Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Cloud Computing Risks and Security

Verified

Added on 2020/04/07

AI Summary

This assignment examines the multifaceted risks associated with cloud computing. It analyzes various security threats, such as data breaches, unauthorized access, and vulnerabilities inherent in cloud infrastructure. The paper also investigates privacy implications, considering issues like data storage, user consent, and the potential for misuse of sensitive information. Furthermore, it explores risk assessment models and mitigation strategies employed by organizations to enhance cloud security.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

qwertyuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiopasdfgh
jklzxcvbnmqwertyuiopasdfghjklzxcvb
nmqwertyuiopasdfghjklzxcvbnmqwer
tyuiopasdfghjklzxcvbnmqwertyuiopas
dfghjklzxcvbnmqwertyuiopasdfghjklzx
cvbnmqwertyuiopasdfghjklzxcvbnmq
wertyuiopasdfghjklzxcvbnmqwertyuio
pasdfghjklzxcvbnmqwertyuiopasdfghj
klzxcvbnmqwertyuiopasdfghjklzxcvbn
mqwertyuiopasdfghjklzxcvbnmqwerty
uiopasdfghjklzxcvbnmqwertyuiopasdf
ghjklzxcvbnmqwertyuiopasdfghjklzxc
vbnmqwertyuiopasdfghjklzxcvbnmrty
uiopasdfghjklzxcvbnmqwertyuiopasdf
ghjklzxcvbnmqwertyuiopasdfghjklzxc
PII Strategy
Threat and Risk Assessment for PII in “MyLicence” Portal

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1. Introduction
Since the Australian state government has centralized the application and deployed the single
workflow of all licenses through single web portal called “MyLicence”, the threat and risk
analysis of the Personal Identifiable Information (PII) is an essential obsession. The Department
of Administrative Services (DAS) has implemented the cloud model for incorporating the shared
services like Personnel Management, contractor management, payroll solution, and Whole of
Government (WofG) development.
By the deployment of MyLicence portal, the citizens can acquire and renew their licences in a
customized way. By this way, the citizens register on the web portal and create their own
informal digital identity. But this leads to the confrontation of several security risks and
vulnerabilities of the sensitive PII data of the citizens.
This report illustrates the Threat and Risk Assessment (TRA) for the PII data stored in the
MyLicence portal. Moreover, a PII strategy proposal for the portal is drafted and the privacy and
information protection facets are considered for alleviating the identified risks and
vulnerabilities.
2. Threat and Risk Assessment (TRA) for PII data in MyLicence
Portal
2.1. Introduction to PII
Any information which is utilized to solely recognize or identify an individual is termed as
Personal Identifiable Information (PII). This data is also associated with the identical data from
external sources. The PII data comprises wide collection of information for locating the unique
individuals, like birth date, personal addresses, license numbers, bank account numbers, credit
card numbers, payroll data, etc. Even when the individuals have more concerns on the disclosure
of their personal information, this problem exists in the portal like MyLicence that contains wide
range of PII stored in it.
The examples of PII in MyLicence Include:

 First Name or Last Name
 Address of the citizen
 Age
 Telephone or Mobile Numbers
 Credit Card Numbers
 Race
 Criminal Evidence
 Birth Date
 Gender, and other unique details related to the citizens.
2.2. Cloud Identifiable Vulnerabilities
Some technologists concentrate on cloud related vulnerabilities rather than the risks and threats.
The specific cloud vulnerabilities for the PII data are given below:
 The vulnerabilities can be found inside the cryptanalysis and the service leaned
framework.
The main source of vulnerabilities can emerge from one of the cloud computing aspects like
openness, pay as you consume model, and collection of resources (Grobauer, Walloschek &
Stocker, 2011).
 Insufficient transparency in service contributor’s policy is also another issue.
2.3. Cloud Specific Threats
The cloud specific threats for PII data can be categorized as follows:
2.3.1. Exploitation and disreputable utilization of cloud computing
The IaaS contributors proffer infinite number of storage capacity, network, and compute
resources to the customers. The hackers and malevolent code developers conduct their spiteful
tasks with associated requirements. In the portal like MyLicence, the PII data can be extracted by
the attackers through password tracking methods, Distributed Denial of Service, initiating

vibrant threat points, botnet authority, congregating the malicious data, constructing mottled
tables, etc (Chu, Chow, Tzeng, Zhou & Deng, 2014).
By this way, the privacy of PII data contained in the portal will be affected. There is a possibility
of utilization of the IaaS servers by botnets for commanding activities.
2.3.2. Distributed technology concerns
The distribution of architecture comprising CPU hoard, Graphics Processing Unit (GPU), etc. is
offered by the IaaS providers. But, these architectural components are not able to provide the
isolation aspects to the multi-resident frameworks (Dabrowski & Mills, 2011).
For solving this issue, an implicit supervising component controls the access in between the
computing sources and organization operating systems. Even then, the supervising component
has revealed some imperfections such that the third party operating system can have
unacceptable access to the PII data or impact on the triggering manifesto.
2.3.3. PII Data loss or leakage
The data can be negotiated in several ways. An example is the modification of data without any
endorsement of the unique content. The PII data loss can be due to lack of authorization,
management, improper utilization of encryption keys, perseverance and arrangement
confrontations, functional errands, data center inconsistency, risk of fraternity, authentication
issues, and failure recuperation.
2.3.4. Unstable Application Programming Interface (API)
The customers use to manage the cloud services through the API provided by the cloud
suppliers. The activities like monitoring, stipulation, coordination, and administration are offered
by these software interfaces (Apecechea, Inci, Eisenbarth & Sunar, 2014). The reusable
passwords and API reliance are other examples of API threats.
3. PII Strategy Proposal
For the organization of various sizes, cloud computing provided infinite storage space and other
computing abilities. By this way, the DAS is liberated from buying, administering, and

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

upgrading their computer systems and networks. Even the provision of cloud services has offered
multiple benefits like agility, improved options, and litheness (Gargama & Chaturvedi, 2011); it
also opens the door to many privacy, data protection, and compliance issues. The users can select
private or hybrid cloud models for selecting their own dedicated data protecting needs.
Hence it is required to develop a strategy for protecting the PII data in cloud implemented
MyLicence portal. This strategy allows the portal to monitor the data collection, utilization, and
the disbursement of the PII data. DAS should make the commitments with the cloud service
provider in form of legal agreements, verification, and data protection guarantee. Moreover, the
data privacy policies should be upgraded regularly in order to govern the application like
MyLicence.
The PII strategy implemented should be able to cover the aspects as shown in the figure below:
Fig 1: PII Strategy
3.1. Fabrication of Data Protection Services
The cloud providers should be selected in such a way that they are able to provide the services
which maintains both the privacy of data and the customers (Chen & Lee, 2014).

3.1.1. Allegiance for protecting and limiting the utilization of data
The data contained in the centralized portal should be maintained by the DAS alone and should
not be utilized by the cloud providers, which should be included in the privacy agreements. Each
service should contain a data set for forming the storage and backup standards, and must be
deleted according to the requirements of the customer (Heng, Ruixuan, Xinhua & Zhang, 2014).
3.2.2. Privacy by Pattern
The privacy and data protection should be considered at each and every stage of the application
development process. This strategy contains all the processes, technologies, and the users for
improving the privacy and protection of the PII data.
A development pattern comprising seven stages should be followed by the portal developer for
enhancing the data security and privacy.
Fig 2: Proposed development pattern for portal
As data security is more crucial to privacy, this coalition of security and privacy procedures
minimize the vulnerabilities and threats in the application code, and avoid the occurrence of data
breaches (Roberts & Al-Hamdani, 2011).
PreparationProposeDeploymentValidationFeedback

The privacy evaluation is conducted in order to confirm that the privacy needs are sufficiently
dealt with.
 The availability of privacy aspects, which permits the service administrator to allocate
permissions to the persons for accessing the data, is verified.
 The privacy risks encountered in the portal should be estimated and the necessary
alleviation measures are taken.
3.2.3. Privacy Protection by Service Attributes
The enhanced data shielding and protection features must be embedded in the services
provided by the cloud providers. Hence for portal like MyLicence, the cloud providers with
incorporated data protection features like for e.g. Microsoft Azure can be employed by DAS.
The services attributes required for data protection and privacy are enlisted below:
 Amalgamated Identity and Access Administration
This provides the service administrators of DAS for administering the access to their
respective services in the portal.
 Privileges Administration Service
Using this management service, the DAS can supplement their PII data fortification
approach for securing the data by means of importunate utilization procedures within
the information without the consideration of the location of data storage.
3.4. Protecting the PII data in overhaul procedure
The well deployed cloud service will not be able to protect the PII data and privacy if it is
implemented in the unsecured environment. The cloud users will have the anticipation that their
data is not interpreted to other cloud users. Moreover, they presume that the methods utilized at
the data centers hold their information secure and private (Alcaraz Calero, Edwards, Kirschnick,
Wilcock & Wray, 2010).
3.4.1. Methods for protecting services privacy
The data access management is one of the prime methods to protect the privacy of the services.
Coherent and physical are the two phases of data access management. In physical data access

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

management, the datacenter access is monitored by means of locked server stands, video
observation, incorporated alarms, etc.
The data of the citizens can be accessed based on the requirement of the service. The access is
limited by manipulations like dual factor authorization, signing in, and reviewing the actions
performed in production service platform (Khan, Oriol, Kiran, Jiang & Djemame, 2012).
A vigorous intrinsic program should be developed for reporting the latent privacy risks, so that
the respective teams like legal, communications, and forensics work together in order to mitigate
those particular risks. For ensuring the data security and privacy between the cloud users who
hold the data in the equivalent cloud service, the data separation methods are applied for
isolating the cloud residents to create a platform where the users will be able to acquire only their
data.
3.4.2. Transparency
The data must be provided by the cloud service provider to third-party only after the acquisition
of permission from the DAS. By this way, the data transparency should be maintained in the
cloud environment.
4. Authorizing the customers to secure their information
The DAS should make sure that the personal data of the citizen is secured by incorporating
certain security policies and procedures that should be managed by both the service providers
and customers.
The cloud service contributor must consider the responsibilities regarding security and keep up
the protection of its client information—and engages its clients to actualize what's more, utilize
our administrations in a secured way (Heilig & Voss, 2014). Information security and protection
is a distributed obligation between the supplier and the clients. The supplier ought to be in charge
of the environment and responsible for making a benefit that can convene the data safety,
protection, and consistence requirements of the clients.
Clients are in charge of arranging and working their administration subsequent to stipulation,
inclusive of the administration of access accreditations and legitimate consistence, securing

applications by means of administration's constructed manipulation, information, and several
effective machines or any additional information that they utilize by means of their record
(Factor, Hadas, Hamam, Har’El, Kolodner, Kurmus & Shulman-Peleg, 2013).
5. Steps for accepting the PII Strategy
Below are five key advances each association should acquire to start the way toward
counteracting information misfortune:
 Distinguish PII the DAS should secure
 Organize PII
 Find the location of PII
 Make an acceptable user policy (AUP)
 Instruct your representatives about your AUP
It might be in various spots, repetitive on servers, portable PCs, PCs and detachable media
(Asghar, Ion, Russello& Crispo, 2011). Once the PII is discovered, the portal has to characterize
the association's AUPs for getting to and utilizing it. AUPs will shift from association to
association, however ought to finish three objectives:
 Secure PII information
 Characterize who can get to PII
 Build up regulations intended for finding the approved workers who can utilize PII
The created AUPs may be powerful if your representatives think that they have a section to make
a role in ensuring your PII. Completely instructing workers is a basic and regularly ignored
advancement (O’Hagan & Oakley, 2004). The duplicates of AUPs must be conveyed to workers,
proffer preparing gathering and make them to notice an announcement recognizing that they will
keep the strategies. This process will transform each representative a dynamic member in the
implementation of AUPs, and the association wide pushes to avert information misfortune and
the deficit of PII.
6. PII Solutions
Encryption Entire-circle encryption

 Encryption of secondary storage
devices
 Strategy centered mail cryptography
 Record share encryption
 Focal key administration and
reinforcement
 Capacity to review cryptography
prominence
Avoidance of Threats Discontinue incidental information misfortune
through checking the information for finding
out the delicate data transferred to sites,
through internet messenger or mail, and stored
on gadgets with programmed regulations, for
example,
 Record coordinating standard:
Predefined move is made in light of
name or kind of document a client is
endeavoring to acquire or
exchange (Saripalli & Walters, 2010)
 Information lead: Has information
characterization and determines the
activity considered if a client endeavors
to exchange information that conforms
with that characterizations
Data Security  Distinguish recognized and obscure
malware like virus, spyware, worms,
distrustful documents, Trojans, and
conduct, possibly undesirable
applications practically without any

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

requirement for refreshment.
 Procure antiviral software, firewall, and
gadget administration in a solitary
specialist
 Protect the majority of your stages
(Windows, Linux, Mac, and UNIX)
7. Strategy for protecting the Informal Digital Identity of users
7.1. Introduction to Informal Digital Identity
On the “MyLicence” web portal, the citizens must demonstrate their uniqueness utilizing
accreditations, for example, a secret key. This procedure is called verification, and is
fundamental to secure the "digital identity." If confirmation can be bypassed, at that point
anybody can claim to be any other individual on the web, and that can prompt significant issues.
For instance, a large portion of the real information breaks through the span of the most recent
year were expert by programmers who accessed certifications that should not be accessed
without proper authorization. Furnished with this data, they could get to acquire the frameworks
and take information on a really gigantic scale (Sendi, Cheriet, 2014).
Unmistakably, advanced digital identities are vital and should be ensured, however so that there
are very few great methods for doing as such. The vast majority of the citizens utilize keywords
for protecting their digital identities. This is a case of what is termed as one-aspect validation,
since checking the proprietor's character depends on a solitary bit of hypothetically mystery data:
the secret key. Nonetheless, passwords are famously loathsome at ensuring data despite the fact
that that isn't altogether the blame of secret keys (Solove, 2006). In principle, individuals ought
to have extraordinary, interesting passwords for each and every site that demands that the
passwords ought to be long, with a blend of character sorts, and the keywords ought to be
changed at regular intervals. An amazing number of individuals have passwords like "secret

word" or "123" in light of the fact that it would be unthinkable for a many people to really recall
their keyword on the off chance that they kept the prescribed procedures.
There are approaches to solve these issues like MyLicence portal which will recall, oversee, and
naturally enter client keywords trying to produce protected keywords exploitable. A few
individuals are notwithstanding offering specially designed, really randomized keywords that are
conveyed through physical mail. Extensively however, all together for a watchword to be
compelling, it will likewise be almost unthinkable for a person to recall (Tarin, 2015).
Accordingly, there are various distinctive strategies for protecting the entrance to computerized
identities that do not depend completely on the keywords. A significant number of individuals
utilize the dual-aspect authorization or multi-aspect validation. These sorts of frameworks utilize
few snippets of data to check a client's character (Vijayan, 2013). For instance, a PC may require
a secret key and a unique mark keeping in mind the end goal to sign in, or it might utilize facial
acknowledgment programming joined with corporeal indication.
Numerous advanced dual aspect frameworks are fusing biometric technology as the vital
components for checking a person's personality. This bodes well; the greatest number of
individuals would not anticipate that an attacker will have the capacity to take somebody's
fingerprints as effortlessly as they could a secret word. Be that as it may, this isn't the situation.
As a major aspect of the OPM attack, the attackers could take the unique mark data for more
than 5 million government workers. This is one of the greatest problems with biometric
protection. It appears to be totally refuge, yet that is not the real matter and the dream of full
safety will have hazardous ramifications.
Likewise with most of the safety advances, the engineers of computerized personality insurance
methods are gotten in a ceaseless competition with offenders who need to evade their endeavors.
Biometric protection is as yet a developing field, and the progressions are done to transform the
biometric frameworks more protective and available. Currently, the utilization of keywords is the
most prominent methods for validation on the web, yet that may modify since the issues with
keywords turn out to be more disjoin, the information breaks proceed, and innovative choices for
securing individual’s identity data wind up plainly accessible (Wright, 2011).
7.2. Privacy and Data Protection Strategy for Informal Digital Identity

Certain mitigation strategies for ensuring the privacy and data protection of informal digital
identity are provided below:
Regardless of the computerized period building the people’s vivacity apparently simpler, it
additionally appears like the individuals need to accomplish increasingly all an opportunity to
secure our own and money related data. More than 80% of people possess computer network at
home, office, etc. and that might not be the genuinely traditionalist number. That implies a large
portion of us depart an advanced impression that is in the correct tenders may influence an
entrance to point for criminals and con artists.
The solution is not to quit the utilization of the Internet, we do have a few hints on the best way
to best secure the informal digital identity in the MyLicence portal.
1. The luminaries:
Information focuses are gathered by the called destination website and the data can be traded to
different organizations. A few promotions are simply 'click draw' and are utilized to drag you to
another faulty site. Try not to incorporate any information other than the required information in
the portal. ID hoodlums can accomplish more harm in the event that they get a grip of your
sensitive information as few associations may utilize it to distinguish keywords. The
comprehension is made when some information is added to the web portal; it is elsewhere
located for eternity. Erasing on the web content regularly just expels it from general visibility;
but it can be placed in documents and databases for eternity.
2. Utilize numerous usernames and keywords:
Past the reality the passwords should be modified no less than three times per year, specialists let
the people know about receiving a propensity for various usernames likewise keeps criminals
from locating and getting the confidential data. By containing the similar username over
numerous destination sites formulate the people less demanding to track. Not simply usernames
and keywords should be used incidentally. Almost certainly you utilize a similar email to agree
to accept an assortment of locales. In the event that conceivable, the similar electronic mail
address must not be utilized constantly.
3. Geolocation administrations are genuinely novel to the cell phone exhibit:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

A huge number of individuals enable applications and sites to stamp your area. To which source
does this data move out? Great inquiry. Be that as it may, in the event that you have any worries
about your specialist co-op knowing the location of the individual at anytime, the telephone
settings should be turned off (Feng, Baochun & Li, 2014).
4. Peruse and Access web portal secretly:
Perusing in a private setting does not spare treats or inquiry history. By means of locales the
individual visit, nonetheless, the IP address will be recollected. This can be dangerous on the off
chance that, looking for unique individual information present for your accomplice and
promotions identifying with it begin flying up when they utilize the PC.
5. Activate the cookie impeder
By means of impeding outsider cookies while using the web portal, a portion of the online
information accumulation about the individual can be preserved. The cookies can follow the
online motions of the individual, even the cookies from destined website do not about the
visiting page of the individual. This can be observed by certain advertisements that are identified
with particular items. So, the cookies in the web portal can follow your propensities, inclinations,
aims and so on. Thus by impeding the cookies in the web portal, less data related to the
individual will be exposed.
8. Governance of Outline Plans:
8.1. Governance of PII data and digital identities of MyLicence Portal
Overseeing characters and giving safe and proficient entrance to huge extent contracted out
information is an imperative component of distributed computing. For most of the associations,
information security and protection concerns are generally essential. Along these lines, a great
unique id and right to use the administration procedure are the fundamental essential components
for vital utilization of protective on-request distributed computing administrations. The
confirmations of client id and verification parts of character administration include the
utilization, upkeep, and assurance of by and by identifiable data (PII) gathered from cloud

purchasers. Consequently, defeating unapproved get to information assets in the cloud
additionally merits a noteworthy consideration.
Following are the major IAM challenges that should be tended to for fruitful and powerful
administration of characters in the cloud.
Character Management:
Protective and efficient administration of prerequisite and non stipulation of clients to
frameworks, applications, and so on is one of the significant difficulties in Cloud Computing.
Visit change in clients' parts what's more, duties inside the association, turnover of clients,
modifications in the service provisions are the components that influence setting up a reasonable
Identity Administration and Management process.
Confirmation:
Authorizing the character of a client or a framework in a safe and trustworthy way is another
main concern. Different difficulties incorporate appropriate accreditation administration,
guaranteeing powerful verification, consistence with the secret key standard, cryptology
administration, and overseeing confidence over a wide range of cloud administrations.
Approval and Access Management:
Developing the efficient approval and admission management arrangements for clients to get to
the frameworks assets (i.e., software applications, databases, and so forth.) is another key
prerequisite. Notwithstanding giving cloud-based character and access administration
administrations, adjusting to the ceaseless changes in clients' parts or benefits and keeping up
control over access to assets are likewise testing.
League Management:
League identity administration gives associations a chance to confirm their clients (giving single
sign on office) by trading character data between the service contributor and the Character
Provider. Since character data are powerfully circulated crosswise over privacy spaces, it
postures critical security and protection challenges. Shaky correspondence organizes and frail

client validation conspires in Web character affix can prompt replay assaults, session seizing,
and phishing assaults.
Besides, dependence on the unique identity for character administration may cause fraud and
information ruptures if the candidate’s identity acts vindictively.
8.2. Personal data and PII data protection for DAS users of HR Management
Suite
The HR experts, operating with Human Resource data, know about the affectability of the
information depended upon by the organization. The employees will expect that their data will
be properly ensured and stay private.
Governments have delivered regulations and rules since 1981 for protecting the data privacy.
The gatherings of nations have signed the assertions to choose how information (and more
specifically, HR information) can be accessed crosswise over outskirts.
A lot of data is accessible, frequently genuinely toxic and written in "jargon". A few notions give
off an impression of being utilized as a part of alternance.
 Information honesty tends to the worry that information ought to be right and finish for
the utilization we need to make. As a basic case, if the personal address related to the
worker is not refreshed, management will neglect to contact him/her, and thusly
information will be junked.
 Information security is engaged in guarding data, looking for insurance from retrieve by
unapproved elements. The thought is to abstain from attackers and gatecrashers; both to
forestall robbery of thoughts or important data and to ensure the trustworthiness of the
information against unintentional or obstinate debasement.
 Information protection is frequently mistaken for information security, in any case
traverses a more extensive range. Its worry is to guarantee legitimate consistence with the
numerous universal directions managing and ensuring the people's preciseness to keep
their information sheltered and private; the process is not simply securing against outer
interruptions, yet regulating the way HR information is accessed globally, the location

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

and retrieval of the HR information. It implies giving devotion to information protection
rules and directions, wherever the association is dynamic.
8.3. Outline Plan for personal data for contractors in the contractor
management suite
The dangers of SaaS provider for contractor management disappointment and to distinguish the
principle issues that end client associations would need to settle to viably moderate these dangers
are discussed in this section.
Currently, the principle method for relieving against programming provider disappointment is
termed as “Software Escrow”. This was outlined as a method for retrieving source program for
software in case of provider disappointment. On the off chance that a provider loses everything,
there is no transient issue as the software and the business procedures bolstered by the software
proceed to operate and the contractor information stays inside the control of the end client.
Nonetheless, the end client organization has an issue as they won't have the capacity to keep up
the contractor management suite long haul and this issue is successfully unraveled by Software
Escrow and related administrations.
In the cloud field, in any case, the circumstance is unique. If the provider is failed, there is
possibility for a quick issue of the SaaS benefit being turned off in light of the fact that the
product provider never again has the money to keep on paying for its facilitating administration
or to provide payment to the key contractor. For the end client, this implies they never again
approach the application; the business procedure upheld by the contractor software suite can
never again work and the end client association loses access to their information.
The business effect of this misfortune will fluctuate contingent on the kind of contractor
application influenced:
Business Crucial Procedures (e.g. fund, HR, deals and store network)
Critical Information (e.g. examination or report coordinated effort)
Convenience (e.g. MDM, web separation, determined information)

To conclude with, the two providers of cloud arrangements and end client associations had not
appropriately thoroughly considered the ramifications of these new dangers, and not the
administrations they will need to moderate the danger of service provider disappointment.
8.4. Risks and Mitigation Measures for PII data and financial data of users
and DAS staff in the COTS payroll suite
This section incorporates a rundown of latent dangers (misrepresentation or blunders) relating to
Payroll Process in the Commercial off-the-shelf product suite. Keep in mind it is simpler to keep
the dangers through inside controls than to rectify their belongings later. The efficient mitigation
processes include:
 Recognizable proof of the principle hazards in the payroll process and
 The usage of management to diminish or take out these dangers.
Additionally one imperative action to be brought up is that the adequacy of the rules set up ought
to be ceaselessly checked. This will right off the bat to guarantee that the rules which should
prevail in principle are really executed by and by and furthermore these controls accomplish their
targets to moderate the dangers.
9. Conclusion:
This section provides an exhaustive outline of the current security and data protection issues in
the PII data of MyLicence portal that is intended to provide administrative services to the
registered citizens. At that point, we introduced an assortment of security and protection
concerns related with Cloud Computing, distinguished real dangers and vulnerabilities. Each of
these classifications distinguished a few dangers and vulnerabilities, bringing about further
characterization on PII data and identity management. It is obvious from our discourse that for
the across the board selection of the cloud solution, these concerns must be tackled completely.
In this manner, advancement of the current arrangement procedures and in addition more
imaginative methodologies need to moderate these issues is required (Feng, Baochun & Li,
2014). In spite of the fact that Cloud Computing is a buzzword in current information
technology, it is still in its earliest stages, and it is across the board selection that depends
generally on how the regularly expanding security concerns will be dealt in the destined areas.

10. Reference
Alcaraz Calero, J.M., Edwards, N., Kirschnick, J., Wilcock, L., & Wray, M. (2010). Toward a
Multi-Tenancy AuthorizationSystem for Cloud Services . IEEE Security & Privacy,
8(6),48–55.
Apecechea, G.I., Inci, M.S., Eisenbarth, T., & Sunar, B. (2014). Fine Grain Cross-VM Attacks
on Xen and VMware.In Proc. BDCloud, 737–744.
Asghar, M. R., Ion, G., Russello, G., & Crispo, B. (2011). Securing Data Provenance in the
Cloud. In Proc. iNetSeC,pages, 145–160.
Chen, H.C.H., & Lee, P.P.C. (2014). Enabling Data Integrity Protection in Regenerating-Coding-
Based Cloud Storage:Theory and Implementation. IEEE Transactions on Parallel and
Distributed Systems, 25(2),407–416.
Chu, C., Chow, S.S.M. , Tzeng, W. , Zhou, J., & Deng, R.H. (2014). Key-Aggregate
Cryptosystem for Scalable DataSharing in Cloud Storage. IEEE Transactions on Parallel
and Distributed Systems, 25(2), 468–477.
Dabrowski, C., & Mills, K. (2011). VM Leakage and Orphan Control in Open-Source Clouds. In
Proc. 3rd IEEEInternational Conference on Cloud Computing Technology and Science
(CloudCom), 554–559.
Factor, M., Hadas, D., Hamama, A., Har’El, N., Kolodner, E.K., Kurmus, A., & Shulman-Peleg,
A. (2013). SecureLogical Isolation for Multi-tenancy in Cloud Storage. In Proc. MSST,
1–5.
Feng, Y., Baochun , L., & Li, B. (2014). Price Competition in an Oligopoly Market with
Multiple IaaS CloudProviders. IEEE Transactions on Computers, 63(1):59–73.
Gargama, H., & Chaturvedi, S.K. (2011). Criticality assessment models for failure mode effects
and criticality analysis using fuzzy logic. Reliab. IEEE Trans. 60(1), 102–110.
Grobauer, B., Walloschek, T., & Stocker, E. (2011). Understanding Cloud Computing
Vulnerabilities. IEEE Security& Privacy, 9(2), 50–57.
Heilig, L., & Voss, S. (2014). A Scientometric Analysis of Cloud Computing Literature. IEEE
Transactions on Cloud Computing, 2(3), 266–278.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Heng, H., Ruixuan, L., Xinhua, D., & Zhang, Z. (2014). Secure, Efficient and Fine-Grained
Data Access Control Mechanism for P2P Storage Cloud. IEEE Transactions on Cloud
Computing, 2(4), 471–484.
Khan, A.U., Oriol, M., Kiran, M., Jiang, M., & Djemame, K. (2012).Security risks and their
management in cloud computing. In: IEEE 4th International Conference on Cloud
Computing Technology and Science (CloudCom), 121–12.
O’Hagan, A., & Oakley, J.E. (2004). Probability is perfect, but we can’t elicit it perfectly.
Reliab. Eng. Syst. Safety, 85(13), 239–248.
Roberts, J.C., & Al-Hamdani,W. (2011). Who Can You Trust in the Cloud? A Review of
Security Issues Within Cloud Computing. In Proc. of the Information Security
Curriculum Development Conference, 15–19.
Saripalli, P., & Walters, B.(2010). QUIRC: A quantitative impact and risk assessment framework
for cloud security. In: IEEE 3rd International Conference on Cloud Computing
(CLOUD), 280–288.
Sendi, A.S., Cheriet, M. (2014). Cloud computing: a risk assessment model. In: IEEE
International Conference on Cloud Engineering (IC2E), 147–152.
Solove, D.J. (2006). A Taxonomy of Privacy. University of Pennsylvania Law Review, 154(3):
477-550.
Tarin, D. (2015, November 20). Privacy and Big Data in Smart Cities, AC Actual Smart City.
Retrieved from January. www.smartscities.com/en/latest3/tech-2/item/503-privacy-and-
big-data-in-smart-cities.
Vijayan, J. (2013, May 13). With the Internet of Things, smart buildings pose big risk. Retrieved
from www.computerworld.com/article/2489343/security0/with-the-internet-of-things--
smart-buildings-pose-big-risk.html.
Wright, D. (2011). Should privacy impact assessments be mandatory? Commun. ACM, 54(8),
121-131.

1 out of 20

+13062052269

info@desklib.com

Cloud Computing Risks and Security

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Threat and Risk Assessment for MyLicense Portal - Desklib

Cloud Privacy and Security

Data Privacy and Security Challenges

Cloud Privacy and Security: Threat and Risk Assessment, PII Privacy Strategies, Digital Identity and Controls, Governance Plan

MyLicence Portal: Threat & Risk Assessment

Privacy and Security in Smart Homes