Risk Management in Cloud Computing: A Comprehensive Report
VerifiedAdded on 2020/05/16
|11
|2714
|96
Report
AI Summary
This report provides a comprehensive overview of risk management within cloud computing environments. It begins with an executive summary highlighting the importance of data security in cloud technology. The report then delves into the core concepts, exploring the threats associated with cloud computing such as data breaches, exploiting system vulnerabilities, compromising system credentials, data loss and account hijacking. It identifies vulnerabilities, including service reliability issues and cloud service provider lock-in. The consequences of these risks are also examined, including security breaches, data transfer costs, cost implications, and inflexibility. The report provides a set of recommendations for mitigating these risks, including identifying data processing operations, defining security requirements, conducting risk analyses, choosing appropriate cloud models, and selecting service providers with guarantees. Finally, the report concludes with a discussion of protection mechanisms for websites, covering structural, behavioral, content, and perception-based defenses. The report emphasizes the importance of robust security measures for organizations leveraging cloud computing, ensuring the protection and availability of user data.
1RISK MANAGEMENT
RISK MANAGEMENT
Name of the Student
Name of the University
Author Note
RISK MANAGEMENT
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
2RISK MANAGEMENT
Executive summary
The concept of cloud is playing a dominating role in the sector of Information technology.
The main concern that can be applied to the technology is the security of the data. The users
who tend to move towards the concept of cloud wants their data to be very much secured.
The data of any organization is a vital part, which has to be kept secured. The organization
should always focus on the security, which is gained from the movement of the data to the
cloud. The data should also be available to the user when the want to access the data. There
are many issues relating to the security concept of the aspect of the cloud computing due to
which many of the organization does not want to involve into their infrastructure. To achieve
the benefit from the concept the user or the organization should be very much clear about the
concept and the constraints they can face with the data.
Executive summary
The concept of cloud is playing a dominating role in the sector of Information technology.
The main concern that can be applied to the technology is the security of the data. The users
who tend to move towards the concept of cloud wants their data to be very much secured.
The data of any organization is a vital part, which has to be kept secured. The organization
should always focus on the security, which is gained from the movement of the data to the
cloud. The data should also be available to the user when the want to access the data. There
are many issues relating to the security concept of the aspect of the cloud computing due to
which many of the organization does not want to involve into their infrastructure. To achieve
the benefit from the concept the user or the organization should be very much clear about the
concept and the constraints they can face with the data.
3RISK MANAGEMENT
Table of Contents
Introduction................................................................................................................................4
Threats........................................................................................................................................4
Vulnerabilities............................................................................................................................5
Consequences.............................................................................................................................5
Existing industry risk recommendations....................................................................................6
Protection mechanisms for website............................................................................................6
Conclusion..................................................................................................................................7
References..................................................................................................................................8
Table of Contents
Introduction................................................................................................................................4
Threats........................................................................................................................................4
Vulnerabilities............................................................................................................................5
Consequences.............................................................................................................................5
Existing industry risk recommendations....................................................................................6
Protection mechanisms for website............................................................................................6
Conclusion..................................................................................................................................7
References..................................................................................................................................8
4RISK MANAGEMENT
Introduction
The concept of cloud computing can be applied to different field and areas which are
related to the concept of information technology. The cloud computing can offer many
advantages but it can be stated that the failure of the appropriate security related to the
information makes the service higher in cost with potential loss of business bodies using the
technology. When any business organization tend to move towards the concept of cloud, they
should have a clear idea of the benefits, which are related to the security and the risk factors,
which are associated with it. There should be a realistic expectation of the implications of the
services of the cloud computing from the providers of the service (Almorsy, Grundy &
Müller, 2016).
The main aim of the report is to take into consideration the aspect of the cloud
security when implemented in business framework. The threats and the vulnerability which is
applied to the concept of cloud computing are mainly discussed in the report. According to
the scenario which is taken into consideration, the IT risk assessment would be done for the
Gigantic corporation in the technological aspect of cloud computing.
Threats
There are many types of threats which are associated with the concept of cloud
computing. Organization before moving towards the concept of should have a clear idea of
the threats, which are discussed below:
Data Breaches: Organization usually store a huge amount of data into the concept of
cloud. This eventually makes it an attractive target from the point of view of the hackers.
In some cases when the breach is in the sector of health care data, financial data and
details of the revenue it can be more devastating. This may lead to incur fines, criminal
charges and face lawsuits.
Introduction
The concept of cloud computing can be applied to different field and areas which are
related to the concept of information technology. The cloud computing can offer many
advantages but it can be stated that the failure of the appropriate security related to the
information makes the service higher in cost with potential loss of business bodies using the
technology. When any business organization tend to move towards the concept of cloud, they
should have a clear idea of the benefits, which are related to the security and the risk factors,
which are associated with it. There should be a realistic expectation of the implications of the
services of the cloud computing from the providers of the service (Almorsy, Grundy &
Müller, 2016).
The main aim of the report is to take into consideration the aspect of the cloud
security when implemented in business framework. The threats and the vulnerability which is
applied to the concept of cloud computing are mainly discussed in the report. According to
the scenario which is taken into consideration, the IT risk assessment would be done for the
Gigantic corporation in the technological aspect of cloud computing.
Threats
There are many types of threats which are associated with the concept of cloud
computing. Organization before moving towards the concept of should have a clear idea of
the threats, which are discussed below:
Data Breaches: Organization usually store a huge amount of data into the concept of
cloud. This eventually makes it an attractive target from the point of view of the hackers.
In some cases when the breach is in the sector of health care data, financial data and
details of the revenue it can be more devastating. This may lead to incur fines, criminal
charges and face lawsuits.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
5RISK MANAGEMENT
Exploiting system vulnerabilities: In the concept of cloud, enterprises share memory,
digital resources and databases for their functionality. This can create a surface of new
attack. If the hackers exploit the system bugs and the vulnerability, it can be a big security
problem.
Compromising system credentials: In any type of technology, there should always be an
access grant, which are given to individual. This mainly ensures that the critical
information of the organization are secured from unauthorized people within the
organization. In most of the cases, it is seen that it fails to remove the account of the user
even after they leave the organization, which makes the data vulnerable to other people.
Hijacking the account: In the concept of cloud computing, the attacker can eavesdrop on
the transaction related to financial activities. In order to achieve in –depth strategy of
protection multifactor authentication could be employed (Shahzad, 2014).
Data loss: When any authorized user uploads, files to the concept of cloud, there are
chances for data loss. This can be costly from the point of view of the organization. A
recent report stated that in the sector of the health care industry the total cost of breach
was about $4.1 billions. The incorporation of the data loss prevention (DLP) system plan
is very much vital for the security of the crucial data (Khansa & Zobel, 2014).
Vulnerabilities
When any organization decide to migrate to the concept of cloud, the following
vulnerability should be taken into consideration:
Reliability and availability of service: The users of the cloud service always want their
data to be available when they need them. This is not always the case with the service.
One of the best example of situation is that in case of lightening where power cut is a
common problem.
Exploiting system vulnerabilities: In the concept of cloud, enterprises share memory,
digital resources and databases for their functionality. This can create a surface of new
attack. If the hackers exploit the system bugs and the vulnerability, it can be a big security
problem.
Compromising system credentials: In any type of technology, there should always be an
access grant, which are given to individual. This mainly ensures that the critical
information of the organization are secured from unauthorized people within the
organization. In most of the cases, it is seen that it fails to remove the account of the user
even after they leave the organization, which makes the data vulnerable to other people.
Hijacking the account: In the concept of cloud computing, the attacker can eavesdrop on
the transaction related to financial activities. In order to achieve in –depth strategy of
protection multifactor authentication could be employed (Shahzad, 2014).
Data loss: When any authorized user uploads, files to the concept of cloud, there are
chances for data loss. This can be costly from the point of view of the organization. A
recent report stated that in the sector of the health care industry the total cost of breach
was about $4.1 billions. The incorporation of the data loss prevention (DLP) system plan
is very much vital for the security of the crucial data (Khansa & Zobel, 2014).
Vulnerabilities
When any organization decide to migrate to the concept of cloud, the following
vulnerability should be taken into consideration:
Reliability and availability of service: The users of the cloud service always want their
data to be available when they need them. This is not always the case with the service.
One of the best example of situation is that in case of lightening where power cut is a
common problem.
6RISK MANAGEMENT
Session riding: Session riding mainly refers to an attack where the attackers uses cookie
of an application and use them in the name of the user for their own benefit.
Cloud Service Provider lock in: the selection of the cloud provider should be made in a
way, which allow the user to move to another cloud provider when needed by him or her
due to some problem. The user does not want to use a Cloud Service Provider who forces
the user to use their own service (Jouini & Rabai, 2016).
Consequences
The consequences of the problem, which are related to the concept of the cloud, can
high a wide range of effect on the organization. The following points would be discussing
about the effect of the problem, which is encountered, with the implementation of the cloud.
Security issue: The cloud data can be accessed from everywhere when the user wants to
do it. Therefore, it can be stated here that if data breach occurs via the process of hacking
the business data can be compromised. The cloud providers have gone largely to protect
the data of the business body by means of implementing most sophisticated data security
systems.
Cost related to data transfer: Many of the business organization need transfer of large
amount of data. In this context it can be stated that the transferring of the data to the cloud
(inbound) is free of charge, on the other hand, the outbound data transfer is charged
according to the GB basics.
Cost: At first it can be noticed that the cloud concept is much cheaper than other software
giving the customer same type of service. After a business body implements the concept
the modification, which is required within the framework of the concept can add an
amount of amount in it. This added amount can be comes a burden for the organization
(Woodside, 2015).
Session riding: Session riding mainly refers to an attack where the attackers uses cookie
of an application and use them in the name of the user for their own benefit.
Cloud Service Provider lock in: the selection of the cloud provider should be made in a
way, which allow the user to move to another cloud provider when needed by him or her
due to some problem. The user does not want to use a Cloud Service Provider who forces
the user to use their own service (Jouini & Rabai, 2016).
Consequences
The consequences of the problem, which are related to the concept of the cloud, can
high a wide range of effect on the organization. The following points would be discussing
about the effect of the problem, which is encountered, with the implementation of the cloud.
Security issue: The cloud data can be accessed from everywhere when the user wants to
do it. Therefore, it can be stated here that if data breach occurs via the process of hacking
the business data can be compromised. The cloud providers have gone largely to protect
the data of the business body by means of implementing most sophisticated data security
systems.
Cost related to data transfer: Many of the business organization need transfer of large
amount of data. In this context it can be stated that the transferring of the data to the cloud
(inbound) is free of charge, on the other hand, the outbound data transfer is charged
according to the GB basics.
Cost: At first it can be noticed that the cloud concept is much cheaper than other software
giving the customer same type of service. After a business body implements the concept
the modification, which is required within the framework of the concept can add an
amount of amount in it. This added amount can be comes a burden for the organization
(Woodside, 2015).
7RISK MANAGEMENT
Inflexibility: The inflexibility concept which exist in the concept of the cloud computing
is another major security problem which is faced. Some of the vendors deliberately tend
to “lock in” customer suing proprietary hardware and software.in this type of situation it
is very much impossible or expensive to move to another user for the service. If any of
the organization move to the concept of the cloud it should be taken care of that the
vendors of the cloud stipulates that the user would retain the ownership of the data until
they want it to be in possession of the cloud vendors (Krasnyanskaya & Tylets, 2015).
Existing industry risk recommendations
Recommendations 1: Identification of the processing operation and the data, which is
passed, to the cloud: A data controller must clearly identify the data, the services and the
processing operation, which are hosted in the concept of the cloud. Taking into consideration
each type of processing which can be related to the data, the customer must be able to
establish which type of data they are concerned with. There are mainly four types of data,
which are sensitive data, personal data, data that are used in the business application and
strategy data for any organization.
Recommendations 2: Definition of the own legal and technical requirement related to
security: Taking into consideration about the transition to the concept of cloud, it can be
considered as a rigorous approach relating to legal and technical security. In most of the
outsourcing, concepts the service providers provide a tailor made response of the
specification of the customer. In case of cloud service in most of the times, a standard
approach is used for all. However, the customer must define its own requirement in order to
judge whether the offers, which are envisaged, meet the requirement of the organization.
Recommendations 3: Risk analysis to identify the security measures for the company:
Carrying out a full risk analysis is very much important for the organization who is moving
Inflexibility: The inflexibility concept which exist in the concept of the cloud computing
is another major security problem which is faced. Some of the vendors deliberately tend
to “lock in” customer suing proprietary hardware and software.in this type of situation it
is very much impossible or expensive to move to another user for the service. If any of
the organization move to the concept of the cloud it should be taken care of that the
vendors of the cloud stipulates that the user would retain the ownership of the data until
they want it to be in possession of the cloud vendors (Krasnyanskaya & Tylets, 2015).
Existing industry risk recommendations
Recommendations 1: Identification of the processing operation and the data, which is
passed, to the cloud: A data controller must clearly identify the data, the services and the
processing operation, which are hosted in the concept of the cloud. Taking into consideration
each type of processing which can be related to the data, the customer must be able to
establish which type of data they are concerned with. There are mainly four types of data,
which are sensitive data, personal data, data that are used in the business application and
strategy data for any organization.
Recommendations 2: Definition of the own legal and technical requirement related to
security: Taking into consideration about the transition to the concept of cloud, it can be
considered as a rigorous approach relating to legal and technical security. In most of the
outsourcing, concepts the service providers provide a tailor made response of the
specification of the customer. In case of cloud service in most of the times, a standard
approach is used for all. However, the customer must define its own requirement in order to
judge whether the offers, which are envisaged, meet the requirement of the organization.
Recommendations 3: Risk analysis to identify the security measures for the company:
Carrying out a full risk analysis is very much important for the organization who is moving
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
8RISK MANAGEMENT
into the concept of cloud computing. This enables the organization to define the appropriate
security aspects, which can be demanded to the service providers or could be implemented
within the organization (Duncan & Whittington, 2015). The main recommendation in this
aspect is that the customer should access the relevant risk from the point of view of
organization position and study the measures, which are out in place by the organization and
the service providers which can reduce the risk.
Recommendations 4: Identification of the relevant type of cloud model for planned
processing: There are various type of cloud deployment model, which can be implemented
according to the requirement of the organization. The cloud deployment models are public,
hybrid and private. As each of the model of the cloud service have a specific offer, it should
be compared by means of identifying the strength and the weakness in term of the demand of
the organization. This mainly helps in choosing the appropriate offers according to the
requirement and the data, which is being, processed types.
Recommendations 5: Choosing a service provider-offering guarantee: The data controller
should be able to provide the customer service, which ensures their obligations. In some of
the cases it can be stated that in the public SaaS and PaaS customer although choose the
service they cannot give instruction about the service. On the other hand, the organization
could not effectively control the confidentiality and the security, which is given by the
service provider’s. They should be taking into consideration this aspect so that they can
benefit from the technology (Hendre & Joshi, 2015).
Protection mechanisms for website
The protection mechanism that can be applied to the concept of the website are stated
below:
into the concept of cloud computing. This enables the organization to define the appropriate
security aspects, which can be demanded to the service providers or could be implemented
within the organization (Duncan & Whittington, 2015). The main recommendation in this
aspect is that the customer should access the relevant risk from the point of view of
organization position and study the measures, which are out in place by the organization and
the service providers which can reduce the risk.
Recommendations 4: Identification of the relevant type of cloud model for planned
processing: There are various type of cloud deployment model, which can be implemented
according to the requirement of the organization. The cloud deployment models are public,
hybrid and private. As each of the model of the cloud service have a specific offer, it should
be compared by means of identifying the strength and the weakness in term of the demand of
the organization. This mainly helps in choosing the appropriate offers according to the
requirement and the data, which is being, processed types.
Recommendations 5: Choosing a service provider-offering guarantee: The data controller
should be able to provide the customer service, which ensures their obligations. In some of
the cases it can be stated that in the public SaaS and PaaS customer although choose the
service they cannot give instruction about the service. On the other hand, the organization
could not effectively control the confidentiality and the security, which is given by the
service provider’s. They should be taking into consideration this aspect so that they can
benefit from the technology (Hendre & Joshi, 2015).
Protection mechanisms for website
The protection mechanism that can be applied to the concept of the website are stated
below:
9RISK MANAGEMENT
Structure: The defenses, which are related to the structure, can be stated as a mechanism
intended to implement access control policies. Providing the functional unit with their
own functionality and the implementation of the associated separation with change in the
control. This may include discretionary access control and different structures of
communication for example firewall, diodes and other similar barriers.
Behavior: This mainly involves limiting changes; fail safe modes, effect of time,
intrusion, and anomaly detection and system response. This mainly include least
privilege, duties and other similar types of limitations.
Content: Content control mainly include separation mechanism, which is highly surety,
filters that is low surety, and transform which is medium surety. They include marketing,
analyze of location and the different situation, which mainly determine which information
should be transformed or allowed to pass.
Perception: The defense, which is related to the perception, include obscurity, deception
methods and appearances. This mainly ensures technical protection that directly contacts
the attackers and their agents (Kalaiprasath, Elankavi & Udayakumar, 2017).
Conclusion
The report can be concluded on a note that the concept of cloud computing can be
very much beneficial for the organization if the security issues are taken into consideration.
The different security issue that are majorly faced in the concept are discussed in the report.
The main concern, which play a vital role, is the protection of the data of the user. There
should be sufficient security aspects involved for the data from the end of the cloud
provider’s so that the user are able to depend on the service which is provided to them.
Structure: The defenses, which are related to the structure, can be stated as a mechanism
intended to implement access control policies. Providing the functional unit with their
own functionality and the implementation of the associated separation with change in the
control. This may include discretionary access control and different structures of
communication for example firewall, diodes and other similar barriers.
Behavior: This mainly involves limiting changes; fail safe modes, effect of time,
intrusion, and anomaly detection and system response. This mainly include least
privilege, duties and other similar types of limitations.
Content: Content control mainly include separation mechanism, which is highly surety,
filters that is low surety, and transform which is medium surety. They include marketing,
analyze of location and the different situation, which mainly determine which information
should be transformed or allowed to pass.
Perception: The defense, which is related to the perception, include obscurity, deception
methods and appearances. This mainly ensures technical protection that directly contacts
the attackers and their agents (Kalaiprasath, Elankavi & Udayakumar, 2017).
Conclusion
The report can be concluded on a note that the concept of cloud computing can be
very much beneficial for the organization if the security issues are taken into consideration.
The different security issue that are majorly faced in the concept are discussed in the report.
The main concern, which play a vital role, is the protection of the data of the user. There
should be sufficient security aspects involved for the data from the end of the cloud
provider’s so that the user are able to depend on the service which is provided to them.
10RISK MANAGEMENT
References
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Duncan, B., & Whittington, M. (2015). Company Management Approaches Stewardship or
Agency: Which Promotes Better Security in Cloud Ecosystems?. Cloud Comput, 154-
159.
Hendre, A., & Joshi, K. P. (2015, June). A semantic approach to cloud security and
compliance. In Cloud Computing (CLOUD), 2015 IEEE 8th International Conference
on (pp. 1081-1084). IEEE.
Jouini, M., & Rabai, L. B. A. (2016). A Security Framework for Secure Cloud Computing
Environments. International Journal of Cloud Applications and Computing
(IJCAC), 6(3), 32-44.
Kalaiprasath, R., Elankavi, R., & Udayakumar, D. R. (2017). Cloud. Security and
Compliance-A Semantic Approach in End to End Security. International Journal Of
Mechanical Engineering And Technology (Ijmet), 8(5).
Khansa, L., & Zobel, C. W. (2014). Assessing innovations in cloud security. Journal of
Computer Information Systems, 54(3), 45-56.
Krasnyanskaya, T. M., & Tylets, V. G. (2015). Designing the cloud technologies of
psychological security of the person. Вопросы философии и психологии, (3), 192-
199.
Luna, J., Suri, N., Iorga, M., & Karmel, A. (2015). Leveraging the potential of cloud security
service-level agreements through standards. IEEE Cloud Computing, 2(3), 32-40.
References
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Duncan, B., & Whittington, M. (2015). Company Management Approaches Stewardship or
Agency: Which Promotes Better Security in Cloud Ecosystems?. Cloud Comput, 154-
159.
Hendre, A., & Joshi, K. P. (2015, June). A semantic approach to cloud security and
compliance. In Cloud Computing (CLOUD), 2015 IEEE 8th International Conference
on (pp. 1081-1084). IEEE.
Jouini, M., & Rabai, L. B. A. (2016). A Security Framework for Secure Cloud Computing
Environments. International Journal of Cloud Applications and Computing
(IJCAC), 6(3), 32-44.
Kalaiprasath, R., Elankavi, R., & Udayakumar, D. R. (2017). Cloud. Security and
Compliance-A Semantic Approach in End to End Security. International Journal Of
Mechanical Engineering And Technology (Ijmet), 8(5).
Khansa, L., & Zobel, C. W. (2014). Assessing innovations in cloud security. Journal of
Computer Information Systems, 54(3), 45-56.
Krasnyanskaya, T. M., & Tylets, V. G. (2015). Designing the cloud technologies of
psychological security of the person. Вопросы философии и психологии, (3), 192-
199.
Luna, J., Suri, N., Iorga, M., & Karmel, A. (2015). Leveraging the potential of cloud security
service-level agreements through standards. IEEE Cloud Computing, 2(3), 32-40.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
11RISK MANAGEMENT
Narula, S., & Jain, A. (2015, February). Cloud computing security: Amazon web service.
In Advanced Computing & Communication Technologies (ACCT), 2015 Fifth
International Conference on (pp. 501-505). IEEE.
Rasheed, H. (2014). Data and infrastructure security auditing in cloud computing
environments. International Journal of Information Management, 34(3), 364-368.
Samarati, P., di Vimercati, S. D. C., Murugesan, S., & Bojanova, I. (2016). Cloud security:
Issues and concerns. Encyclopedia on Cloud Computing, 1-14.
Shahzad, F. (2014). State-of-the-art survey on cloud computing security Challenges,
approaches and solutions. Procedia Computer Science, 37, 357-362.
Woodside, J. M. (2015). Advances in Information, Security, Privacy & Ethics: Use of Cloud
Computing For Education. In Handbook of Research on Security Considerations in
Cloud Computing (pp. 173-183). IGI Global.
Narula, S., & Jain, A. (2015, February). Cloud computing security: Amazon web service.
In Advanced Computing & Communication Technologies (ACCT), 2015 Fifth
International Conference on (pp. 501-505). IEEE.
Rasheed, H. (2014). Data and infrastructure security auditing in cloud computing
environments. International Journal of Information Management, 34(3), 364-368.
Samarati, P., di Vimercati, S. D. C., Murugesan, S., & Bojanova, I. (2016). Cloud security:
Issues and concerns. Encyclopedia on Cloud Computing, 1-14.
Shahzad, F. (2014). State-of-the-art survey on cloud computing security Challenges,
approaches and solutions. Procedia Computer Science, 37, 357-362.
Woodside, J. M. (2015). Advances in Information, Security, Privacy & Ethics: Use of Cloud
Computing For Education. In Handbook of Research on Security Considerations in
Cloud Computing (pp. 173-183). IGI Global.
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.