ProductsLogo
LogoStudy Documents
LogoAI Grader
LogoAI Answer
LogoAI Code Checker
LogoPlagiarism Checker
LogoAI Paraphraser
LogoAI Quiz
LogoAI Detector
PricingBlogAbout Us
logo

Cloud Privacy and Security: Risks and Mitigation Strategies

Verified

Added on  2023/06/08

|14
|4006
|102
AI Summary
This report discusses the risks and mitigation strategies for cloud privacy and security. It covers threats, risks, and ethical issues related to employee data security, SaaS, digital identity, and data sensitivity. The report proposes guidelines for security policies and privacies while using cloud computing.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: CLOUD COMPUTING
CLOUD COMPUTING
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1CLOUD PRIVACY AND SECURITY
Table of Contents
Introduction................................................................................................................................3
Employee Data Security.............................................................................................................3
Threats and Risk.....................................................................................................................3
APIs:...................................................................................................................................4
Data Breach:.......................................................................................................................4
Hijacking account...............................................................................................................4
SaaS Risks:.............................................................................................................................4
Results of Threats:..................................................................................................................5
Privacy of employee data...........................................................................................................5
Existing Threats:....................................................................................................................5
Malware:............................................................................................................................5
Human Factor:....................................................................................................................5
Unmanaged Data................................................................................................................6
Additional Risk:.....................................................................................................................6
Result of Risks:......................................................................................................................6
Digital Identity Issue:.................................................................................................................6
Provider Solution Issues:............................................................................................................7
Key Cloud Provider:..........................................................................................................8
Contract:.............................................................................................................................8
Data Encryption:................................................................................................................8
Data Sensitivity..........................................................................................................................8
Ethical Issues:.........................................................................................................................9
Conclusion..................................................................................................................................9
Document Page
2CLOUD PRIVACY AND SECURITY
Introduction
The report is going to discuss about the security and privacy provided by the cloud
computing. As a consultant of the charity, it is being advised to prepare a report that will
propose guidelines for security policies and privacies while using cloud computing. The
Charities aim was to provide facility to the people who never received any advantages from
community. For personal management, charity purchased an application from an US based
organization and provided explanation for the SaaS (Pearson, 2013). The report will calculate
the risks that are likely to get generated while using cloud computing and its services. The
main objective is to protect the information regarding to the people who are associated with
this charity. The information of all the employees needs to be kept secured. There is a need of
proper planning in order to maintain the security and privacy in the charity a proper plan is
needed (Xiao & Xiao, 2013). The report will further discuss about the SaaS application and
will analyse the risk with the implication of this application. The ways data are stored in the
cloud storage so that data privacy and security can be controlled in a proper way is must be
controlled in a proper way so that the data will not get breached. The data stored in the cloud
needs to be encrypted ,so in case the data gets breached will still be protected.
Employee Data Security
Threats and Risk
The main aim of every organization is to provide their employee with security and trust
towards the organization. An employee will always love to work with an organization, which
will safeguard their data and will provide high security. There are several threats towards the
cloud database also; it is affecting the technology of cloud computing adversely. This
database contains a large amount of sensitive data which needs to be protected from cyber
attackers (Kshetri, 2013). This part of the report will discuss about the threats that are likely
Document Page
3CLOUD PRIVACY AND SECURITY
to be faced by the charity while managing their database. The possible risks and threats
related with cloud computing is listed below:
APIs:
This is an application programme interface, which enables the communication established
by the user with cloud. Organization with cloud system adopted advanced security towards
the APIs, in order to protect it from attackers. There remains some chances of vulnerabilities
to occur allowing the access to areas of administration in APIs.
Data Breach:
Data breach is a common threat that is likely to be faced by the cloud technology. The
result of data breaching is that, third party gets access to the personal information of an
employee. Result of data breach is that, attackers can get the data of the employees or the
organization from the cloud database and can alter the data according to their requirement
(Wei et al., 2014). Data breach can influence millions of individuals at a time.
Hijacking account
Sometimes the account of the employee is hacked. This hijacking is done by the
method known as phishing. This method searches for the gap in the security system and gets
in through this gap into the network and breach the account on this network. This method can
easily give the access to the hackers (Suo et al., 2013).
SaaS Risks:
With the migration data storage to SaaS, many risks are generated and the main threat
regarding to this is the data security. There always remains a possibility of getting data
breached (Hashizume et al., 2013). It becomes essential for the SaaS to take care of these
data. Sometimes location also becomes factor of risk as the data is moved in SaaS provider
by another country (Sen, 2014).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
4CLOUD PRIVACY AND SECURITY
Results of Threats:
Because of threat, an individual or an organization may get affected. The main
concern of an organization nowadays is to maintain the data security. The chances of threats
is increasing day by day as cyber attackers are also getting advanced with the technology
(Ryan, 2013). Data breaching impacts humans adversely as the data gets leaked contains
some confidential data and this data leakage harms the individual in every aspects. Thus this
becomes necessary to secure data by taking preventive measures. By phishing method, all the
details can be exposed to the attackers and can destroy data according to their need. At first
the cyber attackers analyses the activities of a person and then they get into their network
through gaps in the system.
Privacy of employee data
The main concern of the organization is to maintain the data privacy of their
employees, as this data contains information regarding to the employee and company as well.
Several companies are there who monitor the internet activities. Company should also be
aware of the fact that the data should not get disclose at any cost. Organization should make
sure that no other employee can access to someone else data. This information also contains
data related to health information and this is highly confidential.
Existing Threats:
There are several threats exists for security. The threats are discussed below:
Malware: Malware causes permanent threat for database. Malware attacks device and
steals all the data.
Human Factor: The major reason behind data breaches is human negligence. According
to the reports, humans need to be more careful about the network system (Rittinghouse &
Ransome, 2016).
Document Page
5CLOUD PRIVACY AND SECURITY
Unmanaged Data: Several companies are there who struggle to manage the data of their
staffs properly. Sometimes it happens that people who preserve the record forget to store a
data, which turns to be an important one (Rewagad & Pawar, 2013).
Additional Risk:
With the risks there are also many additional risk is generated while moving to SaaS
platform. The additional risk that arises is not every time the cloud providers are
sophisticated about the service that they provide. There are many third part involved in this
which can access data in SaaS. The main problem faced by technology is how to manage the
identity and access control (Li et al., 2013). Customer will only trust on vendor only when
they keep the things transparent. Sometimes it is being observed that the vendors do not
disclose the services provided by them in front of the customer (Modi et al., 2013).
Result of Risks:
The result of the risks discussed in the above part is that malware attacks the database
and can lead to data breach. One malware is enough to affect many people. Approximately 30
per cent cases of data breaching happens because of human negligence towards the
management of database (Sun et al., 2014). The corporation needs to organize their
employee’s information properly. This becomes essential for organization to supervise the
opportunity of the safety executive (Yan et al., 2013). So that there will be no permission
granted to the officers to access database.
Digital Identity Issue:
With the migration of database to SaaS application, there is a high chance of the
digital identity being disclosed. Digital identity is being stored in cloud database of cloud.
Digital identity is maintained mainly for preventing cybercrimes and for data security
purpose. In case the digital identity gets leaked then there are chances of several risks
Document Page
6CLOUD PRIVACY AND SECURITY
affecting the database. Online website ensures the security towards the data, but sometimes
due to some management problem private data gets leaked (Xia et al., 2016). The department
that can get affected the most with this issue is the finance department, as any identity reveal
can lead to gain a huge amount of money for the attacker. Recent time’s issues came up that
stated, the attackers are tracking down the data in a very delicate manner without the
individual’s prior concern (Rahimi et al., 2014).
Identity theft is also a major concern. The attackers use some other individual digital
identity so that they can get to the data (Stojmenovic & Wen, 2014). Phishing is the way
through which one can steal another person’s identity and further this identity is used to
attack other accounts. In addition to this, there lies an issue of identity tampering. This type
of attacks can be prevented by property integrity. Many standards are proposed to handle this
situation of identity tamper (Zhang et al., 2017).
Personal data theft also occurs, in this the confidential and an unauthorized person is
accessing private data. Personal data is something that is to be accessed by an individual and
unauthorized access to this data is a crime. The data such as biometric, passwords, account
details are something which is extremely private and needs (Fernando, Loke & Rahayu,
2013).
Provider Solution Issues:
Several risks are associated with SaaS. With the growing technology the chances of
threats also increased affecting the people around them in different ways. Security of data is
getting complex day by day. For providing best security of data it becomes necessary to
mitigate this risks that are likely to come with this situation. SaaS offers safety towards
company’s data. It becomes essential to manage data security (Almorsy, Grundy & Müller,

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
7CLOUD PRIVACY AND SECURITY
2016). SaaS provider is available for help at any time of the day. Several mitigation methods
are there and are discussed below:
Key Cloud Provider: The main requirement is find a cloud provider who is reliable.
Each cloud provider has different plans for maintaining the security in their management
(Shahzad, 2014). The vendor must be aware of the security maintained, so that their remains
the surety that the data vendor will not be closed.
Contract: Contract made with vendor must be clear and both the side needs to clear with
the terms and conditions before starting the contract (Ali, Khan & Vasilakos, 2015).
Data Encryption: The cloud database needs to maintain the encryption method in order
to protect the data on the cloud .Proper encryption of data provides security of the data and
also does not allows unauthorized person to get the access (Arora, Parashar, & Transforming,
2013). Thus data encryption is necessary for maintaining the privacy of the data.
Data Sensitivity
The database of the cloud stores several type of information of the people. Not every
data in the records can be considered as responsive data, there are specializations of data,
which can be called as the responsive data, and for cloud vendor it is necessary to guard
sensitive and personal data in cloud storage. The sensitive data are those that an individual
would like to keep private such as bank credentials, account and other details (Botta et al.,
2014). The main task is to protect the data from being disclosed in front of a third party.
Health information is something that is needed to be kept confidential, as there are many
diseases that causes a barrier among the peoples due to lack of awareness among the people ,
such as HIV, aids and many more (Chang & Ramachandran, 2016). These data needs privacy
from vendor of the cloud provider. Several techniques are there in order to protect the data
from being accessed by unauthorized users. The company’s main responsibility is to maintain
Document Page
8CLOUD PRIVACY AND SECURITY
the confidentiality of their employees and the people who come for help (Whaiduzzaman et
al., 2014). With the concept of data security ethical issues arises. Next part of the report will
discuss about ethical issues.
Ethical Issues:
Several researches have made and from this, it has been analyzed that maximum
organization uses records of employees for calculating the effort of the employees. The use of
employee data must be done to a certain limit so that the use says within a limit and the data
will not leaked to outside. With the growing popularity in tech, it will increase a chance of
data getting easily (Cuzzocrea, 2014). HR needs to control the employee to access data for
gaining the trust of the employee. Many company have the habit of tracking the activities of
their staffs without informing them, and these are against the ethics of the organization
(Ahmed & Hossain, 2014). Responsibility of HR is to identify the intention before they hire
any employee who will collect data from their other staffs. In case the data is hacked, it will
affect the trust and the HR should look after this matter and should not allow the company to
face such situation (Tari, 2014).
Conclusion
From the discussion, it can be concluded that data are important for every
organization and this are the key facts about employee. It becomes necessary to protect this
data from outsiders. The report also discussed the time when the data moved from normal
system to SaaS application and the risks that are likely to come along with this. In addition to
this digital identity is also being identified and addressed with the possible risk. The main aim
is to moderate the risk that are allied with data that are stored in the personal database of HR.
This is essential for employees to maintain the privacy and security of their data, so
unauthorized person cannot get the access over it. The report gives explanation for issues that
Document Page
9CLOUD PRIVACY AND SECURITY
is invoked while data is migrated to SaaS application. The charity needs to implement
security measures for protecting the data of each employee who are associated with the
charity, thus protecting data from being breached and maintains the authenticity. Being main
consultant of the charity it was my responsibility to asses all the risks and threats that are
likely to be faced by the charity and also I have suggested the solution for the same problem
in my report.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
10CLOUD PRIVACY AND SECURITY
References:
Ahmed, M., & Hossain, M. A. (2014). Cloud computing and security issues in the
cloud. International Journal of Network Security & Its Applications, 6(1), 25.
Ali, M., Khan, S. U., &Vasilakos, A. V. (2015). Security in cloud computing: Opportunities
and challenges. Information sciences, 305, 357-383.
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Arora, R., Parashar, A., & Transforming, C. C. I. (2013). Secure user data in cloud computing
using encryption algorithms. International journal of engineering research and
applications, 3(4), 1922-1926.
Botta, A., De Donato, W., Persico, V., &Pescapé, A. (2014, August). On the integration of
cloud computing and internet of things. In Future internet of things and cloud
(FiCloud), 2014 international conference on (pp. 23-30). IEEE.
Chang, V., & Ramachandran, M. (2016). Towards achieving data security with the cloud
computing adoption framework. IEEE Trans. Services Computing, 9(1), 138-151.
Cuzzocrea, A. (2014, November). Privacy and security of big data: current challenges and
future research perspectives. In Proceedings of the First International Workshop on
Privacy and Secuirty of Big Data (pp. 45-47). ACM.
Fernando, N., Loke, S. W., & Rahayu, W. (2013). Mobile cloud computing: A survey. Future
generation computer systems, 29(1), 84-106.
Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An
analysis of security issues for cloud computing. Journal of internet services and
applications, 4(1), 5.
Document Page
11CLOUD PRIVACY AND SECURITY
Khan, A. N., Kiah, M. M., Khan, S. U., & Madani, S. A. (2013). Towards secure mobile
cloud computing: A survey. Future Generation Computer Systems, 29(5), 1278-1299.
Kshetri, N. (2013). Privacy and security issues in cloud computing: The role of institutions
and institutional evolution. Telecommunications Policy, 37(4-5), 372-386.
Li, M., Yu, S., Zheng, Y., Ren, K., & Lou, W. (2013). Scalable and secure sharing of
personal health records in cloud computing using attribute-based encryption. IEEE
transactions on parallel and distributed systems, 24(1), 131-143.
Modi, C., Patel, D., Borisaniya, B., Patel, A., &Rajarajan, M. (2013). A survey on security
issues and solutions at different layers of Cloud computing. The journal of
supercomputing, 63(2), 561-592.
Pearson, S. (2013). Privacy, security and trust in cloud computing. In Privacy and Security
for Cloud Computing (pp. 3-42). Springer, London.
Rahimi, M. R., Ren, J., Liu, C. H., Vasilakos, A. V., &Venkatasubramanian, N. (2014).
Mobile cloud computing: A survey, state of art and future directions. Mobile
Networks and Applications, 19(2), 133-143.
Rewagad, P., &Pawar, Y. (2013, April). Use of digital signature with diffiehellman key
exchange and AES encryption algorithm to enhance data security in cloud computing.
In Communication Systems and Network Technologies (CSNT), 2013 International
Conference on (pp. 437-439). IEEE.
Rittinghouse, J. W., &Ransome, J. F. (2016). Cloud computing: implementation,
management, and security. CRC press.
Rong, C., Nguyen, S. T., &Jaatun, M. G. (2013). Beyond lightning: A survey on security
challenges in cloud computing. Computers & Electrical Engineering, 39(1), 47-54.
Document Page
12CLOUD PRIVACY AND SECURITY
Ryan, M. D. (2013). Cloud computing security: The scientific challenge, and a survey of
solutions. Journal of Systems and Software, 86(9), 2263-2268.
Sen, J. (2014). Security and privacy issues in cloud computing. In Architectures and
protocols for secure information technology infrastructures (pp. 1-45). IGI Global.
Shahzad, F. (2014). State-of-the-art survey on cloud computing security Challenges,
approaches and solutions. Procedia Computer Science, 37, 357-362.
Stojmenovic, I., & Wen, S. (2014, September). The fog computing paradigm: Scenarios and
security issues. In Computer Science and Information Systems (FedCSIS), 2014
Federated Conference on (pp. 1-8). IEEE.
Sun, Y., Zhang, J., Xiong, Y., & Zhu, G. (2014). Data security and privacy in cloud
computing. International Journal of Distributed Sensor Networks, 10(7), 190903.
Suo, H., Liu, Z., Wan, J., & Zhou, K. (2013, July). Security and privacy in mobile cloud
computing. In Wireless Communications and Mobile Computing Conference
(IWCMC), 2013 9th International (pp. 655-659). IEEE.
Tari, Z. (2014). Security and Privacy in Cloud Computing. IEEE Cloud Computing, 1(1), 54-
57.
Wei, L., Zhu, H., Cao, Z., Dong, X., Jia, W., Chen, Y., &Vasilakos, A. V. (2014). Security
and privacy for storage and computation in cloud computing. Information
Sciences, 258, 371-386.
Whaiduzzaman, M., Sookhak, M., Gani, A., &Buyya, R. (2014). A survey on vehicular cloud
computing. Journal of Network and Computer Applications, 40, 325-344.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
13CLOUD PRIVACY AND SECURITY
Xia, Z., Wang, X., Zhang, L., Qin, Z., Sun, X., & Ren, K. (2016). A privacy-preserving and
copy-deterrence content-based image retrieval scheme in cloud computing. IEEE
Transactions on Information Forensics and Security, 11(11), 2594-2608.
Xiao, Z., & Xiao, Y. (2013). Security and privacy in cloud computing. IEEE
Communications Surveys & Tutorials, 15(2), 843-859.
Yan, G., Wen, D., Olariu, S., &Weigle, M. C. (2013). Security challenges in vehicular cloud
computing. IEEE Transactions on Intelligent Transportation Systems, 14(1), 284-294.
Zhang, Y., Chen, X., Li, J., Wong, D. S., Li, H., & You, I. (2017). Ensuring attribute privacy
protection and fast decryption for outsourced data security in mobile cloud
computing. Information Sciences, 379, 42-61.
1 out of 14
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]