichel, J., Lind, A. S., Gholami, A., Litton, E., & Laure, E. (2016). Design and
implementation of the advanced cloud privacy threat modeling. International Journal
of Network Security & Its Applications.
Soghoian, C. (2017). Caught in the Cloud: Privacy, Encryption, and Government Back Doors
in the Web 2.0 Era.
Xiao, Z., & Xiao, Y. (2013). Security and privacy in cloud computing. IEEE
Communications Surveys & Tutorials, 15(2), 843-859.

1 out of 5

+13062052269

info@desklib.com

Cloud Computing Security and Privacy

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

SaaS Privacy and Security Risks Assessment

Cloud Security Report 2022

Cloud Computing Report 2022

Threat and Risk Assessment for MyLicense Portal - Desklib

Analyzing Employer-Employee Data

Security and Privacy Risk Assessment for DAS Management