Financial Sector Cloud Computing Security: Aztek Risk Analysis Report
VerifiedAdded on 2020/04/01
|14
|5548
|178
Report
AI Summary
This report provides a comprehensive analysis of cloud computing security risks, specifically within the context of Aztek, a financial company. The report begins by highlighting the increasing importance of IT security in the modern business landscape, particularly within the financial sector, where sensitive data and strict regulatory compliance are paramount. It then delves into the benefits of cloud computing, such as cost-effectiveness and resource optimization, while also acknowledging the associated security challenges, including data breaches, loss of governance, and compliance issues. The report reviews the current security posture of Aztek, including existing security measures like password protection and access controls, and assesses the potential impact of migrating business-critical applications and data to a cloud environment. It identifies key risks, such as lock-in, loss of governance, compliance challenges, and service termination, and categorizes them into policy/organizational, technical, and legal risks. The report concludes by emphasizing the need for enhanced security protocols, including user access controls, monitoring of user activity, employee background checks, and the implementation of robust security measures to protect against data breaches and ensure the confidentiality, integrity, and availability of data in a cloud environment. The report also highlights the importance of understanding industry best practices and frameworks for IT control and risk management, and the need for financial institutions to maintain a proactive approach to cloud security.
qwertyuiopasdfghjklzxcvbnmqwe
rtyuiopasdfghjklzxcvbnmqwertyu
iopasdfghjklzxcvbnmqwertyuiopa
sdfghjklzxcvbnmqwertyuiopasdfg
hjklzxcvbnmqwertyuiopasdfghjkl
zxcvbnmqwertyuiopasdfghjklzxcv
bnmqwertyuiopasdfghjklzxcvbnm
qwertyuiopasdfghjklzxcvbnmqwe
rtyuiopasdfghjklzxcvbnmqwertyu
iopasdfghjklzxcvbnmqwertyuiopa
sdfghjklzxcvbnmqwertyuiopasdfg
hjklzxcvbnmqwertyuiopasdfghjkl
zxcvbnmqwertyuiopasdfghjklzxcv
bnmqwertyuiopasdfghjklzxcvbnm
qwertyuiopasdfghjklzxcvbnmqwe
rtyuiopasdfghjklzxcvbnmrtyuiopa
[Type the document title]
[Type the document subtitle]
[Pick the date]
rtyuiopasdfghjklzxcvbnmqwertyu
iopasdfghjklzxcvbnmqwertyuiopa
sdfghjklzxcvbnmqwertyuiopasdfg
hjklzxcvbnmqwertyuiopasdfghjkl
zxcvbnmqwertyuiopasdfghjklzxcv
bnmqwertyuiopasdfghjklzxcvbnm
qwertyuiopasdfghjklzxcvbnmqwe
rtyuiopasdfghjklzxcvbnmqwertyu
iopasdfghjklzxcvbnmqwertyuiopa
sdfghjklzxcvbnmqwertyuiopasdfg
hjklzxcvbnmqwertyuiopasdfghjkl
zxcvbnmqwertyuiopasdfghjklzxcv
bnmqwertyuiopasdfghjklzxcvbnm
qwertyuiopasdfghjklzxcvbnmqwe
rtyuiopasdfghjklzxcvbnmrtyuiopa
[Type the document title]
[Type the document subtitle]
[Pick the date]
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Cloud Computing 1
Executive Summary
The present report sheds light on the security issues emerging from the use of online mediums in
the business enterprises. Today, all the business organizations are using online mediums to store
and retrieve information. However, with the use of online methods the security, confidentiality of
the information has come under pressure. The hackers can access the information from another
part of the world and use it for their malicious intent. Currently, cloud computing has become
hugely popular due to several advantages such as its cost-effectiveness and less consumption of
resources. However, the security and the privacy concerns have increased with the use of cloud
services as the control over the resources is provided to a third party vendor. In this regard, the
present report has discussed the various security concerns of the cloud computing. Moreover, the
report has also highlighted the current stance of the organization regarding the information
security. It has been identified that the organization should enhance their security protocols to
increase the security of the organization.
Executive Summary
The present report sheds light on the security issues emerging from the use of online mediums in
the business enterprises. Today, all the business organizations are using online mediums to store
and retrieve information. However, with the use of online methods the security, confidentiality of
the information has come under pressure. The hackers can access the information from another
part of the world and use it for their malicious intent. Currently, cloud computing has become
hugely popular due to several advantages such as its cost-effectiveness and less consumption of
resources. However, the security and the privacy concerns have increased with the use of cloud
services as the control over the resources is provided to a third party vendor. In this regard, the
present report has discussed the various security concerns of the cloud computing. Moreover, the
report has also highlighted the current stance of the organization regarding the information
security. It has been identified that the organization should enhance their security protocols to
increase the security of the organization.
Cloud Computing 2
Table of Contents
Introduction.................................................................................................................................................3
Review of Project with Financial Sector.......................................................................................................3
Review of the Project on the Current Security Posture of Aztek.................................................................4
Risk Assessment based on threats, vulnerabilities and consequences from an IT control framework and
any existing industry risk recommendation for the project.........................................................................5
Cloud Service Security.................................................................................................................................7
Security Measures for Data Security in Cloud Environment........................................................................9
Conclusion.................................................................................................................................................10
References.................................................................................................................................................12
Table of Contents
Introduction.................................................................................................................................................3
Review of Project with Financial Sector.......................................................................................................3
Review of the Project on the Current Security Posture of Aztek.................................................................4
Risk Assessment based on threats, vulnerabilities and consequences from an IT control framework and
any existing industry risk recommendation for the project.........................................................................5
Cloud Service Security.................................................................................................................................7
Security Measures for Data Security in Cloud Environment........................................................................9
Conclusion.................................................................................................................................................10
References.................................................................................................................................................12
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Cloud Computing 3
Introduction
In the present times, IT security risk is one of the
major risks faced by the business organizations. The information technology has prevailed in all
the aspects of organization’s operations and; therefore, IT risk assessment is important for
assuring smooth operations of an organization. Several incidences of data breach and hacking
has shifted the attention of the IT managers towards security assessment and measures. Aztek is
a financial company which operated in the Australian financial industry. In order to enhance the
performance of the organization, the company has planned to implement several technology
projects. These projects will be approved by the respective strategists and funded for
deployment. The present report will focus the relocation of the business-critical application and
the data sources towards an external cloud solution (Mell & Grance, 2011). The cloud is an
information technology paradigm which enables ubiquitous access to shared configurable
resources. The pool of shared resources can be easily shared over the internet with minimal
efforts. It is the methodology which allows the users and the enterprises to share computing
capabilities and store and process data over a shared cloud. The principle is to share the
resources to achieve economy of scale and reduce the overall expenditure to the organization.
However, this technology has increased the security concern for the business organizations
(Ostermann, Iosup, Yigitbasi, Prodan, Fahringer & Epema, 2009). As it is shared resource, the
third party may access the crucial and confidential information of a business organization. Other
than that, the competing business organization may use this information to harm the brand image
of the business organization. The clouds are maintained by a third-party vendor; therefore,
maintaining the security of the information is quite challenging for the organization. In this
essence, the present report will discuss all the security risk associated with the deployment of
cloud system in an organization. The report will discuss the security risks associated with the
financial sector, current security posture of Aztek, and a risk assessment will be conducted
associated with the threats vulnerabilities of the system. The report will also shed light on
various recommendations which can be used to address the situation.
Review of Project with Financial Sector
The security demands in the financial industry are very high. In the financial industry,
people make investment of their hard-earned money as well as they share their personal financial
information with these organizations. Therefore, it is important that the financial organizations
implement high level of security protocol in the organization. Aztek should also assure that it
implement IT infrastructure and security policies so that the sensitive information of the
organization can be protected.
Currently, cloud computing is commonly used in various industrial sectors but its adoption in the
financial sector and the banking organizations is low. The cloud computing offers a variety of
benefits such as flexibility, low cost and enhanced organizational efficiency; however, banks and
other financial institutions are still reluctant to adopt cloud technology as they are concerned
regarding sharing of data in other platforms. It is because for the financial institutions, it is very
important to keep the data secure. The banking information is very sensitive and valuable and
handing over such information to a third party can be extremely risky for the users as well as
banking organizations (Armbrust, Fox, Griffith, Joseph, Katz, Konwinski ... & Zaharia, 2010).
Introduction
In the present times, IT security risk is one of the
major risks faced by the business organizations. The information technology has prevailed in all
the aspects of organization’s operations and; therefore, IT risk assessment is important for
assuring smooth operations of an organization. Several incidences of data breach and hacking
has shifted the attention of the IT managers towards security assessment and measures. Aztek is
a financial company which operated in the Australian financial industry. In order to enhance the
performance of the organization, the company has planned to implement several technology
projects. These projects will be approved by the respective strategists and funded for
deployment. The present report will focus the relocation of the business-critical application and
the data sources towards an external cloud solution (Mell & Grance, 2011). The cloud is an
information technology paradigm which enables ubiquitous access to shared configurable
resources. The pool of shared resources can be easily shared over the internet with minimal
efforts. It is the methodology which allows the users and the enterprises to share computing
capabilities and store and process data over a shared cloud. The principle is to share the
resources to achieve economy of scale and reduce the overall expenditure to the organization.
However, this technology has increased the security concern for the business organizations
(Ostermann, Iosup, Yigitbasi, Prodan, Fahringer & Epema, 2009). As it is shared resource, the
third party may access the crucial and confidential information of a business organization. Other
than that, the competing business organization may use this information to harm the brand image
of the business organization. The clouds are maintained by a third-party vendor; therefore,
maintaining the security of the information is quite challenging for the organization. In this
essence, the present report will discuss all the security risk associated with the deployment of
cloud system in an organization. The report will discuss the security risks associated with the
financial sector, current security posture of Aztek, and a risk assessment will be conducted
associated with the threats vulnerabilities of the system. The report will also shed light on
various recommendations which can be used to address the situation.
Review of Project with Financial Sector
The security demands in the financial industry are very high. In the financial industry,
people make investment of their hard-earned money as well as they share their personal financial
information with these organizations. Therefore, it is important that the financial organizations
implement high level of security protocol in the organization. Aztek should also assure that it
implement IT infrastructure and security policies so that the sensitive information of the
organization can be protected.
Currently, cloud computing is commonly used in various industrial sectors but its adoption in the
financial sector and the banking organizations is low. The cloud computing offers a variety of
benefits such as flexibility, low cost and enhanced organizational efficiency; however, banks and
other financial institutions are still reluctant to adopt cloud technology as they are concerned
regarding sharing of data in other platforms. It is because for the financial institutions, it is very
important to keep the data secure. The banking information is very sensitive and valuable and
handing over such information to a third party can be extremely risky for the users as well as
banking organizations (Armbrust, Fox, Griffith, Joseph, Katz, Konwinski ... & Zaharia, 2010).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Cloud Computing 4
Moreover, operational in the financial sector, the companies have to abide by very strict and
stringent laws. The data protection laws often control the technology and infrastructure options
for the companies. All the IT managers agree that the risk can be controlled in a much better
manner in in-house operations than in cloud. Although the financial institutions have a large
number of security concerns, the major issues are data confidentiality, data breach, compliance
and legal issues. Other important risks are loss of governance, lack of transparency and lack of
auditing features.
When a company utilizes the cloud computing solutions, it loses control over the data which is a
big cause of concern for the finance companies. Cloud in an online platform wherein different
business organizations share their resources. It increases the cost-effectiveness of the business
organization and they can avoid buying expensive resources for the operations of company. They
contact a private vendor which leases the cloud services for the period of time and capacity
required. The cost of cloud rental is determined by the usage of services (Li, Dai, Tian & Yang,
2009). However, as several organizations are sharing same resources, it becomes easier for them
to access each other’s sensitive information. Other than that, the third party vendor also has
instant access to the data and the information of the business organization. This information can
be used by the organization for wrong purpose.
Review of the Project on the Current Security Posture of Aztek
Aztek is a financial business organization which has implemented various policies related
to information security to maintain the organizational security. It is important to implement novel
security methodologies to reduce the risks in new technologies and software. The security
measures and countermeasures are implemented to protect the organizations from security
attacks. The security measures and countermeasures are used by the business organizations to
protect information stored, transmitted and analyzed using online platforms. They must be able
to evaluate or examine the security level in a business organization. The security measures of the
organization can be grouped in three major groups, namely, physical, personal and the network
security measures. At each level, the security measures focus on confidentiality, integrity and
availability of data (Qian, Luo, Du & Guo, 2009). The internet is a big cause of concern for the
business organizations as it increases the security threats. The criminals can access valuable
organizational information by operating system weaknesses, default configuration of operating
system, encryption issues and poorly written web applications. The companies use various
measures such as password protection, designing safe systems, conducting screening and
background checks and providing basic training to the employees (Buyya, Yeo, Venugopal,
Broberg & Brandic, 2009). Aztek Solutions has also implemented various security measures to
increase the security standards of the organization. The users have to submit their digital storage
devices before entering the organization. This security measure is implemented so that the
employees cannot obtain the sensitive information of an organization.
Other than that, installing reliable antivirus software, protecting with Firewall and installing
encryption software will also be beneficial techniques for maintaining the security of a business
organization. It can be critiqued that a large number of security attacks occur due to weak
password protocols. The company has assured that access to various the equipment and wireless
network should be guarded by using unique user names and passwords. The strong passwords
contain numbers, letters and symbols which are not easy to guess. In order to design secure
Moreover, operational in the financial sector, the companies have to abide by very strict and
stringent laws. The data protection laws often control the technology and infrastructure options
for the companies. All the IT managers agree that the risk can be controlled in a much better
manner in in-house operations than in cloud. Although the financial institutions have a large
number of security concerns, the major issues are data confidentiality, data breach, compliance
and legal issues. Other important risks are loss of governance, lack of transparency and lack of
auditing features.
When a company utilizes the cloud computing solutions, it loses control over the data which is a
big cause of concern for the finance companies. Cloud in an online platform wherein different
business organizations share their resources. It increases the cost-effectiveness of the business
organization and they can avoid buying expensive resources for the operations of company. They
contact a private vendor which leases the cloud services for the period of time and capacity
required. The cost of cloud rental is determined by the usage of services (Li, Dai, Tian & Yang,
2009). However, as several organizations are sharing same resources, it becomes easier for them
to access each other’s sensitive information. Other than that, the third party vendor also has
instant access to the data and the information of the business organization. This information can
be used by the organization for wrong purpose.
Review of the Project on the Current Security Posture of Aztek
Aztek is a financial business organization which has implemented various policies related
to information security to maintain the organizational security. It is important to implement novel
security methodologies to reduce the risks in new technologies and software. The security
measures and countermeasures are implemented to protect the organizations from security
attacks. The security measures and countermeasures are used by the business organizations to
protect information stored, transmitted and analyzed using online platforms. They must be able
to evaluate or examine the security level in a business organization. The security measures of the
organization can be grouped in three major groups, namely, physical, personal and the network
security measures. At each level, the security measures focus on confidentiality, integrity and
availability of data (Qian, Luo, Du & Guo, 2009). The internet is a big cause of concern for the
business organizations as it increases the security threats. The criminals can access valuable
organizational information by operating system weaknesses, default configuration of operating
system, encryption issues and poorly written web applications. The companies use various
measures such as password protection, designing safe systems, conducting screening and
background checks and providing basic training to the employees (Buyya, Yeo, Venugopal,
Broberg & Brandic, 2009). Aztek Solutions has also implemented various security measures to
increase the security standards of the organization. The users have to submit their digital storage
devices before entering the organization. This security measure is implemented so that the
employees cannot obtain the sensitive information of an organization.
Other than that, installing reliable antivirus software, protecting with Firewall and installing
encryption software will also be beneficial techniques for maintaining the security of a business
organization. It can be critiqued that a large number of security attacks occur due to weak
password protocols. The company has assured that access to various the equipment and wireless
network should be guarded by using unique user names and passwords. The strong passwords
contain numbers, letters and symbols which are not easy to guess. In order to design secure
Cloud Computing 5
system, a business organization should minimize unnecessary access to hardware and software;
control the individual user’s access to only required equipment and devices. The organization
can also control the damage to the network by using unique set of email addresses, login, and
domain name and server passwords (Armbrust, Fox, Griffith, Joseph, Katz, Konwinski,.. &
Zaharia, 2009). It is also important to conduct screening test and background checks for the
employees of the organization.
As discussed above, the financial organization has implemented several security
measures for maintaining the security in the IT infrastructure of the organization. However, the
security challenges will vary with the deployment of cloud services. In this situation, the user
access and the user verification will be of utmost importance. The organization should
implement different procedures to control the access of different users. The access to confidential
data should be controlled for the organization’s security (Foster, Zhao, Yaicu & Lu, 2008,
November). The business organizations should only provide access to the applications and data
which are essentially required by the business organizations.
Currently, the organization has applied significant amount of security measures. It
includes the use of firewall, encryption methods and control of the user access. However, with
the frequency of user activity the organization needs more security protocols. Aztek Solutions
should monitor the user activity, communicate the purpose and the user protocol clearly to the
employees and collect essential background check in the employees. These initiatives can reduce
the extent of the data breach in the organization. The business organizations can control the IT
risk faced by the organizations; however, they are unable to control the malicious intent of the
employees (Carlin & Curran, 2011). Therefore, it is important to conduct proper security check
on the customers. The company should check the user activity and if they find anything
suspicious, they should be careful for that employee. Moreover, it is also important that the
organization conducts a background check before recruiting an employee in the organization
(Zhang, Cheng and Boutaba, 2010). The organization should examine the past records with the
previous employers and past criminal records. It will assist the organization is assessing the
behavior of the employees and judge whether he will be able to adjust in the new organization.
Risk Assessment based on threats, vulnerabilities and consequences
from an IT control framework and any existing industry risk
recommendation for the project
Several novel and unique risks are associated with the use of cloud computing as it is a novel
technology. The risks faced by the organizations implementing cloud computing can be
differentiated in three different categories, namely, policy and organizational risk, technical risk
and legal risk.
Lock-in
There is little advancement in portability measures in cloud computing; therefore, it
becomes extremely challenging for the organization to shift the data from one provider to
another provider in an in-house IT environment (Mishra, Mathur, Jain, & Rathore, 2013).
Loss of Governance
system, a business organization should minimize unnecessary access to hardware and software;
control the individual user’s access to only required equipment and devices. The organization
can also control the damage to the network by using unique set of email addresses, login, and
domain name and server passwords (Armbrust, Fox, Griffith, Joseph, Katz, Konwinski,.. &
Zaharia, 2009). It is also important to conduct screening test and background checks for the
employees of the organization.
As discussed above, the financial organization has implemented several security
measures for maintaining the security in the IT infrastructure of the organization. However, the
security challenges will vary with the deployment of cloud services. In this situation, the user
access and the user verification will be of utmost importance. The organization should
implement different procedures to control the access of different users. The access to confidential
data should be controlled for the organization’s security (Foster, Zhao, Yaicu & Lu, 2008,
November). The business organizations should only provide access to the applications and data
which are essentially required by the business organizations.
Currently, the organization has applied significant amount of security measures. It
includes the use of firewall, encryption methods and control of the user access. However, with
the frequency of user activity the organization needs more security protocols. Aztek Solutions
should monitor the user activity, communicate the purpose and the user protocol clearly to the
employees and collect essential background check in the employees. These initiatives can reduce
the extent of the data breach in the organization. The business organizations can control the IT
risk faced by the organizations; however, they are unable to control the malicious intent of the
employees (Carlin & Curran, 2011). Therefore, it is important to conduct proper security check
on the customers. The company should check the user activity and if they find anything
suspicious, they should be careful for that employee. Moreover, it is also important that the
organization conducts a background check before recruiting an employee in the organization
(Zhang, Cheng and Boutaba, 2010). The organization should examine the past records with the
previous employers and past criminal records. It will assist the organization is assessing the
behavior of the employees and judge whether he will be able to adjust in the new organization.
Risk Assessment based on threats, vulnerabilities and consequences
from an IT control framework and any existing industry risk
recommendation for the project
Several novel and unique risks are associated with the use of cloud computing as it is a novel
technology. The risks faced by the organizations implementing cloud computing can be
differentiated in three different categories, namely, policy and organizational risk, technical risk
and legal risk.
Lock-in
There is little advancement in portability measures in cloud computing; therefore, it
becomes extremely challenging for the organization to shift the data from one provider to
another provider in an in-house IT environment (Mishra, Mathur, Jain, & Rathore, 2013).
Loss of Governance
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Cloud Computing 6
While availing the cloud services, the organization gives the information control the
service provider. The service providers may prohibit the port scans and vulnerability assessment
and it can result in conflicts between the user and the cloud environment (Zissis & Lekkas,
2012). The service provider may not offer a commitment to use these security protocols which
can increase the organization’s vulnerability to the threats.
Compliance Challenges
The user and the service provider may operate in different countries. It can increase the
challenges related to compliance (Krutz & Vines, 2010).
Cloud Service termination of failure
If the cloud service provider fails, it can increase the vulnerability of the user (Mells &
Grance, 2011).
Loss of business reputation
Although resource sharing reduces the overall cost to the organization, the malicious activities
carried out by one tenant might affect the reputation of other tenant (Chen, Paxson & Katz,
2010). It can deteriorate the brand image; result in issues in service delivery and data loss.
There are also a large number of technical risks involved in the deployment of cloud services in
the organization.
Resource exhaustion: It can be critiqued that the cloud services are on-demand and shared
services. Therefore, there is risk regarding the allocation of resources to on user or another. The
resources are allocated according to statistical projections of the cloud service provider.
Inaccurate allocation of resources occurs due to distortion with the allocation algorithm,
improper provision of resources or lack of infrastructure (Popović & Hocenski, 2010, May).
Isolation failure: The primary characteristics of cloud computing are shared resources and
separation between different users. The computing capacity, storage and network are shared
between different users (Ogigau-Neamtiu, 2012). However, if the service provider fails to
implement mechanism separating computing capacity, storage and network, it fails to provide
adequate service to the users.
Cloud Service Security
The cloud environment has several peculiar security issues. The security issues arising in the
technology can be classified in six broad categories. These categories include infrastructure,
data, access, availability, compliance and role of users. The infrastructure issues refer to the
security provided to the physical devices of the organization. The cloud computing is more
physically vulnerable than the traditional in-house security techniques. In the infrastructure, the
physical surveillance of the cloud data centers is considered (Zissis & Lekkas, 2012). It is
important that there are enough security guards and cameras inside the organization so that the
risk associated with the external intrusion or attack can be reduced. The well-equipped
infrastructure can reduce the risk associated with the cloud providers.
While availing the cloud services, the organization gives the information control the
service provider. The service providers may prohibit the port scans and vulnerability assessment
and it can result in conflicts between the user and the cloud environment (Zissis & Lekkas,
2012). The service provider may not offer a commitment to use these security protocols which
can increase the organization’s vulnerability to the threats.
Compliance Challenges
The user and the service provider may operate in different countries. It can increase the
challenges related to compliance (Krutz & Vines, 2010).
Cloud Service termination of failure
If the cloud service provider fails, it can increase the vulnerability of the user (Mells &
Grance, 2011).
Loss of business reputation
Although resource sharing reduces the overall cost to the organization, the malicious activities
carried out by one tenant might affect the reputation of other tenant (Chen, Paxson & Katz,
2010). It can deteriorate the brand image; result in issues in service delivery and data loss.
There are also a large number of technical risks involved in the deployment of cloud services in
the organization.
Resource exhaustion: It can be critiqued that the cloud services are on-demand and shared
services. Therefore, there is risk regarding the allocation of resources to on user or another. The
resources are allocated according to statistical projections of the cloud service provider.
Inaccurate allocation of resources occurs due to distortion with the allocation algorithm,
improper provision of resources or lack of infrastructure (Popović & Hocenski, 2010, May).
Isolation failure: The primary characteristics of cloud computing are shared resources and
separation between different users. The computing capacity, storage and network are shared
between different users (Ogigau-Neamtiu, 2012). However, if the service provider fails to
implement mechanism separating computing capacity, storage and network, it fails to provide
adequate service to the users.
Cloud Service Security
The cloud environment has several peculiar security issues. The security issues arising in the
technology can be classified in six broad categories. These categories include infrastructure,
data, access, availability, compliance and role of users. The infrastructure issues refer to the
security provided to the physical devices of the organization. The cloud computing is more
physically vulnerable than the traditional in-house security techniques. In the infrastructure, the
physical surveillance of the cloud data centers is considered (Zissis & Lekkas, 2012). It is
important that there are enough security guards and cameras inside the organization so that the
risk associated with the external intrusion or attack can be reduced. The well-equipped
infrastructure can reduce the risk associated with the cloud providers.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Cloud Computing 7
Data: In the recent time, the use of cloud based applications has enhanced. The users are using
applications for storing data in cloud environment. The cloud services are also used by the
government and large business organizations to store confidential information. AS a reslt, the
surface area for the information has increased. Therefore, the vulnerability of the data has also
increased. The unauthorized data access is the most common type of attack that occurs in the
cloud based applications. It weakens the trust of the customers and the users feel insecure with
the data based applications (Asma, Chaurasia & Mokhtar, 2012). It is important to assure the
user that the machines, software and the user applications used by them are sufficient to establish
data security. However, the cloud service providers are unable to share the information as it will
increase their vulnerability to more attacks.
Access: The cloud based solutions increases the accessibility to the data and the information. The
customers can gain access to the digitized information from different devices; however, with this
the unauthorized access to the applications also increases. The illegal access compromise the
privacy of the data as the applications are not able to access whether the user is genuine (Jensen,
Schwenk, Gruschka & Iacono, 2009, September). In this regard, the application provider should
provide a default device to each of the user and if the user accesses the application from other
device, the organization should follow proper verification procedure.
Availability: The cloud service provider should also assure the availability to all the users who
have been enrolled to use the applications. The frequency of the users who try to reach their user
account or data simultaneously can increase or decrease at any given time. It is important for the
provider that the cloud based service is able to adapt itself as per the number of users. The
number of users must be able to access the application at any given time without any hindrance
(So, 2011). Therefore, it is important that the application must be able to scale itself. The
scalability feature can be performed automatically by the service provider or by manually
through knowledge learning.
Compliance: The government as well as the professional bodies has put forth policies and
regulations regarding security audits, operation traceability and data location. The business
organizations should follow these regulations to ensure data security (Grobauer, Walloschek &
Stocker, 2011). The users should also be aware regarding the number of regulations which are
followed by the cloud service provider.
Proposed Security Framework
Cloud computing is considered as a computing model which enables the convenient, on-demand
network access to different resources. However, the security deployment should be different
from the traditional IT environment. The traditional on-house authorization and authentication
framework cannot be implemented to the cloud based applications. The biggest security issue in
the cloud environment is that of unauthorized access. The users store their data hoping that the
information will be protected from illegal access; however, the confidentiality of the data is
undermined in the cloud based system. The security vulnerabilities of the organization can be
achieved with the help of framework (Chou, 2013). A security framework can be proposed
which includes technical, legal and policy considerations. In this framework, an catalogue is used
to calculate the vulnerability of cloud based environment to threats and attacks. With the help of
threat index, the organization can analyze the performance of the cloud provider and
communicate it to the user. The organization can analyze the performance of the cloud provider
Data: In the recent time, the use of cloud based applications has enhanced. The users are using
applications for storing data in cloud environment. The cloud services are also used by the
government and large business organizations to store confidential information. AS a reslt, the
surface area for the information has increased. Therefore, the vulnerability of the data has also
increased. The unauthorized data access is the most common type of attack that occurs in the
cloud based applications. It weakens the trust of the customers and the users feel insecure with
the data based applications (Asma, Chaurasia & Mokhtar, 2012). It is important to assure the
user that the machines, software and the user applications used by them are sufficient to establish
data security. However, the cloud service providers are unable to share the information as it will
increase their vulnerability to more attacks.
Access: The cloud based solutions increases the accessibility to the data and the information. The
customers can gain access to the digitized information from different devices; however, with this
the unauthorized access to the applications also increases. The illegal access compromise the
privacy of the data as the applications are not able to access whether the user is genuine (Jensen,
Schwenk, Gruschka & Iacono, 2009, September). In this regard, the application provider should
provide a default device to each of the user and if the user accesses the application from other
device, the organization should follow proper verification procedure.
Availability: The cloud service provider should also assure the availability to all the users who
have been enrolled to use the applications. The frequency of the users who try to reach their user
account or data simultaneously can increase or decrease at any given time. It is important for the
provider that the cloud based service is able to adapt itself as per the number of users. The
number of users must be able to access the application at any given time without any hindrance
(So, 2011). Therefore, it is important that the application must be able to scale itself. The
scalability feature can be performed automatically by the service provider or by manually
through knowledge learning.
Compliance: The government as well as the professional bodies has put forth policies and
regulations regarding security audits, operation traceability and data location. The business
organizations should follow these regulations to ensure data security (Grobauer, Walloschek &
Stocker, 2011). The users should also be aware regarding the number of regulations which are
followed by the cloud service provider.
Proposed Security Framework
Cloud computing is considered as a computing model which enables the convenient, on-demand
network access to different resources. However, the security deployment should be different
from the traditional IT environment. The traditional on-house authorization and authentication
framework cannot be implemented to the cloud based applications. The biggest security issue in
the cloud environment is that of unauthorized access. The users store their data hoping that the
information will be protected from illegal access; however, the confidentiality of the data is
undermined in the cloud based system. The security vulnerabilities of the organization can be
achieved with the help of framework (Chou, 2013). A security framework can be proposed
which includes technical, legal and policy considerations. In this framework, an catalogue is used
to calculate the vulnerability of cloud based environment to threats and attacks. With the help of
threat index, the organization can analyze the performance of the cloud provider and
communicate it to the user. The organization can analyze the performance of the cloud provider
Cloud Computing 8
by collecting the data in the absence and presence of legal control, policy trends, and criminal
attacks. The analysis will help the organization in increasing or decreasing the control in legal,
technical and policy perspective (Dahbur, Mohammad, & Tarakji, 2011, April). The analysis will
also help in identifying the policies which are flawed and the organization can improve them to
enhance the reliability on the cloud-based solutions.
Figure: Cloud Security Framework
(Source: Srivastava & Kumar, 2015)
Security Measures for Data Security in Cloud Environment
The cloud based applications have not matured and the security risk will be persistent till
the cloud based applications will develop properly. There are several methods which can be used
to enhance the security of the cloud based applications. It is important that the cloud providers
hide some specific security related information. The security procedures should be kept
confidential so that the security breaches can be minimized (Hashizume, Rosado, Fernández-
Medina, & Fernandez, 2013). However, the loss of transparency can result in customer losing
trust on the service providers. A governing body can be formed which can act as an interface
between the cloud provider and the application users. The governing entity should be an
independent unit and should not be biased with any of other organization in the procedure. They
should regulate each and every action taken in the cloud environment. It is important that the
cloud provider register themselves at these government bodies and they can assess the
procedures used in the new technology.
It will be the responsibility of the governing body for the risk assessment, evaluating the
performance of security policies and compliance related to the cloud layer. The governing body
should not just assess the existing infrastructure but also provide solutions to uplift the standard
of the cloud security (Almorsy, Grundy & Müller, 2016).
The governing body should also regulate the organization’s operations in the cloud environment.
When the information is transferred to the cloud environment, the security risk will surge in the
organization. The traditional data control methods are needed to be changed so that the security
and the privacy challenge of the organization increases. The cloud service provider should
guarantee that there is no data center related threat in the organization. In this regard, the
by collecting the data in the absence and presence of legal control, policy trends, and criminal
attacks. The analysis will help the organization in increasing or decreasing the control in legal,
technical and policy perspective (Dahbur, Mohammad, & Tarakji, 2011, April). The analysis will
also help in identifying the policies which are flawed and the organization can improve them to
enhance the reliability on the cloud-based solutions.
Figure: Cloud Security Framework
(Source: Srivastava & Kumar, 2015)
Security Measures for Data Security in Cloud Environment
The cloud based applications have not matured and the security risk will be persistent till
the cloud based applications will develop properly. There are several methods which can be used
to enhance the security of the cloud based applications. It is important that the cloud providers
hide some specific security related information. The security procedures should be kept
confidential so that the security breaches can be minimized (Hashizume, Rosado, Fernández-
Medina, & Fernandez, 2013). However, the loss of transparency can result in customer losing
trust on the service providers. A governing body can be formed which can act as an interface
between the cloud provider and the application users. The governing entity should be an
independent unit and should not be biased with any of other organization in the procedure. They
should regulate each and every action taken in the cloud environment. It is important that the
cloud provider register themselves at these government bodies and they can assess the
procedures used in the new technology.
It will be the responsibility of the governing body for the risk assessment, evaluating the
performance of security policies and compliance related to the cloud layer. The governing body
should not just assess the existing infrastructure but also provide solutions to uplift the standard
of the cloud security (Almorsy, Grundy & Müller, 2016).
The governing body should also regulate the organization’s operations in the cloud environment.
When the information is transferred to the cloud environment, the security risk will surge in the
organization. The traditional data control methods are needed to be changed so that the security
and the privacy challenge of the organization increases. The cloud service provider should
guarantee that there is no data center related threat in the organization. In this regard, the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Cloud Computing 9
organization should ensure that there is no unauthorized access in the organization. The data
center is a centralized location wherein all the important information related to customers is
stored. The governing body should monitor the security threats, products available to counter
these threats and procure and implement them.
The organization should also focus on policy development and control to maintain the safety in
the cloud based system. The governing entity should develop policies for all the layers of the
cloud deployment. It should focus on all the layers and the security could encompass the
firewalls, anti-virus, virtualization and hyper-visor for enhancing the security of the organization.
The security features of the organization should be adapted according to the budget of the cloud
service provider.
User awareness is also essential for enhancing the security of the cloud deployment. The
governing body should insist on all the procedures which are required to ensure the security and
privacy of the client or the service user. The governing body should filter and provide the
information to the users in a manner that no confidential information is leaked through the
organization. It will also increase the transparency in the organization and increases the trust of
the consumers in the organization.
Numerous laws and jurisdictions are applicable to cloud computing. Cloud computing is a kind
of outsourcing wherein the business organization is located at one country whereas the service
provider is located in other country. Therefore, different laws established at different places are
applicable on a single service provider. However, it is difficult for the service provider to abide
by all the laws. These laws and jurisdictions can decrease the time-efficiency of cloud
computing. Therefore, the cloud provider can utilize the service such that all the resources to
ensure that the cloud services are safe, secure and efficient.
The performance evaluation is the method of evaluating the performance of the cloud according
to the different types of security breaches and attack on the cloud. It should examine the
performance of the cloud based on the security parameters and assist them in making decisions
and providing adequate cloud services (Subashini, & Kavitha, 2011). The cloud service provider
will also benefit from the evaluation as they will understand the disadvantages and the
advantages regarding the implementation of security control measures and redirect resources
where there is high security concern.
It is also important that the governing body provides solution architecture to the issues and the
problems associated with the cloud computing framework. The solutions should be provided to
the customers, service providers and the end-users. The governing body should provide solutions
regarding various issues such as customer trust. If the customer lose data or unable to access it
due to some mishap, thee governing body should be able provide solution. The governing body
should also be able to provide solutions if the cloud service provider is no longer able to provide
services or shuts down or goes bankrupts. In this situation, the confidential information related to
various users will be at risk.
Conclusion
It can be concluded that the security vulnerability has increased with the advent of
information technology. Today, most of the data and information is stored in the online database
organization should ensure that there is no unauthorized access in the organization. The data
center is a centralized location wherein all the important information related to customers is
stored. The governing body should monitor the security threats, products available to counter
these threats and procure and implement them.
The organization should also focus on policy development and control to maintain the safety in
the cloud based system. The governing entity should develop policies for all the layers of the
cloud deployment. It should focus on all the layers and the security could encompass the
firewalls, anti-virus, virtualization and hyper-visor for enhancing the security of the organization.
The security features of the organization should be adapted according to the budget of the cloud
service provider.
User awareness is also essential for enhancing the security of the cloud deployment. The
governing body should insist on all the procedures which are required to ensure the security and
privacy of the client or the service user. The governing body should filter and provide the
information to the users in a manner that no confidential information is leaked through the
organization. It will also increase the transparency in the organization and increases the trust of
the consumers in the organization.
Numerous laws and jurisdictions are applicable to cloud computing. Cloud computing is a kind
of outsourcing wherein the business organization is located at one country whereas the service
provider is located in other country. Therefore, different laws established at different places are
applicable on a single service provider. However, it is difficult for the service provider to abide
by all the laws. These laws and jurisdictions can decrease the time-efficiency of cloud
computing. Therefore, the cloud provider can utilize the service such that all the resources to
ensure that the cloud services are safe, secure and efficient.
The performance evaluation is the method of evaluating the performance of the cloud according
to the different types of security breaches and attack on the cloud. It should examine the
performance of the cloud based on the security parameters and assist them in making decisions
and providing adequate cloud services (Subashini, & Kavitha, 2011). The cloud service provider
will also benefit from the evaluation as they will understand the disadvantages and the
advantages regarding the implementation of security control measures and redirect resources
where there is high security concern.
It is also important that the governing body provides solution architecture to the issues and the
problems associated with the cloud computing framework. The solutions should be provided to
the customers, service providers and the end-users. The governing body should provide solutions
regarding various issues such as customer trust. If the customer lose data or unable to access it
due to some mishap, thee governing body should be able provide solution. The governing body
should also be able to provide solutions if the cloud service provider is no longer able to provide
services or shuts down or goes bankrupts. In this situation, the confidential information related to
various users will be at risk.
Conclusion
It can be concluded that the security vulnerability has increased with the advent of
information technology. Today, most of the data and information is stored in the online database
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Cloud Computing 10
and storage systems. With this, the vulnerability related to security and privacy of data has also
increased. The hackers can easily access the data from the online sources. Therefore, it is
important that the organization develops a security protocol to control the risk associated with
the information security. Aztek Finance service is a financial service provider situated in
Australia. The organization deals in financial industry and thus deals with very confidential and
sensitive data. The organization is trying to deploy the cloud computing solutions as it is cost-
effective and easy to use. However, it increases the security vulnerability of the organization. In
the present report, several threats associated with the cloud deployment have been identified.
These threats include political threat, operational threat and legislative threat. The organization
should change its security protocols so that it can enhance the security of the overall system. The
organization needs to analyze the current security stance and improve it so that the security
vulnerability can be reduced. The organization should implement various techniques such as
firewall, encryption and similar techniques to enhance the security of the system.
They can also control the user access and monitor the user activity as a further to organization’s
security.
and storage systems. With this, the vulnerability related to security and privacy of data has also
increased. The hackers can easily access the data from the online sources. Therefore, it is
important that the organization develops a security protocol to control the risk associated with
the information security. Aztek Finance service is a financial service provider situated in
Australia. The organization deals in financial industry and thus deals with very confidential and
sensitive data. The organization is trying to deploy the cloud computing solutions as it is cost-
effective and easy to use. However, it increases the security vulnerability of the organization. In
the present report, several threats associated with the cloud deployment have been identified.
These threats include political threat, operational threat and legislative threat. The organization
should change its security protocols so that it can enhance the security of the overall system. The
organization needs to analyze the current security stance and improve it so that the security
vulnerability can be reduced. The organization should implement various techniques such as
firewall, encryption and similar techniques to enhance the security of the system.
They can also control the user access and monitor the user activity as a further to organization’s
security.
Cloud Computing 11
References
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R. H., Konwinski, A., ... & Zaharia, M.
(2009). Above the clouds: A berkeley view of cloud computing (Vol. 17). Technical
Report UCB/EECS-2009-28, EECS Department, University of California, Berkeley.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., ... & Zaharia, M.
(2010). A view of cloud computing. Communications of the ACM, 53(4), 50-58.
Asma, A., Chaurasia, M. A., & Mokhtar, H. (2012). Cloud Computing Security
Issues. International Journal of Application or Innovation in Engineering &
Management, 1(2), 141-147.
Buyya, R., Yeo, C. S., Venugopal, S., Broberg, J., & Brandic, I. (2009). Cloud computing and
emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th
utility. Future Generation computer systems, 25(6), 599-616.
Carlin, S., & Curran, K. (2011). Cloud computing security.
Chen, Y., Paxson, V., & Katz, R. H. (2010). What’s new about cloud computing
security. University of California, Berkeley Report No. UCB/EECS-2010-5
January, 20(2010), 2010-5.
Chou, T. S. (2013). Security threats on cloud computing vulnerabilities. International Journal of
Computer Science & Information Technology, 5(3), 79.
Dahbur, K., Mohammad, B., & Tarakji, A. B. (2011, April). A survey of risks, threats and
vulnerabilities in cloud computing. In Proceedings of the 2011 International conference
on intelligent semantic Web-services and applications (p. 12). ACM.
ENISA. (2009). Cloud Computing: Benefits, risks and recommendations for information
security.
Foster, I., Zhao, Y., Raicu, I., & Lu, S. (2008, November). Cloud computing and grid computing
360-degree compared. In Grid Computing Environments Workshop, 2008. GCE'08 (pp.
1-10).
Grobauer, B., Walloschek, T., & Stocker, E. (2011). Understanding cloud computing
vulnerabilities. IEEE Security & Privacy, 9(2), 50-57.
Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of
security issues for cloud computing. Journal of Internet Services and Applications, 4(1),
5.
References
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R. H., Konwinski, A., ... & Zaharia, M.
(2009). Above the clouds: A berkeley view of cloud computing (Vol. 17). Technical
Report UCB/EECS-2009-28, EECS Department, University of California, Berkeley.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., ... & Zaharia, M.
(2010). A view of cloud computing. Communications of the ACM, 53(4), 50-58.
Asma, A., Chaurasia, M. A., & Mokhtar, H. (2012). Cloud Computing Security
Issues. International Journal of Application or Innovation in Engineering &
Management, 1(2), 141-147.
Buyya, R., Yeo, C. S., Venugopal, S., Broberg, J., & Brandic, I. (2009). Cloud computing and
emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th
utility. Future Generation computer systems, 25(6), 599-616.
Carlin, S., & Curran, K. (2011). Cloud computing security.
Chen, Y., Paxson, V., & Katz, R. H. (2010). What’s new about cloud computing
security. University of California, Berkeley Report No. UCB/EECS-2010-5
January, 20(2010), 2010-5.
Chou, T. S. (2013). Security threats on cloud computing vulnerabilities. International Journal of
Computer Science & Information Technology, 5(3), 79.
Dahbur, K., Mohammad, B., & Tarakji, A. B. (2011, April). A survey of risks, threats and
vulnerabilities in cloud computing. In Proceedings of the 2011 International conference
on intelligent semantic Web-services and applications (p. 12). ACM.
ENISA. (2009). Cloud Computing: Benefits, risks and recommendations for information
security.
Foster, I., Zhao, Y., Raicu, I., & Lu, S. (2008, November). Cloud computing and grid computing
360-degree compared. In Grid Computing Environments Workshop, 2008. GCE'08 (pp.
1-10).
Grobauer, B., Walloschek, T., & Stocker, E. (2011). Understanding cloud computing
vulnerabilities. IEEE Security & Privacy, 9(2), 50-57.
Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of
security issues for cloud computing. Journal of Internet Services and Applications, 4(1),
5.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 14
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.