Cloud Security: Analyzing Risks and Threats in Data Migration to SaaS
VerifiedAdded on 2023/06/09
|19
|5365
|373
Case Study
AI Summary
This case study examines the security and privacy risks associated with migrating a charity's HR and personnel management applications to a Software as a Service (SaaS) solution. The charity, which manages sensitive personal information of disadvantaged individuals, faces existing threats such as malware, database injection attacks, privilege abuses, and denial-of-service attacks within its current data center environment. The migration to SaaS introduces additional risks, including reduced visibility and control over data, unauthorized service usage, compromised APIs, and potential data deletion. The severity of these risks varies, ranging from negligible (weak audit policies) to maximum (vulnerabilities exploited by malware and data breaches). The report categorizes these risks and discusses potential ethical issues related to digital identities and provider solutions, emphasizing the importance of addressing data sensitivity and implementing robust security measures during cloud migration.
Running head: CLOUD SECURITY AND RISK
Cloud Security and Risk
Name of the Student
Name of the University
Author’s Note:
Cloud Security and Risk
Name of the Student
Name of the University
Author’s Note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
CLOUD SECURITY AND RISK
Table of Contents
Introduction................................................................................................................................2
Discussion..................................................................................................................................3
Case Study..............................................................................................................................3
1. Security of Employee Data................................................................................................4
1.1 Existing Threats and Risks for Data Security in HR Database....................................4
1.2 Additional Risks and Threats after SaaS Migration.....................................................5
1.3 Severity of Risks and Threats in Employee Data.........................................................6
2. Privacy of Employee Data.................................................................................................8
2.1 Existing Threats and Risks for Data Privacy in HR Database.....................................8
2.2 Additional Risks and Threats after SaaS Migration.....................................................9
2.3 Severity of Risks and Threats in Employee Data.......................................................10
3. Digital Identities Issues....................................................................................................11
4. Provider Solutions Issues.................................................................................................12
5. Data Sensitivity................................................................................................................13
Conclusion................................................................................................................................14
References................................................................................................................................17
CLOUD SECURITY AND RISK
Table of Contents
Introduction................................................................................................................................2
Discussion..................................................................................................................................3
Case Study..............................................................................................................................3
1. Security of Employee Data................................................................................................4
1.1 Existing Threats and Risks for Data Security in HR Database....................................4
1.2 Additional Risks and Threats after SaaS Migration.....................................................5
1.3 Severity of Risks and Threats in Employee Data.........................................................6
2. Privacy of Employee Data.................................................................................................8
2.1 Existing Threats and Risks for Data Privacy in HR Database.....................................8
2.2 Additional Risks and Threats after SaaS Migration.....................................................9
2.3 Severity of Risks and Threats in Employee Data.......................................................10
3. Digital Identities Issues....................................................................................................11
4. Provider Solutions Issues.................................................................................................12
5. Data Sensitivity................................................................................................................13
Conclusion................................................................................................................................14
References................................................................................................................................17
2
CLOUD SECURITY AND RISK
Introduction
Cloud computing is the major concept of IT, which solely and eventually enables the
vast accessing of every type of the collective pool of configurable system resource and the
high level service (Arora, Parashar & Transforming, 2013). These services could be quickly
provisioned with extremely lesser effort of organization with the connectivity of Internet. The
technology mainly relies on the various types of resource sharing for the purpose of achieving
the economy of scale as well as coherence, which is absolutely similar to public utilities. The
respective third party cloud is responsible for allowing the companies for focusing over their
major businesses instead of spending resources on the computer maintenance and
infrastructures (Dinh et al., 2013). The most important benefit of this particular technology is
that it allows the organizations in avoiding or minimizing the upfront IT infrastructure costs.
Cloud computing has the availability of the higher capacity networks, lower cost systems and
storage device. Moreover, the hardware virtualization, utility computing and service oriented
architecture are also utilized in this technology. The major characteristics of cloud computing
are the improvement of organizational agility, cost effectiveness, independence of devices
and locations, maintenance of the applications of cloud computing, multi tenancy, better
performance, resource pooling, increment in productivity, business continuity and disaster
recovery, high reliability, scalability, elasticity, data security and privacy and many others
(Hashem et al., 2015). The three cloud computing services are the Infrastructure as a Service
or IaaS, Platform as a Service or PaaS and Software as a Service or SaaS.
The following report explains a short discussion on the case study of Charity. There is
a small data centre with Windows Server 2008 R2 and other web services. They have
considered joining any community cloud that is being provided by the vendor of public cloud
to provide several applications to the 500 staffs and administrative users. The confidential
CLOUD SECURITY AND RISK
Introduction
Cloud computing is the major concept of IT, which solely and eventually enables the
vast accessing of every type of the collective pool of configurable system resource and the
high level service (Arora, Parashar & Transforming, 2013). These services could be quickly
provisioned with extremely lesser effort of organization with the connectivity of Internet. The
technology mainly relies on the various types of resource sharing for the purpose of achieving
the economy of scale as well as coherence, which is absolutely similar to public utilities. The
respective third party cloud is responsible for allowing the companies for focusing over their
major businesses instead of spending resources on the computer maintenance and
infrastructures (Dinh et al., 2013). The most important benefit of this particular technology is
that it allows the organizations in avoiding or minimizing the upfront IT infrastructure costs.
Cloud computing has the availability of the higher capacity networks, lower cost systems and
storage device. Moreover, the hardware virtualization, utility computing and service oriented
architecture are also utilized in this technology. The major characteristics of cloud computing
are the improvement of organizational agility, cost effectiveness, independence of devices
and locations, maintenance of the applications of cloud computing, multi tenancy, better
performance, resource pooling, increment in productivity, business continuity and disaster
recovery, high reliability, scalability, elasticity, data security and privacy and many others
(Hashem et al., 2015). The three cloud computing services are the Infrastructure as a Service
or IaaS, Platform as a Service or PaaS and Software as a Service or SaaS.
The following report explains a short discussion on the case study of Charity. There is
a small data centre with Windows Server 2008 R2 and other web services. They have
considered joining any community cloud that is being provided by the vendor of public cloud
to provide several applications to the 500 staffs and administrative users. The confidential
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
CLOUD SECURITY AND RISK
data or information is required to be secured with the help of cloud computing technology.
This report will be outlining the various and probable risks or threats to the data within the
HR database. Moreover, the risks of data after the migration of SaaS will also be provided
here. The privacy and security of data is being checked by these risks. The possible risks to
the digital identities of the charity employees for SaaS migration and issues related to ethics
will also be given here.
Discussion
Case Study
Charity is a community that is involved for locating as well as providing
accommodation, services for the mental health, and the services of training or support to all
types of disadvantaged people within this community. This community mainly runs a small
centre of data, which comprises of some 50 x 86 bit server running. The servers are database,
file services and Windows Server 2008 R2 for the desktop services. The confidentiality of the
collected PII data of the Charity is maintained eventually and these data even involves some
of the digital identities for the disadvantaged clients (Fernando, Loke & Rahayu, 2013). The
Board of the Charity is concerned regarding the security and privacy of the sensitive and
confidential data so that no data breach occurs within the community. They have taken the
decision for purchasing a HR and personnel management application from an American
organization, which provides SaaS solution. Moreover, they also wish to move the payroll of
the charity to a Commercial Off The Shelf or COTS application for managing within the
public cloud and moving their intranet to a Microsoft SharePoint PaaS for providing intranet
services to all the agencies in WofG.
CLOUD SECURITY AND RISK
data or information is required to be secured with the help of cloud computing technology.
This report will be outlining the various and probable risks or threats to the data within the
HR database. Moreover, the risks of data after the migration of SaaS will also be provided
here. The privacy and security of data is being checked by these risks. The possible risks to
the digital identities of the charity employees for SaaS migration and issues related to ethics
will also be given here.
Discussion
Case Study
Charity is a community that is involved for locating as well as providing
accommodation, services for the mental health, and the services of training or support to all
types of disadvantaged people within this community. This community mainly runs a small
centre of data, which comprises of some 50 x 86 bit server running. The servers are database,
file services and Windows Server 2008 R2 for the desktop services. The confidentiality of the
collected PII data of the Charity is maintained eventually and these data even involves some
of the digital identities for the disadvantaged clients (Fernando, Loke & Rahayu, 2013). The
Board of the Charity is concerned regarding the security and privacy of the sensitive and
confidential data so that no data breach occurs within the community. They have taken the
decision for purchasing a HR and personnel management application from an American
organization, which provides SaaS solution. Moreover, they also wish to move the payroll of
the charity to a Commercial Off The Shelf or COTS application for managing within the
public cloud and moving their intranet to a Microsoft SharePoint PaaS for providing intranet
services to all the agencies in WofG.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
CLOUD SECURITY AND RISK
1. Security of Employee Data
1.1 Existing Threats and Risks for Data Security in HR Database
The data of the employees within the Charity often faces various types of security
issues. The data is being stored in the human resources database and thus the confidential
data or information is often under stake (Rittinghouse & Ransome, 2016). Due to this type of
vulnerability, the identification of existing threats and risks is mandatory in the HR database.
The major threats or risks to the security of employee data within HR database are given
below:
i) Malware: The first and the foremost threat to data security in database is the
presence of malware. A malware can be defined as the malicious software, which is
intentionally designed for causing significant damages to the computers, computer networks
and servers (Garg, Versteeg & Buyya, 2013). This type of malicious software is responsible
for damaging the database completely in the form of an executable code, active contents and
scripts. Malware is often described as Trojan horses, computer viruses, spyware, adware and
many more. The database of the Charity can be easily hacked with the help of malware and
thus al the confidential data would be stolen.
ii) Database Injection Attack: The second type of attack that is existing for the HR
database of the Charity is the database injection attack (Hashizume et al., 2013). This type of
injection is the technique of code injection that is being utilized for attacking the data-driven
applications, where the nefarious statements of SQL can be put into to the entry fields for
proper execution.
iii) Legitimate Privilege Abuses: The users, who have been given the authority to use
the data of the employees, can easily exploit their privileges and can use the data for wrong
CLOUD SECURITY AND RISK
1. Security of Employee Data
1.1 Existing Threats and Risks for Data Security in HR Database
The data of the employees within the Charity often faces various types of security
issues. The data is being stored in the human resources database and thus the confidential
data or information is often under stake (Rittinghouse & Ransome, 2016). Due to this type of
vulnerability, the identification of existing threats and risks is mandatory in the HR database.
The major threats or risks to the security of employee data within HR database are given
below:
i) Malware: The first and the foremost threat to data security in database is the
presence of malware. A malware can be defined as the malicious software, which is
intentionally designed for causing significant damages to the computers, computer networks
and servers (Garg, Versteeg & Buyya, 2013). This type of malicious software is responsible
for damaging the database completely in the form of an executable code, active contents and
scripts. Malware is often described as Trojan horses, computer viruses, spyware, adware and
many more. The database of the Charity can be easily hacked with the help of malware and
thus al the confidential data would be stolen.
ii) Database Injection Attack: The second type of attack that is existing for the HR
database of the Charity is the database injection attack (Hashizume et al., 2013). This type of
injection is the technique of code injection that is being utilized for attacking the data-driven
applications, where the nefarious statements of SQL can be put into to the entry fields for
proper execution.
iii) Legitimate Privilege Abuses: The users, who have been given the authority to use
the data of the employees, can easily exploit their privileges and can use the data for wrong
5
CLOUD SECURITY AND RISK
purposes (Jain & Paul, 2013). This type of abuse is dangerous for any database and hence the
database of the Charity is not at all safe from the privilege abuses.
iv) Denial of Service Attacks: Another significant risk or threat that is common for
the database of the Charity is the DoS or denial of service attacks. This is done simply by
subsequently denying the confidential service of the system or database and hence the
legitimate user cannot access the sensitive or confidential data from that particular database
(Botta et al., 2016). This is extremely dangerous and often brings major vulnerabilities since
the user does not have any knowledge of this type of attack.
v) Weak Audit: The policy of weak audit solely represents the several risks or threats
in terms of detection, compliance, recovery and forensics. The indigenous database
management system and the audit capabilities significantly end up in the improper
performance degradations and are extremely susceptible to the privilege related attack.
1.2 Additional Risks and Threats after SaaS Migration
The Charity has taken the decision to move the cloud vendor for the betterment of
their business and services. SaaS or software as a service is the software licensing as well as
model of delivery, where this software is being eventually licensed on the bases of
subscriptions. This type of cloud service model can be accessed by several users with the help
of a thin client through the web browser (Arora, Parashar & Transforming, 2013). The
payroll processing system, office software, CAD software, virtualization and many more are
the major and the most significant business applications of software as a service. Therefore,
after the successful migration to this particular cloud service model, there are various
additional risks and threats. They are given below:
i) Reduction in the Visibility or Control: The first and the foremost risk after the
SaaS migration is the reduction in the visibility or control of data. When the operations or
CLOUD SECURITY AND RISK
purposes (Jain & Paul, 2013). This type of abuse is dangerous for any database and hence the
database of the Charity is not at all safe from the privilege abuses.
iv) Denial of Service Attacks: Another significant risk or threat that is common for
the database of the Charity is the DoS or denial of service attacks. This is done simply by
subsequently denying the confidential service of the system or database and hence the
legitimate user cannot access the sensitive or confidential data from that particular database
(Botta et al., 2016). This is extremely dangerous and often brings major vulnerabilities since
the user does not have any knowledge of this type of attack.
v) Weak Audit: The policy of weak audit solely represents the several risks or threats
in terms of detection, compliance, recovery and forensics. The indigenous database
management system and the audit capabilities significantly end up in the improper
performance degradations and are extremely susceptible to the privilege related attack.
1.2 Additional Risks and Threats after SaaS Migration
The Charity has taken the decision to move the cloud vendor for the betterment of
their business and services. SaaS or software as a service is the software licensing as well as
model of delivery, where this software is being eventually licensed on the bases of
subscriptions. This type of cloud service model can be accessed by several users with the help
of a thin client through the web browser (Arora, Parashar & Transforming, 2013). The
payroll processing system, office software, CAD software, virtualization and many more are
the major and the most significant business applications of software as a service. Therefore,
after the successful migration to this particular cloud service model, there are various
additional risks and threats. They are given below:
i) Reduction in the Visibility or Control: The first and the foremost risk after the
SaaS migration is the reduction in the visibility or control of data. When the operations or
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
CLOUD SECURITY AND RISK
assets are transitioned into the cloud, the organizations often lose some of the visibility or
control from those operations or assets (Hashem et al., 2015). The shift of this cloud service
models eventually lead to the paradigm shifting for monitoring of security or logging.
ii) On Demand Self Services Induce Unauthorized Uses: The on demand self
services significantly induce several types of unauthorized uses and thus enabling the
personnel of an organization for provisioning the additional services. For the low expenses
and easy implementation of SaaS, the possibility of the unauthorized uses of the cloud
services increments.
iii) Compromise in the Internet Accessible Management of APIs: Another
significant risk that is common and dangerous after the SaaS migration in the Charity is the
compromise within the internet accessed management of the APIs (Dinh et al., 2013). The
application programming interfaces, which the clients utilize for managing or interacting with
the cloud services are exposed to the public. There are numerous threats in these APIs and
these threats could be easily turned to attacks.
iv) Deletion of Data: The fourth important risk or threat after a successful SaaS
migration is the deletion of data. The threats that are linked with these data deletion
eventually exist since the client has reduced the visibility to where the data is being
physically stored within the cloud and the reduced ability for the proper verifying the security
of the data. The procedure of deletion of data is extremely easy and thus often occurs in SaaS
migration.
1.3 Severity of Risks and Threats in Employee Data
The identified risks and threats in the employee data of the Charity is being checked
as per the severity of those risks (Fernando, Loke & Rahayu, 2013). These risks are
subdivided into 4 categories. They are as follows:
CLOUD SECURITY AND RISK
assets are transitioned into the cloud, the organizations often lose some of the visibility or
control from those operations or assets (Hashem et al., 2015). The shift of this cloud service
models eventually lead to the paradigm shifting for monitoring of security or logging.
ii) On Demand Self Services Induce Unauthorized Uses: The on demand self
services significantly induce several types of unauthorized uses and thus enabling the
personnel of an organization for provisioning the additional services. For the low expenses
and easy implementation of SaaS, the possibility of the unauthorized uses of the cloud
services increments.
iii) Compromise in the Internet Accessible Management of APIs: Another
significant risk that is common and dangerous after the SaaS migration in the Charity is the
compromise within the internet accessed management of the APIs (Dinh et al., 2013). The
application programming interfaces, which the clients utilize for managing or interacting with
the cloud services are exposed to the public. There are numerous threats in these APIs and
these threats could be easily turned to attacks.
iv) Deletion of Data: The fourth important risk or threat after a successful SaaS
migration is the deletion of data. The threats that are linked with these data deletion
eventually exist since the client has reduced the visibility to where the data is being
physically stored within the cloud and the reduced ability for the proper verifying the security
of the data. The procedure of deletion of data is extremely easy and thus often occurs in SaaS
migration.
1.3 Severity of Risks and Threats in Employee Data
The identified risks and threats in the employee data of the Charity is being checked
as per the severity of those risks (Fernando, Loke & Rahayu, 2013). These risks are
subdivided into 4 categories. They are as follows:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
CLOUD SECURITY AND RISK
i) Negligible: This is the lowest or the minimal severity of risk. This type of risk could
be easily kept as negligible and does not bother much to the clients or the organizations. Due
to the negligibility of the risks, it does not even affect the confidential data of the
organization. Amongst the identified risks and threats to the employee data in the Charity, the
negligible risk is the weak audit (Rittinghouse & Ransome, 2016). This type of risk does not
directly affect the organization and hence can be termed as negligible in respect to others.
ii) Limited: The second type after negligible is the limited category of risk. This type
of risk is limited and is not excessive vulnerable than the rest. However, if in action, this type
of risk can be dangerous and can affect the organizational confidential data or information to
the most. Amongst the identified risks and threats to the employee data in the Charity, the
limited risk is the legitimate privilege abuses (Garg, Versteeg & Buyya, 2013). This type of
risk could be easily avoided with proper mitigation plans or risk avoidance techniques.
Hence, the severity is lower than the rest.
iii) Significant: The third category of risk in the risk assessment plan according to the
severity is the significant category. This particular category is much dangerous than the
previous two categories. The significant risk category is responsible for providing massive
destruction to the database and thus affecting the overall confidentiality of the data or
information of that organization. Amongst the identified risks and threats to the employee
data in the Charity, the significant risk category is the malware. This type of codes is used for
hacking the data and spreading vulnerabilities.
iv) Maximum: The final and the most dangerous type of risk is the maximum
category (Hashizume et al., 2013). The vulnerability is extremely high in this case and the
data lost could not be recovered easily and promptly. The maximum category of risk should
be avoided on time to stop the vulnerabilities. Amongst the identified risks and threats to the
CLOUD SECURITY AND RISK
i) Negligible: This is the lowest or the minimal severity of risk. This type of risk could
be easily kept as negligible and does not bother much to the clients or the organizations. Due
to the negligibility of the risks, it does not even affect the confidential data of the
organization. Amongst the identified risks and threats to the employee data in the Charity, the
negligible risk is the weak audit (Rittinghouse & Ransome, 2016). This type of risk does not
directly affect the organization and hence can be termed as negligible in respect to others.
ii) Limited: The second type after negligible is the limited category of risk. This type
of risk is limited and is not excessive vulnerable than the rest. However, if in action, this type
of risk can be dangerous and can affect the organizational confidential data or information to
the most. Amongst the identified risks and threats to the employee data in the Charity, the
limited risk is the legitimate privilege abuses (Garg, Versteeg & Buyya, 2013). This type of
risk could be easily avoided with proper mitigation plans or risk avoidance techniques.
Hence, the severity is lower than the rest.
iii) Significant: The third category of risk in the risk assessment plan according to the
severity is the significant category. This particular category is much dangerous than the
previous two categories. The significant risk category is responsible for providing massive
destruction to the database and thus affecting the overall confidentiality of the data or
information of that organization. Amongst the identified risks and threats to the employee
data in the Charity, the significant risk category is the malware. This type of codes is used for
hacking the data and spreading vulnerabilities.
iv) Maximum: The final and the most dangerous type of risk is the maximum
category (Hashizume et al., 2013). The vulnerability is extremely high in this case and the
data lost could not be recovered easily and promptly. The maximum category of risk should
be avoided on time to stop the vulnerabilities. Amongst the identified risks and threats to the
8
CLOUD SECURITY AND RISK
employee data in the Charity, the maximum categorized risks are denial of service attack and
database injection attack.
2. Privacy of Employee Data
2.1 Existing Threats and Risks for Data Privacy in HR Database
The privacy of the confidential and sensitive data or information within the HR
database of the Charity is often not checked properly. Due to the negligence in the securing
the privacy of the data, the organizations often undergo several vulnerabilities (Jain & Paul,
2013). The various existing risks and threats for the privacy of data in the HR database of the
Charity are given below:
i) Exposure of Backup Data: The first and the foremost risk for the privacy of data
within the HR database of the Charity is the exposure of backup data. All the backups were to
be encrypted and some of the vendors have the suggestions of the future database
management system products and not supporting the unencrypted backup creation. When the
backup data is exposed, the privacy and the confidentiality of the data are affected to a great
level.
ii) Poor Authentication: The second type of risk is the poor authentication and
authorization (Rittinghouse & Ransome, 2016). This type of authentication allows the
hackers or attackers in assuming the identities of the legal database users. The various attack
strategies mainly involve the brute force attack, social engineering attacks and many others.
The proper deployment of the two-factor authentication or passwords is extremely for the
authentication purposes. The authentication mechanisms for the scalability and easy to use
techniques are to be integrated with the infrastructures of enterprise directory and user
management.
CLOUD SECURITY AND RISK
employee data in the Charity, the maximum categorized risks are denial of service attack and
database injection attack.
2. Privacy of Employee Data
2.1 Existing Threats and Risks for Data Privacy in HR Database
The privacy of the confidential and sensitive data or information within the HR
database of the Charity is often not checked properly. Due to the negligence in the securing
the privacy of the data, the organizations often undergo several vulnerabilities (Jain & Paul,
2013). The various existing risks and threats for the privacy of data in the HR database of the
Charity are given below:
i) Exposure of Backup Data: The first and the foremost risk for the privacy of data
within the HR database of the Charity is the exposure of backup data. All the backups were to
be encrypted and some of the vendors have the suggestions of the future database
management system products and not supporting the unencrypted backup creation. When the
backup data is exposed, the privacy and the confidentiality of the data are affected to a great
level.
ii) Poor Authentication: The second type of risk is the poor authentication and
authorization (Rittinghouse & Ransome, 2016). This type of authentication allows the
hackers or attackers in assuming the identities of the legal database users. The various attack
strategies mainly involve the brute force attack, social engineering attacks and many others.
The proper deployment of the two-factor authentication or passwords is extremely for the
authentication purposes. The authentication mechanisms for the scalability and easy to use
techniques are to be integrated with the infrastructures of enterprise directory and user
management.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
CLOUD SECURITY AND RISK
iii) Database Protocol Vulnerabilities: The several vulnerabilities within the database
protocols eventually enable any unauthorized access of data, availability and corruption. The
attack codes are executed on the Microsoft SQL Server and on the targeted database servers.
The protocol attacks could be easily defeated by the proper validation of SQL
communications for not malforming. These types of vulnerabilities are often dangerous for
the database, since they could not be avoided.
iv) Leakage of Personal Information: The next risk to the privacy of data is the
leakage of personal information. This type of information could be easily leaked and exposed
within the cloud and hence the sensitive information loses the integrity (Fernando, Loke &
Rahayu, 2013). Leakage of personal information is extremely common and thus should be
stopped with proper measures. The best method to stop this type of vulnerability is by using
encryption and digital authentication.
2.2 Additional Risks and Threats after SaaS Migration
This specific community of the Charity has taken the decision to move their
businesses to cloud and hence they have selected software as a service or SaaS as their cloud
deployment model. However, there are various risks and threats that are extremely common
after the successful migration of the software as a service (Dinh et al., 2013). The additional
risks and threats after the SaaS migration of the Charity are given below:
i) Stolen Credentials: The most significant risk after the migration of SaaS is the
stolen credentials. With the help of access of the cloud credentials, the hacker or the attacker
can easily access to the authorized user’s services for the purpose of providing additional
resources. They even target the assets of the organization and thus the attacker can easily
leverage the resources of cloud computing for targeting the administrative uses of the
organization.
CLOUD SECURITY AND RISK
iii) Database Protocol Vulnerabilities: The several vulnerabilities within the database
protocols eventually enable any unauthorized access of data, availability and corruption. The
attack codes are executed on the Microsoft SQL Server and on the targeted database servers.
The protocol attacks could be easily defeated by the proper validation of SQL
communications for not malforming. These types of vulnerabilities are often dangerous for
the database, since they could not be avoided.
iv) Leakage of Personal Information: The next risk to the privacy of data is the
leakage of personal information. This type of information could be easily leaked and exposed
within the cloud and hence the sensitive information loses the integrity (Fernando, Loke &
Rahayu, 2013). Leakage of personal information is extremely common and thus should be
stopped with proper measures. The best method to stop this type of vulnerability is by using
encryption and digital authentication.
2.2 Additional Risks and Threats after SaaS Migration
This specific community of the Charity has taken the decision to move their
businesses to cloud and hence they have selected software as a service or SaaS as their cloud
deployment model. However, there are various risks and threats that are extremely common
after the successful migration of the software as a service (Dinh et al., 2013). The additional
risks and threats after the SaaS migration of the Charity are given below:
i) Stolen Credentials: The most significant risk after the migration of SaaS is the
stolen credentials. With the help of access of the cloud credentials, the hacker or the attacker
can easily access to the authorized user’s services for the purpose of providing additional
resources. They even target the assets of the organization and thus the attacker can easily
leverage the resources of cloud computing for targeting the administrative uses of the
organization.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
CLOUD SECURITY AND RISK
ii) Increased Complexity for IT Staffs: Another important risk that can occur after the
SaaS migration is the increased complexities for the information technology or IT staffs. The
migration to the cloud could easily introduce the complexities to the IT operations. The
management, integration and operation within the clouds will be requiring the existing IT
staff’s data. This type of risk often affects the privacy of the employees’ data or information.
iii) Insiders Attack: The privacy of the employees’ data is also affected by the
insiders’ attacks (Hashem et al., 2015). After the migration of SaaS, the cloud vendors or the
organizational employees get the access of data and thus they can easily exploit them for their
own benefit. This is known as insiders’ attack and it is common in SaaS cloud deployment
model.
iv) Insufficient Due Diligence: The Charity after SaaS migration can perform
insufficient due diligence and they can move the data to this cloud without even
understanding the scope of the data migration. The security measures get affected due to this
and various vulnerabilities occur eventually.
2.3 Severity of Risks and Threats in Employee Data
The distinct severity of these identified risks or threats for the privacy of the employee
data is dependent on four distinct categories. They are given below:
i) Negligible: This particular category deals with those risks of the Charity that are
negligible in nature. This type of risks could be easily avoided by the organizations and thus
are considered as negligible (Botta et al., 2016). Among the few identified risks, the
negligible risk of the Charity is the poor authentication. This type of risk is not at all
vulnerable and hence could be easily avoided in Charity.
CLOUD SECURITY AND RISK
ii) Increased Complexity for IT Staffs: Another important risk that can occur after the
SaaS migration is the increased complexities for the information technology or IT staffs. The
migration to the cloud could easily introduce the complexities to the IT operations. The
management, integration and operation within the clouds will be requiring the existing IT
staff’s data. This type of risk often affects the privacy of the employees’ data or information.
iii) Insiders Attack: The privacy of the employees’ data is also affected by the
insiders’ attacks (Hashem et al., 2015). After the migration of SaaS, the cloud vendors or the
organizational employees get the access of data and thus they can easily exploit them for their
own benefit. This is known as insiders’ attack and it is common in SaaS cloud deployment
model.
iv) Insufficient Due Diligence: The Charity after SaaS migration can perform
insufficient due diligence and they can move the data to this cloud without even
understanding the scope of the data migration. The security measures get affected due to this
and various vulnerabilities occur eventually.
2.3 Severity of Risks and Threats in Employee Data
The distinct severity of these identified risks or threats for the privacy of the employee
data is dependent on four distinct categories. They are given below:
i) Negligible: This particular category deals with those risks of the Charity that are
negligible in nature. This type of risks could be easily avoided by the organizations and thus
are considered as negligible (Botta et al., 2016). Among the few identified risks, the
negligible risk of the Charity is the poor authentication. This type of risk is not at all
vulnerable and hence could be easily avoided in Charity.
11
CLOUD SECURITY AND RISK
ii) Limited: The next category of risk is the limited category. This type of risk is
vulnerable than the negligible risk, however, is less vulnerable from significant and
maximum categories. Amongst the few identified risks, the limited risk of the Charity is
leakage of personal information. This type of risk can be mitigated or reduced with the
implementation of proper measures within the organizational database and thus the privacy of
data is maintained.
iii) Significant: The third type of risk is the significant risks. This type of risk is
dangerous and if measures are not taken on time, it can be extremely vulnerable for the
organization (Jain & Paul, 2013). Amongst the few identified risks, the significant risk of the
Charity is exposure of backup data. The hackers can easily use these data with wrong
intentions and purposes.
iv) Maximum: The fourth and the final category of risk is the maximum category.
This is considered as the most vulnerable risk from all the remaining risks. Amongst the few
identified risks, the maximum risk of the Charity is database protocol vulnerability.
The above mentioned severity classification clearly classifies the identified risks or
threats of the employees’ data privacy after the successful migration of SaaS of the Charity.
3. Digital Identities Issues
Digital identities can be defined as the information or entities that are utilized by the
computer systems for properly representing any external agent. This particular agent can
either be a person, or an organization, an application or a specific device. The confidential
information is contained within a digital identity and it eventually allows the authentication
and assessment of the user that is interacting with the business systems over the web (Garg,
Versteeg & Buyya, 2013). This type of interaction does not involve any human operator. The
digital identities enable the access to systems or services, they are providing for being
CLOUD SECURITY AND RISK
ii) Limited: The next category of risk is the limited category. This type of risk is
vulnerable than the negligible risk, however, is less vulnerable from significant and
maximum categories. Amongst the few identified risks, the limited risk of the Charity is
leakage of personal information. This type of risk can be mitigated or reduced with the
implementation of proper measures within the organizational database and thus the privacy of
data is maintained.
iii) Significant: The third type of risk is the significant risks. This type of risk is
dangerous and if measures are not taken on time, it can be extremely vulnerable for the
organization (Jain & Paul, 2013). Amongst the few identified risks, the significant risk of the
Charity is exposure of backup data. The hackers can easily use these data with wrong
intentions and purposes.
iv) Maximum: The fourth and the final category of risk is the maximum category.
This is considered as the most vulnerable risk from all the remaining risks. Amongst the few
identified risks, the maximum risk of the Charity is database protocol vulnerability.
The above mentioned severity classification clearly classifies the identified risks or
threats of the employees’ data privacy after the successful migration of SaaS of the Charity.
3. Digital Identities Issues
Digital identities can be defined as the information or entities that are utilized by the
computer systems for properly representing any external agent. This particular agent can
either be a person, or an organization, an application or a specific device. The confidential
information is contained within a digital identity and it eventually allows the authentication
and assessment of the user that is interacting with the business systems over the web (Garg,
Versteeg & Buyya, 2013). This type of interaction does not involve any human operator. The
digital identities enable the access to systems or services, they are providing for being
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 19
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.