Data Risk Assessment: Cloud Privacy and Security Considerations

Verified

Added on 2023/06/10

AI Summary

This report provides a comprehensive risk assessment of cloud privacy and security, particularly concerning data storage solutions. It examines security threats to employee data, including data backup issues, email phishing, SQL injection vulnerabilities, and the importance of timely updates. The report also addresses privacy concerns related to sensitive employee data, digital identity issues arising from the absence of robust identity services and secure data connectors, and the complexities of password management. Furthermore, it delves into provider solution issues, specifically security and privacy challenges associated with SaaS, such as data availability, integrity, access control, storage, retention, destruction, and compliance. The analysis concludes with a discussion of data sensitivity, highlighting ethical and legal implications related to the collection, storage, and access of employee information, emphasizing the need for organizations to prioritize data protection to avoid ethical breaches and legal liabilities. Desklib provides access to similar solved assignments and study resources for students.

Running head: Cloud privacy and security
Cloud privacy and security
Name of the Student
Name of the University
Author note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

2
Cloud privacy and security
Table of Contents
1. Security of Employee Data....................................................................................................3
1.1 Security threat impact:.....................................................................................................4
2. Privacy of Employee Data.....................................................................................................4
3. Digital Identity Issues:...........................................................................................................5
4. Provider Solution Issues:........................................................................................................6
4.1 Security issues with SaaS:................................................................................................6
4.2. Privacy issues with SaaS:................................................................................................7
4.2.1. Impact of privacy issue:...........................................................................................8
5. Data Sensitivity......................................................................................................................8

3
Cloud privacy and security
1. Security of Employee Data
While considering the in-house HR database for storing the employee data there are
two major threats for the security of the data:
Data backup:
The data backup is a major issue when considering the security of the data. When the
data is stored in the database there should be a proper data backup. Now the problem with the
local host is that it comes with a limited storage as the cost of storage is quite huge. Due to
limitation in storage, the data is often kept as it is without proper backup. Now the data stored
into the database is subject to corruption due to data hack and several other issue (Cai et al.,
2018). Now if anyhow the data is corrupted and if there is not proper backup for the data,
then the data is not possible to retrieve. Hence it process a strong security threat to the
database.
Email phishing:
The user of the database might be tweaked into accessing email that might contain
malicious code, which when run on the system will provide the hacker full administration on
the system (Jackson, 2016). Once the administrative access is provided, it is possible to
modify the system setting on which the database and the server is running. Now due to less
technical expertise, this kind of things happens as it becomes difficult for the users to identify
which email is malicious or not. Hence this a security challenge for the system.
SQL injection:

4
Cloud privacy and security
SQL injection is one of the common threats for the database running on SQL server. It
is a common method for gaining access to the database server. The SQL injection is aimed
for stealing user name and password that helps to modify the database and the contained data
(Jukic, 2016). The access to the database include permission for both read and write. The
SQL injection is quite popular among the hackers as it is easier to implement and often works
well with database where the security methods are not that strong.
Timely update:
Timely update is another major issue with the database security. The problems with
the in-house database is that the servers are not updated timely. Without updated security
patches the server becomes vulnerable to hacks (Grycuk, 2015).
1.1 Security threat impact:
Area of security threat Impact
Data backup High
Email phishing Low
SQL injection Medium
Timely update High
2. Privacy of Employee Data
The data privacy and the data security might seem two different concept, but both of
the issues are interconnected. If the data in the database is not secured it will directly affect
the data privacy. The database that is designed for storing the employee data is quite sensitive
in nature. It contains several personal data of the employees (Zhao, 2014). These data include

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

5
Cloud privacy and security
details like ID card, passport, date of birth and several other sensitive data like financial
details including payroll and account numbers. As there is a concern for data security like
lack of data storage, security updates, SQL injection, the data privacy is directly affected. As
the information stored in the database is directly connected with the privacy of the employee,
loss of these data means the privacy of the employee will be affected largely. Hence the in-
house database is subject to information security and privacy threat. Hence it is a major
concern for the organization as well.
3. Digital Identity Issues:
Absence of identity services:
Not every cloud providers offering SaaS application support is aware or care about
integrating strong identity services with the cloud platform. Cloud providers often prefer to
compromise with the quality of the security standards and focus more in offering cheap cloud
solutions for the customer for maintaining large customer base (Lee & Zheng, 2015). With
proper security tools like strong digital identity solutions, the cost of the service will
significantly increase. Without a proper identity service the access to the database will not be
secured as the service will not be able to distinguish between a lot of users that might have or
have not access to the database. This process a threat for the organizational data stored in the
cloud.
Absence of secure data connector:
The presence of secure data connector will ensure that access to the data base is safe
and secure. The data connector helps to make an encrypted connection between user data and
the applications. Due to this, in every session there is an access to the applications and the
database, the data transfer is secured with proper encryption. The encryption is necessary for
protecting the data (Singh & Chatterjee, 2017). Only the users who have the proper access to

6
Cloud privacy and security
the application will be able to interpret the encrypted data. As a result it strengthens the
identity management process. However, only few large companies like google has this for
securing the user data in the cloud. Most of the cloud providers does not include this feature
to the cloud service for technical complexity and cost which always put the application
related data at risk due to lack of proper encryption. Companies that offer this feature is not
that strong either.
Complexity of password management:
Now in order to access several SaaS application, user needs to care for several
security tolls and also need to have several password for each application. Now having
different password for each application may seem obvious, it needs stronger password
management system. However most of the service provider wants the customer to manage
own password and this is where the customer are not so good. They in turn opt for choosing
either easy password or same password for different applications. In both the approach, there
is a serious threat to the digital identity that belongs to a specific customer.
4. Provider Solution Issues:
4.1 Security issues with SaaS:
Although the SaaS cloud platform improves some security issue of the in-house
database like data storage and security updates, it has some own security issues as well.
These issues are:
Data availability:

7
Cloud privacy and security
If the cloud server faces disruption, whatever be the reason, it will hamper a lot of
users than if it was the case in the in-house database system. Data availability ensures that the
user gets data access whenever it is needed (Puthal et al., 2015). Hence it is a major issue for
the cloud service.
Data integrity:
As data is transferred to a remote location, integrity of data is always a challenge for the
cloud service. Proper integrity of the data is must for better security (Kalleswari et al., 2018).
Data access:
As the data is transferred outside the company premise, sometime the data access is
not complied with the internal organizational policies and hence the right to the data is
sometime violated which affect the confidentiality of the data, hence compromises the data
security (Durairaj & Manimaran, 2015).
4.2. Privacy issues with SaaS:
Access:
The problem of data access is major privacy issue with the SaaS cloud platform. As
the service is provided over the internet, if the connection is not properly encrypted the
personal data communicated over the internet might get hacked (Almorsy, Grundy & Muller,
2016).
Storage:
The storage of the personal data over the cloud is not always complied with the data
privacy rule which might hamper the organization if data breaches occurs (Sethi & Sruthi ,
2018).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

8
Cloud privacy and security
Data retention and destruction:
Once the personal data is deleted by the owner, it is not specified by the cloud
provider like how long the retained in the cloud. If the data is acquired by someone else it
will create privacy issue (Fernandes et al., 2014).

9
Cloud privacy and security
Compliance:
Often the service provided by the cloud providers does not comply with the internal
privacy law and it is a challenge for the organization to monitor whether the service has
compliance issue or not (Khan, 2016).
4.2.1. Impact of privacy issue:
Area of security threat Impact
Data access High
Data storage High
retention and destruction Medium
Compliance High
5. Data Sensitivity
In house HR management system is an important resource for any company. The
database contains several information about the employees of the organizations. These
information are not only important for the organizations but for the employees as well.
Maintaining these information safe and secured is the top most priority of every organizations
as there might be several ethical and legal issues associated with the collection and access of
those information (Warren, 2015). These information are particularly becomes sensitive in
nature as it contains financial data like payroll and benefit data, the information becomes
highly sensitive in nature:
Ethical issues:
The information that is collected for the HR database, should have the permission of
the employee. But most of the time organizations does not bother about the permission of the

10
Cloud privacy and security
employee before the information about them is collected for official use (Warren, 2015). If
there are some issues with the data and the employee later sue the organization on the basis of
the ethical issue as collecting personal data without the concern of the individual is always
unethical. Hence the organization might face ethical issue if the organization is unable to
secure the information form misuse.
Legal issue:
If the organization fails to secure the data or if the data is lost or somehow stolen, the
company might be subject to legal issue (Short, 2017). The person who submit the data to the
organization has the full right to take legal action if the data is not protected properly. Even if
the data is made safe against external hack, the data collection have to comply with the local
legislation or international data compliance rules to avoid any legal actions.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

11
Cloud privacy and security
Reference:
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing privacy
problem. arXiv preprint arXiv:1609.01107.
Cai, M., Grund, M., Gupta, A., Nagel, F., Pandis, I., Papakonstantinou, Y., & Petropoulos, M.
(2018). Integrated Querying of SQL database data and S3 data in Amazon
Redshift. IEEE Data Eng. Bull., 41(2), 82-90.
Durairaj, M., & Manimaran, A. (2015). A study on security issues in cloud based e-
learning. Indian Journal of Science and Technology, 8(8), 757-765.
Fernandes, D. A., Soares, L. F., Gomes, J. V., Freire, M. M., & Inácio, P. R. (2014). Privacy
issues in cloud environments: a survey. International Journal of Information
Security, 13(2), 113-170.
Grycuk, R., Gabryel, M., Scherer, R., & Voloshynovskiy, S. (2015, June). Security
challenges for storing visual data based on WCF and microsoft SQL server database.
In International Conference on Artificial Intelligence and Soft Computing (pp. 715-
726). Springer, Cham.
Jackson, J. (2016). Sql: the security issues individual should be aware of (Volume 1).
Jukic, N., Vrbsky, S., & Nestorov, S. (2016). Database systems: Introduction to databases
security and data warehouses. Prospect Press.
Kaleeswari, C., Maheswari, P., Kuppusamy, K., & Jeyabalu, M. (2018). A Brief Review on
Cloud Security Scenarios.
Khan, M. A. (2016). A survey of privacy issues for cloud computing. Journal of network and
computer applications, 71, 11-29.

12
Cloud privacy and security
Lee, C. H., & Zheng, Y. L. (2015, June). The issue of digital identity of cloud computing,
IEEE International Conference on (pp. 426-427). IEEE.
Puthal, D., Sahoo, B. P. S., Mishra, S., & Swain, S. (2015, January). Cloud computing
features, issues, and challenges: a big picture. In Computational Intelligence and
Networks (CINE), 2015 International Conference on (pp. 116-123). IEEE.
Sethi, S., & Sruti, S. (2018). Cloud privacy Issues and Challenges. In Cyber Security and
Threats: Concepts, Methodologies, Tools, and Applications (pp. 77-92). IGI Global.
Short, C. I. (2017). ChromaStarDB: legal concern for SQL Database-driven Spectrum
Synthesis and More. Publications of the information Society of the Pacific, 129(979),
094504.
Singh, A., & Chatterjee, K. (2017). Cloud security issues and challenges of protecting digital
identity: A survey. Journal of Network and Computer Applications, 79, 88-115.
Warren, T. (2015). SQL Database Programming: The Ultimate Guide to ethical issues in
storing employee data in HR Database.
Zhao, G., Lin, Q., Li, L., & Li, Z. (2014, November). Security challenges and privacy issue in
Schema conversion model of SQL database to NoSQL. In P2P, Parallel, Grid, Cloud
and Internet Computing (3PGCIC), 2014 Ninth International Conference on (pp. 355-
362). IEEE.