Cloud Computing and Legal Concerns
VerifiedAdded on 2020/03/23
|21
|4990
|342
AI Summary
This assignment delves into the intersection of cloud computing and law. It examines legal challenges associated with cloud adoption, such as data privacy concerns under regulations like Sarbanes-Oxley, jurisdictional issues in a globalized internet environment, and the security risks inherent in cloud infrastructure. The analysis considers technical vulnerabilities and best practices for mitigating them, highlighting the importance of trust and evaluation mechanisms in fostering secure and reliable cloud computing.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
IT Risk Assessment Report
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Executive Summary
Today, the current exhortation in technology is cloud computing. Through the implicit of
storage space, processing power, and utilizations, Cloud computing is considered to be similar to
the grid computing model. But, the cloud computing proffers more technology prototypes when
compared to other type of computing models.
The Australian financial industry is slowly adopting the cloud computing technology. But most
of the companies in financial sector depend upon their domestic infrastructure. The financial
sector organizations are aware of the financial advantages accompanied by both the private cloud
and public cloud exploitation models.
However they are wary on the risk of dropping control over sensitive information. And, the most
general cloud model deployed by financial organization is hybrid cloud. But National Financial
Supervisory Authorities (NFSA) generally recommends the private cloud strategy since more
data manipulation is provided by private cloud.
The main objective of this report is to provide the case study on risk assessment when the
business critical applications of fictional company “Aztek” operating in financial sector are
migrated to an external cloud hosting solution. Initially, the report focuses on the characteristics
of cloud computing and its application on the financial firm. Then the different type of security
risks and vulnerabilities confronted after the application of cloud technology are discussed.
As an IT risk assessment lead, the recommendations on different cloud security strategies for the
Aztek management based on the analysis are illustrated in the report.
Today, the current exhortation in technology is cloud computing. Through the implicit of
storage space, processing power, and utilizations, Cloud computing is considered to be similar to
the grid computing model. But, the cloud computing proffers more technology prototypes when
compared to other type of computing models.
The Australian financial industry is slowly adopting the cloud computing technology. But most
of the companies in financial sector depend upon their domestic infrastructure. The financial
sector organizations are aware of the financial advantages accompanied by both the private cloud
and public cloud exploitation models.
However they are wary on the risk of dropping control over sensitive information. And, the most
general cloud model deployed by financial organization is hybrid cloud. But National Financial
Supervisory Authorities (NFSA) generally recommends the private cloud strategy since more
data manipulation is provided by private cloud.
The main objective of this report is to provide the case study on risk assessment when the
business critical applications of fictional company “Aztek” operating in financial sector are
migrated to an external cloud hosting solution. Initially, the report focuses on the characteristics
of cloud computing and its application on the financial firm. Then the different type of security
risks and vulnerabilities confronted after the application of cloud technology are discussed.
As an IT risk assessment lead, the recommendations on different cloud security strategies for the
Aztek management based on the analysis are illustrated in the report.
Table of Contents
Executive Summary 2
1. Introduction 4
1.1. Scope and Purpose 4
1.2. Target Audience 4
1.3. Research Methods 5
2. Cloud Delivery and Deployment Models 5
2.1. Cloud Delivery Models 5
2.1. Cloud Deployment Models 6
3. Deployment of cloud solution in Finance Sector 6
4. Future Trends in Cloud Adoption 9
4.1. Analytical Calculation of Risks 9
4.2. Performance Acknowledgement 10
4.3. Operational Identity and Resolution 10
4.4. Positional data implicit 10
5. Risks and Confrontations 11
5.1. Security Issues 11
5.2. Risk Assessment by Enterprise 12
6. Security Necessities and Alleviation Measures 13
6.1. Cloud Security Requirements 13
6.2. Alleviation Measures 15
7. Recommendations 16
7.1 Relationship between financial organizations, fictional firm, and Cloud Service Providers. 16
7.2. Cloud Based Method 16
7.3. Lucidity and Assertion 16
7.4. Information Promotion 17
8. Conclusion 17
8. References 18
Executive Summary 2
1. Introduction 4
1.1. Scope and Purpose 4
1.2. Target Audience 4
1.3. Research Methods 5
2. Cloud Delivery and Deployment Models 5
2.1. Cloud Delivery Models 5
2.1. Cloud Deployment Models 6
3. Deployment of cloud solution in Finance Sector 6
4. Future Trends in Cloud Adoption 9
4.1. Analytical Calculation of Risks 9
4.2. Performance Acknowledgement 10
4.3. Operational Identity and Resolution 10
4.4. Positional data implicit 10
5. Risks and Confrontations 11
5.1. Security Issues 11
5.2. Risk Assessment by Enterprise 12
6. Security Necessities and Alleviation Measures 13
6.1. Cloud Security Requirements 13
6.2. Alleviation Measures 15
7. Recommendations 16
7.1 Relationship between financial organizations, fictional firm, and Cloud Service Providers. 16
7.2. Cloud Based Method 16
7.3. Lucidity and Assertion 16
7.4. Information Promotion 17
8. Conclusion 17
8. References 18
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1. Introduction
Cloud representation containing 5 distinctive behaviors, 4 operation models, and 3 distribution
replicas endorses accessibility. Moreover, the amalgamation of automated processing and
communal services like telephone or power makes the core of cloud computing (Borking &
Raab, 2010). Similar to public utilities, the payment is made by the cloud users only based on the
utilization of the computing resources. The cloud computing is a system that administers the pool
of dispersed computing sources by its own self. The next section discusses about the cloud
delivery and deployment models.
1.1. Scope and Purpose
The main objective of this case study is to emphasize the risks and prospects associated with the
cloud, and for presenting the counseling relative to the employment of cloud computing in
organization. The purpose of this study is enlisted below:
To present a summary on the implementation of cloud computing amenities in the
Australian financial sector
For revaluating the existing adaptation related to cloud computing espousal mainly in the
financial industry.
To provide a deliberate method for the adoption on cloud services.
For ascertaining the imp editions for cloud adoption.
The risks due to the migration of critical business decisions to external cloud hosting
solution are identified.
To review and explain the cloud computing prospects in financial segment.
1.2. Target Audience
The report outcomes are mainly intended for the spectators enlisted below:
Financial companies like indemnity firm, asset traders, and bank conviction enterprises.
Cloud mediators and cloud service contributors requiring addition assistance on the
safety policies and procedures. By this way, they can effectively evaluate the
requirements for enhancing their prevailing cloud service.
Cloud representation containing 5 distinctive behaviors, 4 operation models, and 3 distribution
replicas endorses accessibility. Moreover, the amalgamation of automated processing and
communal services like telephone or power makes the core of cloud computing (Borking &
Raab, 2010). Similar to public utilities, the payment is made by the cloud users only based on the
utilization of the computing resources. The cloud computing is a system that administers the pool
of dispersed computing sources by its own self. The next section discusses about the cloud
delivery and deployment models.
1.1. Scope and Purpose
The main objective of this case study is to emphasize the risks and prospects associated with the
cloud, and for presenting the counseling relative to the employment of cloud computing in
organization. The purpose of this study is enlisted below:
To present a summary on the implementation of cloud computing amenities in the
Australian financial sector
For revaluating the existing adaptation related to cloud computing espousal mainly in the
financial industry.
To provide a deliberate method for the adoption on cloud services.
For ascertaining the imp editions for cloud adoption.
The risks due to the migration of critical business decisions to external cloud hosting
solution are identified.
To review and explain the cloud computing prospects in financial segment.
1.2. Target Audience
The report outcomes are mainly intended for the spectators enlisted below:
Financial companies like indemnity firm, asset traders, and bank conviction enterprises.
Cloud mediators and cloud service contributors requiring addition assistance on the
safety policies and procedures. By this way, they can effectively evaluate the
requirements for enhancing their prevailing cloud service.
1.3. Research Methods
This report comprises sources from
1. Significant Market Analyst reports
2. Technical web pages, white papers, and blogs obtainable from the Internet
3. Methodical Journals, and
4. White papers specific to cloud service traders
2. Cloud Delivery and Deployment Models
2.1. Cloud Delivery Models
The cloud computing is dispersed by means of delivery prototypes as given below:
Software as a Service (SaaS)
An intermediary cloud service provider congregates the applications that are accessible
by the users through Internet by means of SaaS model. Examples of SaaS provider
include Google Docs and Salesforce.com.
Infrastructure as a Service (IaaS)
IaaS, a kind of cloud computing, offers effective enumerative schemes over the computer
network. The examples of IaaS are Rackspace, Amazon EC2, and NYSE Euronext
CMCP.
Platform as a Service (PaaS)
PaaS proffers a policy to the users for letting them to draft, execute, and handle the cloud
applications devoid of building and maintaining complex infrastructure. Examples of
PaaS are inclusive of Google App Engine and Microsoft Azure.
Business Process as a Service (BPaaS)
BPaaS is a cloud model based on Business Process Outsourcing, whose main objective is
the reduction in manual labor by means of augmented computerization, so as to suppress
the overall process cost.
This report comprises sources from
1. Significant Market Analyst reports
2. Technical web pages, white papers, and blogs obtainable from the Internet
3. Methodical Journals, and
4. White papers specific to cloud service traders
2. Cloud Delivery and Deployment Models
2.1. Cloud Delivery Models
The cloud computing is dispersed by means of delivery prototypes as given below:
Software as a Service (SaaS)
An intermediary cloud service provider congregates the applications that are accessible
by the users through Internet by means of SaaS model. Examples of SaaS provider
include Google Docs and Salesforce.com.
Infrastructure as a Service (IaaS)
IaaS, a kind of cloud computing, offers effective enumerative schemes over the computer
network. The examples of IaaS are Rackspace, Amazon EC2, and NYSE Euronext
CMCP.
Platform as a Service (PaaS)
PaaS proffers a policy to the users for letting them to draft, execute, and handle the cloud
applications devoid of building and maintaining complex infrastructure. Examples of
PaaS are inclusive of Google App Engine and Microsoft Azure.
Business Process as a Service (BPaaS)
BPaaS is a cloud model based on Business Process Outsourcing, whose main objective is
the reduction in manual labor by means of augmented computerization, so as to suppress
the overall process cost.
2.2. Cloud Deployment Models
The aforementioned cloud amenities disseminated by the following cloud exploitation models.
Public Cloud:
All users are able to access the public cloud by using Internet. The whole thing ranging
from amenities, computing sources, to maneuvers are administered and possessed by the
cloud supplier. Examples for public cloud are inclusive of Microsoft Azure, Amazon
EC2, and Google App Engine.
Community Cloud:
The members of an outsized area comprising several groups or enterprises can have
access to the community cloud. The business activities ranging from processes to features
are co-administered by the cloud contributors and associate enterprises.
Private Cloud:
The private cloud can be handled by cloud service contributor or the firm. The legitimate
organizational users alone can acquire permission to use the private cloud.
Hybrid Cloud:
It is a unified model of both private and public clouds. The confrontations encountered by
means of private or public cloud can be tackled by the hybrid cloud.
3. Deployment of Cloud solution in Finance Sector
Cloud reception is in the beginning periods in Australian finance related industry. The
constrained scopes of cloud based administrations are utilized by numerous financial industries.
By means of expanded utilization of information escalated software that requires the utilization
of back-end cloud applications, the Australia’s interest for cloud administrations is increased. A
normal IT cost investment funds of 12% is revealed by using distributed computing
administrations and hence the cost sparing is the key factor for cloud with associations . During
the year 2013, the IaaS, PaaS, and SaaS have transformed the Australian’s cloud computing
market to generate an income of 1.23 billion dollars.
According to the most recent report provided by Frost and Sullivan, the Growth Partnership firm,
the Australian cloud computing market has now risen up out of the earlier adopter stage to the
The aforementioned cloud amenities disseminated by the following cloud exploitation models.
Public Cloud:
All users are able to access the public cloud by using Internet. The whole thing ranging
from amenities, computing sources, to maneuvers are administered and possessed by the
cloud supplier. Examples for public cloud are inclusive of Microsoft Azure, Amazon
EC2, and Google App Engine.
Community Cloud:
The members of an outsized area comprising several groups or enterprises can have
access to the community cloud. The business activities ranging from processes to features
are co-administered by the cloud contributors and associate enterprises.
Private Cloud:
The private cloud can be handled by cloud service contributor or the firm. The legitimate
organizational users alone can acquire permission to use the private cloud.
Hybrid Cloud:
It is a unified model of both private and public clouds. The confrontations encountered by
means of private or public cloud can be tackled by the hybrid cloud.
3. Deployment of Cloud solution in Finance Sector
Cloud reception is in the beginning periods in Australian finance related industry. The
constrained scopes of cloud based administrations are utilized by numerous financial industries.
By means of expanded utilization of information escalated software that requires the utilization
of back-end cloud applications, the Australia’s interest for cloud administrations is increased. A
normal IT cost investment funds of 12% is revealed by using distributed computing
administrations and hence the cost sparing is the key factor for cloud with associations . During
the year 2013, the IaaS, PaaS, and SaaS have transformed the Australian’s cloud computing
market to generate an income of 1.23 billion dollars.
According to the most recent report provided by Frost and Sullivan, the Growth Partnership firm,
the Australian cloud computing market has now risen up out of the earlier adopter stage to the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
earlier developer phase of cloud reception by means of extensive market ((Cavoukian &
Crompton, 2001). Even though the cloud computing has seen solid improvement in the year
2014, the cloud market has started to decrease since it achieves a higher condition of
development.
From the year 2013-2018, the CAGR of 30% will be attained and the revenues are about to reach
4.45 billion dollars. The growth of IaaS and PaaS will be higher when compared to SaaS model.
Hence it is evident that the confidence is grown among the people after the incorporation of
cloud service models in their own organization. But while migrating the business critical
applications to cloud, some range of cautions are noted down. Most of the users have some
concerns in transforming the banking pursuits to the cloud (Hall & Liedtka, 2007). Instead of
that, they are utilizing it to digitally convert their business.
Major causes for the financial organizations not possessing a well-structured cloud solution are
There are certain limitations on the regulations imposed on the financial organizations for
utilizing the cloud services (Rose, 2011).
The cloud computing is not approached strategically intrinsic to the enterprises.
Users have some issues related to the security breaches.
The cloud prospects are not assessed due to the absence of significance for cloud
products.
Issues because of the investigation by Government
To conclude with, about 10% of the organizations are not interested to deploy cloud strategy for
their financial activities.
Major causes for not employing cloud service in the financial organizations are
Data privacy and safety issues
Legal Conformity
Most of the cloud intrinsic policies are not fulfilled by the cloud contributors.
The users are waiting for the extensive implementation of the cloud solutions.
The cloud applications adopted by most of the financial organizations are:
Crompton, 2001). Even though the cloud computing has seen solid improvement in the year
2014, the cloud market has started to decrease since it achieves a higher condition of
development.
From the year 2013-2018, the CAGR of 30% will be attained and the revenues are about to reach
4.45 billion dollars. The growth of IaaS and PaaS will be higher when compared to SaaS model.
Hence it is evident that the confidence is grown among the people after the incorporation of
cloud service models in their own organization. But while migrating the business critical
applications to cloud, some range of cautions are noted down. Most of the users have some
concerns in transforming the banking pursuits to the cloud (Hall & Liedtka, 2007). Instead of
that, they are utilizing it to digitally convert their business.
Major causes for the financial organizations not possessing a well-structured cloud solution are
There are certain limitations on the regulations imposed on the financial organizations for
utilizing the cloud services (Rose, 2011).
The cloud computing is not approached strategically intrinsic to the enterprises.
Users have some issues related to the security breaches.
The cloud prospects are not assessed due to the absence of significance for cloud
products.
Issues because of the investigation by Government
To conclude with, about 10% of the organizations are not interested to deploy cloud strategy for
their financial activities.
Major causes for not employing cloud service in the financial organizations are
Data privacy and safety issues
Legal Conformity
Most of the cloud intrinsic policies are not fulfilled by the cloud contributors.
The users are waiting for the extensive implementation of the cloud solutions.
The cloud applications adopted by most of the financial organizations are:
Business Administration
Email Supervision
Development of financial applications
Mobile Security Constituents
Email
Administration Application
Deployment Business
Administration Mobile Security
Constituents
57
47 68 30
45
100 47
7
17 5
3
100
Security Agency
Financial Organization
Cloud Providers
Fig 1: Adoption of public cloud in Financial Organizations
According to National Financial security agency, the public cloud model should not be
incorporated in the financial organizations due to its nature of insecurity.
Email Supervision
Development of financial applications
Mobile Security Constituents
Administration Application
Deployment Business
Administration Mobile Security
Constituents
57
47 68 30
45
100 47
7
17 5
3
100
Security Agency
Financial Organization
Cloud Providers
Fig 1: Adoption of public cloud in Financial Organizations
According to National Financial security agency, the public cloud model should not be
incorporated in the financial organizations due to its nature of insecurity.
Email
Administration Application
Deployment Business
Administration Mobile Security
Constituents
83
64 80 40
40
80 47
17
7 5
3
100
Security Agency
Financial Organization
Cloud Providers
Fig 2: Deployment of externally hosted private cloud solution in financial organizations
The largest distinction between the cloud providers, financial organizations, and security
agencies lies in the mobile security constituents.
4. Future trends in Cloud Adoption
The cloud computing remunerations are achieved through indefinite prospects for the financial
organizations by transforming several business critical applications to the cloud. The business
procedures of non-core business organizations can be easily migrated to the cloud. Depending on
the reliability of the cloud retailer, the cloud infrastructure processes like information storage,
information center supervision, and revival of failure are transited to the cloud. Before migrating
to the cloud, exhaustive researches on the various cloud retailers are performed. Because of the
core application migration to cloud is done by only few organizations, various external hosting
solutions available in the hybrid cloud interim lets the users to move most of their core
applications to the cloud (Horrigan, 2008). The circumstances suitable for the cloud deployment
are provided below.
4.1. Analytical Calculation of Risks
Administration Application
Deployment Business
Administration Mobile Security
Constituents
83
64 80 40
40
80 47
17
7 5
3
100
Security Agency
Financial Organization
Cloud Providers
Fig 2: Deployment of externally hosted private cloud solution in financial organizations
The largest distinction between the cloud providers, financial organizations, and security
agencies lies in the mobile security constituents.
4. Future trends in Cloud Adoption
The cloud computing remunerations are achieved through indefinite prospects for the financial
organizations by transforming several business critical applications to the cloud. The business
procedures of non-core business organizations can be easily migrated to the cloud. Depending on
the reliability of the cloud retailer, the cloud infrastructure processes like information storage,
information center supervision, and revival of failure are transited to the cloud. Before migrating
to the cloud, exhaustive researches on the various cloud retailers are performed. Because of the
core application migration to cloud is done by only few organizations, various external hosting
solutions available in the hybrid cloud interim lets the users to move most of their core
applications to the cloud (Horrigan, 2008). The circumstances suitable for the cloud deployment
are provided below.
4.1. Analytical Calculation of Risks
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
The grid-computing model includes risk assessment applications for evaluating measurements
like trade cost, outcomes, current worth, etc. Based on the data consignment, the cloud-based
grid computing model can be flexibly extended up and down. Thereby the maintenance expenses
can be reduced when the applications are continually employed on various grid operating points.
The CPU cycles formed by the committed device that are not utilized because of the execution of
the applications for certain periods can be suppressed through the utilization of grid based cloud.
The prevailing computing authority existing as on-demand service can be made fundamental.
4.2. Performance Acknowledgement
The performance associated with revenue and its trademark can be investigated by means of
recital ascription. The accomplishment of the cloud speculation strategy is quantified through
performance ascription. The attributes of the asset procedures containing both the positive and
negative association with the performance stages are obtained by the asset administrators. Larger
range of historical information can be acquired by the data centered processes for the purpose of
estimating the performance measurements. The process of estimating the risk analytics by
executing the applications at definite periods is similar to that of the performance ascription
technique. Hence, the utilization of computing energy can be optimized and the performance
advantages of the cloud based grid can be realized by deploying the external cloud host.
4.3. Operational Identity and Resolution
The process of operational identity acquires operational data from various dealers and then the
data are resolved. During the times of maximum operation, the operational identification process
is subjective to high volumes. A hybrid cloud can be crafted in such a way that the resolution
operation is conducted on the public cloud for achieving flexibility. The data remain in the
committed servers residing the private cloud. Thereby, creation of an individual connection to
new users can be avoided and the connections can be synchronized.
4.4. Positional data implicit
The various kinds of information sources hold multiple types of positional information like
reference information, master data, dealer, and the data belonging to other party. This type of
information sources belong to intrinsic database system, outer supplies, or file systems.
like trade cost, outcomes, current worth, etc. Based on the data consignment, the cloud-based
grid computing model can be flexibly extended up and down. Thereby the maintenance expenses
can be reduced when the applications are continually employed on various grid operating points.
The CPU cycles formed by the committed device that are not utilized because of the execution of
the applications for certain periods can be suppressed through the utilization of grid based cloud.
The prevailing computing authority existing as on-demand service can be made fundamental.
4.2. Performance Acknowledgement
The performance associated with revenue and its trademark can be investigated by means of
recital ascription. The accomplishment of the cloud speculation strategy is quantified through
performance ascription. The attributes of the asset procedures containing both the positive and
negative association with the performance stages are obtained by the asset administrators. Larger
range of historical information can be acquired by the data centered processes for the purpose of
estimating the performance measurements. The process of estimating the risk analytics by
executing the applications at definite periods is similar to that of the performance ascription
technique. Hence, the utilization of computing energy can be optimized and the performance
advantages of the cloud based grid can be realized by deploying the external cloud host.
4.3. Operational Identity and Resolution
The process of operational identity acquires operational data from various dealers and then the
data are resolved. During the times of maximum operation, the operational identification process
is subjective to high volumes. A hybrid cloud can be crafted in such a way that the resolution
operation is conducted on the public cloud for achieving flexibility. The data remain in the
committed servers residing the private cloud. Thereby, creation of an individual connection to
new users can be avoided and the connections can be synchronized.
4.4. Positional data implicit
The various kinds of information sources hold multiple types of positional information like
reference information, master data, dealer, and the data belonging to other party. This type of
information sources belong to intrinsic database system, outer supplies, or file systems.
Challenge exists in the creation of techniques to access information from these data sources and
the aggregation the information within the application. As a solution for this, a data virtualization
layer should be constructed for accessing and aggregating the data within this data sources. The
constructed virtualization layer should be adaptable for combining various data courses based on
the application needs. Moreover, an addition layer for providing assistance for monetary
analysis, effective description, and risk administration is also provided. All the data are made
available to the users from the central information services.
5. Risk and Confrontations
Cloud computing is associated with multiple challenges related to data safety, security,
accessibility, conformity, and standard deficiency (Pearson, Casassa, Crane & Herrmann, 2005).
These types of risks are the focal points in standardized and safety-perceptive situations like
fictional services.
Fig 3: Confronted cloud risks
5.1. Security Issues
Risks
the aggregation the information within the application. As a solution for this, a data virtualization
layer should be constructed for accessing and aggregating the data within this data sources. The
constructed virtualization layer should be adaptable for combining various data courses based on
the application needs. Moreover, an addition layer for providing assistance for monetary
analysis, effective description, and risk administration is also provided. All the data are made
available to the users from the central information services.
5. Risk and Confrontations
Cloud computing is associated with multiple challenges related to data safety, security,
accessibility, conformity, and standard deficiency (Pearson, Casassa, Crane & Herrmann, 2005).
These types of risks are the focal points in standardized and safety-perceptive situations like
fictional services.
Fig 3: Confronted cloud risks
5.1. Security Issues
Risks
The security issues identified in cloud technology are illustrated by an examination
demonstration. According to the National Finance Security Association, the dangers encountered
with domestic infrastructure can be easily controlled and operationally corrected when compared
to cloud technology. The respondents are solicited for ranking a rundown from the normal
security hazards on size from 1 to 5, since the security concerns are a key thought while
embracing the cloud administrations (Greenberg, 2008).
Several security concerns are identified with cloud based administrations employed in the
financial organizations. But the risks are particularly stressed upon information classification,
consistence, information rupture, and legitimate issues. The administration loss, insufficient
inspection, and the unavailability of straightforwardness are highly realized by the financial
enterprises.
Information break, accessibility, and respectability are the topmost threats according to the cloud
service contributors. The unavailability of legal abilities is not considered as an especially
pertinent safety issues and the security concerns communicated by the security agencies and
cloud service contributors plays a major role (Jensen, Schwenk, Gruschka & Iacono, 2014).
Hence, the security concerns are viewed as the primary constraining component for selecting the
cloud strategies in the monetary sectors. The appropriate responses are examined for generating
related inquiries and the security agencies are concentrated more on the risks when compared to
the cloud contributors. Thus the most recognized threats are loss of information control, absence
of straightforwardness, trustworthiness, and the absence of reviewing risk highlights.
5.2. Risk Assessment by Enterprise
The financial organizations should be aware of the particular dangers associated with the
utilization of distributed computing. The regulation requirements provided by security agency
are based on the evaluation, distinction, and danger alleviation. The itemized corporate hazard
appraisal for cloud computing is not constructed by 46% of the respondents (Salesforce, 2011).
Even high levels of financial organizations have not created a corporate hazard administration
methodology. A completely organized cloud technique is not comprised by 42% of the financial
industries (Rose, 2011).
demonstration. According to the National Finance Security Association, the dangers encountered
with domestic infrastructure can be easily controlled and operationally corrected when compared
to cloud technology. The respondents are solicited for ranking a rundown from the normal
security hazards on size from 1 to 5, since the security concerns are a key thought while
embracing the cloud administrations (Greenberg, 2008).
Several security concerns are identified with cloud based administrations employed in the
financial organizations. But the risks are particularly stressed upon information classification,
consistence, information rupture, and legitimate issues. The administration loss, insufficient
inspection, and the unavailability of straightforwardness are highly realized by the financial
enterprises.
Information break, accessibility, and respectability are the topmost threats according to the cloud
service contributors. The unavailability of legal abilities is not considered as an especially
pertinent safety issues and the security concerns communicated by the security agencies and
cloud service contributors plays a major role (Jensen, Schwenk, Gruschka & Iacono, 2014).
Hence, the security concerns are viewed as the primary constraining component for selecting the
cloud strategies in the monetary sectors. The appropriate responses are examined for generating
related inquiries and the security agencies are concentrated more on the risks when compared to
the cloud contributors. Thus the most recognized threats are loss of information control, absence
of straightforwardness, trustworthiness, and the absence of reviewing risk highlights.
5.2. Risk Assessment by Enterprise
The financial organizations should be aware of the particular dangers associated with the
utilization of distributed computing. The regulation requirements provided by security agency
are based on the evaluation, distinction, and danger alleviation. The itemized corporate hazard
appraisal for cloud computing is not constructed by 46% of the respondents (Salesforce, 2011).
Even high levels of financial organizations have not created a corporate hazard administration
methodology. A completely organized cloud technique is not comprised by 42% of the financial
industries (Rose, 2011).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
According to a recent survey conducted on the cloud utilization, 88% of the financial industries
contain effectively utilized cloud administrations while 47% have not constructed even a nutty
gritty corporate hazard evaluation (Google App Engine, 2017).
The circumstances can be enhanced by further direction from the security agencies and the
receptions of cloud benefits are encouraged, so as to meet the administrative prerequisites. In
addition to that, the cloud technology risk management guidelines issued by the monetary
authority of Australia are helpful for the respondents for taking care of the existing and
developing innovative dangers (Osterwalder, 2011).
There is some dissimilarity between the primary difficulties recognized by the cloud service
contributors and financial organization. From the perspective of financial organizations, the
communicated administrative commitments emphasize more amid the movement to cloud-based
administrations. According to the cloud service contributors, the most complex risk is identified
due to the relocation of higher recurrence exchanging arrangements (The Royal Academy of
Engineering, 2007).
Conversely, in order to examine the risks in financial organizations, the high recurrence
exchanging arrangements make them to not to migrate the business applications to the cloud.
About 34% of the financial firms perceive that cloud investigation and log gathering are the
issues encountered especially in the public clouds. But the cloud service contributors seem to
judge the test of log collection as totally unessential and they do not possess the similar
supposition as that of financial firms. Hence the financial industries are in the need of coordinate
risk control of the occurrences in the cloud.
6. Security Necessities and Alleviation Measures
This section offers the security analysis from both the perspectives of cloud service contributors
and financial enterprises. The alleviation measures that are incorporated in the finance sector are
also discussed.
6.1. Cloud Security Requirements
contain effectively utilized cloud administrations while 47% have not constructed even a nutty
gritty corporate hazard evaluation (Google App Engine, 2017).
The circumstances can be enhanced by further direction from the security agencies and the
receptions of cloud benefits are encouraged, so as to meet the administrative prerequisites. In
addition to that, the cloud technology risk management guidelines issued by the monetary
authority of Australia are helpful for the respondents for taking care of the existing and
developing innovative dangers (Osterwalder, 2011).
There is some dissimilarity between the primary difficulties recognized by the cloud service
contributors and financial organization. From the perspective of financial organizations, the
communicated administrative commitments emphasize more amid the movement to cloud-based
administrations. According to the cloud service contributors, the most complex risk is identified
due to the relocation of higher recurrence exchanging arrangements (The Royal Academy of
Engineering, 2007).
Conversely, in order to examine the risks in financial organizations, the high recurrence
exchanging arrangements make them to not to migrate the business applications to the cloud.
About 34% of the financial firms perceive that cloud investigation and log gathering are the
issues encountered especially in the public clouds. But the cloud service contributors seem to
judge the test of log collection as totally unessential and they do not possess the similar
supposition as that of financial firms. Hence the financial industries are in the need of coordinate
risk control of the occurrences in the cloud.
6. Security Necessities and Alleviation Measures
This section offers the security analysis from both the perspectives of cloud service contributors
and financial enterprises. The alleviation measures that are incorporated in the finance sector are
also discussed.
6.1. Cloud Security Requirements
The financial institutions are in need of certain requirements while planning the adoption of
cloud services. The security requirements are enlisted below.
1. 75% of the completed deployed cloud security measures
2. 64% of intrinsic auditing authorization
3. 50% of the incident consequences
4. 50% of the non-transitional client information
After separating the answers from smaller cloud service contributors, an impression is
created that the financial organizations request more amenities from the smaller cloud
contributors (Mowbray, 2009). The cloud providers require profound consent evaluation if an
occurrence of an episode is encountered. Moreover, the customer information cannot be
moved into the billows of smaller cloud traders by the financial enterprises. Moreover, the
authorized punishment provisions are readily available to the small cloud contributors but
which is not in the case of larger traders (Cohen, Lindvall & Costa, 2004).
Numerous security agencies’ concerns regarding the reception of cloud based administrations
by financial firm are discussed in the previous section. Those concerns are reflected in the
manner that all the financial organizations are requested by the security associations to take
after strict security necessities, beginning with the hazard evaluation of safety efforts to be
executed (Lindell & Pinkas, 2002).
Due to the stringent supervision and prerequisites placed by security agencies, consistency is
considered to be the critical working necessity for financial firms (Rousseau, Sitkin, Burt &
Camerer, 2011). The cloud selection is considered inside the module of keeping up
administrative consistency. According to the aforementioned risk examinations, the
associations regularly approach consistence confirmation with cloud suppliers through the
methods enlisted below:
90% of specific contract provisions
70% of official recognition
85% of Service Level Agreements
30% of Reviews
cloud services. The security requirements are enlisted below.
1. 75% of the completed deployed cloud security measures
2. 64% of intrinsic auditing authorization
3. 50% of the incident consequences
4. 50% of the non-transitional client information
After separating the answers from smaller cloud service contributors, an impression is
created that the financial organizations request more amenities from the smaller cloud
contributors (Mowbray, 2009). The cloud providers require profound consent evaluation if an
occurrence of an episode is encountered. Moreover, the customer information cannot be
moved into the billows of smaller cloud traders by the financial enterprises. Moreover, the
authorized punishment provisions are readily available to the small cloud contributors but
which is not in the case of larger traders (Cohen, Lindvall & Costa, 2004).
Numerous security agencies’ concerns regarding the reception of cloud based administrations
by financial firm are discussed in the previous section. Those concerns are reflected in the
manner that all the financial organizations are requested by the security associations to take
after strict security necessities, beginning with the hazard evaluation of safety efforts to be
executed (Lindell & Pinkas, 2002).
Due to the stringent supervision and prerequisites placed by security agencies, consistency is
considered to be the critical working necessity for financial firms (Rousseau, Sitkin, Burt &
Camerer, 2011). The cloud selection is considered inside the module of keeping up
administrative consistency. According to the aforementioned risk examinations, the
associations regularly approach consistence confirmation with cloud suppliers through the
methods enlisted below:
90% of specific contract provisions
70% of official recognition
85% of Service Level Agreements
30% of Reviews
Besides the experience gained by the cloud contributors, the greatest impediments in defeating
the danger of distributed computing, are originated from the misguided judgments about the
cloud innovation. The cloud service contributors gain straightforwardness about their cloud
offerings.
6.2. Alleviation Measures
The financial firm’s readiness to acquire the cloud administration model leads to particular
highlights and capacities for relieving the dangers presented by the selection of distributed
computing. Some of the described highlights are required in order to enhance the trust while
others are needed for the purpose of ensuring consistence and security.
The fictional organization, Aztek, require comparatively higher security highlights than the
financial organizations. However, the sections intrigued by the fictional firms at the least are e-
revelation and criminology. Those highlights are considered as imperative by the financial firms.
When some information related to the execution of relief measures are procured amid the
relocation to cloud benefits, the respondents are needed to ask about their contract conditions
from their cloud service providers. The contract conditions include creating leave methodologies,
suitable to review, require data and security affirmations, actualized safety efforts, and plainly
characterized service level agreements.
A considerably stricter approach is needed by the security agencies since their inclination is
based on the reasonability and not on the benefits. Moreover, the security firms are less hesitant
about moving the customer information to the cloud provided that the hazard evaluation has been
performed and the dangers are enough moderated (McKinley, Samimi, Shapiro & Chiping,
2006). The intensity of financial organizations that have not transferred the customer information
to the cloud is more reliable with the quantity of financial firms who have not ever built up a
point by point corporate hazard evaluation for cloud based administrations.
To end up with, some financial enterprises are settling on from their earlier choices of not
employing the cloud for protecting sensitive information. Rather they are constructing their own
prototypes for developing the risk examination and danger appraisals.
the danger of distributed computing, are originated from the misguided judgments about the
cloud innovation. The cloud service contributors gain straightforwardness about their cloud
offerings.
6.2. Alleviation Measures
The financial firm’s readiness to acquire the cloud administration model leads to particular
highlights and capacities for relieving the dangers presented by the selection of distributed
computing. Some of the described highlights are required in order to enhance the trust while
others are needed for the purpose of ensuring consistence and security.
The fictional organization, Aztek, require comparatively higher security highlights than the
financial organizations. However, the sections intrigued by the fictional firms at the least are e-
revelation and criminology. Those highlights are considered as imperative by the financial firms.
When some information related to the execution of relief measures are procured amid the
relocation to cloud benefits, the respondents are needed to ask about their contract conditions
from their cloud service providers. The contract conditions include creating leave methodologies,
suitable to review, require data and security affirmations, actualized safety efforts, and plainly
characterized service level agreements.
A considerably stricter approach is needed by the security agencies since their inclination is
based on the reasonability and not on the benefits. Moreover, the security firms are less hesitant
about moving the customer information to the cloud provided that the hazard evaluation has been
performed and the dangers are enough moderated (McKinley, Samimi, Shapiro & Chiping,
2006). The intensity of financial organizations that have not transferred the customer information
to the cloud is more reliable with the quantity of financial firms who have not ever built up a
point by point corporate hazard evaluation for cloud based administrations.
To end up with, some financial enterprises are settling on from their earlier choices of not
employing the cloud for protecting sensitive information. Rather they are constructing their own
prototypes for developing the risk examination and danger appraisals.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7. Recommendations:
This section provides the list of recommendations mainly to the fictional company “Aztek”. The
recommendations are categorized into four major sections namely risks based methods,
assertions, relationships, lucidity, and information promotion.
7.1. Relationship between financial organizations, fictional firm, and Cloud
Service Providers
This case study mainly focuses in the areas where the efficient relationships and interactions are
available between the financial organizations, cloud service contributors, and fictional firm
(Berney, 2010).
Hence the following suggestions are made to connect the financial firms to fictional company
and cloud service contributor.
1. The risk administration for the employment of cloud computing in financial sector
requires the security agencies to delineate a structured set of security policies and
procedures.
2. Certain limitations are to be imposed on the utilization of financial information over the
cloud.
7.2. Risk-Based Methods:
The suggestion is made on the development of cloud computing features for describing their
risk-based methods to distributed computing. The enterprises should be able to readily adopt the
risk-based method when migration to external cloud solution. And, their cloud method must be
in parallel with their commercial risk considerations.
After comprehending and identify their computing resources, the organizations will be able to
possess reliability, accessibility, and legitimacy requirements for incorporating the cloud based
solution (Kohl, 2007). Thus, the financial firms should conduct organization risk estimation
before influencing the existing cloud methods and implementations.
7.3. Lucidity and assertion
This section provides the list of recommendations mainly to the fictional company “Aztek”. The
recommendations are categorized into four major sections namely risks based methods,
assertions, relationships, lucidity, and information promotion.
7.1. Relationship between financial organizations, fictional firm, and Cloud
Service Providers
This case study mainly focuses in the areas where the efficient relationships and interactions are
available between the financial organizations, cloud service contributors, and fictional firm
(Berney, 2010).
Hence the following suggestions are made to connect the financial firms to fictional company
and cloud service contributor.
1. The risk administration for the employment of cloud computing in financial sector
requires the security agencies to delineate a structured set of security policies and
procedures.
2. Certain limitations are to be imposed on the utilization of financial information over the
cloud.
7.2. Risk-Based Methods:
The suggestion is made on the development of cloud computing features for describing their
risk-based methods to distributed computing. The enterprises should be able to readily adopt the
risk-based method when migration to external cloud solution. And, their cloud method must be
in parallel with their commercial risk considerations.
After comprehending and identify their computing resources, the organizations will be able to
possess reliability, accessibility, and legitimacy requirements for incorporating the cloud based
solution (Kohl, 2007). Thus, the financial firms should conduct organization risk estimation
before influencing the existing cloud methods and implementations.
7.3. Lucidity and assertion
Both the financial firms and security agencies are more careful in their cloud computing methods
because of their delusions on the cloud computing technology. For addressing this problem,
enhanced level of lucidity and assertion is required. Hence, some recommendations are provided
to the cloud service providers for interpreting the assertion level of their cloud proffering. Such
an interpretation is based on the following factors.
1. Sharing the information regarding cloud service provider’s cloud administration
procedures.
2. Safety and security controls imposed on the cloud services. The Service Level Agreement
provided by them must be uncomplicated, analogous, and definite (Solove, 2006).
7.4. Information Promotion
In this section, the recommendations are made to provide the information crusade for attaining
the accompanying targets:
1. The comprehension of security agencies, financial organizations on cloud based
administrations, and other monetary related controllers are expanded.
2. The contracts between the cloud based administrations and business outsourcing should
be elucidated.
3. The exchange offs between the private cloud, domestic IT infrastructure, private cloud,
and business outsourcing must be illuminated.
4. Cloud based principles; confirmations, improved cloud practices, and systems are
embraced for encouraging the safer selection of cloud based administrations.
8. Conclusion:
The cloud registration utilities are conveyed as administrations through a promising worldview
of distributed computing. Distributed computing is conveying comparable broad changes for
permitting and provisioning the cloud computing strategies for developing effective financial
applications. The advantages of distributed computing like adaptability and cost effectiveness are
experienced by many firms.
because of their delusions on the cloud computing technology. For addressing this problem,
enhanced level of lucidity and assertion is required. Hence, some recommendations are provided
to the cloud service providers for interpreting the assertion level of their cloud proffering. Such
an interpretation is based on the following factors.
1. Sharing the information regarding cloud service provider’s cloud administration
procedures.
2. Safety and security controls imposed on the cloud services. The Service Level Agreement
provided by them must be uncomplicated, analogous, and definite (Solove, 2006).
7.4. Information Promotion
In this section, the recommendations are made to provide the information crusade for attaining
the accompanying targets:
1. The comprehension of security agencies, financial organizations on cloud based
administrations, and other monetary related controllers are expanded.
2. The contracts between the cloud based administrations and business outsourcing should
be elucidated.
3. The exchange offs between the private cloud, domestic IT infrastructure, private cloud,
and business outsourcing must be illuminated.
4. Cloud based principles; confirmations, improved cloud practices, and systems are
embraced for encouraging the safer selection of cloud based administrations.
8. Conclusion:
The cloud registration utilities are conveyed as administrations through a promising worldview
of distributed computing. Distributed computing is conveying comparable broad changes for
permitting and provisioning the cloud computing strategies for developing effective financial
applications. The advantages of distributed computing like adaptability and cost effectiveness are
experienced by many firms.
Firms that are opting to move their business critical applications to the cloud should initiate by
moving their distributed and nonrevenue frameworks to the cloud environment. Also, an
exhaustive cloud system can be constructed to move business applications to the cloud. So, the
financial firms can address the associated risks of cloud computing so as to fabricate the
powerful cloud system.
9. References:
Borking, J., & Raab, C. (2010). Law, PETs and Other Technologies for Privacy Protection.
Journal of Information, Law and Technology, 20 (1), February 28, 2001.
Cavoukian, A., & Crompton, M. (2001). Web Seals: A review of Online Privacy Programs, 22nd
International Conference on Privacy and Data Protection, 3(4), 40-70.
Berney, A. (2010). Cloud Security Alliance. Top Threats to Cloud Computing, 1(2),10-50.
Cohen, D., Lindvall, S., and Costa, P. (2004). An introduction to agile methods. Advances in
Computers, 10(12), 1-66.
Greenberg, A. (2008, February 19). Cloud Computing's Stormy Side. Retrieved from
http://www.forbes.com/2008/02/17/web-application-cloudtech-intel-cx_ag_0219cloud.html.
Hall, J.A., & Liedtka, S.L. (2007). The Sarbanes-Oxley Act: implications for large-scale IT
outsourcing. Communications of the ACM, 50(3), 95-100.
Horrigan, B. (2008, September 15). Use of cloud computing applications and services. Retrieved
from http://www.pewinternet.org/pdfs/PIP_Cloud.Memo.pdf
Lindell, Y., & Pinkas, B. (2002). Privacy Preserving Data Mining. Journal of Cryptology, 15(3),
36-66.
Kohl, U. (2007). Jurisdiction and the Internet. England: Cambridge University.
Mowbray, M. (2009). The Fog over the Grimpen Mire: Cloud Computing and the Law. Script-ed
Journal of Law Technology and Society, 6(1).
moving their distributed and nonrevenue frameworks to the cloud environment. Also, an
exhaustive cloud system can be constructed to move business applications to the cloud. So, the
financial firms can address the associated risks of cloud computing so as to fabricate the
powerful cloud system.
9. References:
Borking, J., & Raab, C. (2010). Law, PETs and Other Technologies for Privacy Protection.
Journal of Information, Law and Technology, 20 (1), February 28, 2001.
Cavoukian, A., & Crompton, M. (2001). Web Seals: A review of Online Privacy Programs, 22nd
International Conference on Privacy and Data Protection, 3(4), 40-70.
Berney, A. (2010). Cloud Security Alliance. Top Threats to Cloud Computing, 1(2),10-50.
Cohen, D., Lindvall, S., and Costa, P. (2004). An introduction to agile methods. Advances in
Computers, 10(12), 1-66.
Greenberg, A. (2008, February 19). Cloud Computing's Stormy Side. Retrieved from
http://www.forbes.com/2008/02/17/web-application-cloudtech-intel-cx_ag_0219cloud.html.
Hall, J.A., & Liedtka, S.L. (2007). The Sarbanes-Oxley Act: implications for large-scale IT
outsourcing. Communications of the ACM, 50(3), 95-100.
Horrigan, B. (2008, September 15). Use of cloud computing applications and services. Retrieved
from http://www.pewinternet.org/pdfs/PIP_Cloud.Memo.pdf
Lindell, Y., & Pinkas, B. (2002). Privacy Preserving Data Mining. Journal of Cryptology, 15(3),
36-66.
Kohl, U. (2007). Jurisdiction and the Internet. England: Cambridge University.
Mowbray, M. (2009). The Fog over the Grimpen Mire: Cloud Computing and the Law. Script-ed
Journal of Law Technology and Society, 6(1).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
McKinley, P.K., Samimi, F.A., Shapiro, J.K., & Chiping, T. (2006). Service Clouds: A
Distributed Infrastructure for Constructing Autonomic Communication Services. Dependable
Autonomic and Secure Computing IEEE, 341-348.
Google App Engine (2017, September 26), Retrieved from http://code.google.com/appengine.
Rousseau, D., Sitkin, S., Burt, R., & Camerer, C. (2011). Not so Different after All: a Cross-
discipline View of Trust. Academy of Management Review, 20(3), 393-404.
The Royal Academy of Engineering (2007, March 15). Dilemmas of Privacy and Surveillance:
Challenges of Technological Change. Retrieved from
www.raeng.org.uk/policy/reports/default.htm.
Solove, D.J. (2006). A Taxonomy of Privacy. University of Pennyslavania Law Review, 54(3),
477.
Osterwalder, D. (2011). Trust Through Evaluation and Certification?. Social Science Computer
Review, 19 (1), 32-46.
Pearson, S., Casassa, M., Crane, S., & Herrmann, P. (2005). Persistent and Dynamic Trust:
Analysis and the Related Impact of Trusted Platforms, Trust Management Proc. iTrust 2005
LNCS 3477, 355-363.
Jensen, M., Schwenk, J., Gruschka, N., & Iacono, L. (2014). On Technical Security Issues in
Cloud Computing. IEEE Internation Conference on CloudComputing. 2(1), 109–120.
Rose, J. (2011, August 20). Cloudy with a chance of zero day. Retrieved from
www.owasp.org/images/1/12/Cloudy_with_a_chance_of_0_day_Jon_Rose-
Tom_Leavey.pdfGoogle Scholar.
Salesforce. (2011, March 25). Salesforce Security Statement. Retrieved from
salesforce.com/company/privacy/security.jsp
Distributed Infrastructure for Constructing Autonomic Communication Services. Dependable
Autonomic and Secure Computing IEEE, 341-348.
Google App Engine (2017, September 26), Retrieved from http://code.google.com/appengine.
Rousseau, D., Sitkin, S., Burt, R., & Camerer, C. (2011). Not so Different after All: a Cross-
discipline View of Trust. Academy of Management Review, 20(3), 393-404.
The Royal Academy of Engineering (2007, March 15). Dilemmas of Privacy and Surveillance:
Challenges of Technological Change. Retrieved from
www.raeng.org.uk/policy/reports/default.htm.
Solove, D.J. (2006). A Taxonomy of Privacy. University of Pennyslavania Law Review, 54(3),
477.
Osterwalder, D. (2011). Trust Through Evaluation and Certification?. Social Science Computer
Review, 19 (1), 32-46.
Pearson, S., Casassa, M., Crane, S., & Herrmann, P. (2005). Persistent and Dynamic Trust:
Analysis and the Related Impact of Trusted Platforms, Trust Management Proc. iTrust 2005
LNCS 3477, 355-363.
Jensen, M., Schwenk, J., Gruschka, N., & Iacono, L. (2014). On Technical Security Issues in
Cloud Computing. IEEE Internation Conference on CloudComputing. 2(1), 109–120.
Rose, J. (2011, August 20). Cloudy with a chance of zero day. Retrieved from
www.owasp.org/images/1/12/Cloudy_with_a_chance_of_0_day_Jon_Rose-
Tom_Leavey.pdfGoogle Scholar.
Salesforce. (2011, March 25). Salesforce Security Statement. Retrieved from
salesforce.com/company/privacy/security.jsp
1 out of 21
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.