Cloud Computing Security Challenges
VerifiedAdded on 2020/04/01
|18
|5165
|195
AI Summary
This assignment delves into the critical topic of cloud computing security. It examines prevalent security issues within cloud environments, such as data breaches, unauthorized access, and privacy violations. The document analyzes these challenges, outlining potential mitigation strategies and best practices for ensuring robust cloud security.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: IT RISK MANAGEMENT
IT RISK MANAGEMENT
Name of the Student
Name of the University
Author Note
IT RISK MANAGEMENT
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
2IT RISK MANAGEMENT
EXECUTIVE SUMMARY
The main aim of moving to cloud can directly help in achieving or delivering the
concept of cloud computing resources which can involve everything from data centres to
application. This process is mainly achieved over the framework of the internet on a basis of
pay and use process. the overall concept of the cloud computing can be related to on demand
model of service which is based on the concept of virtualization and computing technology
which are distributed. The main architecture that can be achieved from moving to the concept
for any organisation are:
High resources which are abstracted
Near instant of flexibility and scalability
Near provisioning instantaneous
Resources are shared (hardware, memory and database)
“service on demand “which are related to the “pay as you go” process of billing.
Management which is programmatic.
Category of cloud computing
Software as a service (SaaS): this can be related to the software services which are
mainly delivered by a third party which are mainly available on a demand basis
usually via the internet configurable remotely. Example of such services can be word
processor and tools which are related to the spreadsheet tools, web content service
(CRM, Google Docs) and CRM services.
Platform as a service (PaaS): this mainly allow the customers to development new
applications using the concept of the API which are deployed and remotely
configurable. The platform mainly delivered the services which include deployment
EXECUTIVE SUMMARY
The main aim of moving to cloud can directly help in achieving or delivering the
concept of cloud computing resources which can involve everything from data centres to
application. This process is mainly achieved over the framework of the internet on a basis of
pay and use process. the overall concept of the cloud computing can be related to on demand
model of service which is based on the concept of virtualization and computing technology
which are distributed. The main architecture that can be achieved from moving to the concept
for any organisation are:
High resources which are abstracted
Near instant of flexibility and scalability
Near provisioning instantaneous
Resources are shared (hardware, memory and database)
“service on demand “which are related to the “pay as you go” process of billing.
Management which is programmatic.
Category of cloud computing
Software as a service (SaaS): this can be related to the software services which are
mainly delivered by a third party which are mainly available on a demand basis
usually via the internet configurable remotely. Example of such services can be word
processor and tools which are related to the spreadsheet tools, web content service
(CRM, Google Docs) and CRM services.
Platform as a service (PaaS): this mainly allow the customers to development new
applications using the concept of the API which are deployed and remotely
configurable. The platform mainly delivered the services which include deployment
3IT RISK MANAGEMENT
platform, configuration management and development tools. Example of such
services are force, Microsoft Azure and google search engine.
Infrastructure as a service (IaaS): this concept mainly provides virtual machine and
other services which are abstracted such as abstracted hardware and operating system
which can be mainly be controlled by the services which are related to the API.
Example of such services may include Amazon EC2 and S3, windows live SkyDrive
and Rack space cloud.
platform, configuration management and development tools. Example of such
services are force, Microsoft Azure and google search engine.
Infrastructure as a service (IaaS): this concept mainly provides virtual machine and
other services which are abstracted such as abstracted hardware and operating system
which can be mainly be controlled by the services which are related to the API.
Example of such services may include Amazon EC2 and S3, windows live SkyDrive
and Rack space cloud.
4IT RISK MANAGEMENT
Table of Contents
Financial Services Sector Review..................................................................................4
Security Posture Review................................................................................................4
Threats, Vulnerabilities and Consequences Assessment...............................................6
Data Security..................................................................................................................7
Risk mitigation...............................................................................................................8
References....................................................................................................................10
Table of Contents
Financial Services Sector Review..................................................................................4
Security Posture Review................................................................................................4
Threats, Vulnerabilities and Consequences Assessment...............................................6
Data Security..................................................................................................................7
Risk mitigation...............................................................................................................8
References....................................................................................................................10
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
5IT RISK MANAGEMENT
Financial Services Sector Review
The upright citizens and the numbers of users who are linked in using the concept of
the cloud in order to achieve the benefits related to the concept are very much high and this is
directly enduring thousands of dollars from the point of view of the organisation and it
different aspects. On the other hand, it should also be taken into consideration that with the
increase in the number of users involved in the process of cloud computing the crime related
to the concept would also be in a high demand. It is very much parallel as the number of user
increase the crime related to the concept also increasing exponentially. Traditional digital
investigation of the forensic which is related to the concept of the cloud that to move in a
greater pace which can be considered to be more than the user involved in the process, so that
the crime related to the concept is on a low scale affecting a less number of people and their
data is very much kept secured (Almorsy, Grundy & Müller, 2016). There are mainly laws
and enforcement which are made in order to protect the data and its security measures the
methodology and the protocols are also high from the point of view of the users directly.
There are many enforcements which are made by the court of the law in order to introduce
new and appropriate measures in order to reduce the crime related to the concept of the cloud
computing.
Investigating illogical activity is nearly impossible which cannot be related to the
concept of the cloud. This is due to the factor that the logging which is related to the data and
the data which is related to multiple user may be located in a co-location and may be spread
across an ever-changing host and centres which hold the data. The safe guard can only be
reach if the data is contractually committed and is supported by specific norms which is
related to the investigation which is along the evidence that is achieved frim the view of the
vendors who have already gained that prospective of the activity, there are no other means of
safe guarding the data of the user.
Financial Services Sector Review
The upright citizens and the numbers of users who are linked in using the concept of
the cloud in order to achieve the benefits related to the concept are very much high and this is
directly enduring thousands of dollars from the point of view of the organisation and it
different aspects. On the other hand, it should also be taken into consideration that with the
increase in the number of users involved in the process of cloud computing the crime related
to the concept would also be in a high demand. It is very much parallel as the number of user
increase the crime related to the concept also increasing exponentially. Traditional digital
investigation of the forensic which is related to the concept of the cloud that to move in a
greater pace which can be considered to be more than the user involved in the process, so that
the crime related to the concept is on a low scale affecting a less number of people and their
data is very much kept secured (Almorsy, Grundy & Müller, 2016). There are mainly laws
and enforcement which are made in order to protect the data and its security measures the
methodology and the protocols are also high from the point of view of the users directly.
There are many enforcements which are made by the court of the law in order to introduce
new and appropriate measures in order to reduce the crime related to the concept of the cloud
computing.
Investigating illogical activity is nearly impossible which cannot be related to the
concept of the cloud. This is due to the factor that the logging which is related to the data and
the data which is related to multiple user may be located in a co-location and may be spread
across an ever-changing host and centres which hold the data. The safe guard can only be
reach if the data is contractually committed and is supported by specific norms which is
related to the investigation which is along the evidence that is achieved frim the view of the
vendors who have already gained that prospective of the activity, there are no other means of
safe guarding the data of the user.
6IT RISK MANAGEMENT
The main point of emphasis in order to detect the crime related to the concept of
crime related to the data is that going of the evidence at the first place of the rime and taking
into account the main motive behind the delivery of the crime. the main jurisdictional border
which mainly exist in such a case is that between the crime which is conducted and the
location of the digital evidence which is approached can be inevitable. But on the other hand
it can be stated that not all cases can be detected to be problematic. It can be stated that
problem which is related to the jurisdiction is very much problematic when taking into
account the cases of crime which are related to the concept of the cloud computing. The main
problem which is related to the concept is the cost which is related to the conduct the
investigation in many cases. The data which is gained in order to investigate are mainly
achieved from the online basis which cannot be easily be achieved by any other than an
expert person and the person would be directly responsible in conducting the nature of the
crime and the whole investigation would directly depend on the person. The data which is to
be gained in order to detect the crime can be from around the world which can be very much
difficult to get access (Almorsy, Grundy & Müller, 2016).
Security Posture Review
The main aim of moving to cloud can directly help in achieving or delivering the
concept of cloud computing resources which can involve everything from data centres to
application. This process is mainly achieved over the framework of the internet on a basis of
pay and use process. the overall concept of the cloud computing can be related to on demand
model of service which is based on the concept of virtualization and computing technology
which are distributed. The main architecture that can be archived from moving to the concept
for any organisation are:
High resources which are abstracted
Near instant of flexibility and scalability
The main point of emphasis in order to detect the crime related to the concept of
crime related to the data is that going of the evidence at the first place of the rime and taking
into account the main motive behind the delivery of the crime. the main jurisdictional border
which mainly exist in such a case is that between the crime which is conducted and the
location of the digital evidence which is approached can be inevitable. But on the other hand
it can be stated that not all cases can be detected to be problematic. It can be stated that
problem which is related to the jurisdiction is very much problematic when taking into
account the cases of crime which are related to the concept of the cloud computing. The main
problem which is related to the concept is the cost which is related to the conduct the
investigation in many cases. The data which is gained in order to investigate are mainly
achieved from the online basis which cannot be easily be achieved by any other than an
expert person and the person would be directly responsible in conducting the nature of the
crime and the whole investigation would directly depend on the person. The data which is to
be gained in order to detect the crime can be from around the world which can be very much
difficult to get access (Almorsy, Grundy & Müller, 2016).
Security Posture Review
The main aim of moving to cloud can directly help in achieving or delivering the
concept of cloud computing resources which can involve everything from data centres to
application. This process is mainly achieved over the framework of the internet on a basis of
pay and use process. the overall concept of the cloud computing can be related to on demand
model of service which is based on the concept of virtualization and computing technology
which are distributed. The main architecture that can be archived from moving to the concept
for any organisation are:
High resources which are abstracted
Near instant of flexibility and scalability
7IT RISK MANAGEMENT
Near provisioning instantaneous
Resources are shared (hardware, memory and database)
“service on demand “which are related to the “pay as you go” process of billing.
Management which is programmatic (Rittinghouse & Ransome, 2016).
Category of cloud computing
Software as a service (SaaS): this can be related to the software services which are
mainly delivered by a third party which are mainly available on a demand basis usually
via the internet configurable remotely. Example of such services can be word processor
and tools which are related to the spreadsheet tools, web content service (CRM, Google
Docs) and CRM services (Hwang, 2017).
Platform as a service (PaaS): this mainly allow the customers to deliver new
applications using the concept of the API which are deployed and remotely configurable.
The platform mainly delivered the services which include deployment platform,
configuration management and development tools. Example of such services are force,
Microsoft Azure and google search engine.
Infrastructure as a service (IaaS): this concept mainly provides virtual machine and
other services which are abstracted such as abstracted hardware and operating system
which can be mainly be controlled by the services which are related to the API. Example
of such services may include Amazon EC2 and S3, windows live SkyDrive and Rack
space cloud.
According to the case studies the assumption that are made the whole process being
transferred to the concept of the cloud would be beneficial in the following ways of
implementation.
Near provisioning instantaneous
Resources are shared (hardware, memory and database)
“service on demand “which are related to the “pay as you go” process of billing.
Management which is programmatic (Rittinghouse & Ransome, 2016).
Category of cloud computing
Software as a service (SaaS): this can be related to the software services which are
mainly delivered by a third party which are mainly available on a demand basis usually
via the internet configurable remotely. Example of such services can be word processor
and tools which are related to the spreadsheet tools, web content service (CRM, Google
Docs) and CRM services (Hwang, 2017).
Platform as a service (PaaS): this mainly allow the customers to deliver new
applications using the concept of the API which are deployed and remotely configurable.
The platform mainly delivered the services which include deployment platform,
configuration management and development tools. Example of such services are force,
Microsoft Azure and google search engine.
Infrastructure as a service (IaaS): this concept mainly provides virtual machine and
other services which are abstracted such as abstracted hardware and operating system
which can be mainly be controlled by the services which are related to the API. Example
of such services may include Amazon EC2 and S3, windows live SkyDrive and Rack
space cloud.
According to the case studies the assumption that are made the whole process being
transferred to the concept of the cloud would be beneficial in the following ways of
implementation.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
8IT RISK MANAGEMENT
Security and the benefits related to scale: taking into the account the security issue
when moving towards the concept of the cloud, the cost relate to the concept of
moving towards a large scale can be very much handy. On the hand the issue can be
used in order to achieve better protection when relating to the data. These may include
the virtue of patch management, filtering, hardening of the virtual machine instances
and the hypervisor etc. other being fits can be related to the edge technology, multiple
location and timeless response when relating to the concept of the incidents and the
management of the threads.
Security as a market differentiator: the main reason for the movement towards the
concept of the loud is due to the factor of the security issues (Almorsy, Grundy &
Müller, 2016). Many of the organisations would make the buying issue related to the
concept taking into account integrity, confidentiality and resilience of the security
service which is directly focused on the cloud service providers. This can be related to
a strong drive in order to improve the security practices related to the services which
are mainly provided by the cloud providers (Rittinghouse & Ransome, 2016).
Effective, timely and efficient update and defaults: the default virtual machine
software and the images which are mainly used by the consumers can be pre hardened
and updates can be installed with the latest patches which are available and the aspect
of the security can be involved according to the processed which are fine tuned. The
prospective of the connect of the IaaS cloud services APIs can be used to implement
the snapshots of the infrastructure which are virtual which has to be compared and
regularly updates with the baseline.
Rapid smart resources: the ability of the provider to reallocate the resources which
can be considered as dynamic for the purpose of the traffic shaping, filtering,
Security and the benefits related to scale: taking into the account the security issue
when moving towards the concept of the cloud, the cost relate to the concept of
moving towards a large scale can be very much handy. On the hand the issue can be
used in order to achieve better protection when relating to the data. These may include
the virtue of patch management, filtering, hardening of the virtual machine instances
and the hypervisor etc. other being fits can be related to the edge technology, multiple
location and timeless response when relating to the concept of the incidents and the
management of the threads.
Security as a market differentiator: the main reason for the movement towards the
concept of the loud is due to the factor of the security issues (Almorsy, Grundy &
Müller, 2016). Many of the organisations would make the buying issue related to the
concept taking into account integrity, confidentiality and resilience of the security
service which is directly focused on the cloud service providers. This can be related to
a strong drive in order to improve the security practices related to the services which
are mainly provided by the cloud providers (Rittinghouse & Ransome, 2016).
Effective, timely and efficient update and defaults: the default virtual machine
software and the images which are mainly used by the consumers can be pre hardened
and updates can be installed with the latest patches which are available and the aspect
of the security can be involved according to the processed which are fine tuned. The
prospective of the connect of the IaaS cloud services APIs can be used to implement
the snapshots of the infrastructure which are virtual which has to be compared and
regularly updates with the baseline.
Rapid smart resources: the ability of the provider to reallocate the resources which
can be considered as dynamic for the purpose of the traffic shaping, filtering,
9IT RISK MANAGEMENT
encryption and authentication in order to involve measures which are defensive and
has the obvious advantage of the resilience
Resource concentration: although the process related to the concept of resource
concentration can lead to disadvantage which are related to the security. It can be
stated that the advantage which is obvious of the cheaper physical and the access of
the physical and the cheaper application and the easier related to the security
processes.
Threats, Vulnerabilities and Consequences Assessment
Bringing into account the different contexts the threat modelling approach can be
broadly be classified into main three categories. First thing is being a software centric model
of threat (Hwang, 2017). The main approach which is related to the concept is that data flow
diagram and the use case diagrams are basically used, this is mainly done in order to draw
software architectural mainly with the motive of utilization of the design and the threat
models of the system’s and the network. The most common example of a software centric
model is the SDL (Microsoft secure development life cycle). Using the basic approach which
is indicated in the process one can use the concept to detect the threats which are related to
the concept in accordance to each and every components and the mitigation of the threats
which is mainly done in the phase of the design. The next approach is the asset centric
approach, which is mainly used in accessing the assets which are related to the organisation
and its direct need with the point of view of the user. The main classification of the assets is
mainly done on the basis of the sensitivity of the data and the essential value which are
related to the intruders. On the other hand, various multi threat paths can be identified using
the approach. A security tree can be conducted in the approach which can be used in order to
design a graph of attack with the motive of identifying the assets which are liable to be
attacked by means of an asset scenic approach towards it. Example of asset centric approach
encryption and authentication in order to involve measures which are defensive and
has the obvious advantage of the resilience
Resource concentration: although the process related to the concept of resource
concentration can lead to disadvantage which are related to the security. It can be
stated that the advantage which is obvious of the cheaper physical and the access of
the physical and the cheaper application and the easier related to the security
processes.
Threats, Vulnerabilities and Consequences Assessment
Bringing into account the different contexts the threat modelling approach can be
broadly be classified into main three categories. First thing is being a software centric model
of threat (Hwang, 2017). The main approach which is related to the concept is that data flow
diagram and the use case diagrams are basically used, this is mainly done in order to draw
software architectural mainly with the motive of utilization of the design and the threat
models of the system’s and the network. The most common example of a software centric
model is the SDL (Microsoft secure development life cycle). Using the basic approach which
is indicated in the process one can use the concept to detect the threats which are related to
the concept in accordance to each and every components and the mitigation of the threats
which is mainly done in the phase of the design. The next approach is the asset centric
approach, which is mainly used in accessing the assets which are related to the organisation
and its direct need with the point of view of the user. The main classification of the assets is
mainly done on the basis of the sensitivity of the data and the essential value which are
related to the intruders. On the other hand, various multi threat paths can be identified using
the approach. A security tree can be conducted in the approach which can be used in order to
design a graph of attack with the motive of identifying the assets which are liable to be
attacked by means of an asset scenic approach towards it. Example of asset centric approach
10IT RISK MANAGEMENT
are amanitas, tricky and secutitree. The final and the last approach that can be included is the
attackers centric approach. The main motive behind such an approach is that, one can directly
identify that the attack can be made and how the attack can be directly be prevented by the
approach. The role of the analyst plays a very vital strategy in such an approach they can
create a list out of the attacks and the patterns that can be made in such type of scenario and
the basics of the need and the desires of the attackers in the breach. There can be mainly two
type of attackers namely active attacks and the passive attackers. Passive attacker’s role is to
just get the data and not include any modification into the data on the other hand is the active
attackers who tend to get the data and perform some sort of modification into the data which
is necessary for them and for their own benefit. The active attackers are very easy to detect
and the passive attackers are very difficult to detect as they tend to make no modifications
into the overall concept of the data. The most recommended approach that can be used in this
aspect is the attack centric approach as the need and the basic emanates are directly
recognized and the piece of data which is liable to be attacked can be judged in a pre-order
manner (Rittinghouse & Ransome, 2016).
Data Security
The key issue which is related to the risk of moving towards the cloud can be stated
as follows:
1. Reduce governance: the main advantage which is pre estimated to be archived from
the concept of moving towards the concept of the cloud over the system of the traditional
concept of the data centre is the ease which is gained in provisioning of the system. Due
to the factor of the automation and the elasticity the cloud basically provides the services
quicker than an in-house or the IT hosted scenarios. This can be related easy from the
are amanitas, tricky and secutitree. The final and the last approach that can be included is the
attackers centric approach. The main motive behind such an approach is that, one can directly
identify that the attack can be made and how the attack can be directly be prevented by the
approach. The role of the analyst plays a very vital strategy in such an approach they can
create a list out of the attacks and the patterns that can be made in such type of scenario and
the basics of the need and the desires of the attackers in the breach. There can be mainly two
type of attackers namely active attacks and the passive attackers. Passive attacker’s role is to
just get the data and not include any modification into the data on the other hand is the active
attackers who tend to get the data and perform some sort of modification into the data which
is necessary for them and for their own benefit. The active attackers are very easy to detect
and the passive attackers are very difficult to detect as they tend to make no modifications
into the overall concept of the data. The most recommended approach that can be used in this
aspect is the attack centric approach as the need and the basic emanates are directly
recognized and the piece of data which is liable to be attacked can be judged in a pre-order
manner (Rittinghouse & Ransome, 2016).
Data Security
The key issue which is related to the risk of moving towards the cloud can be stated
as follows:
1. Reduce governance: the main advantage which is pre estimated to be archived from
the concept of moving towards the concept of the cloud over the system of the traditional
concept of the data centre is the ease which is gained in provisioning of the system. Due
to the factor of the automation and the elasticity the cloud basically provides the services
quicker than an in-house or the IT hosted scenarios. This can be related easy from the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
11IT RISK MANAGEMENT
point of view of the organisation involving different departments in order to engage cloud
providers without the procurement which are involved in the process which are related to
the concept which are related to the traditional system’s. taking into account the expenses
which are related to the concept of the operation verses the capital it is very much
difficult to detect the cost deviation which is involved in the process. this can lead to a
technical lockdown, loss of data ownership and the restricted contacts. The nature of the
service which is very much difficult to understand from the point of view of the
customers, this may rest in buying of more than they actually nee in their own part hence
reducing the benefits which can be archived from the concept of the cloud. This case has
been already being seen in many organisation were the movement towards the clu0ud is
dine without any prior knowledge which r=directly lead to a downfall (Agrawal, Agarwal
& Singh, 2014).
2. Location of data: the basic design which is related to the concept of the cloud
computing or moving towards the concept of cloud computing from the basic traditional
system is to deliver the data which is related to the service from different providers of the
cloud. The basic design structure provides the redundancy which can be archived in order
to reach the high uptime concept and the concept of the related to the SLA requirements.
The risk which is related to the localization of events affecting the service is reduced by
the concept to spreading the datacentres which are used to achieve the data in the cloud
over a vast area, they may also use the data centres which are spread in different
countries. Rehearing to the organisation which are moving to the concept they do not
need such level of matter in order to execute their business approaches, but the cloud
providers may be using the concept in order to achieve the terminology which is related
to the backup, management and the storage of the data which is of very much important
form the point of view of the organisation. The concept of data regulation is highly
point of view of the organisation involving different departments in order to engage cloud
providers without the procurement which are involved in the process which are related to
the concept which are related to the traditional system’s. taking into account the expenses
which are related to the concept of the operation verses the capital it is very much
difficult to detect the cost deviation which is involved in the process. this can lead to a
technical lockdown, loss of data ownership and the restricted contacts. The nature of the
service which is very much difficult to understand from the point of view of the
customers, this may rest in buying of more than they actually nee in their own part hence
reducing the benefits which can be archived from the concept of the cloud. This case has
been already being seen in many organisation were the movement towards the clu0ud is
dine without any prior knowledge which r=directly lead to a downfall (Agrawal, Agarwal
& Singh, 2014).
2. Location of data: the basic design which is related to the concept of the cloud
computing or moving towards the concept of cloud computing from the basic traditional
system is to deliver the data which is related to the service from different providers of the
cloud. The basic design structure provides the redundancy which can be archived in order
to reach the high uptime concept and the concept of the related to the SLA requirements.
The risk which is related to the localization of events affecting the service is reduced by
the concept to spreading the datacentres which are used to achieve the data in the cloud
over a vast area, they may also use the data centres which are spread in different
countries. Rehearing to the organisation which are moving to the concept they do not
need such level of matter in order to execute their business approaches, but the cloud
providers may be using the concept in order to achieve the terminology which is related
to the backup, management and the storage of the data which is of very much important
form the point of view of the organisation. The concept of data regulation is highly
12IT RISK MANAGEMENT
controlled by the countries and the state. Taking into account some of the countries they
restrict the storage of data of certain time and does not allow such data to be stored in the
data centres which are in their country. There are many cases where the countries have
shut down the data centres and lag the data in order to conduct a research on the data
(Hwang, 2017). Relating to the organisation, they should ensure where their data is stored
and take into account that they do not face such type of trouble which would directly
reduce their standard of the business and the their overall process (Di Spaltro ,Polvi &
Welliver, 2016)..
3. Data ownership: cloud providers can be considered as basically a model of cloud
service which is related to the cloud services which are related to the concept of suing the
social media aspects such as Facebook and the Gmail. Typically, the presentation of the
concept of the cloud which is included in the term of services which are related to this
type of services are mainly one sided and makes a direct attempt to indemnify the
previous with the overall legal risk which are associated with the concept. Relating to the
organisation they should take into account that when they are signing the basic deed
which is relating to the services which are to be obtained from the concept of the clo9ud
is that it relinquishes their own right and the prospective of the ownership which is related
to the data that is being or estimated to be moved to the concept of the cloud. The concept
of the cloud should always be treated as a data custodian and relating to the organisation
they should be able to modify the contract in a way of unilateral if and when it is required
by the organisation. The concept if the ownership which is related to the data should be
exclusive and should be very much clear. A risk management program should always be
implemented from the point of view of the organisation who is sending their data to the
cloud and trying to opted the advantages that can be archived from the concept.
controlled by the countries and the state. Taking into account some of the countries they
restrict the storage of data of certain time and does not allow such data to be stored in the
data centres which are in their country. There are many cases where the countries have
shut down the data centres and lag the data in order to conduct a research on the data
(Hwang, 2017). Relating to the organisation, they should ensure where their data is stored
and take into account that they do not face such type of trouble which would directly
reduce their standard of the business and the their overall process (Di Spaltro ,Polvi &
Welliver, 2016)..
3. Data ownership: cloud providers can be considered as basically a model of cloud
service which is related to the cloud services which are related to the concept of suing the
social media aspects such as Facebook and the Gmail. Typically, the presentation of the
concept of the cloud which is included in the term of services which are related to this
type of services are mainly one sided and makes a direct attempt to indemnify the
previous with the overall legal risk which are associated with the concept. Relating to the
organisation they should take into account that when they are signing the basic deed
which is relating to the services which are to be obtained from the concept of the clo9ud
is that it relinquishes their own right and the prospective of the ownership which is related
to the data that is being or estimated to be moved to the concept of the cloud. The concept
of the cloud should always be treated as a data custodian and relating to the organisation
they should be able to modify the contract in a way of unilateral if and when it is required
by the organisation. The concept if the ownership which is related to the data should be
exclusive and should be very much clear. A risk management program should always be
implemented from the point of view of the organisation who is sending their data to the
cloud and trying to opted the advantages that can be archived from the concept.
13IT RISK MANAGEMENT
4. Attack service increase: the main underlying technology which is related to the
concept of the cloud is the virtualization. The technology of the virtualization which is
being operated in recent time is between the operating system and the underlying
hardware concepts and his mainly adds to another layer which is related to the concept of
traditional information stack technology. The main economic which is related to the
concept of the cloud depend on the automation and it can be stated that it is not very
much uncommon to see high degree of the automation in predefined areas for example
provisioning, capacity of management and balancing of the concept of the load. The
concept of the management for the vulnerability many increases as the introduction of the
new classes of the software are made which would directly expose the overall framework
of the organisation. The organisation should make quire about the cloud providers main
approach to order to justify the patches and the management for the vulnerability of the
management which is related to the concept of ten cloud. The providers of the cloud
should also be able to validate the concept of the response of the teeing if the security
issue which is reared the services which are gained by an organisation when they first
move towards the concept of the cloud and the most important aspect is that they should
gain the pre-defined advantages that are stated by the cloud providers.
Risk mitigation
Relating to moving to any technology there are always risks which are associated with
the concept and on the hand there are also mitigation strategies which can be involved in the
concept. Some of the mitigation strategy which can be use by the organisation in order to
achieve greater benefits from the concept of the cloud are as follows:
1. The first step which should always be taken into consideration is the concept
which is lived upon moving the overall software and the hardware aspects to the cloud
as a solution. Taking into account different clouds computing models such as PaaS,
4. Attack service increase: the main underlying technology which is related to the
concept of the cloud is the virtualization. The technology of the virtualization which is
being operated in recent time is between the operating system and the underlying
hardware concepts and his mainly adds to another layer which is related to the concept of
traditional information stack technology. The main economic which is related to the
concept of the cloud depend on the automation and it can be stated that it is not very
much uncommon to see high degree of the automation in predefined areas for example
provisioning, capacity of management and balancing of the concept of the load. The
concept of the management for the vulnerability many increases as the introduction of the
new classes of the software are made which would directly expose the overall framework
of the organisation. The organisation should make quire about the cloud providers main
approach to order to justify the patches and the management for the vulnerability of the
management which is related to the concept of ten cloud. The providers of the cloud
should also be able to validate the concept of the response of the teeing if the security
issue which is reared the services which are gained by an organisation when they first
move towards the concept of the cloud and the most important aspect is that they should
gain the pre-defined advantages that are stated by the cloud providers.
Risk mitigation
Relating to moving to any technology there are always risks which are associated with
the concept and on the hand there are also mitigation strategies which can be involved in the
concept. Some of the mitigation strategy which can be use by the organisation in order to
achieve greater benefits from the concept of the cloud are as follows:
1. The first step which should always be taken into consideration is the concept
which is lived upon moving the overall software and the hardware aspects to the cloud
as a solution. Taking into account different clouds computing models such as PaaS,
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
14IT RISK MANAGEMENT
SaaS and IaaS the organisation need to conduct a research on the terminology and the
basic concept of the system in order to achieve the benefits. The research may include
the history of the security aspect of the vendor, references checking and the checking
of the known security vulnerability which can be faced in the near future with the
implementation of the technology or moving totally towards the concept of the cloud.
The most important aspect forms any organisation when moving towards the concept
of the cloud is that they should take into account the contract which is made between
the company and the providers of the cloud and it should contain all the proactive
aspect for the security patches on the end of the user.
2. Creating of different user account taking into account the users who are going
to use the services should be taken into account (Hwang, 2017). This is mainly
archived depending on the size of the organisation who has decided to move towards
the framework of the cloud. One user can have different user name and password
which makes it very difficult from the point of view of the administrator as well as the
user. From the point of view of the administrator they should be very few account or
basically one account for every user and that account should be used by the user in
order to achieve the desired standard of advantage that is pre-defined to be gained
from the point of view of the organisation.
3. Generally, in many cases it is seen that having an excess number of parties
directly increase the issue of risk which is related to the organisation as well as the
cloud providers. On the other hand, taking in account small or medium size
organisation who do not have large Information technology infrastructure should
conduct an audit in a timely manner in order to achieve the security aspect which is
related to the concept of the cloud. Relating to few organisation this concept is
archived merely from the assistance which is in the form of the industry standard
SaaS and IaaS the organisation need to conduct a research on the terminology and the
basic concept of the system in order to achieve the benefits. The research may include
the history of the security aspect of the vendor, references checking and the checking
of the known security vulnerability which can be faced in the near future with the
implementation of the technology or moving totally towards the concept of the cloud.
The most important aspect forms any organisation when moving towards the concept
of the cloud is that they should take into account the contract which is made between
the company and the providers of the cloud and it should contain all the proactive
aspect for the security patches on the end of the user.
2. Creating of different user account taking into account the users who are going
to use the services should be taken into account (Hwang, 2017). This is mainly
archived depending on the size of the organisation who has decided to move towards
the framework of the cloud. One user can have different user name and password
which makes it very difficult from the point of view of the administrator as well as the
user. From the point of view of the administrator they should be very few account or
basically one account for every user and that account should be used by the user in
order to achieve the desired standard of advantage that is pre-defined to be gained
from the point of view of the organisation.
3. Generally, in many cases it is seen that having an excess number of parties
directly increase the issue of risk which is related to the organisation as well as the
cloud providers. On the other hand, taking in account small or medium size
organisation who do not have large Information technology infrastructure should
conduct an audit in a timely manner in order to achieve the security aspect which is
related to the concept of the cloud. Relating to few organisation this concept is
archived merely from the assistance which is in the form of the industry standard
15IT RISK MANAGEMENT
which is security certification. The utilization of the concept of the third party should
always be a priority from the point of view of the organisation in order to achieve a
greater standard of the concept of the cloud and deliver a better standard of service
towards the customers.
4. The concept of conducting an end to end encryption form the point of view of
the data which is being send up to the cloud or which is retrieved from the cloud
server which is directly on demand should make the concept of the security very
much easy for the user. The main practice which should be followed in the concept is
that the data should be encrypted before being uploaded to the server of the cloud
while it is in the hand of the datacentre and which can be can be encrypted when the
help of the encrypted key and the data can be used only when it is needed for the poi
to fine view of the user.
5. Neglecting the concept of the end when moving towards the cloud is not a
very good move from the point of view of any organisation. If the organisation is
running any outdated system such as windows XP and relating to it outdated internet
explorer for example IE 7, the organisation might be at risk despite the concept of the
encryption and the audits which are related to the third party.
which is security certification. The utilization of the concept of the third party should
always be a priority from the point of view of the organisation in order to achieve a
greater standard of the concept of the cloud and deliver a better standard of service
towards the customers.
4. The concept of conducting an end to end encryption form the point of view of
the data which is being send up to the cloud or which is retrieved from the cloud
server which is directly on demand should make the concept of the security very
much easy for the user. The main practice which should be followed in the concept is
that the data should be encrypted before being uploaded to the server of the cloud
while it is in the hand of the datacentre and which can be can be encrypted when the
help of the encrypted key and the data can be used only when it is needed for the poi
to fine view of the user.
5. Neglecting the concept of the end when moving towards the cloud is not a
very good move from the point of view of any organisation. If the organisation is
running any outdated system such as windows XP and relating to it outdated internet
explorer for example IE 7, the organisation might be at risk despite the concept of the
encryption and the audits which are related to the third party.
16IT RISK MANAGEMENT
References
Agrawal, T., Agarwal, A. K., & Singh, S. K. (2017). Cloud Computing Security: Issues and
Challenges. In 3rd International Conference on System Modeling & Advancement in
Research Trends (SMART). College of Computing Sciences and Information
Technology (CCSIT), Teerthanker Mahaveer University, Moradabad.
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Bokefode, J. D., Bhise, A. S., Satarkar, P. A., & Modani, D. G. (2016). Developing A Secure
Cloud Storage System for Storing IoT Data by Applying Role Based Encryption.
Procedia Computer Science, 89, 43-50.
Carvin, L. B., Shanthan, B. H., Kumar, A. D. V., & Arockiam, L. Role of Scheduling and
Load Balancing Algorithms in cloud to improve the Quality of Services.
Di Spaltro, D., Polvi, A., & Welliver, L. (2016). U.S. Patent No. 9,501,329. Washington, DC:
U.S. Patent and Trademark Office.
Dillon, T., Wu, C., & Chang, E. (2016, April). Cloud computing: issues and challenges. In
Advanced Information Networking and Applications (AINA), 2010 24th IEEE
International Conference on (pp. 27-33). Ieee.
Gupta, P., Seetharaman, A., & Raj, J. R. (2016). The usage and adoption of cloud computing
by small and medium businesses. International Journal of Information Management,
33(5), 861-874.
References
Agrawal, T., Agarwal, A. K., & Singh, S. K. (2017). Cloud Computing Security: Issues and
Challenges. In 3rd International Conference on System Modeling & Advancement in
Research Trends (SMART). College of Computing Sciences and Information
Technology (CCSIT), Teerthanker Mahaveer University, Moradabad.
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Bokefode, J. D., Bhise, A. S., Satarkar, P. A., & Modani, D. G. (2016). Developing A Secure
Cloud Storage System for Storing IoT Data by Applying Role Based Encryption.
Procedia Computer Science, 89, 43-50.
Carvin, L. B., Shanthan, B. H., Kumar, A. D. V., & Arockiam, L. Role of Scheduling and
Load Balancing Algorithms in cloud to improve the Quality of Services.
Di Spaltro, D., Polvi, A., & Welliver, L. (2016). U.S. Patent No. 9,501,329. Washington, DC:
U.S. Patent and Trademark Office.
Dillon, T., Wu, C., & Chang, E. (2016, April). Cloud computing: issues and challenges. In
Advanced Information Networking and Applications (AINA), 2010 24th IEEE
International Conference on (pp. 27-33). Ieee.
Gupta, P., Seetharaman, A., & Raj, J. R. (2016). The usage and adoption of cloud computing
by small and medium businesses. International Journal of Information Management,
33(5), 861-874.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
17IT RISK MANAGEMENT
Harfoushi, O. (2017). TRUST MODEL FOR EFFECTIVE CLOUD COMPUTING USAGE:
A QUANTITATIVE STUDY. Journal of Theoretical and Applied Information
Technology, 95(5), 1116.
Harfoushi, O., Alfawwaz, B., Ghatasheh, N. A., Obiedat, R., Abu-Faraj, M. M., & Faris, H.
(2014). Data security issues and challenges in cloud computing: a conceptual analysis
and review. Journal of Computer Science & Communications, 15-21.
Hepsiba, C. L., & Sathiaseelan, J. G. R. (2016). Security Issues in Service Models of Cloud
Computing. IJCSMC, 610-615.
Hwang, K. (2017). Cloud and Cognitive Computing: Principles, Architecture, Programming.
MIT Press.
Kim, W., Kim, S. D., Lee, E., & Lee, S. (2009, December). Adoption issues for cloud
computing. In Proceedings of the 7th International Conference on Advances in
Mobile Computing and Multimedia (pp. 2-5). ACM.
Korir, A. (2017). Cloud Computing Security Issues and Challenges. Mara Research Journal
of Computer Science & Security, 1(1), 100-106.
Majadi, N. (2012). Cloud Computing: Security Issues and Challenges. The International
Journal of Scientific & Engineering Research, 4(7), 1515-1520.
Mavi, S. (2016). Cloud Computing: Security Issues and Challenges. IITM Journal of
Management and IT, 7(1), 25-31.
Misra, S. C., & Mondal, A. (2017). Identification of a company’s suitability for the adoption
of cloud computing and modelling its corresponding Return on Investment.
Mathematical and Computer Modelling, 53(3), 504-521.
Harfoushi, O. (2017). TRUST MODEL FOR EFFECTIVE CLOUD COMPUTING USAGE:
A QUANTITATIVE STUDY. Journal of Theoretical and Applied Information
Technology, 95(5), 1116.
Harfoushi, O., Alfawwaz, B., Ghatasheh, N. A., Obiedat, R., Abu-Faraj, M. M., & Faris, H.
(2014). Data security issues and challenges in cloud computing: a conceptual analysis
and review. Journal of Computer Science & Communications, 15-21.
Hepsiba, C. L., & Sathiaseelan, J. G. R. (2016). Security Issues in Service Models of Cloud
Computing. IJCSMC, 610-615.
Hwang, K. (2017). Cloud and Cognitive Computing: Principles, Architecture, Programming.
MIT Press.
Kim, W., Kim, S. D., Lee, E., & Lee, S. (2009, December). Adoption issues for cloud
computing. In Proceedings of the 7th International Conference on Advances in
Mobile Computing and Multimedia (pp. 2-5). ACM.
Korir, A. (2017). Cloud Computing Security Issues and Challenges. Mara Research Journal
of Computer Science & Security, 1(1), 100-106.
Majadi, N. (2012). Cloud Computing: Security Issues and Challenges. The International
Journal of Scientific & Engineering Research, 4(7), 1515-1520.
Mavi, S. (2016). Cloud Computing: Security Issues and Challenges. IITM Journal of
Management and IT, 7(1), 25-31.
Misra, S. C., & Mondal, A. (2017). Identification of a company’s suitability for the adoption
of cloud computing and modelling its corresponding Return on Investment.
Mathematical and Computer Modelling, 53(3), 504-521.
18IT RISK MANAGEMENT
Popović, K., & Hocenski, Ž. (2017, May). Cloud computing security issues and challenges.
In MIPRO, 2010 proceedings of the 33rd international convention (pp. 344-349).
IEEE.
Reddy, B. (2009). Cloud computing security issues and challenges.
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation,
management, and security. CRC press.
Schatz, M., Langmead, B., & Salzberg, S. (2016). Cloud Computing and the DNA Data Race.
HHS Public Access. Published Nat Biotechnol. Jul. 2010; 28 (7): 691-693.
So, K. (2016). Cloud computing security issues and challenges. International Journal of
Computer Networks, 3(5), 247-55.
Xia, Z., Wang, X., Zhang, L., Qin, Z., Sun, X., & Ren, K. (2016). A privacy-preserving and
copy-deterrence content-based image retrieval scheme in cloud co
Yadav, D. S., & Doke, K. (2016). Mobile Cloud Computing Issues and Solution Framework.
Youseff, L., Butrico, M., & Da Silva, D. (2008, November). Toward a unified ontology of
cloud computing. In Grid Computing Environments Workshop, 2008. GCE'08 (pp. 1-
10). IEEE.
Popović, K., & Hocenski, Ž. (2017, May). Cloud computing security issues and challenges.
In MIPRO, 2010 proceedings of the 33rd international convention (pp. 344-349).
IEEE.
Reddy, B. (2009). Cloud computing security issues and challenges.
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation,
management, and security. CRC press.
Schatz, M., Langmead, B., & Salzberg, S. (2016). Cloud Computing and the DNA Data Race.
HHS Public Access. Published Nat Biotechnol. Jul. 2010; 28 (7): 691-693.
So, K. (2016). Cloud computing security issues and challenges. International Journal of
Computer Networks, 3(5), 247-55.
Xia, Z., Wang, X., Zhang, L., Qin, Z., Sun, X., & Ren, K. (2016). A privacy-preserving and
copy-deterrence content-based image retrieval scheme in cloud co
Yadav, D. S., & Doke, K. (2016). Mobile Cloud Computing Issues and Solution Framework.
Youseff, L., Butrico, M., & Da Silva, D. (2008, November). Toward a unified ontology of
cloud computing. In Grid Computing Environments Workshop, 2008. GCE'08 (pp. 1-
10). IEEE.
1 out of 18
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.