Cloud Computing Security Analysis
VerifiedAdded on 2020/04/01
|12
|5400
|80
AI Summary
This assignment delves into the multifaceted realm of cloud computing security. It examines the inherent risks, potential threats, and vulnerabilities associated with cloud environments. Drawing upon a selection of scholarly articles and research papers, the assignment analyzes various aspects of cloud security, including identity-based authentication, data protection, access control, and emerging threats. Furthermore, it discusses best practices and mitigation strategies for ensuring secure cloud computing deployments.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running Head: IT RISK ASSESMENT 1
IT Risk Assessment
IT Risk Assessment
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT Risk Assessment 2
Executive Summary
The report has discussed the IT risk issue raised due the adoption of cloud computing in Aztek
Corporation. IT security is significant aspect of the IT infrastructure of Aztek Corporation. In the present
times, the IT security is vital because most of the organizations are using digital mediums for the
transmission, reception and storage of the information. The organization would be able to protect itself
from the external data breaches. Accessing data from the external places has become easier. In
digitalization of the services, a hacker can access the information database from any other part of the
world. The information security is especially important in the financial industry as they collect sensitive
data regarding the personal bank account number and credit or debit card details of the organization. The
business organizations in the financial industry should be more careful regarding the confidentiality of the
user data. The business organizations should be implement security measures and protocols so that no
unauthorized user can access the information of the organization. Aztek Solutions is trying to increase the
efficiency of the organization. The deployment of external cloud service provider will be beneficial for
the organization. It is cost-effective and can result in optimization of resource. It is important that
organization should not investment in the employment of new IT infrastructure in the organization.
However, several novel risks hae increased.
With the deployment of cloud services in the organization, the current security stance of the organization
is incapable of protecting the confidential information of the organization. Currently, the company has
implemented security protocols such as implementation of firewall and intrusion detection system for
protecting the organization from the external attacks. Other than that, the organization has also started
monitoring the user activity. However, the threat landscape for the organization will change if the cloud
service will be employed in the organization. The business organization will lose control over the
information and external access to the information will become easier. It is due to the fact that the
information will be stored in shared resources. Other than that, there will be more regulations regarding
the compliance and accessibility to the information. Aztek Corporation will also need additional policies
and regulations to protect it from any future data breaches. A governing body should be made which can
control the access to the data. It should also contain guidelines regarding the issues which will happen if
the supplier fails to comply by the privacy guidelines. The selection of vendor should also be done on his
past records.
Executive Summary
The report has discussed the IT risk issue raised due the adoption of cloud computing in Aztek
Corporation. IT security is significant aspect of the IT infrastructure of Aztek Corporation. In the present
times, the IT security is vital because most of the organizations are using digital mediums for the
transmission, reception and storage of the information. The organization would be able to protect itself
from the external data breaches. Accessing data from the external places has become easier. In
digitalization of the services, a hacker can access the information database from any other part of the
world. The information security is especially important in the financial industry as they collect sensitive
data regarding the personal bank account number and credit or debit card details of the organization. The
business organizations in the financial industry should be more careful regarding the confidentiality of the
user data. The business organizations should be implement security measures and protocols so that no
unauthorized user can access the information of the organization. Aztek Solutions is trying to increase the
efficiency of the organization. The deployment of external cloud service provider will be beneficial for
the organization. It is cost-effective and can result in optimization of resource. It is important that
organization should not investment in the employment of new IT infrastructure in the organization.
However, several novel risks hae increased.
With the deployment of cloud services in the organization, the current security stance of the organization
is incapable of protecting the confidential information of the organization. Currently, the company has
implemented security protocols such as implementation of firewall and intrusion detection system for
protecting the organization from the external attacks. Other than that, the organization has also started
monitoring the user activity. However, the threat landscape for the organization will change if the cloud
service will be employed in the organization. The business organization will lose control over the
information and external access to the information will become easier. It is due to the fact that the
information will be stored in shared resources. Other than that, there will be more regulations regarding
the compliance and accessibility to the information. Aztek Corporation will also need additional policies
and regulations to protect it from any future data breaches. A governing body should be made which can
control the access to the data. It should also contain guidelines regarding the issues which will happen if
the supplier fails to comply by the privacy guidelines. The selection of vendor should also be done on his
past records.
IT Risk Assessment 3
Table of Contents
Introduction.................................................................................................................................................4
Review of the Project with Respect to Financial Sector...............................................................................4
Review of Project Impact on Current Security Posture of Aztec..................................................................6
Risk Assessment on Cloud Service Deployment..........................................................................................6
Addressing the Risk for Data Security..........................................................................................................8
Conclusion...................................................................................................................................................9
References.................................................................................................................................................10
Table of Contents
Introduction.................................................................................................................................................4
Review of the Project with Respect to Financial Sector...............................................................................4
Review of Project Impact on Current Security Posture of Aztec..................................................................6
Risk Assessment on Cloud Service Deployment..........................................................................................6
Addressing the Risk for Data Security..........................................................................................................8
Conclusion...................................................................................................................................................9
References.................................................................................................................................................10
IT Risk Assessment 4
Introduction
In the present times, IT has been crucial in increasing the productivity and the efficiency of the
business organizations. All the business organizations are using digitized mediums for different
operations of the organization. Aztek Solutions is a financial business organization which deals with
highly confidential data of the consumers. However, the risks and vulnerability dynamics of the
organization has hanged with the increased with the advent of technology. Therefore, it is important that
the organization should conduct a risk assessment and examine the risk associated with the deployment of
technology. The company should examine several risks associated with the deployment of IT services and
address them for increased efficiency. The data collected by the financial organizations is very crucial as
it contains crucial details regarding the personal data of the organization like bank account details, credit
or debit card number and passwords (Almorsy, Grundy & Müller, 2016). Therefore, it is important that
the data is protected by the business organization. Other than that, there is also several compliance related
risk faced by the business organizations. The government has made several laws related so that the
privacy of the consumers can be protected. It is important for the financial organizations to abide by these
laws to continue their operations. In this regard, the present report will examine the risk, vulnerability and
the threat associated with the implementation of the cloud computing in the organization. Currently, the
company is examining the deployment of various IT infrastructural services, namely, cloud computing,
bring your own device and other technology for increasing the proficiency in the operations of the
organization. The company has chosen the employment of cloud services in the organization (Almorsy,
Grundy & Müller, 2016). There are several benefits of cloud computing deployment such as optimal
use of the organization’s infrastructure and reduced expenditure of the organization. When deploying the
cloud services, the organization will use the service of external service provider which will reduce the
burden of work on the employees. The employees will be able to devote their time in more productive
operations rather than the maintenance of their operations. The present report will discuss the issues
associated with the cloud service deployment in the financial sector and how the organization can adapt to
these changes.
Review of the Project with Respect to Financial Sector
The cloud computing is a technology which achieve optimization in resource utilization and cost
by sharing of the resources. There is a cloud service vendor which allows the business organizations to
store data on online mediums by charging specific fees (Armbrust, Fox, Griffith Joseph, Konwinski,
& Zaharia, 2009).. Several business organizations can avail the services at a single time as the vendor
offer different portions of memory storage to different clients. With this technology, the customers do not
have to invest in infrastructure required for setting up the services. The organization can avail the services
at a minimal cost by paying a rent for it (Grobauer, Walloschek, & 2011).
Currently, a large number of financial organizations are using cloud services due to its immense benefits.
The cloud allows the business organizations to store large amount of information on online mediums at
minimal cost. This information can be accessed from anywhere and any person can access it, who has the
key or password to access this information (Hashizume, Rosado, Fernández-Medina, E&
Fernandez,2013). It offers increased accessibility to the data which is beneficial for increasing the
Introduction
In the present times, IT has been crucial in increasing the productivity and the efficiency of the
business organizations. All the business organizations are using digitized mediums for different
operations of the organization. Aztek Solutions is a financial business organization which deals with
highly confidential data of the consumers. However, the risks and vulnerability dynamics of the
organization has hanged with the increased with the advent of technology. Therefore, it is important that
the organization should conduct a risk assessment and examine the risk associated with the deployment of
technology. The company should examine several risks associated with the deployment of IT services and
address them for increased efficiency. The data collected by the financial organizations is very crucial as
it contains crucial details regarding the personal data of the organization like bank account details, credit
or debit card number and passwords (Almorsy, Grundy & Müller, 2016). Therefore, it is important that
the data is protected by the business organization. Other than that, there is also several compliance related
risk faced by the business organizations. The government has made several laws related so that the
privacy of the consumers can be protected. It is important for the financial organizations to abide by these
laws to continue their operations. In this regard, the present report will examine the risk, vulnerability and
the threat associated with the implementation of the cloud computing in the organization. Currently, the
company is examining the deployment of various IT infrastructural services, namely, cloud computing,
bring your own device and other technology for increasing the proficiency in the operations of the
organization. The company has chosen the employment of cloud services in the organization (Almorsy,
Grundy & Müller, 2016). There are several benefits of cloud computing deployment such as optimal
use of the organization’s infrastructure and reduced expenditure of the organization. When deploying the
cloud services, the organization will use the service of external service provider which will reduce the
burden of work on the employees. The employees will be able to devote their time in more productive
operations rather than the maintenance of their operations. The present report will discuss the issues
associated with the cloud service deployment in the financial sector and how the organization can adapt to
these changes.
Review of the Project with Respect to Financial Sector
The cloud computing is a technology which achieve optimization in resource utilization and cost
by sharing of the resources. There is a cloud service vendor which allows the business organizations to
store data on online mediums by charging specific fees (Armbrust, Fox, Griffith Joseph, Konwinski,
& Zaharia, 2009).. Several business organizations can avail the services at a single time as the vendor
offer different portions of memory storage to different clients. With this technology, the customers do not
have to invest in infrastructure required for setting up the services. The organization can avail the services
at a minimal cost by paying a rent for it (Grobauer, Walloschek, & 2011).
Currently, a large number of financial organizations are using cloud services due to its immense benefits.
The cloud allows the business organizations to store large amount of information on online mediums at
minimal cost. This information can be accessed from anywhere and any person can access it, who has the
key or password to access this information (Hashizume, Rosado, Fernández-Medina, E&
Fernandez,2013). It offers increased accessibility to the data which is beneficial for increasing the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT Risk Assessment 5
productivity of the organization. However, the security issues are the major concern in the deployment of
IT services in the organization. The financial organizations regularly operate with highly sensitive data.
These organizations have to handle large amount of sensitive data which pertains to the personal and the
financial information of the users. Any leak in the private information of the users will result in tarnish to
the image of the organization and loss of financial resources.
Moreover, as the organizations deal with highly confidential data of the consumers, the government has
also made several privacy and security laws which can protect the consumers from any criminal offence.
It is important for the organizations to comply by these laws. Although the organizations can legally
collect the personal information of the users, they cannot share it with other organizations or distribute it
publically (Jensen, MSchwenk, Gruschka & Iacono, 2009). The law includes that the organization
should not disclose any personal information of the user or any other indirect information which discloses
the personal information of the users. The financial service organizations are facing data breach threat
from internal and external threats as well as a large number of unintentional mistakes. The organizations
are constantly facing data breach risk from the malicious insiders. The economic recession has resulted in
a large number of disgruntled employees who are maliciously can steal or disclose the customer
information. There is also a growing threat of financial malwares which are designed with the intention of
stealing the financial data of the customers. The unintentional data breach is another issue which can also
impact on the security of the organization (Chou, 2013).
In large business organizations, there are a large number of employees who work at different
departments and have different capabilities. However, the technical skills of some of the employees may
not match the technical skills of other employees (Krutz & Vines, 2010). If these employees operate the
IT infrastructure of the organization, they may mishandle it leading to the leakage of organization’s
sensitive information. Other than that, there may be other reasons which may lead to unintentional
information leakage from the organization. It is important for the financial organizations such as Aztek
Solutions to identify the potential cause of the information loss and try to resolve these issues.
As per the above discussion, the information stored by the financial organizations is highly sensitive in
nature. The deployment of external cloud service vendor will increase the security risk to the
organization. The organization will need to handle all type of information to the third party vendor. Thus,
the most significant risk is handing over the information to another person. It is important that the third
party vendor or the cloud service provider follows all the privacy and confidentiality rules and regulations
so that there is no risk of data breach to the organization. Moreover, with the change in the technology
related to the storage, retrieval and access to the information, the employees will be required to provide
training to handle the information appropriately (Li, Dai, Tian & Yang, 2009). The organization should
be able to provide information regarding the new technology, its use and operations. It is important as if
the employees will not be able the handle the new IT system, it will result in unintentional information
leakage.
Although there are a large number of risks associated with the deployment of external cloud service
vendor in the organization, it has a several significant benefits which will increase the efficiency and the
productivity of the organization (Mell & Grance, 2011). Therefore, the new system will be deployed in
the organization with appropriate security measures and approaches. The security protocols will assure
productivity of the organization. However, the security issues are the major concern in the deployment of
IT services in the organization. The financial organizations regularly operate with highly sensitive data.
These organizations have to handle large amount of sensitive data which pertains to the personal and the
financial information of the users. Any leak in the private information of the users will result in tarnish to
the image of the organization and loss of financial resources.
Moreover, as the organizations deal with highly confidential data of the consumers, the government has
also made several privacy and security laws which can protect the consumers from any criminal offence.
It is important for the organizations to comply by these laws. Although the organizations can legally
collect the personal information of the users, they cannot share it with other organizations or distribute it
publically (Jensen, MSchwenk, Gruschka & Iacono, 2009). The law includes that the organization
should not disclose any personal information of the user or any other indirect information which discloses
the personal information of the users. The financial service organizations are facing data breach threat
from internal and external threats as well as a large number of unintentional mistakes. The organizations
are constantly facing data breach risk from the malicious insiders. The economic recession has resulted in
a large number of disgruntled employees who are maliciously can steal or disclose the customer
information. There is also a growing threat of financial malwares which are designed with the intention of
stealing the financial data of the customers. The unintentional data breach is another issue which can also
impact on the security of the organization (Chou, 2013).
In large business organizations, there are a large number of employees who work at different
departments and have different capabilities. However, the technical skills of some of the employees may
not match the technical skills of other employees (Krutz & Vines, 2010). If these employees operate the
IT infrastructure of the organization, they may mishandle it leading to the leakage of organization’s
sensitive information. Other than that, there may be other reasons which may lead to unintentional
information leakage from the organization. It is important for the financial organizations such as Aztek
Solutions to identify the potential cause of the information loss and try to resolve these issues.
As per the above discussion, the information stored by the financial organizations is highly sensitive in
nature. The deployment of external cloud service vendor will increase the security risk to the
organization. The organization will need to handle all type of information to the third party vendor. Thus,
the most significant risk is handing over the information to another person. It is important that the third
party vendor or the cloud service provider follows all the privacy and confidentiality rules and regulations
so that there is no risk of data breach to the organization. Moreover, with the change in the technology
related to the storage, retrieval and access to the information, the employees will be required to provide
training to handle the information appropriately (Li, Dai, Tian & Yang, 2009). The organization should
be able to provide information regarding the new technology, its use and operations. It is important as if
the employees will not be able the handle the new IT system, it will result in unintentional information
leakage.
Although there are a large number of risks associated with the deployment of external cloud service
vendor in the organization, it has a several significant benefits which will increase the efficiency and the
productivity of the organization (Mell & Grance, 2011). Therefore, the new system will be deployed in
the organization with appropriate security measures and approaches. The security protocols will assure
IT Risk Assessment 6
that the organization operate safely with the new safety protocols (Mishra, Mathur, Jain & & Rathore,
2013).
Review of Project Impact on Current Security Posture of Aztec
As Aztec Corporation is a financial service organization, it has implemented a large number of
security measures to prevent any data theft. Currently, all the information pertaining to the operations of
the organization is stored in the database of the organization. Aztec has implemented intrusion detection
system and firewalls to prevent any breach from the external or unauthorized users. The firewall detects
any unusual or unauthorized traffic from the external sources and alerts the official personnel. It can be a
false alarm or actual attack; therefore, the authorized personnel are notified of the result and they analyze
the alarm. The system is shut down if there is any possibility of an external attack (Ogigau-Neamtiu,,
2012). The organization has also developed policies and rules related to the user and the organization
privacy. All the employees are debriefed regarding the policies at the initial time of their employment.
They are acknowledged regarding the workplace practices which they need to abide by or follow. In any
case or situation, they should not reveal the private information of the users.
All the private files and the applications of the organization are password protected. The employees are
provided with an access key or password which can be used to enter the system or access the files. The
information is stored in the password protected files and the password is alphanumeric. The password is
designed with special encryption keys and they are hard to detect or hack. Aztek also uses encryption
methods to protect the system from external users. The organization uses encryption methods to save the
sensitive information while transmitting them or storing them in internal database (Chen, Paxson, &
Katz, 2010).
that the organization operate safely with the new safety protocols (Mishra, Mathur, Jain & & Rathore,
2013).
Review of Project Impact on Current Security Posture of Aztec
As Aztec Corporation is a financial service organization, it has implemented a large number of
security measures to prevent any data theft. Currently, all the information pertaining to the operations of
the organization is stored in the database of the organization. Aztec has implemented intrusion detection
system and firewalls to prevent any breach from the external or unauthorized users. The firewall detects
any unusual or unauthorized traffic from the external sources and alerts the official personnel. It can be a
false alarm or actual attack; therefore, the authorized personnel are notified of the result and they analyze
the alarm. The system is shut down if there is any possibility of an external attack (Ogigau-Neamtiu,,
2012). The organization has also developed policies and rules related to the user and the organization
privacy. All the employees are debriefed regarding the policies at the initial time of their employment.
They are acknowledged regarding the workplace practices which they need to abide by or follow. In any
case or situation, they should not reveal the private information of the users.
All the private files and the applications of the organization are password protected. The employees are
provided with an access key or password which can be used to enter the system or access the files. The
information is stored in the password protected files and the password is alphanumeric. The password is
designed with special encryption keys and they are hard to detect or hack. Aztek also uses encryption
methods to protect the system from external users. The organization uses encryption methods to save the
sensitive information while transmitting them or storing them in internal database (Chen, Paxson, &
Katz, 2010).
IT Risk Assessment 7
Iosup, Yigitbasi, Prodan, Fahringer, & pema, 2009). The encryption is considered as the best
method for the protection of the information from the external users.
Moreover, there are other methods such as monitoring the user activity to enhance the security of the
system. In the recent times, the major cause of information or data leakage is by a disgruntled employee
or an internal employee of the organization (Dahbur, Mohammad, & Tarakji, 2011). Therefore, it is
important to run a thorough background check on the candidates before employing them in the
organization. Moreover, the organization should also monitor the user activity and if there is any unusual
activity than that employee must be kept under radar (Krutz & Vines, 2010).
With the above analysis, it can be critiqued that the current Aztek security posture of the organization is
appropriate; however, it needs to be modified according to the cloud service deployment. With the
external cloud services, the organization will be requiring several adaptations and changes in its current
security protocols. Firstly, novel risk from the cloud service deployment will be analyzed with the help of
the risk assessment. With regard to the analyzed risk, the organization can develop new security policies
(Hashizume, Rosado, Fernández-Medina, & Fernandez, 2013).
Risk Assessment on Cloud Service Deployment
Cloud computing is a novel technology which is based on the fundamental of sharing resources
so that optimization can be achieved in the operations and cost-allocation. However, while sharing the
resource with other parties, other business organizations can accidentally or intentionally access the
private information of a business organization. Other than that, by giving information management to a
third-party, an organization also lose control over the information which makes them more vulnerable to
security threats (Asma, Chaurasia & Mokhtar, 2012). In the present section, the major threats to the
security of an organization due to cloud computing are identified and discussed.
Lock-in
The cloud computing is a preferable option when the services are obtained from a third-party
vendor; however, once the services are attained, they are in the state of lock-in. There is little
advancement in the portability option for the client and it becomes very difficult for the customer to
transfer data from one cloud source to another (Jensen, Schwenk, Gruschka, & Iacono,2009).
Loss of Control
As per the above discussion, it can be deduced that when an organization obtains the services of an
external cloud service provider, he gives the control to manipulate the information to the service provider.
Conflicts may arise between the service provider and the cloud service user. The service provider may not
implement security protocols which can increase security threat to the organization (Li, Dai, Tian &
Yang, 2009).
Compliance Issues
In the finance industry, a large number of regulations are made to protect the privacy and
confidentiality of the users. It is important to abide by all these laws and regulations. However, the
Iosup, Yigitbasi, Prodan, Fahringer, & pema, 2009). The encryption is considered as the best
method for the protection of the information from the external users.
Moreover, there are other methods such as monitoring the user activity to enhance the security of the
system. In the recent times, the major cause of information or data leakage is by a disgruntled employee
or an internal employee of the organization (Dahbur, Mohammad, & Tarakji, 2011). Therefore, it is
important to run a thorough background check on the candidates before employing them in the
organization. Moreover, the organization should also monitor the user activity and if there is any unusual
activity than that employee must be kept under radar (Krutz & Vines, 2010).
With the above analysis, it can be critiqued that the current Aztek security posture of the organization is
appropriate; however, it needs to be modified according to the cloud service deployment. With the
external cloud services, the organization will be requiring several adaptations and changes in its current
security protocols. Firstly, novel risk from the cloud service deployment will be analyzed with the help of
the risk assessment. With regard to the analyzed risk, the organization can develop new security policies
(Hashizume, Rosado, Fernández-Medina, & Fernandez, 2013).
Risk Assessment on Cloud Service Deployment
Cloud computing is a novel technology which is based on the fundamental of sharing resources
so that optimization can be achieved in the operations and cost-allocation. However, while sharing the
resource with other parties, other business organizations can accidentally or intentionally access the
private information of a business organization. Other than that, by giving information management to a
third-party, an organization also lose control over the information which makes them more vulnerable to
security threats (Asma, Chaurasia & Mokhtar, 2012). In the present section, the major threats to the
security of an organization due to cloud computing are identified and discussed.
Lock-in
The cloud computing is a preferable option when the services are obtained from a third-party
vendor; however, once the services are attained, they are in the state of lock-in. There is little
advancement in the portability option for the client and it becomes very difficult for the customer to
transfer data from one cloud source to another (Jensen, Schwenk, Gruschka, & Iacono,2009).
Loss of Control
As per the above discussion, it can be deduced that when an organization obtains the services of an
external cloud service provider, he gives the control to manipulate the information to the service provider.
Conflicts may arise between the service provider and the cloud service user. The service provider may not
implement security protocols which can increase security threat to the organization (Li, Dai, Tian &
Yang, 2009).
Compliance Issues
In the finance industry, a large number of regulations are made to protect the privacy and
confidentiality of the users. It is important to abide by all these laws and regulations. However, the
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT Risk Assessment 8
privacy laws are different in each country. Moreover, the service provider and the service obtainer reside
in different countries. Therefore, it is difficult to comply with the laws and regulations in each very
country (Mell & Grance, 2011).
Cloud Service Failure
While selecting an external service provider, it is important to check the reputation and the
service quality of the vendor. If the service provider could not provide adequate service or fails to
maintain the privacy and the interest of the users, the user vulnerability increases. Therefore, it is
important that the service provider is selected after careful inspection (Grobauer, Walloschek &
Stocker, 2011).
Business Reputation
The reputation of the business is dependent upon the services it provides to its customers.
Maintaining the confidentiality and the privacy of the consumers is important for the organization as the
customers trust the organization with their crucial information. If the consumer data is stolen, it can result
in heavy damage to the brand image of the organization (Buyya, Yeo, Venugopal, Broberg &
Brandic, 2009).
Issues related to Resource Allocation
Cloud services are dependent upon the principle of sharing resources with other organizations.
The cloud service provider share resources according to the requirement of individual users. However, if
the resource allocation is not conducted according to the requirements of the customers, it will create
negative impact on the efficiency in the operations of the clients. The resource allocation can become a
great issue if the demand of all the organizations increases suddenly (Chen, Paxson, & Katz, R.2010).
Failure to isolate the Customers
As the cloud customers share different resources, it is important that the resources are shared but
different users remains isolated with each other. In cloud computing, the computing capacity, storage and
network are shared between different users; however, it is important that proper isolation is made between
different users so that they cannot access each other’s private information (Mishra, Mathur,, Jain &
Rathore, 2013).
Addressing the Risk for Data Security
Although there are certain security and privacy risk for the cloud computing users, it is important
to adopt the cloud computing services as it can assist a lot in reducing the overall cost to the organization.
In the present section, a few recommendations are made to address the security and the privacy risk
arising from cloud computing. The security risk to the organization is divided into six types, namely,
infrastructural risk, role of users, availability, access, compliance and data. The infrastructural risk
denotes the risk to the physical devices in the IT infrastructure. Technical glitches and fire are the most
common hazard in the physical devices (Foster, Zhao, Raicu, & Lu, 2008). Other than that, the role of
users is another important issue which can impact on the security of the organization. In a business
privacy laws are different in each country. Moreover, the service provider and the service obtainer reside
in different countries. Therefore, it is difficult to comply with the laws and regulations in each very
country (Mell & Grance, 2011).
Cloud Service Failure
While selecting an external service provider, it is important to check the reputation and the
service quality of the vendor. If the service provider could not provide adequate service or fails to
maintain the privacy and the interest of the users, the user vulnerability increases. Therefore, it is
important that the service provider is selected after careful inspection (Grobauer, Walloschek &
Stocker, 2011).
Business Reputation
The reputation of the business is dependent upon the services it provides to its customers.
Maintaining the confidentiality and the privacy of the consumers is important for the organization as the
customers trust the organization with their crucial information. If the consumer data is stolen, it can result
in heavy damage to the brand image of the organization (Buyya, Yeo, Venugopal, Broberg &
Brandic, 2009).
Issues related to Resource Allocation
Cloud services are dependent upon the principle of sharing resources with other organizations.
The cloud service provider share resources according to the requirement of individual users. However, if
the resource allocation is not conducted according to the requirements of the customers, it will create
negative impact on the efficiency in the operations of the clients. The resource allocation can become a
great issue if the demand of all the organizations increases suddenly (Chen, Paxson, & Katz, R.2010).
Failure to isolate the Customers
As the cloud customers share different resources, it is important that the resources are shared but
different users remains isolated with each other. In cloud computing, the computing capacity, storage and
network are shared between different users; however, it is important that proper isolation is made between
different users so that they cannot access each other’s private information (Mishra, Mathur,, Jain &
Rathore, 2013).
Addressing the Risk for Data Security
Although there are certain security and privacy risk for the cloud computing users, it is important
to adopt the cloud computing services as it can assist a lot in reducing the overall cost to the organization.
In the present section, a few recommendations are made to address the security and the privacy risk
arising from cloud computing. The security risk to the organization is divided into six types, namely,
infrastructural risk, role of users, availability, access, compliance and data. The infrastructural risk
denotes the risk to the physical devices in the IT infrastructure. Technical glitches and fire are the most
common hazard in the physical devices (Foster, Zhao, Raicu, & Lu, 2008). Other than that, the role of
users is another important issue which can impact on the security of the organization. In a business
IT Risk Assessment 9
organization, it is important to define the role and the responsibility of each user and the access to the
system should be provided accordingly. The system access should be defined in various stages which
mean that the user of lower stage cannot access the information stored at higher level. The users should be
categorized at different stages (Qian, Luo, Du & Guo, 2009).
In the present times, the most important or the crucial asset to the business organization is data.
Therefore, the organization’s security revolves around protecting this information from the external users.
The organization should also focus on using several security mechanisms and algorithm so that the
security of the organization is maintained. Other than that, the organization should also focus on
following other security protocols and so that the data remains protected. The resource is allocated to
different users according to their demand. The demand forecast for individual user is done according to
their capacities and previous requirements (Carlin & Curran, 2011). However, if the service provider is
not able to provide services according to the demand, then the efficiency of the service will be low. The
legal and political compliance is another issue in IT risk management. Currently, most of the governments
have made laws and policies related to the data security and the user privacy. It is important that the
organization abides by all these laws to avoid any kind of legal hassle or penalties. The business
organization should also analyze whether the service provider is following all the compliance laws and
policies of the government (So, 2011).
In order to maintain the privacy and confidentiality of the organization using the external cloud services, a
governing body can be formed. This body will be able to control the actions and the behavior of the
service provider and the users in the cloud environment. The security risk will enhance in the organization
with the use of cloud computing. The cloud service user should provide the operation policies which
states that full consideration is given to the user privacy and security. Other than that, the customer
organization should also focus that the keys to the data or information access is only provided to the
authorized person. Tis information should not be leaked to other people (Srivastava & Kumar, 2015).
The organization should also develop organization’s policies which defines which actions are allowed in
the organization and which actions are not. All the employees should understand that the prime
responsibility of the organization and the employees is to protect the private information of the clients.
Therefore, they should take all the appropriate measures to maintain the client privacy. The security
policies of the organization should also contain the deployment of firewall and the intrusion detection
system. They are important to maintain the privacy and the security of the system. Other than that, using
password protected files and monitoring the user activity are also essential for maintaining the privacy of
the organization (Subashini & Kavitha, 2011).
The user awareness is also important for maintaining the security of the cloud environment. It is
important that the user remains aware with the security protocols and follow all the necessary steps to
abide by security laws. It is important that the user acknowledge that the security is of prime importance
and carelessness can result in the leakage of information (Zhang, Cheng and Boutaba, 2010).
The governing body should conduct performance evaluation on the services provided by the cloud service
provider. The performance evaluation include the disruption of service, service quality and bandwidth
allocation. It should also include different types of security breaches and attack on cloud of the service
provider. The cloud service provider should also benefit from the evaluation as they can understand the
organization, it is important to define the role and the responsibility of each user and the access to the
system should be provided accordingly. The system access should be defined in various stages which
mean that the user of lower stage cannot access the information stored at higher level. The users should be
categorized at different stages (Qian, Luo, Du & Guo, 2009).
In the present times, the most important or the crucial asset to the business organization is data.
Therefore, the organization’s security revolves around protecting this information from the external users.
The organization should also focus on using several security mechanisms and algorithm so that the
security of the organization is maintained. Other than that, the organization should also focus on
following other security protocols and so that the data remains protected. The resource is allocated to
different users according to their demand. The demand forecast for individual user is done according to
their capacities and previous requirements (Carlin & Curran, 2011). However, if the service provider is
not able to provide services according to the demand, then the efficiency of the service will be low. The
legal and political compliance is another issue in IT risk management. Currently, most of the governments
have made laws and policies related to the data security and the user privacy. It is important that the
organization abides by all these laws to avoid any kind of legal hassle or penalties. The business
organization should also analyze whether the service provider is following all the compliance laws and
policies of the government (So, 2011).
In order to maintain the privacy and confidentiality of the organization using the external cloud services, a
governing body can be formed. This body will be able to control the actions and the behavior of the
service provider and the users in the cloud environment. The security risk will enhance in the organization
with the use of cloud computing. The cloud service user should provide the operation policies which
states that full consideration is given to the user privacy and security. Other than that, the customer
organization should also focus that the keys to the data or information access is only provided to the
authorized person. Tis information should not be leaked to other people (Srivastava & Kumar, 2015).
The organization should also develop organization’s policies which defines which actions are allowed in
the organization and which actions are not. All the employees should understand that the prime
responsibility of the organization and the employees is to protect the private information of the clients.
Therefore, they should take all the appropriate measures to maintain the client privacy. The security
policies of the organization should also contain the deployment of firewall and the intrusion detection
system. They are important to maintain the privacy and the security of the system. Other than that, using
password protected files and monitoring the user activity are also essential for maintaining the privacy of
the organization (Subashini & Kavitha, 2011).
The user awareness is also important for maintaining the security of the cloud environment. It is
important that the user remains aware with the security protocols and follow all the necessary steps to
abide by security laws. It is important that the user acknowledge that the security is of prime importance
and carelessness can result in the leakage of information (Zhang, Cheng and Boutaba, 2010).
The governing body should conduct performance evaluation on the services provided by the cloud service
provider. The performance evaluation include the disruption of service, service quality and bandwidth
allocation. It should also include different types of security breaches and attack on cloud of the service
provider. The cloud service provider should also benefit from the evaluation as they can understand the
IT Risk Assessment 10
quality of the service provided to the customers. The governing body should also provide various
solutions and approaches which can be used to make the cloud security system more robust. The
governing body should also provide strategies so that the organization can gain customer trust by
providing a high degree of security to their personal information. They should be able to provide
information regarding who will be responsible if the services shut down or the ban goes bankrupt (
Zissis & Lekkas, 2012).
Conclusion
It can be concluded that the IT security is important part of the IT infrastructure of the
organization. The IT security is important in the present times wherein most of the organizations are using
digital mediums for the transmission, reception and storage of the information. The organization should
be able to defend itself from the external data breaches and attacks. Accessing information from the
external environment has become easier with the digitalization of the services as a hacker can access the
information database from any other part of the world. The information security is especially important in
the financial industry as they collect sensitive data regarding the personal bank account number and credit
or debit card details of the organization. The business organizations in the financial industry should be
more careful regarding the confidentiality of the user data. The business organizations should be
implement security measures and protocols so that no unauthorized user can access the information of the
organization. Aztek Solutions is trying to increase the efficiency of the organization with the help of
implementing new IT infrastructure. The deployment of external cloud service provider is considered as
the most suitable option for the organization. It is cost-effective and can result in optimization of
resource. The organization need not invest in the deployment of new IT infrastructure in the organization.
However, several novel risks will emerge with the deployment of cloud services in the organization. The
current security stance of the organization is incapable of protecting the confidential information of the
organization. Currently, the company has implemented security protocols such as implementation of
firewall and intrusion detection system for protecting the organization from the external attacks. Other
than that, the organization has also started monitoring the user activity. However, the threat landscape for
the organization will change if the cloud service will be employed in the organization. The business
organization will lose control over the information and external access to the information will become
easier. It is due to the fact that the information will be stored in shared resources. Other than that, there
will be more regulations regarding the compliance and accessibility to the information. Aztek Corporation
will also need additional policies and regulations to protect it from any future data breaches. A governing
body should be made which can control the access to the data. It should also contain guidelines regarding
the issues which will happen if the supplier fails to comply by the privacy guidelines. The selection of
vendor should also be done on his past records.
quality of the service provided to the customers. The governing body should also provide various
solutions and approaches which can be used to make the cloud security system more robust. The
governing body should also provide strategies so that the organization can gain customer trust by
providing a high degree of security to their personal information. They should be able to provide
information regarding who will be responsible if the services shut down or the ban goes bankrupt (
Zissis & Lekkas, 2012).
Conclusion
It can be concluded that the IT security is important part of the IT infrastructure of the
organization. The IT security is important in the present times wherein most of the organizations are using
digital mediums for the transmission, reception and storage of the information. The organization should
be able to defend itself from the external data breaches and attacks. Accessing information from the
external environment has become easier with the digitalization of the services as a hacker can access the
information database from any other part of the world. The information security is especially important in
the financial industry as they collect sensitive data regarding the personal bank account number and credit
or debit card details of the organization. The business organizations in the financial industry should be
more careful regarding the confidentiality of the user data. The business organizations should be
implement security measures and protocols so that no unauthorized user can access the information of the
organization. Aztek Solutions is trying to increase the efficiency of the organization with the help of
implementing new IT infrastructure. The deployment of external cloud service provider is considered as
the most suitable option for the organization. It is cost-effective and can result in optimization of
resource. The organization need not invest in the deployment of new IT infrastructure in the organization.
However, several novel risks will emerge with the deployment of cloud services in the organization. The
current security stance of the organization is incapable of protecting the confidential information of the
organization. Currently, the company has implemented security protocols such as implementation of
firewall and intrusion detection system for protecting the organization from the external attacks. Other
than that, the organization has also started monitoring the user activity. However, the threat landscape for
the organization will change if the cloud service will be employed in the organization. The business
organization will lose control over the information and external access to the information will become
easier. It is due to the fact that the information will be stored in shared resources. Other than that, there
will be more regulations regarding the compliance and accessibility to the information. Aztek Corporation
will also need additional policies and regulations to protect it from any future data breaches. A governing
body should be made which can control the access to the data. It should also contain guidelines regarding
the issues which will happen if the supplier fails to comply by the privacy guidelines. The selection of
vendor should also be done on his past records.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT Risk Assessment 11
References
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R. H., Konwinski, A., ... & Zaharia, M.
(2009). Above the clouds: A berkeley view of cloud computing (Vol. 17). Technical
Report UCB/EECS-2009-28, EECS Department, University of California, Berkeley.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., ... & Zaharia, M.
(2010). A view of cloud computing. Communications of the ACM, 53(4), 50-58.
Asma, A., Chaurasia, M. A., & Mokhtar, H. (2012). Cloud Computing Security
Issues. International Journal of Application or Innovation in Engineering &
Management, 1(2), 141-147.
Buyya, R., Yeo, C. S., Venugopal, S., Broberg, J., & Brandic, I. (2009). Cloud computing and
emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th
utility. Future Generation computer systems, 25(6), 599-616.
Carlin, S., & Curran, K. (2011). Cloud computing security.
Chen, Y., Paxson, V., & Katz, R. H. (2010). What’s new about cloud computing
security. University of California, Berkeley Report No. UCB/EECS-2010-5
January, 20(2010), 2010-5.
Chou, T. S. (2013). Security threats on cloud computing vulnerabilities. International Journal of
Computer Science & Information Technology, 5(3), 79.
Dahbur, K., Mohammad, B., & Tarakji, A. B. (2011, April). A survey of risks, threats and
vulnerabilities in cloud computing. In Proceedings of the 2011 International conference
on intelligent semantic Web-services and applications (p. 12). ACM.
ENISA. (2009). Cloud Computing: Benefits, risks and recommendations for information
security.
Foster, I., Zhao, Y., Raicu, I., & Lu, S. (2008, November). Cloud computing and grid computing
360-degree compared. In Grid Computing Environments Workshop, 2008. GCE'08 (pp.
1-10).
Grobauer, B., Walloschek, T., & Stocker, E. (2011). Understanding cloud computing
vulnerabilities. IEEE Security & Privacy, 9(2), 50-57.
Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of
security issues for cloud computing. Journal of Internet Services and Applications, 4(1),
5.
References
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R. H., Konwinski, A., ... & Zaharia, M.
(2009). Above the clouds: A berkeley view of cloud computing (Vol. 17). Technical
Report UCB/EECS-2009-28, EECS Department, University of California, Berkeley.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., ... & Zaharia, M.
(2010). A view of cloud computing. Communications of the ACM, 53(4), 50-58.
Asma, A., Chaurasia, M. A., & Mokhtar, H. (2012). Cloud Computing Security
Issues. International Journal of Application or Innovation in Engineering &
Management, 1(2), 141-147.
Buyya, R., Yeo, C. S., Venugopal, S., Broberg, J., & Brandic, I. (2009). Cloud computing and
emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th
utility. Future Generation computer systems, 25(6), 599-616.
Carlin, S., & Curran, K. (2011). Cloud computing security.
Chen, Y., Paxson, V., & Katz, R. H. (2010). What’s new about cloud computing
security. University of California, Berkeley Report No. UCB/EECS-2010-5
January, 20(2010), 2010-5.
Chou, T. S. (2013). Security threats on cloud computing vulnerabilities. International Journal of
Computer Science & Information Technology, 5(3), 79.
Dahbur, K., Mohammad, B., & Tarakji, A. B. (2011, April). A survey of risks, threats and
vulnerabilities in cloud computing. In Proceedings of the 2011 International conference
on intelligent semantic Web-services and applications (p. 12). ACM.
ENISA. (2009). Cloud Computing: Benefits, risks and recommendations for information
security.
Foster, I., Zhao, Y., Raicu, I., & Lu, S. (2008, November). Cloud computing and grid computing
360-degree compared. In Grid Computing Environments Workshop, 2008. GCE'08 (pp.
1-10).
Grobauer, B., Walloschek, T., & Stocker, E. (2011). Understanding cloud computing
vulnerabilities. IEEE Security & Privacy, 9(2), 50-57.
Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of
security issues for cloud computing. Journal of Internet Services and Applications, 4(1),
5.
IT Risk Assessment 12
Jensen, M., Schwenk, J., Gruschka, N., & Iacono, L. L. (2009, September). On technical security
issues in cloud computing. In Cloud Computing, 2009. CLOUD'09. IEEE International
Conference on (pp. 109-116). IEEE.
Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud
computing. Wiley Publishing.
Li, H., Dai, Y., Tian, L., & Yang, H. (2009). Identity-based authentication for cloud
computing. Cloud computing, 157-166.
Mell, P., & Grance, T. (2011). The NIST definition of cloud computing.
Mishra, A., Mathur, R., Jain, S., & Rathore, J. S. (2013). Cloud computing
security. International Journal on Recent and Innovation Trends in Computing and
Communication, 1(1), 36-39.
Qian, L., Luo, Z., Du, Y., & Guo, L. (2009). Cloud computing: An overview. Cloud computing,
626-631.
So, K. (2011). Cloud computing security issues and challenges. International Journal of
Computer Networks, 3(5), 247-55.
Srivastava, H., & Kumar, S.A. (2015). Control Framework for Secure Cloud Computing. Journal
of Information Security 6, 12-23.
Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of
cloud computing. Journal of network and computer applications, 34(1), 1-11.
Zhang, Q., Cheng, L. and Boutaba, R. (2010). Cloud computing: state-of-the-art and research
challenges. Journal of internet services and applications, 1(1), pp.7-18.
Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation
computer systems, 28(3), 583-592.
Jensen, M., Schwenk, J., Gruschka, N., & Iacono, L. L. (2009, September). On technical security
issues in cloud computing. In Cloud Computing, 2009. CLOUD'09. IEEE International
Conference on (pp. 109-116). IEEE.
Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud
computing. Wiley Publishing.
Li, H., Dai, Y., Tian, L., & Yang, H. (2009). Identity-based authentication for cloud
computing. Cloud computing, 157-166.
Mell, P., & Grance, T. (2011). The NIST definition of cloud computing.
Mishra, A., Mathur, R., Jain, S., & Rathore, J. S. (2013). Cloud computing
security. International Journal on Recent and Innovation Trends in Computing and
Communication, 1(1), 36-39.
Qian, L., Luo, Z., Du, Y., & Guo, L. (2009). Cloud computing: An overview. Cloud computing,
626-631.
So, K. (2011). Cloud computing security issues and challenges. International Journal of
Computer Networks, 3(5), 247-55.
Srivastava, H., & Kumar, S.A. (2015). Control Framework for Secure Cloud Computing. Journal
of Information Security 6, 12-23.
Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of
cloud computing. Journal of network and computer applications, 34(1), 1-11.
Zhang, Q., Cheng, L. and Boutaba, R. (2010). Cloud computing: state-of-the-art and research
challenges. Journal of internet services and applications, 1(1), pp.7-18.
Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation
computer systems, 28(3), 583-592.
1 out of 12
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.