Cloud Privacy and Security: Risks and Threats for Charity

Verified

Added on  2023/06/08

|25
|6717
|441
Report
AI Summary
This report examines the cloud privacy and security challenges faced by a charity organization that provides mental health and support services. It analyzes the risks and threats to employee data within the context of in-house HR databases and the move to SaaS applications. The report identifies various security vulnerabilities, including excessive database privileges, SQL injection attacks, malware, and unpatched databases. It also discusses additional risks such as unmanaged databases, human factors, and malicious insiders. The analysis extends to the privacy of employee data, addressing web tracking, data collection practices, and lack of security measures. The report explores digital identity issues and provider solution concerns, emphasizing the importance of data sensitivity and jurisdiction. It provides insights into protecting sensitive information, mitigating cyber threats, and ensuring compliance with data protection regulations. The report also discusses the implications of shared technology vulnerabilities in cloud environments. Overall, the report offers a comprehensive overview of the security and privacy considerations relevant to the charity's transition to cloud-based services.
Document Page
Running head: CLOUD PRIVACY AND SECURITY
Cloud privacy and security
Name of the student:
Name of the university:
Author Note
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
1CLOUD PRIVACY AND SECURITY
Executive summary
The task of the digital identity crisis is to explore data across the Internet. Here a charity organisation
is considered, engaged in finding and providing mental health services, support services to people.
Here, data help by the charity on employees within HR systems. Moreover, it analyses data privacy
for employees to implement SaaS cloud applications. Besides, different operational locations and
resolution methods are discussed. A jurisdiction or data sensitivity is investigated that is related to
this company involved in charity.
Document Page
2CLOUD PRIVACY AND SECURITY
Table of Contents
Introduction:..........................................................................................................................................3
1. Security of Employee Data:...............................................................................................................3
1.1. Current threats and risks of data security in-house HR database:..............................................3
1.2. Additional risks and threats to employee data:...........................................................................5
1.3. The resulting severity of risk and threat to employee data:........................................................6
2. Privacy of Employee Data:................................................................................................................8
2.1. Privacies for HR database:..........................................................................................................8
2.2. Privacy of Employee Data:.......................................................................................................10
2.3. Assessing resulting severity of risk and threat to the privacy of employee data:.....................12
3. Digital Identity Issues:.....................................................................................................................14
4. Provider Solution Issues:.................................................................................................................16
5. Data Sensitivity:...............................................................................................................................18
Conclusion:..........................................................................................................................................19
References:..........................................................................................................................................21
Document Page
3CLOUD PRIVACY AND SECURITY
Introduction:
Digital Identity Crisis has explored how much data is stored on the Internet. Here, only a
little of that data is owned and maintained by individuals. Here a charity is considered that is
engaged in seeking and delivering mental health services, support services, accommodations to a
various disadvantaged individual in that community.
Here the cloud vendors have made presentations indicating operational expenses that are
intended to decline dramatically as the cloud model gets adopted. Here data breaches are considered
colossal damage to disadvantaged people in that community.
In this study, information held by the charity over the employees in the present HR systems
is considered. Further, data privacy for those staffs moving towards SaaS applications, risks and
threats to digital reorganisations of charity employees to move to SaaS applications are analysed.
Here, various discussions on operational locations and solutions of SaaS provider for HR manager
are considered. This also includes jurisdiction or data sensitivity that is regarded as by charity.
1. Security of Employee Data:
1.1. Current threats and risks of data security in-house HR database:
The various threats are as follows:
Essential multiple threats are identified below.
Excessive
privileges
As the employees are granted with default database privileges exceeding the
necessities of job functions, the opportunities can be abused. For instance, the
bank employees who task needs the capability of changes to accounting
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
4CLOUD PRIVACY AND SECURITY
holder contacts data has been taking advantage of additional database
privileges and rise the account balance of savings account. Moreover, the
charity has failed to upgrade access privileges for staffs that can change roles
under that company (Feher, 2015).
Legitimate
privilege abuses
Users has been able to abuse legal database privileges as per various
unauthorised purposes.
Database injection
attacks
Here two primary kinds of database injection attacks are different SQL
injections. This includes targeted conventional database systems. This also
includes NoSQL injections targeting big data platforms of this charity. Here
the vital point is to find out that there have been various big data solutions that
are impervious to injection attacks of SQL. The reason is that they have never
actually used SQL based tools still susceptible to similar kinds if a first class
of attacks. Here, at both the types is successful input attack provides the
attackers with unrestricted access to complete database (Wise & O’Byrne,
2015).
Malware Further, perennial risk or malware is utilised for stealing sensitive data
through legitimate users through infected devices.
Storage media
exposures
The backup storage media has been wholly unprotected from those attacks.
Thus various securities have been involving theft of database disks and tapes
for backups. Moreover, any kind of failures to monitor and audits for
administrators having low-level access regarding sensitive information put
data to risks (Adjei, 2018). Considering proper measures in protecting backup
copies of confidential information and monitoring has been used for highly
privileged users that have not possessed that data. Various regulations also
Document Page
5CLOUD PRIVACY AND SECURITY
mandate this.
Exploitation of
vulnerable
databases
This takes the charity months in patching databases. At this time they stay
vulnerable. Here, the attackers are aware that how to exploit how “unpatched”
databases have default accounts and configured parameters. Moreover,
unfortunately, the charity has struggled on top to maintain database
configurations as the patches are available (Pounders et al., 2017).
Furthermore, there have been problems including high workloads and
mounting of backlogs for related database administration, complicated and
time-consume necessities for testing patches and challenges to find
maintenance window for taking down and working on as they are classified as
a business-critical system.
1.2. Additional risks and threats to employee data:
There have been typical problems including huge workloads and different backlogs that are
mounting for related database administrators, time-consuming and complicated requirements to
testing various parches and issue to find maintenance window for taking down and writing on what
is commonly referred to as business-critical systems (Taylor, Fritsch & Liederbach, 2014).
Unmanaged
sensitive
information
Various organisations have struggled to control an accurate inventory of HR
databases and critical data objects within them. Different forgotten databases
have contained confidential information. New databases have emerged instead
of visibility to the security team.
Human factor Here the cause of some of the incidents of a data breach has been human
negligence. Commonly this has been because of the lack of expertise needed o
Document Page
6CLOUD PRIVACY AND SECURITY
to deploy security measures, enforce policies or conducting processes incident
responses.
1.3. The resulting severity of risk and threat to employee data:
The resulting dangers and dangers include analysing database vulnerabilities and recognising
of compromised endpoints and classification is sensitive information. This also includes lack of lack
controlling user access rights and to remove high privileges and different dormant users (Rodriguez
& Sanchez, 2015). Further, there are monitoring of every database tasks and patterns of usages in
real time for defining unauthorized SQL, significant data transactions and data leakages along with
stacks of systems and protocols. Moreover, there has been unblocking of various malicious web
requests. Besides, there are automation of auditing with database auditing and protecting platforms.
Furthermore, there has been arching of encrypting databases and external data. Apart from
this, there has been a training of employees over risk-mitigation tools including how to identify
various cyber threats like spear-phishing attacks. This also includes best practices through online and
e-mail utility and managing of passwords. It must also be reminded that any failure to enforce
training and creating a work culture that is security conscious raises the scope of a security breach.
Malicious insider They have been posing a high threat to cloud security. As the
customer data gets hosted at CSP pr Cloud Service Providers, there are
possibilities for rogue administrators working or CSP that might use
the privilege to steal different unprotected data (Baym, 2015). There
has been a real attempt of brute force attacks over passwords,
customer data and downloading sensitive customer information.
Online cyber theft Here the authority has been storing sensitive information in
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7CLOUD PRIVACY AND SECURITY
cloud turning into an attractive target to various online thefts. These
thieves have been stealing passwords for accessing accounts of users.
At many times, there have been automated scripts for particular
scanning kind of weakness around the Internet.
Data loss here maximum of those losses of information has been
happening due to misplacing data and accidentally deleting that. As
there is strict access controls not followed by users or cloud providers,
there are possibilities for intruders to eradicate that data. Apart from
these different malicious people and dissatisfied employees gaining
access to that system because of related access controls can develop
havoc by removing customer information.
Account hijacking This happens as the hacker or intruders have been getting
access to different cloud services. This takes place by stealing login
credentials with the help of social engineering and phishing (Sullivan,
2015). This has resulted in compromised economic data having stolen
intellectual properties and various severe problems for that business.
Numerous
insufficient due diligence
The charity has moved to the cloud despite any understanding
of service provider scenario and complete scope of the undertaking.
Here, an operational role like incident reactions, security monitoring
and data encryptions has been taking hot of the charity has not been
due diligence before choosing cloud service providers.
Shared technology
vulnerabilities
Here one of the primary concepts beyond cloud has been to
share universal system among numerous consumers an idea known as
multitenancy. Moreover, most of the elements such as CPU cache,
Document Page
8CLOUD PRIVACY AND SECURITY
cache and GPU and many more have not been designed for providing
strong isolation elements for multitenant architecture (Grassi, Garcia
& Fenton, 2017).
2. Privacy of Employee Data:
2.1. Privacies for HR database:
Web tracking:
The web is to be browsed at any time, and various adverts can be noticed across multiple
sites that are filled with products that have been searched earlier. The reason is that they are tracked.
These web site cookies have been periodically monitored for web browsers through data inserted
into a browser. However, there have been various tools like MAC address and tracking of accounts
used to see what one have been performing ion the web.
As some people have not been minding that, preference to that have adverts served through
to them that are relevant to those interests and some has been finding that an invasion to digital
privacy. However, there has been data that has been vital to developers, advertisers and companies.
Thus there has been the lot more tracking moving on as default (Cummins et al., 2015). As one is
concerned regarding online monitoring, there has been worth delivering to privacy settings of
different apps, web browsers and services. This is to assure that the set to provide privacy level
needed. On the other hand, there have been anti-tracking tools and browser extensions for keeping
those activities within wraps.
Document Page
9CLOUD PRIVACY AND SECURITY
Data collection:
This tracking has been following people at real-time, various internet agencies and services
can gather browsing data and share computer and router the MAC addresses with third-party
companies and advertisers (Mannerström et al., 2018). These data companies comprise no direct
interacting that can create a pretty good profile of internet web browsing and habits. As this extends
to mobile applications offering services and ask to access phone number, contracts and various more
profound phone activities.
Apart from this, different services such as Google Maps are also able to track real-time and
common location by default. However, there has always been being stalked by faceless technology
agencies. This is the price people have needed to accept for free services and applications. Here
some data has been efficiently surrendering that has been pretty invasive.
Lack of security:
Further, various online services and websites have never possessed the latest and robust
guards that have been leaving data that could behold and data flowing to computer and web servers
at risks within hackers.
For example, websites using the now-outdated HTTP web communication standard, lack of
encrypted connections between smartphones and computers with that could be connected. This
indicates data were moving between a couple of points that can be controlled by charity and stolen
by hackers for different nefarious reasons. Besides, there have been servers supporting online
services and websites that one can find (Jarvenpaa & Teigland, 2018). Here cybercriminals have
been accessing some of the individual credentials and infringing on privacy that has been paving this
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
10CLOUD PRIVACY AND SECURITY
way towards identity thefts and fraud. To avoid such problems, this has been worth through to use
sites encrypted connections and assure that there is upgraded software related to cybersecurity.
Since one is unable to prevent web servers from getting hacked, through various tools such as two-
factor authentications and keeping an eye over for legitimate warnings alerting to actual breaches of
data is helpful to personal information security (Lewis et al., 2016).
Connection to everything:
Various smart TVs, thermostats, fridges and speakers can seem like futuristic tech. However, this
has been posing a threat to security.
2.2. Privacy of Employee Data:
Data Access Risk:
Since there has been providing of data to the third party. Various users have been concerned
regarding who can get access. This has seemed out of control and a new fear of potential
dissemination, corruption and deletion of data by authorised people (Lam, 2014). This has been a
specific major worry for users planning to store sensitive information that becomes detrimental as it
ends up in the hands of others, particularly in competition.
Instability:
Stability and security are actual pillars holding useful SaaS software. These services ahs
ruined into a favourite double-edged sword. Besides, it has meant more options for users and
keeping up with a competition. Moreover, every individual is unable to keep up with the rise in the
market. Further, in the end, employed providers have been shutting down. The reason is that they
have no longer competed (Kromer et al., 2016).
Document Page
11CLOUD PRIVACY AND SECURITY
Lack of transparency:
SaaS providers have been assuring and secretive towards their clients. This indicates that
they have been better at keeping data secure than others. In the minimal form, they have been
confirming that they can acquire data and fields more proficiently than the customers. Besides, there
has been not every user taking words at face value (Olson & Wu, 2015). Moreover, there have been
various concerns about lack of transparency of providers regarding how the complete security
protocol can be handled. However, it has been a subject of interest.
Identity theft:
SaaS has always needed payment around credit cards that can do in distant places. This has
been a fast and convenient method. However, this has not is a concern of some users regarding
various risks implied by it.
The uncertainty of data location:
It is seen that the maximum of SaaS providers have disclosed where the data centres have
been. This is the reason they should be aware of regulations that are placed but FISMA or Federal
Information Security Management. This states that the necessities of customers in keeping sensitive
data have been within the nation.
Paying upfront and long-term:
Here economic security has been a problem that was born out of an agreement to utilise SaaS
providers. Here, most of them have needed payment upfront. This must be for long term. As one is
unsure that how long they require their service and anything in their policy can change over time
(Flynn-O'Brien et al., 2017). This is the concern regarding investing in potentially crucial; part of a
chevron_up_icon
1 out of 25
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]