Cloud Security and Risk
VerifiedAdded on 2023/06/09
|19
|5365
|373
AI Summary
This report discusses the risks and threats to employee data in the HR database of Charity after SaaS migration. It also outlines the privacy of employee data and the issues related to digital identities and provider solutions. The report includes a case study and a discussion on the existing threats and risks for data security and privacy in the HR database.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: CLOUD SECURITY AND RISK
Cloud Security and Risk
Name of the Student
Name of the University
Author’s Note:
Cloud Security and Risk
Name of the Student
Name of the University
Author’s Note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
CLOUD SECURITY AND RISK
Table of Contents
Introduction................................................................................................................................2
Discussion..................................................................................................................................3
Case Study..............................................................................................................................3
1. Security of Employee Data................................................................................................4
1.1 Existing Threats and Risks for Data Security in HR Database....................................4
1.2 Additional Risks and Threats after SaaS Migration.....................................................5
1.3 Severity of Risks and Threats in Employee Data.........................................................6
2. Privacy of Employee Data.................................................................................................8
2.1 Existing Threats and Risks for Data Privacy in HR Database.....................................8
2.2 Additional Risks and Threats after SaaS Migration.....................................................9
2.3 Severity of Risks and Threats in Employee Data.......................................................10
3. Digital Identities Issues....................................................................................................11
4. Provider Solutions Issues.................................................................................................12
5. Data Sensitivity................................................................................................................13
Conclusion................................................................................................................................14
References................................................................................................................................17
CLOUD SECURITY AND RISK
Table of Contents
Introduction................................................................................................................................2
Discussion..................................................................................................................................3
Case Study..............................................................................................................................3
1. Security of Employee Data................................................................................................4
1.1 Existing Threats and Risks for Data Security in HR Database....................................4
1.2 Additional Risks and Threats after SaaS Migration.....................................................5
1.3 Severity of Risks and Threats in Employee Data.........................................................6
2. Privacy of Employee Data.................................................................................................8
2.1 Existing Threats and Risks for Data Privacy in HR Database.....................................8
2.2 Additional Risks and Threats after SaaS Migration.....................................................9
2.3 Severity of Risks and Threats in Employee Data.......................................................10
3. Digital Identities Issues....................................................................................................11
4. Provider Solutions Issues.................................................................................................12
5. Data Sensitivity................................................................................................................13
Conclusion................................................................................................................................14
References................................................................................................................................17
2
CLOUD SECURITY AND RISK
Introduction
Cloud computing is the major concept of IT, which solely and eventually enables the
vast accessing of every type of the collective pool of configurable system resource and the
high level service (Arora, Parashar & Transforming, 2013). These services could be quickly
provisioned with extremely lesser effort of organization with the connectivity of Internet. The
technology mainly relies on the various types of resource sharing for the purpose of achieving
the economy of scale as well as coherence, which is absolutely similar to public utilities. The
respective third party cloud is responsible for allowing the companies for focusing over their
major businesses instead of spending resources on the computer maintenance and
infrastructures (Dinh et al., 2013). The most important benefit of this particular technology is
that it allows the organizations in avoiding or minimizing the upfront IT infrastructure costs.
Cloud computing has the availability of the higher capacity networks, lower cost systems and
storage device. Moreover, the hardware virtualization, utility computing and service oriented
architecture are also utilized in this technology. The major characteristics of cloud computing
are the improvement of organizational agility, cost effectiveness, independence of devices
and locations, maintenance of the applications of cloud computing, multi tenancy, better
performance, resource pooling, increment in productivity, business continuity and disaster
recovery, high reliability, scalability, elasticity, data security and privacy and many others
(Hashem et al., 2015). The three cloud computing services are the Infrastructure as a Service
or IaaS, Platform as a Service or PaaS and Software as a Service or SaaS.
The following report explains a short discussion on the case study of Charity. There is
a small data centre with Windows Server 2008 R2 and other web services. They have
considered joining any community cloud that is being provided by the vendor of public cloud
to provide several applications to the 500 staffs and administrative users. The confidential
CLOUD SECURITY AND RISK
Introduction
Cloud computing is the major concept of IT, which solely and eventually enables the
vast accessing of every type of the collective pool of configurable system resource and the
high level service (Arora, Parashar & Transforming, 2013). These services could be quickly
provisioned with extremely lesser effort of organization with the connectivity of Internet. The
technology mainly relies on the various types of resource sharing for the purpose of achieving
the economy of scale as well as coherence, which is absolutely similar to public utilities. The
respective third party cloud is responsible for allowing the companies for focusing over their
major businesses instead of spending resources on the computer maintenance and
infrastructures (Dinh et al., 2013). The most important benefit of this particular technology is
that it allows the organizations in avoiding or minimizing the upfront IT infrastructure costs.
Cloud computing has the availability of the higher capacity networks, lower cost systems and
storage device. Moreover, the hardware virtualization, utility computing and service oriented
architecture are also utilized in this technology. The major characteristics of cloud computing
are the improvement of organizational agility, cost effectiveness, independence of devices
and locations, maintenance of the applications of cloud computing, multi tenancy, better
performance, resource pooling, increment in productivity, business continuity and disaster
recovery, high reliability, scalability, elasticity, data security and privacy and many others
(Hashem et al., 2015). The three cloud computing services are the Infrastructure as a Service
or IaaS, Platform as a Service or PaaS and Software as a Service or SaaS.
The following report explains a short discussion on the case study of Charity. There is
a small data centre with Windows Server 2008 R2 and other web services. They have
considered joining any community cloud that is being provided by the vendor of public cloud
to provide several applications to the 500 staffs and administrative users. The confidential
3
CLOUD SECURITY AND RISK
data or information is required to be secured with the help of cloud computing technology.
This report will be outlining the various and probable risks or threats to the data within the
HR database. Moreover, the risks of data after the migration of SaaS will also be provided
here. The privacy and security of data is being checked by these risks. The possible risks to
the digital identities of the charity employees for SaaS migration and issues related to ethics
will also be given here.
Discussion
Case Study
Charity is a community that is involved for locating as well as providing
accommodation, services for the mental health, and the services of training or support to all
types of disadvantaged people within this community. This community mainly runs a small
centre of data, which comprises of some 50 x 86 bit server running. The servers are database,
file services and Windows Server 2008 R2 for the desktop services. The confidentiality of the
collected PII data of the Charity is maintained eventually and these data even involves some
of the digital identities for the disadvantaged clients (Fernando, Loke & Rahayu, 2013). The
Board of the Charity is concerned regarding the security and privacy of the sensitive and
confidential data so that no data breach occurs within the community. They have taken the
decision for purchasing a HR and personnel management application from an American
organization, which provides SaaS solution. Moreover, they also wish to move the payroll of
the charity to a Commercial Off The Shelf or COTS application for managing within the
public cloud and moving their intranet to a Microsoft SharePoint PaaS for providing intranet
services to all the agencies in WofG.
CLOUD SECURITY AND RISK
data or information is required to be secured with the help of cloud computing technology.
This report will be outlining the various and probable risks or threats to the data within the
HR database. Moreover, the risks of data after the migration of SaaS will also be provided
here. The privacy and security of data is being checked by these risks. The possible risks to
the digital identities of the charity employees for SaaS migration and issues related to ethics
will also be given here.
Discussion
Case Study
Charity is a community that is involved for locating as well as providing
accommodation, services for the mental health, and the services of training or support to all
types of disadvantaged people within this community. This community mainly runs a small
centre of data, which comprises of some 50 x 86 bit server running. The servers are database,
file services and Windows Server 2008 R2 for the desktop services. The confidentiality of the
collected PII data of the Charity is maintained eventually and these data even involves some
of the digital identities for the disadvantaged clients (Fernando, Loke & Rahayu, 2013). The
Board of the Charity is concerned regarding the security and privacy of the sensitive and
confidential data so that no data breach occurs within the community. They have taken the
decision for purchasing a HR and personnel management application from an American
organization, which provides SaaS solution. Moreover, they also wish to move the payroll of
the charity to a Commercial Off The Shelf or COTS application for managing within the
public cloud and moving their intranet to a Microsoft SharePoint PaaS for providing intranet
services to all the agencies in WofG.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
CLOUD SECURITY AND RISK
1. Security of Employee Data
1.1 Existing Threats and Risks for Data Security in HR Database
The data of the employees within the Charity often faces various types of security
issues. The data is being stored in the human resources database and thus the confidential
data or information is often under stake (Rittinghouse & Ransome, 2016). Due to this type of
vulnerability, the identification of existing threats and risks is mandatory in the HR database.
The major threats or risks to the security of employee data within HR database are given
below:
i) Malware: The first and the foremost threat to data security in database is the
presence of malware. A malware can be defined as the malicious software, which is
intentionally designed for causing significant damages to the computers, computer networks
and servers (Garg, Versteeg & Buyya, 2013). This type of malicious software is responsible
for damaging the database completely in the form of an executable code, active contents and
scripts. Malware is often described as Trojan horses, computer viruses, spyware, adware and
many more. The database of the Charity can be easily hacked with the help of malware and
thus al the confidential data would be stolen.
ii) Database Injection Attack: The second type of attack that is existing for the HR
database of the Charity is the database injection attack (Hashizume et al., 2013). This type of
injection is the technique of code injection that is being utilized for attacking the data-driven
applications, where the nefarious statements of SQL can be put into to the entry fields for
proper execution.
iii) Legitimate Privilege Abuses: The users, who have been given the authority to use
the data of the employees, can easily exploit their privileges and can use the data for wrong
CLOUD SECURITY AND RISK
1. Security of Employee Data
1.1 Existing Threats and Risks for Data Security in HR Database
The data of the employees within the Charity often faces various types of security
issues. The data is being stored in the human resources database and thus the confidential
data or information is often under stake (Rittinghouse & Ransome, 2016). Due to this type of
vulnerability, the identification of existing threats and risks is mandatory in the HR database.
The major threats or risks to the security of employee data within HR database are given
below:
i) Malware: The first and the foremost threat to data security in database is the
presence of malware. A malware can be defined as the malicious software, which is
intentionally designed for causing significant damages to the computers, computer networks
and servers (Garg, Versteeg & Buyya, 2013). This type of malicious software is responsible
for damaging the database completely in the form of an executable code, active contents and
scripts. Malware is often described as Trojan horses, computer viruses, spyware, adware and
many more. The database of the Charity can be easily hacked with the help of malware and
thus al the confidential data would be stolen.
ii) Database Injection Attack: The second type of attack that is existing for the HR
database of the Charity is the database injection attack (Hashizume et al., 2013). This type of
injection is the technique of code injection that is being utilized for attacking the data-driven
applications, where the nefarious statements of SQL can be put into to the entry fields for
proper execution.
iii) Legitimate Privilege Abuses: The users, who have been given the authority to use
the data of the employees, can easily exploit their privileges and can use the data for wrong
5
CLOUD SECURITY AND RISK
purposes (Jain & Paul, 2013). This type of abuse is dangerous for any database and hence the
database of the Charity is not at all safe from the privilege abuses.
iv) Denial of Service Attacks: Another significant risk or threat that is common for
the database of the Charity is the DoS or denial of service attacks. This is done simply by
subsequently denying the confidential service of the system or database and hence the
legitimate user cannot access the sensitive or confidential data from that particular database
(Botta et al., 2016). This is extremely dangerous and often brings major vulnerabilities since
the user does not have any knowledge of this type of attack.
v) Weak Audit: The policy of weak audit solely represents the several risks or threats
in terms of detection, compliance, recovery and forensics. The indigenous database
management system and the audit capabilities significantly end up in the improper
performance degradations and are extremely susceptible to the privilege related attack.
1.2 Additional Risks and Threats after SaaS Migration
The Charity has taken the decision to move the cloud vendor for the betterment of
their business and services. SaaS or software as a service is the software licensing as well as
model of delivery, where this software is being eventually licensed on the bases of
subscriptions. This type of cloud service model can be accessed by several users with the help
of a thin client through the web browser (Arora, Parashar & Transforming, 2013). The
payroll processing system, office software, CAD software, virtualization and many more are
the major and the most significant business applications of software as a service. Therefore,
after the successful migration to this particular cloud service model, there are various
additional risks and threats. They are given below:
i) Reduction in the Visibility or Control: The first and the foremost risk after the
SaaS migration is the reduction in the visibility or control of data. When the operations or
CLOUD SECURITY AND RISK
purposes (Jain & Paul, 2013). This type of abuse is dangerous for any database and hence the
database of the Charity is not at all safe from the privilege abuses.
iv) Denial of Service Attacks: Another significant risk or threat that is common for
the database of the Charity is the DoS or denial of service attacks. This is done simply by
subsequently denying the confidential service of the system or database and hence the
legitimate user cannot access the sensitive or confidential data from that particular database
(Botta et al., 2016). This is extremely dangerous and often brings major vulnerabilities since
the user does not have any knowledge of this type of attack.
v) Weak Audit: The policy of weak audit solely represents the several risks or threats
in terms of detection, compliance, recovery and forensics. The indigenous database
management system and the audit capabilities significantly end up in the improper
performance degradations and are extremely susceptible to the privilege related attack.
1.2 Additional Risks and Threats after SaaS Migration
The Charity has taken the decision to move the cloud vendor for the betterment of
their business and services. SaaS or software as a service is the software licensing as well as
model of delivery, where this software is being eventually licensed on the bases of
subscriptions. This type of cloud service model can be accessed by several users with the help
of a thin client through the web browser (Arora, Parashar & Transforming, 2013). The
payroll processing system, office software, CAD software, virtualization and many more are
the major and the most significant business applications of software as a service. Therefore,
after the successful migration to this particular cloud service model, there are various
additional risks and threats. They are given below:
i) Reduction in the Visibility or Control: The first and the foremost risk after the
SaaS migration is the reduction in the visibility or control of data. When the operations or
6
CLOUD SECURITY AND RISK
assets are transitioned into the cloud, the organizations often lose some of the visibility or
control from those operations or assets (Hashem et al., 2015). The shift of this cloud service
models eventually lead to the paradigm shifting for monitoring of security or logging.
ii) On Demand Self Services Induce Unauthorized Uses: The on demand self
services significantly induce several types of unauthorized uses and thus enabling the
personnel of an organization for provisioning the additional services. For the low expenses
and easy implementation of SaaS, the possibility of the unauthorized uses of the cloud
services increments.
iii) Compromise in the Internet Accessible Management of APIs: Another
significant risk that is common and dangerous after the SaaS migration in the Charity is the
compromise within the internet accessed management of the APIs (Dinh et al., 2013). The
application programming interfaces, which the clients utilize for managing or interacting with
the cloud services are exposed to the public. There are numerous threats in these APIs and
these threats could be easily turned to attacks.
iv) Deletion of Data: The fourth important risk or threat after a successful SaaS
migration is the deletion of data. The threats that are linked with these data deletion
eventually exist since the client has reduced the visibility to where the data is being
physically stored within the cloud and the reduced ability for the proper verifying the security
of the data. The procedure of deletion of data is extremely easy and thus often occurs in SaaS
migration.
1.3 Severity of Risks and Threats in Employee Data
The identified risks and threats in the employee data of the Charity is being checked
as per the severity of those risks (Fernando, Loke & Rahayu, 2013). These risks are
subdivided into 4 categories. They are as follows:
CLOUD SECURITY AND RISK
assets are transitioned into the cloud, the organizations often lose some of the visibility or
control from those operations or assets (Hashem et al., 2015). The shift of this cloud service
models eventually lead to the paradigm shifting for monitoring of security or logging.
ii) On Demand Self Services Induce Unauthorized Uses: The on demand self
services significantly induce several types of unauthorized uses and thus enabling the
personnel of an organization for provisioning the additional services. For the low expenses
and easy implementation of SaaS, the possibility of the unauthorized uses of the cloud
services increments.
iii) Compromise in the Internet Accessible Management of APIs: Another
significant risk that is common and dangerous after the SaaS migration in the Charity is the
compromise within the internet accessed management of the APIs (Dinh et al., 2013). The
application programming interfaces, which the clients utilize for managing or interacting with
the cloud services are exposed to the public. There are numerous threats in these APIs and
these threats could be easily turned to attacks.
iv) Deletion of Data: The fourth important risk or threat after a successful SaaS
migration is the deletion of data. The threats that are linked with these data deletion
eventually exist since the client has reduced the visibility to where the data is being
physically stored within the cloud and the reduced ability for the proper verifying the security
of the data. The procedure of deletion of data is extremely easy and thus often occurs in SaaS
migration.
1.3 Severity of Risks and Threats in Employee Data
The identified risks and threats in the employee data of the Charity is being checked
as per the severity of those risks (Fernando, Loke & Rahayu, 2013). These risks are
subdivided into 4 categories. They are as follows:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7
CLOUD SECURITY AND RISK
i) Negligible: This is the lowest or the minimal severity of risk. This type of risk could
be easily kept as negligible and does not bother much to the clients or the organizations. Due
to the negligibility of the risks, it does not even affect the confidential data of the
organization. Amongst the identified risks and threats to the employee data in the Charity, the
negligible risk is the weak audit (Rittinghouse & Ransome, 2016). This type of risk does not
directly affect the organization and hence can be termed as negligible in respect to others.
ii) Limited: The second type after negligible is the limited category of risk. This type
of risk is limited and is not excessive vulnerable than the rest. However, if in action, this type
of risk can be dangerous and can affect the organizational confidential data or information to
the most. Amongst the identified risks and threats to the employee data in the Charity, the
limited risk is the legitimate privilege abuses (Garg, Versteeg & Buyya, 2013). This type of
risk could be easily avoided with proper mitigation plans or risk avoidance techniques.
Hence, the severity is lower than the rest.
iii) Significant: The third category of risk in the risk assessment plan according to the
severity is the significant category. This particular category is much dangerous than the
previous two categories. The significant risk category is responsible for providing massive
destruction to the database and thus affecting the overall confidentiality of the data or
information of that organization. Amongst the identified risks and threats to the employee
data in the Charity, the significant risk category is the malware. This type of codes is used for
hacking the data and spreading vulnerabilities.
iv) Maximum: The final and the most dangerous type of risk is the maximum
category (Hashizume et al., 2013). The vulnerability is extremely high in this case and the
data lost could not be recovered easily and promptly. The maximum category of risk should
be avoided on time to stop the vulnerabilities. Amongst the identified risks and threats to the
CLOUD SECURITY AND RISK
i) Negligible: This is the lowest or the minimal severity of risk. This type of risk could
be easily kept as negligible and does not bother much to the clients or the organizations. Due
to the negligibility of the risks, it does not even affect the confidential data of the
organization. Amongst the identified risks and threats to the employee data in the Charity, the
negligible risk is the weak audit (Rittinghouse & Ransome, 2016). This type of risk does not
directly affect the organization and hence can be termed as negligible in respect to others.
ii) Limited: The second type after negligible is the limited category of risk. This type
of risk is limited and is not excessive vulnerable than the rest. However, if in action, this type
of risk can be dangerous and can affect the organizational confidential data or information to
the most. Amongst the identified risks and threats to the employee data in the Charity, the
limited risk is the legitimate privilege abuses (Garg, Versteeg & Buyya, 2013). This type of
risk could be easily avoided with proper mitigation plans or risk avoidance techniques.
Hence, the severity is lower than the rest.
iii) Significant: The third category of risk in the risk assessment plan according to the
severity is the significant category. This particular category is much dangerous than the
previous two categories. The significant risk category is responsible for providing massive
destruction to the database and thus affecting the overall confidentiality of the data or
information of that organization. Amongst the identified risks and threats to the employee
data in the Charity, the significant risk category is the malware. This type of codes is used for
hacking the data and spreading vulnerabilities.
iv) Maximum: The final and the most dangerous type of risk is the maximum
category (Hashizume et al., 2013). The vulnerability is extremely high in this case and the
data lost could not be recovered easily and promptly. The maximum category of risk should
be avoided on time to stop the vulnerabilities. Amongst the identified risks and threats to the
8
CLOUD SECURITY AND RISK
employee data in the Charity, the maximum categorized risks are denial of service attack and
database injection attack.
2. Privacy of Employee Data
2.1 Existing Threats and Risks for Data Privacy in HR Database
The privacy of the confidential and sensitive data or information within the HR
database of the Charity is often not checked properly. Due to the negligence in the securing
the privacy of the data, the organizations often undergo several vulnerabilities (Jain & Paul,
2013). The various existing risks and threats for the privacy of data in the HR database of the
Charity are given below:
i) Exposure of Backup Data: The first and the foremost risk for the privacy of data
within the HR database of the Charity is the exposure of backup data. All the backups were to
be encrypted and some of the vendors have the suggestions of the future database
management system products and not supporting the unencrypted backup creation. When the
backup data is exposed, the privacy and the confidentiality of the data are affected to a great
level.
ii) Poor Authentication: The second type of risk is the poor authentication and
authorization (Rittinghouse & Ransome, 2016). This type of authentication allows the
hackers or attackers in assuming the identities of the legal database users. The various attack
strategies mainly involve the brute force attack, social engineering attacks and many others.
The proper deployment of the two-factor authentication or passwords is extremely for the
authentication purposes. The authentication mechanisms for the scalability and easy to use
techniques are to be integrated with the infrastructures of enterprise directory and user
management.
CLOUD SECURITY AND RISK
employee data in the Charity, the maximum categorized risks are denial of service attack and
database injection attack.
2. Privacy of Employee Data
2.1 Existing Threats and Risks for Data Privacy in HR Database
The privacy of the confidential and sensitive data or information within the HR
database of the Charity is often not checked properly. Due to the negligence in the securing
the privacy of the data, the organizations often undergo several vulnerabilities (Jain & Paul,
2013). The various existing risks and threats for the privacy of data in the HR database of the
Charity are given below:
i) Exposure of Backup Data: The first and the foremost risk for the privacy of data
within the HR database of the Charity is the exposure of backup data. All the backups were to
be encrypted and some of the vendors have the suggestions of the future database
management system products and not supporting the unencrypted backup creation. When the
backup data is exposed, the privacy and the confidentiality of the data are affected to a great
level.
ii) Poor Authentication: The second type of risk is the poor authentication and
authorization (Rittinghouse & Ransome, 2016). This type of authentication allows the
hackers or attackers in assuming the identities of the legal database users. The various attack
strategies mainly involve the brute force attack, social engineering attacks and many others.
The proper deployment of the two-factor authentication or passwords is extremely for the
authentication purposes. The authentication mechanisms for the scalability and easy to use
techniques are to be integrated with the infrastructures of enterprise directory and user
management.
9
CLOUD SECURITY AND RISK
iii) Database Protocol Vulnerabilities: The several vulnerabilities within the database
protocols eventually enable any unauthorized access of data, availability and corruption. The
attack codes are executed on the Microsoft SQL Server and on the targeted database servers.
The protocol attacks could be easily defeated by the proper validation of SQL
communications for not malforming. These types of vulnerabilities are often dangerous for
the database, since they could not be avoided.
iv) Leakage of Personal Information: The next risk to the privacy of data is the
leakage of personal information. This type of information could be easily leaked and exposed
within the cloud and hence the sensitive information loses the integrity (Fernando, Loke &
Rahayu, 2013). Leakage of personal information is extremely common and thus should be
stopped with proper measures. The best method to stop this type of vulnerability is by using
encryption and digital authentication.
2.2 Additional Risks and Threats after SaaS Migration
This specific community of the Charity has taken the decision to move their
businesses to cloud and hence they have selected software as a service or SaaS as their cloud
deployment model. However, there are various risks and threats that are extremely common
after the successful migration of the software as a service (Dinh et al., 2013). The additional
risks and threats after the SaaS migration of the Charity are given below:
i) Stolen Credentials: The most significant risk after the migration of SaaS is the
stolen credentials. With the help of access of the cloud credentials, the hacker or the attacker
can easily access to the authorized user’s services for the purpose of providing additional
resources. They even target the assets of the organization and thus the attacker can easily
leverage the resources of cloud computing for targeting the administrative uses of the
organization.
CLOUD SECURITY AND RISK
iii) Database Protocol Vulnerabilities: The several vulnerabilities within the database
protocols eventually enable any unauthorized access of data, availability and corruption. The
attack codes are executed on the Microsoft SQL Server and on the targeted database servers.
The protocol attacks could be easily defeated by the proper validation of SQL
communications for not malforming. These types of vulnerabilities are often dangerous for
the database, since they could not be avoided.
iv) Leakage of Personal Information: The next risk to the privacy of data is the
leakage of personal information. This type of information could be easily leaked and exposed
within the cloud and hence the sensitive information loses the integrity (Fernando, Loke &
Rahayu, 2013). Leakage of personal information is extremely common and thus should be
stopped with proper measures. The best method to stop this type of vulnerability is by using
encryption and digital authentication.
2.2 Additional Risks and Threats after SaaS Migration
This specific community of the Charity has taken the decision to move their
businesses to cloud and hence they have selected software as a service or SaaS as their cloud
deployment model. However, there are various risks and threats that are extremely common
after the successful migration of the software as a service (Dinh et al., 2013). The additional
risks and threats after the SaaS migration of the Charity are given below:
i) Stolen Credentials: The most significant risk after the migration of SaaS is the
stolen credentials. With the help of access of the cloud credentials, the hacker or the attacker
can easily access to the authorized user’s services for the purpose of providing additional
resources. They even target the assets of the organization and thus the attacker can easily
leverage the resources of cloud computing for targeting the administrative uses of the
organization.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
CLOUD SECURITY AND RISK
ii) Increased Complexity for IT Staffs: Another important risk that can occur after the
SaaS migration is the increased complexities for the information technology or IT staffs. The
migration to the cloud could easily introduce the complexities to the IT operations. The
management, integration and operation within the clouds will be requiring the existing IT
staff’s data. This type of risk often affects the privacy of the employees’ data or information.
iii) Insiders Attack: The privacy of the employees’ data is also affected by the
insiders’ attacks (Hashem et al., 2015). After the migration of SaaS, the cloud vendors or the
organizational employees get the access of data and thus they can easily exploit them for their
own benefit. This is known as insiders’ attack and it is common in SaaS cloud deployment
model.
iv) Insufficient Due Diligence: The Charity after SaaS migration can perform
insufficient due diligence and they can move the data to this cloud without even
understanding the scope of the data migration. The security measures get affected due to this
and various vulnerabilities occur eventually.
2.3 Severity of Risks and Threats in Employee Data
The distinct severity of these identified risks or threats for the privacy of the employee
data is dependent on four distinct categories. They are given below:
i) Negligible: This particular category deals with those risks of the Charity that are
negligible in nature. This type of risks could be easily avoided by the organizations and thus
are considered as negligible (Botta et al., 2016). Among the few identified risks, the
negligible risk of the Charity is the poor authentication. This type of risk is not at all
vulnerable and hence could be easily avoided in Charity.
CLOUD SECURITY AND RISK
ii) Increased Complexity for IT Staffs: Another important risk that can occur after the
SaaS migration is the increased complexities for the information technology or IT staffs. The
migration to the cloud could easily introduce the complexities to the IT operations. The
management, integration and operation within the clouds will be requiring the existing IT
staff’s data. This type of risk often affects the privacy of the employees’ data or information.
iii) Insiders Attack: The privacy of the employees’ data is also affected by the
insiders’ attacks (Hashem et al., 2015). After the migration of SaaS, the cloud vendors or the
organizational employees get the access of data and thus they can easily exploit them for their
own benefit. This is known as insiders’ attack and it is common in SaaS cloud deployment
model.
iv) Insufficient Due Diligence: The Charity after SaaS migration can perform
insufficient due diligence and they can move the data to this cloud without even
understanding the scope of the data migration. The security measures get affected due to this
and various vulnerabilities occur eventually.
2.3 Severity of Risks and Threats in Employee Data
The distinct severity of these identified risks or threats for the privacy of the employee
data is dependent on four distinct categories. They are given below:
i) Negligible: This particular category deals with those risks of the Charity that are
negligible in nature. This type of risks could be easily avoided by the organizations and thus
are considered as negligible (Botta et al., 2016). Among the few identified risks, the
negligible risk of the Charity is the poor authentication. This type of risk is not at all
vulnerable and hence could be easily avoided in Charity.
11
CLOUD SECURITY AND RISK
ii) Limited: The next category of risk is the limited category. This type of risk is
vulnerable than the negligible risk, however, is less vulnerable from significant and
maximum categories. Amongst the few identified risks, the limited risk of the Charity is
leakage of personal information. This type of risk can be mitigated or reduced with the
implementation of proper measures within the organizational database and thus the privacy of
data is maintained.
iii) Significant: The third type of risk is the significant risks. This type of risk is
dangerous and if measures are not taken on time, it can be extremely vulnerable for the
organization (Jain & Paul, 2013). Amongst the few identified risks, the significant risk of the
Charity is exposure of backup data. The hackers can easily use these data with wrong
intentions and purposes.
iv) Maximum: The fourth and the final category of risk is the maximum category.
This is considered as the most vulnerable risk from all the remaining risks. Amongst the few
identified risks, the maximum risk of the Charity is database protocol vulnerability.
The above mentioned severity classification clearly classifies the identified risks or
threats of the employees’ data privacy after the successful migration of SaaS of the Charity.
3. Digital Identities Issues
Digital identities can be defined as the information or entities that are utilized by the
computer systems for properly representing any external agent. This particular agent can
either be a person, or an organization, an application or a specific device. The confidential
information is contained within a digital identity and it eventually allows the authentication
and assessment of the user that is interacting with the business systems over the web (Garg,
Versteeg & Buyya, 2013). This type of interaction does not involve any human operator. The
digital identities enable the access to systems or services, they are providing for being
CLOUD SECURITY AND RISK
ii) Limited: The next category of risk is the limited category. This type of risk is
vulnerable than the negligible risk, however, is less vulnerable from significant and
maximum categories. Amongst the few identified risks, the limited risk of the Charity is
leakage of personal information. This type of risk can be mitigated or reduced with the
implementation of proper measures within the organizational database and thus the privacy of
data is maintained.
iii) Significant: The third type of risk is the significant risks. This type of risk is
dangerous and if measures are not taken on time, it can be extremely vulnerable for the
organization (Jain & Paul, 2013). Amongst the few identified risks, the significant risk of the
Charity is exposure of backup data. The hackers can easily use these data with wrong
intentions and purposes.
iv) Maximum: The fourth and the final category of risk is the maximum category.
This is considered as the most vulnerable risk from all the remaining risks. Amongst the few
identified risks, the maximum risk of the Charity is database protocol vulnerability.
The above mentioned severity classification clearly classifies the identified risks or
threats of the employees’ data privacy after the successful migration of SaaS of the Charity.
3. Digital Identities Issues
Digital identities can be defined as the information or entities that are utilized by the
computer systems for properly representing any external agent. This particular agent can
either be a person, or an organization, an application or a specific device. The confidential
information is contained within a digital identity and it eventually allows the authentication
and assessment of the user that is interacting with the business systems over the web (Garg,
Versteeg & Buyya, 2013). This type of interaction does not involve any human operator. The
digital identities enable the access to systems or services, they are providing for being
12
CLOUD SECURITY AND RISK
automated and mediating relationships with the systems. The Charity has decided to move the
employee data to the application of SaaS and hence the digital identities of these employees
are to be moved to the cloud deployment model. There are various threats or risks to these
digital identities of the Charity employees and they are given below:
i) Lack of Visibility or Control in Using Personal Information: The first and the
foremost issue is the lack of visibility and control for using the personal information. Since,
the employees’ data is confidential, proper visibility and control is highly required in the
Charity digital identities (Hashizume et al., 2013). The proper management of this personal
information is required as this is used in every aspect of the business.
ii) Verification of Identity: The second important risk or threat to the digital identity
of the employee data of the Charity is the lack of proper verification of those identities. The
verification of the identities of the individual transaction of the entity is required. This
particular risk often becomes a major issue for the organization as they are unable to solve the
authentication problems and stop the unauthorized access to the data of the digital identities.
iii) Lack of Authentication: Another important risk of the digital identities is the lack
of authentication (Arora, Parashar & Transforming, 2013). This type of issue allows
illegitimate access to the confidential data and thus the Charity can face significant issues of
data security within their digital identities.
4. Provider Solutions Issues
There are operational solution and operational location of the SaaS provider for the
proper management of HR in the Charity. The operational solutions are the types of business
analytics that mainly focus on the improvement of the existing operations. This particular
type of business analytics includes the utilization of several tools for data aggregation and
data mining for the purpose of getting more transparent and better information for the
CLOUD SECURITY AND RISK
automated and mediating relationships with the systems. The Charity has decided to move the
employee data to the application of SaaS and hence the digital identities of these employees
are to be moved to the cloud deployment model. There are various threats or risks to these
digital identities of the Charity employees and they are given below:
i) Lack of Visibility or Control in Using Personal Information: The first and the
foremost issue is the lack of visibility and control for using the personal information. Since,
the employees’ data is confidential, proper visibility and control is highly required in the
Charity digital identities (Hashizume et al., 2013). The proper management of this personal
information is required as this is used in every aspect of the business.
ii) Verification of Identity: The second important risk or threat to the digital identity
of the employee data of the Charity is the lack of proper verification of those identities. The
verification of the identities of the individual transaction of the entity is required. This
particular risk often becomes a major issue for the organization as they are unable to solve the
authentication problems and stop the unauthorized access to the data of the digital identities.
iii) Lack of Authentication: Another important risk of the digital identities is the lack
of authentication (Arora, Parashar & Transforming, 2013). This type of issue allows
illegitimate access to the confidential data and thus the Charity can face significant issues of
data security within their digital identities.
4. Provider Solutions Issues
There are operational solution and operational location of the SaaS provider for the
proper management of HR in the Charity. The operational solutions are the types of business
analytics that mainly focus on the improvement of the existing operations. This particular
type of business analytics includes the utilization of several tools for data aggregation and
data mining for the purpose of getting more transparent and better information for the
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
13
CLOUD SECURITY AND RISK
business planning (Rittinghouse & Ransome, 2016). The businesses could easily pursue the
operational analytics in several methods. There are certain software packages that are
effective for showing the operations in a business for real time in a specified time frame.
Most of these tools would be providing visual models.
The operational location is the specific location where all the operations will be taking
place and will be managed eventually. The operations management is the significant area of
management that is concerned with the proper designing as well as controlling of the
production process and the redesigning of the business operations within goods and service
production (Hashizume et al., 2013). There are various threats or risks present and identified
for the security and privacy of employee data for the Charity. These risks mainly include
denial of service attacks, database injection attack, data deletion, insider attacks, poor
authentication, lack of authorization, leakage of personal information and many more. These
types of risks could be easily mitigated or reduced with the help of operational solution. This
type of operational solution eventually reduces the risks to a greater level without involving
much hassle. These operational solutions are utilized with the help of certain software
packages and these software packages could be easily implemented within the organization
(Jain & Paul, 2013). Therefore, the operational solutions could easily mitigate these threats or
risks that are identified for the security as well as privacy of employee data in the Charity.
5. Data Sensitivity
There are various issues related to ethics, data sensitivity as well as jurisdiction,
which must be considered by this Charity for their employee data. The most significant
ethical issues that should be considered by the charity are given below:
i) Employee Behaviour: This is the most important issue of ethics. The behaviour of
the employees should be ethical and proper and the employees should not be discriminated on
CLOUD SECURITY AND RISK
business planning (Rittinghouse & Ransome, 2016). The businesses could easily pursue the
operational analytics in several methods. There are certain software packages that are
effective for showing the operations in a business for real time in a specified time frame.
Most of these tools would be providing visual models.
The operational location is the specific location where all the operations will be taking
place and will be managed eventually. The operations management is the significant area of
management that is concerned with the proper designing as well as controlling of the
production process and the redesigning of the business operations within goods and service
production (Hashizume et al., 2013). There are various threats or risks present and identified
for the security and privacy of employee data for the Charity. These risks mainly include
denial of service attacks, database injection attack, data deletion, insider attacks, poor
authentication, lack of authorization, leakage of personal information and many more. These
types of risks could be easily mitigated or reduced with the help of operational solution. This
type of operational solution eventually reduces the risks to a greater level without involving
much hassle. These operational solutions are utilized with the help of certain software
packages and these software packages could be easily implemented within the organization
(Jain & Paul, 2013). Therefore, the operational solutions could easily mitigate these threats or
risks that are identified for the security as well as privacy of employee data in the Charity.
5. Data Sensitivity
There are various issues related to ethics, data sensitivity as well as jurisdiction,
which must be considered by this Charity for their employee data. The most significant
ethical issues that should be considered by the charity are given below:
i) Employee Behaviour: This is the most important issue of ethics. The behaviour of
the employees should be ethical and proper and the employees should not be discriminated on
14
CLOUD SECURITY AND RISK
the basis of gender, religion or even ethnicity (Fernando, Loke & Rahayu, 2013). If any such
activity is noticed, proper legal actions should be undertaken.
ii) Ethics of Humanity: Since, this charity will be dealing with mentally ill people,
humanity is highly required. No person should be ill treated under any condition and
everybody should be respected properly.
The issues related to data sensitivity within the charity are given below:
i) Strict Access of Data: The confidential data should not be accessed by everyone
and hence a strict access should be maintained properly and proper actions should be taken if
any type of discrepancy is being noticed regarding this (Dinh et al., 2013).
ii) Proper Authentication: The data should be authenticated and only authorized and
authenticated user can access that data. If this rule is not maintained, proper steps should be
taken.
The issues related to jurisdiction within the charity are given below:
i) Legal Issues: The legal issues should be kept on high priority and hence no such
issues should be avoided at any cost.
ii) Cyber Crime: The second issue is cyber crime (Hashem et al., 2015). This is
extremely common for the confidential data and if any such activity is noticed, proper actions
should be undertaken.
Conclusion
Therefore, it can be concluded that the technology of cloud computing is known as
the delivery of several distinct hosted services over the Internet. This particular technology is
responsible for enabling the organizations in consuming the computing resources like the
CLOUD SECURITY AND RISK
the basis of gender, religion or even ethnicity (Fernando, Loke & Rahayu, 2013). If any such
activity is noticed, proper legal actions should be undertaken.
ii) Ethics of Humanity: Since, this charity will be dealing with mentally ill people,
humanity is highly required. No person should be ill treated under any condition and
everybody should be respected properly.
The issues related to data sensitivity within the charity are given below:
i) Strict Access of Data: The confidential data should not be accessed by everyone
and hence a strict access should be maintained properly and proper actions should be taken if
any type of discrepancy is being noticed regarding this (Dinh et al., 2013).
ii) Proper Authentication: The data should be authenticated and only authorized and
authenticated user can access that data. If this rule is not maintained, proper steps should be
taken.
The issues related to jurisdiction within the charity are given below:
i) Legal Issues: The legal issues should be kept on high priority and hence no such
issues should be avoided at any cost.
ii) Cyber Crime: The second issue is cyber crime (Hashem et al., 2015). This is
extremely common for the confidential data and if any such activity is noticed, proper actions
should be undertaken.
Conclusion
Therefore, it can be concluded that the technology of cloud computing is known as
the delivery of several distinct hosted services over the Internet. This particular technology is
responsible for enabling the organizations in consuming the computing resources like the
15
CLOUD SECURITY AND RISK
virtual machines, an application or even a storage. The various computing infrastructures are
well maintained and built within the organizations. The first and the foremost benefit of this
cloud computing technology is that the end users could easily spin up the computing
resources for every type of workloads on demand. The self service provisioning eradicates
the traditional requirement for the IT administrators for provisioning and managing
computing resources. The next significant advantage of this technology is that the
organizations could promptly scale up the computing requirements according to the demands
of the clients. Thus, the huge investments in the local infrastructure are massively eliminated
and maintaining elasticity. Moreover, the computing resources could be measured at the
granular level and hence the users can only pay for the workloads and resources they are
utilizing. The next important advantage of this technology is that the clients could easily
migrate from place to another and can move their workloads to the cloud or even to the
various platforms of cloud. Due to the cost effectiveness, cloud computing is being utilized
by almost all organizations worldwide. The main applications that share features with the
technology of cloud computing are client server model, computer bureau, fog computing,
grid computing, mainframe computers, utility computing, peer to peer, green computing,
cloud sandbox and many more. The four models of deployment of the cloud computing
technology are private cloud, public cloud, hybrid cloud and community cloud. The above
report has successfully outlined the popular case study of the community named, Charity.
This charity has taken the decision to purchase the personnel management applications from
any specific US based organization, which is providing SaaS solution and also moving the
intranet to the Microsoft SharePoint PaaS for providing intranet services to every agency in
WofG. This report has assessed the several risks and threats to the charity for their planned
moves within the HR area. The issues related to data sensitivity, digital identities and
provider solutions are also mentioned here with relevant details. Moreover, the security and
CLOUD SECURITY AND RISK
virtual machines, an application or even a storage. The various computing infrastructures are
well maintained and built within the organizations. The first and the foremost benefit of this
cloud computing technology is that the end users could easily spin up the computing
resources for every type of workloads on demand. The self service provisioning eradicates
the traditional requirement for the IT administrators for provisioning and managing
computing resources. The next significant advantage of this technology is that the
organizations could promptly scale up the computing requirements according to the demands
of the clients. Thus, the huge investments in the local infrastructure are massively eliminated
and maintaining elasticity. Moreover, the computing resources could be measured at the
granular level and hence the users can only pay for the workloads and resources they are
utilizing. The next important advantage of this technology is that the clients could easily
migrate from place to another and can move their workloads to the cloud or even to the
various platforms of cloud. Due to the cost effectiveness, cloud computing is being utilized
by almost all organizations worldwide. The main applications that share features with the
technology of cloud computing are client server model, computer bureau, fog computing,
grid computing, mainframe computers, utility computing, peer to peer, green computing,
cloud sandbox and many more. The four models of deployment of the cloud computing
technology are private cloud, public cloud, hybrid cloud and community cloud. The above
report has successfully outlined the popular case study of the community named, Charity.
This charity has taken the decision to purchase the personnel management applications from
any specific US based organization, which is providing SaaS solution and also moving the
intranet to the Microsoft SharePoint PaaS for providing intranet services to every agency in
WofG. This report has assessed the several risks and threats to the charity for their planned
moves within the HR area. The issues related to data sensitivity, digital identities and
provider solutions are also mentioned here with relevant details. Moreover, the security and
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
16
CLOUD SECURITY AND RISK
privacy of employees’ data are also secured with the identification of risks and mitigation
plans.
CLOUD SECURITY AND RISK
privacy of employees’ data are also secured with the identification of risks and mitigation
plans.
17
CLOUD SECURITY AND RISK
References
Arora, R., Parashar, A., & Transforming, C. C. I. (2013). Secure user data in cloud computing
using encryption algorithms. International journal of engineering research and
applications, 3(4), 1922-1926.
Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2016). Integration of cloud computing
and internet of things: a survey. Future Generation Computer Systems, 56, 684-700.
Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of mobile cloud computing:
architecture, applications, and approaches. Wireless communications and mobile
computing, 13(18), 1587-1611.
Fernando, N., Loke, S. W., & Rahayu, W. (2013). Mobile cloud computing: A survey. Future
generation computer systems, 29(1), 84-106.
Garg, S. K., Versteeg, S., & Buyya, R. (2013). A framework for ranking of cloud computing
services. Future Generation Computer Systems, 29(4), 1012-1023.
Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The
rise of “big data” on cloud computing: Review and open research issues. Information
Systems, 47, 98-115.
Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An
analysis of security issues for cloud computing. Journal of internet services and
applications, 4(1), 5.
Jain, R., & Paul, S. (2013). Network virtualization and software defined networking for cloud
computing: a survey. IEEE Communications Magazine, 51(11), 24-31.
CLOUD SECURITY AND RISK
References
Arora, R., Parashar, A., & Transforming, C. C. I. (2013). Secure user data in cloud computing
using encryption algorithms. International journal of engineering research and
applications, 3(4), 1922-1926.
Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2016). Integration of cloud computing
and internet of things: a survey. Future Generation Computer Systems, 56, 684-700.
Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of mobile cloud computing:
architecture, applications, and approaches. Wireless communications and mobile
computing, 13(18), 1587-1611.
Fernando, N., Loke, S. W., & Rahayu, W. (2013). Mobile cloud computing: A survey. Future
generation computer systems, 29(1), 84-106.
Garg, S. K., Versteeg, S., & Buyya, R. (2013). A framework for ranking of cloud computing
services. Future Generation Computer Systems, 29(4), 1012-1023.
Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The
rise of “big data” on cloud computing: Review and open research issues. Information
Systems, 47, 98-115.
Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An
analysis of security issues for cloud computing. Journal of internet services and
applications, 4(1), 5.
Jain, R., & Paul, S. (2013). Network virtualization and software defined networking for cloud
computing: a survey. IEEE Communications Magazine, 51(11), 24-31.
18
CLOUD SECURITY AND RISK
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation,
management, and security. CRC press.
CLOUD SECURITY AND RISK
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation,
management, and security. CRC press.
1 out of 19
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.