Data Privacy and Security in Cloud Computing
28 Pages7001 Words70 Views
Added on 2020-05-11
Data Privacy and Security in Cloud Computing
Added on 2020-05-11
ShareRelated Documents
Running head: CLOUD PRIVACY AND SECURITY
Cloud Privacy and Security
Name of the Student
Name of the University
Author’s note
Cloud Privacy and Security
Name of the Student
Name of the University
Author’s note
1CLOUD PRIVACY AND SECURITY
Executive Summary
The Department of Administrative Service (DAS) caters multiple services to the State
government of Australia, the services they can get the are payroll management, HR and the
contractor management. DAS has decided to move to the cloud to furnish the business
activities. That is why DAS is concerned about the security and privacy breaches. They
believe that the cloud vendors can serve their purpose well. The cloud platform Shore and
Amazon AWS has been explained. The threats and the risks have been detailed in the report
and along with that, the risk mitigation procedures have been elaborated well.
Executive Summary
The Department of Administrative Service (DAS) caters multiple services to the State
government of Australia, the services they can get the are payroll management, HR and the
contractor management. DAS has decided to move to the cloud to furnish the business
activities. That is why DAS is concerned about the security and privacy breaches. They
believe that the cloud vendors can serve their purpose well. The cloud platform Shore and
Amazon AWS has been explained. The threats and the risks have been detailed in the report
and along with that, the risk mitigation procedures have been elaborated well.
2CLOUD PRIVACY AND SECURITY
Table of Contents
1. Introduction............................................................................................................................3
2. Consideration of the data and information that DAS holds on its employees in the current
HR system..................................................................................................................................3
2.1. Establishment of the existing threats and risks to the security of that data and
information contained in the in-house HR database..............................................................3
2.2. The risks and threats to the employee data after migration to a SaaS application..........8
2.3. Assess the resulting severity of risk and threat to employee data...................................9
3. Consideration of the privacy of the data for those employees who will move to a SaaS
application................................................................................................................................12
3.1. Establishment of the existing threats and risks to the privacy of that data and
information contained in the in-house HR database............................................................12
3.2. The risks and threats to the privacy of the employee data after migration to a SaaS
application............................................................................................................................12
3.3. Assess the resulting severity of risk and threat to the privacy of employee data..........14
4. The threats and risks to the digital identities of Government employees from the move to
SaaS applications.....................................................................................................................15
5. Consideration of the operational solution and location(s) of the two SaaS providers for HR
and Contractor management....................................................................................................17
6. The issues of data sensitivity or jurisdiction that should be considered other than the issues
discussed..................................................................................................................................20
7. Conclusion............................................................................................................................21
8. References............................................................................................................................21
Table of Contents
1. Introduction............................................................................................................................3
2. Consideration of the data and information that DAS holds on its employees in the current
HR system..................................................................................................................................3
2.1. Establishment of the existing threats and risks to the security of that data and
information contained in the in-house HR database..............................................................3
2.2. The risks and threats to the employee data after migration to a SaaS application..........8
2.3. Assess the resulting severity of risk and threat to employee data...................................9
3. Consideration of the privacy of the data for those employees who will move to a SaaS
application................................................................................................................................12
3.1. Establishment of the existing threats and risks to the privacy of that data and
information contained in the in-house HR database............................................................12
3.2. The risks and threats to the privacy of the employee data after migration to a SaaS
application............................................................................................................................12
3.3. Assess the resulting severity of risk and threat to the privacy of employee data..........14
4. The threats and risks to the digital identities of Government employees from the move to
SaaS applications.....................................................................................................................15
5. Consideration of the operational solution and location(s) of the two SaaS providers for HR
and Contractor management....................................................................................................17
6. The issues of data sensitivity or jurisdiction that should be considered other than the issues
discussed..................................................................................................................................20
7. Conclusion............................................................................................................................21
8. References............................................................................................................................21
3CLOUD PRIVACY AND SECURITY
1. Introduction
The Department of Administrative Service (DAS) is known to cater multiple services
to the Australian State Government, the services catered by them are the payroll
management, payroll procurement, HR and contractor management (Haynes & Giblin, 2014).
Now DAS is worried about the security and privacy of the organisation and also the workers
of the organisation and the customers or the users associated with it.
The report will thus highlight the existing risks and threats and the vulnerabilities
prevalent within in house of the HR database. The risks and the vulnerabilities of the
employees, employees’ data risks will be evaluated in this report as well. That is why seeing
the potential risks DAS has decided to move to the cloud, the threats and risks associated
moving to the cloud has been showcased and the possible solutions to control those risks
have been detailed in the report. Amazon AWS and another cloud vendor Sore’s impact will
be highlighted to illustrate the cloud computing elaborately.
2. Consideration of the data and information that DAS holds on its employees in the
current HR system
2.1. Establishment of the existing threats and risks to the security of that data and
information contained in the in-house HR database
The risks and the threats residing within the HR database are as follows-
i. Deployment failures: The database may fail due to some faulty issues and due to
the software developers make wrong configuration and wrong coding. The database can be
under disruption at the time of execution as well (Shostack, 2014). At the time of
development of the database software the database remains untested by the developers so
1. Introduction
The Department of Administrative Service (DAS) is known to cater multiple services
to the Australian State Government, the services catered by them are the payroll
management, payroll procurement, HR and contractor management (Haynes & Giblin, 2014).
Now DAS is worried about the security and privacy of the organisation and also the workers
of the organisation and the customers or the users associated with it.
The report will thus highlight the existing risks and threats and the vulnerabilities
prevalent within in house of the HR database. The risks and the vulnerabilities of the
employees, employees’ data risks will be evaluated in this report as well. That is why seeing
the potential risks DAS has decided to move to the cloud, the threats and risks associated
moving to the cloud has been showcased and the possible solutions to control those risks
have been detailed in the report. Amazon AWS and another cloud vendor Sore’s impact will
be highlighted to illustrate the cloud computing elaborately.
2. Consideration of the data and information that DAS holds on its employees in the
current HR system
2.1. Establishment of the existing threats and risks to the security of that data and
information contained in the in-house HR database
The risks and the threats residing within the HR database are as follows-
i. Deployment failures: The database may fail due to some faulty issues and due to
the software developers make wrong configuration and wrong coding. The database can be
under disruption at the time of execution as well (Shostack, 2014). At the time of
development of the database software the database remains untested by the developers so
4CLOUD PRIVACY AND SECURITY
some faulty issues and bugs stay inside the database, the attackers taking advantage of the
bug can exploit the database.
ii. Database security flaws: The security vulnerabilities stay within the database and
these vulnerabilities can be disastrous to the organisation (Rhodes-Ousley, 2013). The
malware attacks create havoc and the whole system and the database can be under threat. the
intruders can gain access to the system through these loopholes and can exploit the entire
database and the system at will. The organisations can suffer a lot due to this attack.
Fig 1: The threats and risks associated with the database
(Source: Chockalingam et al., 2017)
iii. Data leaks: Database is considered as the backend of the development, the
business organisations’ financial data as well as the sensitive data of the employees and the
customers and the clients in the database. Therefore, the business organisations if want to
protect their database from any kind of mishaps they must ensure that their network is strong
some faulty issues and bugs stay inside the database, the attackers taking advantage of the
bug can exploit the database.
ii. Database security flaws: The security vulnerabilities stay within the database and
these vulnerabilities can be disastrous to the organisation (Rhodes-Ousley, 2013). The
malware attacks create havoc and the whole system and the database can be under threat. the
intruders can gain access to the system through these loopholes and can exploit the entire
database and the system at will. The organisations can suffer a lot due to this attack.
Fig 1: The threats and risks associated with the database
(Source: Chockalingam et al., 2017)
iii. Data leaks: Database is considered as the backend of the development, the
business organisations’ financial data as well as the sensitive data of the employees and the
customers and the clients in the database. Therefore, the business organisations if want to
protect their database from any kind of mishaps they must ensure that their network is strong
5CLOUD PRIVACY AND SECURITY
as well as secure enough, if the network is not secured then it may happen the hackers can
take advantage of the network and can exploit the database as a whole.
iv. The misuse of the database: The data in the database gets misused by several
means, due to mishandling of the employees and the mishandling of the clients or the
customers. The employees sometimes install plugins into their system, thus the applications
installed within the system becomes bulky and at the same time buggy, these plugins may
prove vulgar they can steal all the necessary information, hidden files within the system, as
well as they, can steal cookies from the browser (Chockalingam et al., 2017). Thus the
casualties of the employees can cost the company too much. Even the casualties from the
customers can cause security and privacy breach the passwords stored in the database can be
stolen from the database of the customers.
v. Hopscotch approach: The hacktivists can steal the personal files and the data from
someone’s personal account simply without using any bank card and the bank card
information, the intruders are always in search of the vulnerabilities.
vi. SQL injection: The variables do not get tested at the time of testing and the front
end database does not get the desired security with the firewall and thus the system and the
database both are vulnerable to SQL injection (Albakri et al., 2014).
vii. Key management: The database developers and the database administrators keep
the important keys in their database on the hard drive of the computer system (Chockalingam
et al., 2017). If the computer gets connected to the insecure network the intruders will attack
the computer system and will make the entire system vulnerable.
viii. Database inconsistency: The database developers, as well as the database
administrators, must be careful about the data breaches all the time if any kind of mishaps
as well as secure enough, if the network is not secured then it may happen the hackers can
take advantage of the network and can exploit the database as a whole.
iv. The misuse of the database: The data in the database gets misused by several
means, due to mishandling of the employees and the mishandling of the clients or the
customers. The employees sometimes install plugins into their system, thus the applications
installed within the system becomes bulky and at the same time buggy, these plugins may
prove vulgar they can steal all the necessary information, hidden files within the system, as
well as they, can steal cookies from the browser (Chockalingam et al., 2017). Thus the
casualties of the employees can cost the company too much. Even the casualties from the
customers can cause security and privacy breach the passwords stored in the database can be
stolen from the database of the customers.
v. Hopscotch approach: The hacktivists can steal the personal files and the data from
someone’s personal account simply without using any bank card and the bank card
information, the intruders are always in search of the vulnerabilities.
vi. SQL injection: The variables do not get tested at the time of testing and the front
end database does not get the desired security with the firewall and thus the system and the
database both are vulnerable to SQL injection (Albakri et al., 2014).
vii. Key management: The database developers and the database administrators keep
the important keys in their database on the hard drive of the computer system (Chockalingam
et al., 2017). If the computer gets connected to the insecure network the intruders will attack
the computer system and will make the entire system vulnerable.
viii. Database inconsistency: The database developers, as well as the database
administrators, must be careful about the data breaches all the time if any kind of mishaps
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Threats and Risks to the Digital Identities of Government Employeeslg...
|23
|5094
|679
Cloud Security Report 2022lg...
|23
|6412
|11
Securing and Privacy Name of the University Author Name: Cloud based Approachlg...
|24
|5598
|311
Administrative Services Department Report 2022lg...
|16
|4808
|23
Threat and Risk Assessment for MyLicense Portal - Deskliblg...
|11
|2635
|488
Cloud Privacy and Security : Assignmentlg...
|18
|4804
|105