Cloud Computing Security Problems at Earn, Payee & Leach Report

Verified

Added on 2022/10/12

AI Summary

This report examines cloud computing security issues at Earn, Payee & Leach, a securities firm. The analysis identifies key problems, including password reuse, susceptibility to social engineering and phishing attacks, customer data confidentiality and integrity, and detective controls. The report provides evidence for each problem, such as the CEO's password being known by the secretary and the lack of employee training, and suggests solutions, including encryption, firewall incorporation, and stronger password policies. The report draws on the context of a real-world security breach scenario, where the secretary was tricked into revealing the CEO's password, potentially exposing client data. The report also includes a bibliography of relevant sources on cloud computing security.

Running head: CLOUD COMPUTING TECHNOLOGY
Cloud Computing Technology
Name of the Student:
Name of the University:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1CLOUD COMPUTING TECHNOLOGY
For the security problems
Identify the most significant source or evidence of the problem
1) There is a problem with password reuse
The most significant source or evidence of the problem are a) An intern was hired to help
reset passwords when employees forgot their password, b), the secretary new the CEO’s
password and c) The CEO had the same password for Earn, Payee and Leach and Facebook
The password was already hacked and known to the hijackers. Therefore, if the password
is reused then that server or account will also become accessible to the hacker.
This problem is required to be resolved to give sustainable, long term and high level
security to the information stored in the server.
2) Employees are valuable to social engineering and phishing attacks
The most significant source or evidence of the problem are a) There has been no
employee training since a new security policy was put in place three years ago, c) The interim
has access to sensitive information that could be exploited and d) The security training three
years ago is flawed because it is out of date.
As the company deals with managing stock and bond portfolios for clients also the
security training arranged for the associates was completely backdated. Therefore, maintaining
confidentiality of the client’s information is much essential.
In order remedy to the problem, the company is required to use encryption and firewall
incorporation mechanism.

2CLOUD COMPUTING TECHNOLOGY
3) Customer data is valuable to loss confidentiality and integrity
The most significant source or evidence of the problem are a) The CEO’s password could
have given the attacker access to customer data b) the customer data does not appear to be
encrypted c) the interim has access to sensitive information that could be exploited and d) The
CEO’s secretary knows his password
It is a major issue because, if data are hacked then those can be again misused as well. It
can be resolved using the concept of encryption technology.
4) There is a detective controls security problem with the customer data
The most significant source or evidence of the problem is d) the company is keeping
potentially unnecessary data on its clients.
This is a problem because if the company starts storing unwanted data then, it will
shorten the storage and also result to data redundancy
In order to resolve this issue, the company must develop a stronger password and change
those monthly.

3CLOUD COMPUTING TECHNOLOGY
Bibliography
Botta, Alessio, et al. "Integration of cloud computing and internet of things: a survey." Future
generation computer systems 56 (2016): 684-700.
Marinescu, Dan C. Cloud computing: theory and practice. Morgan Kaufmann, 2017.