University Risk Assessment Report: Cloud Data Security Analysis
VerifiedAdded on 2023/06/08
|21
|6120
|275
Report
AI Summary
This report provides a detailed risk assessment of cloud implementation within an organization, specifically focusing on the security and privacy of employee data when utilizing SaaS applications. The analysis covers several critical areas, including the risks associated with employee data breaches, API vulnerabilities, account hijacking, and the inherent security challenges of SaaS environments, such as downtime and compliance issues. The report also examines the importance of maintaining employee data privacy, emphasizing the need for secure communication channels and access controls. Furthermore, it addresses digital identity issues and the potential problems arising from the SaaS provider's solutions. The report concludes with an evaluation of data sensitivity, categorizing data according to the organization's control, and offers recommendations to mitigate identified risks, serving as a reference for enhancing overall data security and privacy measures.
Running head: RISK ASSESSMENT
Risk Assessment
Name of the Student
Name of the University
Author Note
Risk Assessment
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1RISK ASSESSMENT
Executive Summary
The following report is based on the cloud implementation of employee database in an
organization to Saas Applications. For this purpose, a consultant has been approached in order to
justify the risks and threats regarding the transfer process. The entire report regarding the
deliverables of the consultant has been based on several processes that have helped in analyzing
the levels of security of different aspects of the organization. This have been represented in the
report as the security of the employee data, which is an important aspect as the database that
stores the confidential data of each employee can be extremely problematic if exposed to public
servers. The privacy functionalities of the employee data in the organization has further been
analyzed next to ensure that the organization has been utilizing proper measures to secure the
data associated with each employee. Further analysis has been presented on the Digital Identity
issues that the organization is currently been facing and the provider of solution issues. The latter
has been described from the perspective of the Saas application that has been providing service
to the organization for personal management. Finally, the report included the data sensitivity
issues which evaluate the data according to the organization’s control of data. After the analysis
of all these aspects have been done, it was found that risk occurs in several levels of the
transformation process right from the employee data to the cloud servers. The risks that can
cause further issues in the entire process have thus been described in details so that this report
can be taken as a reference for mitigating the risks further.
Executive Summary
The following report is based on the cloud implementation of employee database in an
organization to Saas Applications. For this purpose, a consultant has been approached in order to
justify the risks and threats regarding the transfer process. The entire report regarding the
deliverables of the consultant has been based on several processes that have helped in analyzing
the levels of security of different aspects of the organization. This have been represented in the
report as the security of the employee data, which is an important aspect as the database that
stores the confidential data of each employee can be extremely problematic if exposed to public
servers. The privacy functionalities of the employee data in the organization has further been
analyzed next to ensure that the organization has been utilizing proper measures to secure the
data associated with each employee. Further analysis has been presented on the Digital Identity
issues that the organization is currently been facing and the provider of solution issues. The latter
has been described from the perspective of the Saas application that has been providing service
to the organization for personal management. Finally, the report included the data sensitivity
issues which evaluate the data according to the organization’s control of data. After the analysis
of all these aspects have been done, it was found that risk occurs in several levels of the
transformation process right from the employee data to the cloud servers. The risks that can
cause further issues in the entire process have thus been described in details so that this report
can be taken as a reference for mitigating the risks further.
2RISK ASSESSMENT
Table of Contents
Introduction......................................................................................................................................3
Security of Employee Data..........................................................................................................4
Impending risks and threats.....................................................................................................4
Privacy of Employee Data...........................................................................................................7
Existing Threats.......................................................................................................................8
Additional Threats.................................................................................................................10
Risk Results...........................................................................................................................11
Digital Identity Issues................................................................................................................11
Provider Solution Issues............................................................................................................12
Data Sensitivity..........................................................................................................................13
Conclusion.....................................................................................................................................14
References......................................................................................................................................17
Table of Contents
Introduction......................................................................................................................................3
Security of Employee Data..........................................................................................................4
Impending risks and threats.....................................................................................................4
Privacy of Employee Data...........................................................................................................7
Existing Threats.......................................................................................................................8
Additional Threats.................................................................................................................10
Risk Results...........................................................................................................................11
Digital Identity Issues................................................................................................................11
Provider Solution Issues............................................................................................................12
Data Sensitivity..........................................................................................................................13
Conclusion.....................................................................................................................................14
References......................................................................................................................................17
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3RISK ASSESSMENT
Introduction
Cloud computing is currently the most talked about and widely used technology all
around the world by different organizations as well as different individuals. It is a process by
which instead of physical existence of storage, management and processing of data; the entire
process is saved into the network hosted by Internet. However, there are several risks associated
with it as well, from both the perspectives of an organization and an individual. Since there is no
physical existence of the entire data storage and the public clouds are generally owned by third-
party cloud service providers, there are high chances of mishandling of data and other issues like
data breaches and ransomware attacks (Kaleeswari et al., 2018). Thus the following assignment
would present the topic of the risks associated with the Cloud and the Security and Privacy
Maintenance in a cloud environment from the perspective of an organization. In the current
project scenario, a consultant has been appointed to provide support and suggestions to a charity
based organization that provides support to the underprivileged. The number of people that the
organization has currently been providing services to is nearly 500 and has their own data centre
using the Linux based operating system by Red Hat (Younis, Kifayat & Merabti, 2014). The
servers are however owned by vendors providing cloud services. It has also been noted that the
cloud storage capacity for the entire organization ranges up to 200 TB of memory. The
consultant has been approached to report the entire security and privacy policy procurement for
the organization given the fact that the company has been purchasing personal management
application from a US based company working under SaaS environment. Thus, the entire report
regarding the deliverables of the consultant would be based on several processes that would help
in analyzing the levels of security of different aspects of the organization. This would be
Introduction
Cloud computing is currently the most talked about and widely used technology all
around the world by different organizations as well as different individuals. It is a process by
which instead of physical existence of storage, management and processing of data; the entire
process is saved into the network hosted by Internet. However, there are several risks associated
with it as well, from both the perspectives of an organization and an individual. Since there is no
physical existence of the entire data storage and the public clouds are generally owned by third-
party cloud service providers, there are high chances of mishandling of data and other issues like
data breaches and ransomware attacks (Kaleeswari et al., 2018). Thus the following assignment
would present the topic of the risks associated with the Cloud and the Security and Privacy
Maintenance in a cloud environment from the perspective of an organization. In the current
project scenario, a consultant has been appointed to provide support and suggestions to a charity
based organization that provides support to the underprivileged. The number of people that the
organization has currently been providing services to is nearly 500 and has their own data centre
using the Linux based operating system by Red Hat (Younis, Kifayat & Merabti, 2014). The
servers are however owned by vendors providing cloud services. It has also been noted that the
cloud storage capacity for the entire organization ranges up to 200 TB of memory. The
consultant has been approached to report the entire security and privacy policy procurement for
the organization given the fact that the company has been purchasing personal management
application from a US based company working under SaaS environment. Thus, the entire report
regarding the deliverables of the consultant would be based on several processes that would help
in analyzing the levels of security of different aspects of the organization. This would be
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4RISK ASSESSMENT
represented in the report as the security of the employee data, which is an important aspect as the
database that stores the confidential data of each employee can be extremely problematic if
exposed to public servers (Islam, Manivannan & Zeadally, 2016). The privacy functionalities of
the employee data in the organization would be analyzed next to ensure that the organization has
been utilizing proper measures to secure the data associated with each employee. Further
analysis would be presented on the Digital Identity issues that the organization is currently been
facing and the provider of solution issues. The latter will be described from the perspective of the
Saas application that has been providing service to the organization for personal management.
Finally, the report would include the data sensitivity issues which evaluate the data according to
the organization’s control of data.
Security of Employee Data
Impending risks and threats
Employee data in any organization is an extremely intricate property since this not only
contains personal information of an employee including their contact information and other
confidential information, but also the personal information of an employee can be linked to
classified information of the organization as well (Rao & Selvamani, 2015). The HR in-house
database has the ability to hold the information about different employees, but there are
impending risks with this database hosting in the cloud on the other hand. The consulting
company has noticed that there have been several problems associated with the cloud computing
technology in holding the employee data. These are described in details as below:
Breaching of Data: Cloud computing possesses the basic threat of breaching of data
which is very common in this technology. Cloud database is the hub of information therefore, by
represented in the report as the security of the employee data, which is an important aspect as the
database that stores the confidential data of each employee can be extremely problematic if
exposed to public servers (Islam, Manivannan & Zeadally, 2016). The privacy functionalities of
the employee data in the organization would be analyzed next to ensure that the organization has
been utilizing proper measures to secure the data associated with each employee. Further
analysis would be presented on the Digital Identity issues that the organization is currently been
facing and the provider of solution issues. The latter will be described from the perspective of the
Saas application that has been providing service to the organization for personal management.
Finally, the report would include the data sensitivity issues which evaluate the data according to
the organization’s control of data.
Security of Employee Data
Impending risks and threats
Employee data in any organization is an extremely intricate property since this not only
contains personal information of an employee including their contact information and other
confidential information, but also the personal information of an employee can be linked to
classified information of the organization as well (Rao & Selvamani, 2015). The HR in-house
database has the ability to hold the information about different employees, but there are
impending risks with this database hosting in the cloud on the other hand. The consulting
company has noticed that there have been several problems associated with the cloud computing
technology in holding the employee data. These are described in details as below:
Breaching of Data: Cloud computing possesses the basic threat of breaching of data
which is very common in this technology. Cloud database is the hub of information therefore, by
5RISK ASSESSMENT
hacking into it; any malicious attacker can access the intricate detailed information about an
organization or an individual user very easily (Sethi & Sruti, 2018). This information can be of
any kind, starting from name, address, contact information, bank details and any other detailed
credentials, that remain open to the attackers for misuse. This is the reason that many people are
affected at the same time by data attackers due to cloud computing environment.
APIs: An API is an application program interface that establishes communication
between a user and the cloud. Mostly the private organizations that provide cloud storage servers
to other companies maintain the advanced security to the API technology, so that they can secure
these networks from any kind of malicious attacker (Aggarwal, 2018). However, possibilities
still remain for any kind of vulnerabilities in this regard from the administrative areas of the
APIs.
Account hijacking: It is a common phenomenon in the cloud environment that to get
into a cloud server of any company or an individual, the attacker might gain access to an entire
account. This is mainly done with the help of a phishing method. The act of phishing accounts
mainly occurs due to the vulnerabilities of security systems in the cloud environment of an
individual or a company so that the networks handling them can be easily violated (Singh et al.,
2016). This creates a loophole in the system for the attackers to easily breach into the cloud
servers and get access to the accounts that is generally unauthorized to them.
SaaS Risks: It sometimes occurs in an organization that when the entire business process
is migrating to a new technology of SaaS, data security threats are attached with the entire
implementation. Every Saas Application is vulnerable to data breaches. To mitigate this risk, it is
mainly the responsibility of the SaaS network providers that this impending risk is taken into
hacking into it; any malicious attacker can access the intricate detailed information about an
organization or an individual user very easily (Sethi & Sruti, 2018). This information can be of
any kind, starting from name, address, contact information, bank details and any other detailed
credentials, that remain open to the attackers for misuse. This is the reason that many people are
affected at the same time by data attackers due to cloud computing environment.
APIs: An API is an application program interface that establishes communication
between a user and the cloud. Mostly the private organizations that provide cloud storage servers
to other companies maintain the advanced security to the API technology, so that they can secure
these networks from any kind of malicious attacker (Aggarwal, 2018). However, possibilities
still remain for any kind of vulnerabilities in this regard from the administrative areas of the
APIs.
Account hijacking: It is a common phenomenon in the cloud environment that to get
into a cloud server of any company or an individual, the attacker might gain access to an entire
account. This is mainly done with the help of a phishing method. The act of phishing accounts
mainly occurs due to the vulnerabilities of security systems in the cloud environment of an
individual or a company so that the networks handling them can be easily violated (Singh et al.,
2016). This creates a loophole in the system for the attackers to easily breach into the cloud
servers and get access to the accounts that is generally unauthorized to them.
SaaS Risks: It sometimes occurs in an organization that when the entire business process
is migrating to a new technology of SaaS, data security threats are attached with the entire
implementation. Every Saas Application is vulnerable to data breaches. To mitigate this risk, it is
mainly the responsibility of the SaaS network providers that this impending risk is taken into
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6RISK ASSESSMENT
account and the entire transformation program is taken care of to protect confidential data
(Chhabra & Dixit, 2015). However, a SaaS network technology does not have an in-built feature
of protecting data, so this criterion is to be fulfilled by the people or the service providers who
are taking care of the network. Otherwise, the SaaS applications would not take into account the
data protecting feature on its own. It can further be noticed that when an organization is planning
on movement to a SaaS application in exchange of its previously used applications there is a
noticeable risk in down time. As all the data are moved to the provider of the SaaS so the users
have to rely on the providers to keep up the running of data (Tang & Liu, 2015). The user will no
longer have the control on data. Any mishap if happen in data controlling so it will impact a lot
in the particular organization. This the main risk of transferring the data to the SaaS application.
It is necessary for the SaaS providers to work with a lower downtime so that the risks can be
mitigated. Another risk in the SaaS application environment is that the proper implementation
plan needs to be according to the standards set by the technical laws of the country the
organization is set in. If it does not abide by said laws and orders, there might be a risk of legal
actions been taken on the organization.
Accumulated results of the threats: In the above discussion, all the threats and the
impending risks have been discussed in details regarding the problems. The primary threat that
these risks possess has the ability to attack a single entity user as well as an entire organization.
With more and more time passing, these risks are becoming larger in number since the cyber
attackers are increasingly using latest technologies for attacking the cloud servers (Seethamraju,
2015). This can also been noticed since there has been reports of increasing amounts of data
breaches in the recent times belting the reports from the entire world. This is a major threat as
intricate information and data belonging to a company or an individual or an employee
account and the entire transformation program is taken care of to protect confidential data
(Chhabra & Dixit, 2015). However, a SaaS network technology does not have an in-built feature
of protecting data, so this criterion is to be fulfilled by the people or the service providers who
are taking care of the network. Otherwise, the SaaS applications would not take into account the
data protecting feature on its own. It can further be noticed that when an organization is planning
on movement to a SaaS application in exchange of its previously used applications there is a
noticeable risk in down time. As all the data are moved to the provider of the SaaS so the users
have to rely on the providers to keep up the running of data (Tang & Liu, 2015). The user will no
longer have the control on data. Any mishap if happen in data controlling so it will impact a lot
in the particular organization. This the main risk of transferring the data to the SaaS application.
It is necessary for the SaaS providers to work with a lower downtime so that the risks can be
mitigated. Another risk in the SaaS application environment is that the proper implementation
plan needs to be according to the standards set by the technical laws of the country the
organization is set in. If it does not abide by said laws and orders, there might be a risk of legal
actions been taken on the organization.
Accumulated results of the threats: In the above discussion, all the threats and the
impending risks have been discussed in details regarding the problems. The primary threat that
these risks possess has the ability to attack a single entity user as well as an entire organization.
With more and more time passing, these risks are becoming larger in number since the cyber
attackers are increasingly using latest technologies for attacking the cloud servers (Seethamraju,
2015). This can also been noticed since there has been reports of increasing amounts of data
breaches in the recent times belting the reports from the entire world. This is a major threat as
intricate information and data belonging to a company or an individual or an employee
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7RISK ASSESSMENT
associated with a company is highly confidential. These can contain such valuable information
that an entire company can be demolished with the help of these as well as an individual’s bank
accounts can be violated to extort out money or causing any other kind of harm. Therefore, it is
absolutely essential that proper measures are taken to protect these data and information so that
they do not fall into the hands of these malevolent attackers easily (Díaz, Martín & Rubio, 2016).
The phishing attacks can cause a person or an organization to lose a highly important data and an
attacker can use them for their own benefit. This is also a problem as the latest times have
witnessed a huge and exponential rise in the uses of networking and communicating devices by
an individual user and organizations as well. This is a huge risk as the cyber attackers get a huge
domain to exploit data devoid of physical existence. They get time and space to assess their
target and pursue their attacking activities. Therefore, any loophole in the system can cause a
huge problem for an individual as well as an organization.
Privacy of Employee Data
Maintaining the privacy of data is extremely important for a company since this can
cause further problems firstly to the employees and then to the organizations as a result if the
data is breached by a cyber attacker. Cyber attackers can assess any company in the market and
monitor them by their internet activities. One such activity is the one that a company performs
through the exchange of mails (Jungck & Rahman, 2015). Using a mail to exchange information
needs to be extremely cautious as it has to be made sure by an individual as well by an entire
organization that no confidential information is passed through emails. In addition to this, it has
also to be made sure that the people using emails do not click on to any unsolicited link from an
unauthorized source that they receive in mails. This is also to be made sure by the company that
associated with a company is highly confidential. These can contain such valuable information
that an entire company can be demolished with the help of these as well as an individual’s bank
accounts can be violated to extort out money or causing any other kind of harm. Therefore, it is
absolutely essential that proper measures are taken to protect these data and information so that
they do not fall into the hands of these malevolent attackers easily (Díaz, Martín & Rubio, 2016).
The phishing attacks can cause a person or an organization to lose a highly important data and an
attacker can use them for their own benefit. This is also a problem as the latest times have
witnessed a huge and exponential rise in the uses of networking and communicating devices by
an individual user and organizations as well. This is a huge risk as the cyber attackers get a huge
domain to exploit data devoid of physical existence. They get time and space to assess their
target and pursue their attacking activities. Therefore, any loophole in the system can cause a
huge problem for an individual as well as an organization.
Privacy of Employee Data
Maintaining the privacy of data is extremely important for a company since this can
cause further problems firstly to the employees and then to the organizations as a result if the
data is breached by a cyber attacker. Cyber attackers can assess any company in the market and
monitor them by their internet activities. One such activity is the one that a company performs
through the exchange of mails (Jungck & Rahman, 2015). Using a mail to exchange information
needs to be extremely cautious as it has to be made sure by an individual as well by an entire
organization that no confidential information is passed through emails. In addition to this, it has
also to be made sure that the people using emails do not click on to any unsolicited link from an
unauthorized source that they receive in mails. This is also to be made sure by the company that
8RISK ASSESSMENT
no other employee can access the data of anyone else until and unless they are authorized to do
so. If it is found to be still operated in the organization, strict action should be taken against the
person responsible, even treating it as a criminal offense (Roy et al., 2015). This can be any
information of an individual employee, including the health information of the person.
Existing Threats
While protecting an in-house database, there are a huge set of threats existing in the
security systems that needs to be taken care of (Tiwari & Joshi, 2016). These threats are to be
discussed in details as below:
Malware threats: Malwares are malicious softwares or software containing viruses that
are designed to barge into any computer by clicking into undesignated links and haltering the
entire system or leaking out information and data that are otherwise kept under secured
environment (Ab Rahman & Choo, 2015). This is a perennial threat for any kind of in house
database that is protected by an organization. Malwares have a capability to infect a connecting
device and steal all the sensitive data that the databases hold.
Human Threats: This threat is classified as the human interaction of a person with any
device. This occurs due to the negligence of an individual in handling their designated device in
the organization. Due to this problem, data breaches occur at random. It is implied that a person
needs to be much more cautious in order to handle a device and for that proper training should be
given to each one of them (Mushtaq et al., 2017). It has been reported that unsolicited links being
clicked have added to cause such problems. Many phishing emails that are designed to breach
data have been clicked out of curiosity which should have otherwise been kept untouched
altogether. Therefore, any person should be focused while using a device or it can create a huge
no other employee can access the data of anyone else until and unless they are authorized to do
so. If it is found to be still operated in the organization, strict action should be taken against the
person responsible, even treating it as a criminal offense (Roy et al., 2015). This can be any
information of an individual employee, including the health information of the person.
Existing Threats
While protecting an in-house database, there are a huge set of threats existing in the
security systems that needs to be taken care of (Tiwari & Joshi, 2016). These threats are to be
discussed in details as below:
Malware threats: Malwares are malicious softwares or software containing viruses that
are designed to barge into any computer by clicking into undesignated links and haltering the
entire system or leaking out information and data that are otherwise kept under secured
environment (Ab Rahman & Choo, 2015). This is a perennial threat for any kind of in house
database that is protected by an organization. Malwares have a capability to infect a connecting
device and steal all the sensitive data that the databases hold.
Human Threats: This threat is classified as the human interaction of a person with any
device. This occurs due to the negligence of an individual in handling their designated device in
the organization. Due to this problem, data breaches occur at random. It is implied that a person
needs to be much more cautious in order to handle a device and for that proper training should be
given to each one of them (Mushtaq et al., 2017). It has been reported that unsolicited links being
clicked have added to cause such problems. Many phishing emails that are designed to breach
data have been clicked out of curiosity which should have otherwise been kept untouched
altogether. Therefore, any person should be focused while using a device or it can create a huge
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9RISK ASSESSMENT
problem both for the device as well as the information it contains affecting the organization in
accordance to it.
Unmanaged data threats: Many companies have been found to be negligent in handling
user data, employee data as well as important data for the organization. Human involvement in
storage of data for the employees creates this problem as most of the time it has been found that
human errors have caused data breaches in an organization (Mishra et al., 2018). Unmanaged
data thus have a huge risk of being violated and exposed by any kind of malicious hacker
accessing the network for a supposed attack. This is like an open opportunity for them to barge
into the network and get hold these unmanaged data.
Threats due to excessive permissions: This threat occurs when an employee is given
too much of accessing permissions in an organization. The suggested method is that an employee
should be given as much access to user and employee database as needed. It has been found that
when an employee is given too much access over a network that he or she is able to take peek
into any employee information, there is a possibility that he or she might perform unsolicited
activities that can cause loss of data or even make it vulnerable to further exploitation by the
cyber attackers (Aikat et al., 2017). So it is necessary to give the privilege to the employee that
they required only not more than that or less than that limit.
Database injection threats: The injection attacks are performed to a database in order to
breach data by exploiting them. This is done by a malicious attacker by barging into vulnerable
accounts holding these important databases (Rittinghouse & Ransome, 2016). Mostly these are
the two typical types of databases comprising of traditional databases and the NoSql Database.
problem both for the device as well as the information it contains affecting the organization in
accordance to it.
Unmanaged data threats: Many companies have been found to be negligent in handling
user data, employee data as well as important data for the organization. Human involvement in
storage of data for the employees creates this problem as most of the time it has been found that
human errors have caused data breaches in an organization (Mishra et al., 2018). Unmanaged
data thus have a huge risk of being violated and exposed by any kind of malicious hacker
accessing the network for a supposed attack. This is like an open opportunity for them to barge
into the network and get hold these unmanaged data.
Threats due to excessive permissions: This threat occurs when an employee is given
too much of accessing permissions in an organization. The suggested method is that an employee
should be given as much access to user and employee database as needed. It has been found that
when an employee is given too much access over a network that he or she is able to take peek
into any employee information, there is a possibility that he or she might perform unsolicited
activities that can cause loss of data or even make it vulnerable to further exploitation by the
cyber attackers (Aikat et al., 2017). So it is necessary to give the privilege to the employee that
they required only not more than that or less than that limit.
Database injection threats: The injection attacks are performed to a database in order to
breach data by exploiting them. This is done by a malicious attacker by barging into vulnerable
accounts holding these important databases (Rittinghouse & Ransome, 2016). Mostly these are
the two typical types of databases comprising of traditional databases and the NoSql Database.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10RISK ASSESSMENT
Additional Threats
While transferring employee data in SaaS application, many threats can be associated
with it. These threats are described in details as below:
Faulty Identity Management: It has been often found that the private organizations that
are responsible to provide cloud server identities are not that sophisticated when it comes to
respect the dignity of these service identities that reside behind the firewall of several enterprises
(Pham et al., 2017). This is because; there are many third party applications that have the ability
to access the data in the SaaS as these data do not have identity. This forms one of the major
risks that cloud environment is facing in the contemporary times.
Downfall in cloud standards: Security credentials are a standard that the cloud vendors
have been advertizing about in the recent times. This has found to be a problem after SAS 70 has
been audited. The cloud standard becomes very low in these matter, thus there is no security of
data in SaaS Applications (Kavis, 2014). Therefore, it is required that an organization adapts to
the security standards that are required when a data is transferred to SaaS Applications.
Data Security Threats: The main problem with the vendor of any cloud server is that
they put forward their capability of giving more security to the data much more than they are
capable of. Due to this, most organizations tend to have the idea that the SaaS security is that
good in securing employee data. However, the customers of the cloud vendors do not believe
that the SaaS providers are secretive about their processes of the security (Ali, Khan &
Vasilakos, 2015). Most of the cloud vendors do not show the actual amount of data centres and
the operations they actually provides. Since, they do not disclose all the necessary information to
the customers so there is a chance of compromising with the security. Customers and analysts of
Additional Threats
While transferring employee data in SaaS application, many threats can be associated
with it. These threats are described in details as below:
Faulty Identity Management: It has been often found that the private organizations that
are responsible to provide cloud server identities are not that sophisticated when it comes to
respect the dignity of these service identities that reside behind the firewall of several enterprises
(Pham et al., 2017). This is because; there are many third party applications that have the ability
to access the data in the SaaS as these data do not have identity. This forms one of the major
risks that cloud environment is facing in the contemporary times.
Downfall in cloud standards: Security credentials are a standard that the cloud vendors
have been advertizing about in the recent times. This has found to be a problem after SAS 70 has
been audited. The cloud standard becomes very low in these matter, thus there is no security of
data in SaaS Applications (Kavis, 2014). Therefore, it is required that an organization adapts to
the security standards that are required when a data is transferred to SaaS Applications.
Data Security Threats: The main problem with the vendor of any cloud server is that
they put forward their capability of giving more security to the data much more than they are
capable of. Due to this, most organizations tend to have the idea that the SaaS security is that
good in securing employee data. However, the customers of the cloud vendors do not believe
that the SaaS providers are secretive about their processes of the security (Ali, Khan &
Vasilakos, 2015). Most of the cloud vendors do not show the actual amount of data centres and
the operations they actually provides. Since, they do not disclose all the necessary information to
the customers so there is a chance of compromising with the security. Customers and analysts of
11RISK ASSESSMENT
the industry are at rageby the response by the SaaS providers. The customer must not give their
data for the security if the vendor is not transparent.
Risk Results
Malware attacks happening in a database can cause several problems to the employees and
further affecting a database. This should be taken care of by individual employees so that they
do not fall prey to further phishing attacks by malevolent cyber attackers (Hsu et al., 2014). It has
been found that 35 per cent of the attacks and phishing problems are mostly caused due to the
human negligence. Lack of knowledge in using this kind of database forms these threats;
therefore, it is essential that the human activity behind handling the database is controlled. The
employees need to be trained accordingly to make them aware of the threats and risks so that
they can be more cautious while handling them.
Digital Identity Issues
Digital identity is at a higher risk of getting exposed while data is being migrated from a
traditional database to a SaaS application. When a network or an online resource is being used,
digital identity of a data gets stored in a database (Botta et al., 2016). Normally, a data identity is
used to protect data from potential data threats and cyber crimes. Thus, losing the integrity of
data can s=cause several problems. It is to be thus made sure that all the online websites must be
used cautiously so that data identity integrity is kept intact.
For example, while accessing a banking website, it is to be made sure that all the account
information of an individual is to be kept totally under wraps. If any negligence is paid heed to,
there must be a huge risk of losing all the account information to a malicious hacker who might
barge into the bank account of a non-suspecting person and cause severe harm to the individual
the industry are at rageby the response by the SaaS providers. The customer must not give their
data for the security if the vendor is not transparent.
Risk Results
Malware attacks happening in a database can cause several problems to the employees and
further affecting a database. This should be taken care of by individual employees so that they
do not fall prey to further phishing attacks by malevolent cyber attackers (Hsu et al., 2014). It has
been found that 35 per cent of the attacks and phishing problems are mostly caused due to the
human negligence. Lack of knowledge in using this kind of database forms these threats;
therefore, it is essential that the human activity behind handling the database is controlled. The
employees need to be trained accordingly to make them aware of the threats and risks so that
they can be more cautious while handling them.
Digital Identity Issues
Digital identity is at a higher risk of getting exposed while data is being migrated from a
traditional database to a SaaS application. When a network or an online resource is being used,
digital identity of a data gets stored in a database (Botta et al., 2016). Normally, a data identity is
used to protect data from potential data threats and cyber crimes. Thus, losing the integrity of
data can s=cause several problems. It is to be thus made sure that all the online websites must be
used cautiously so that data identity integrity is kept intact.
For example, while accessing a banking website, it is to be made sure that all the account
information of an individual is to be kept totally under wraps. If any negligence is paid heed to,
there must be a huge risk of losing all the account information to a malicious hacker who might
barge into the bank account of a non-suspecting person and cause severe harm to the individual
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 21
