Cloud Privacy and Security: Provider Solutions and Data Sensitivity
VerifiedAdded on 2023/06/08
|17
|5315
|326
Report
AI Summary
This report provides a comprehensive overview of cloud privacy and security considerations for organizations moving to public cloud vendors. It addresses key issues related to the security and privacy of employee data, highlighting potential vulnerabilities such as insecure network access and web a...
Running head: CLOUD PRIVACY AND SECURITY
CLOUD PRIVACY AND SECURITY
Name of the Student
Name of the University
Author Note
CLOUD PRIVACY AND SECURITY
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
2CLOUD PRIVACY AND SECURITY
Table of Contents
Introduction................................................................................................................................3
Security of employee data..........................................................................................................3
Privacy of employee data...........................................................................................................4
Digital identity issue..................................................................................................................6
Provider solution issue...............................................................................................................7
Data sensitivity...........................................................................................................................7
Conclusion..................................................................................................................................9
References................................................................................................................................10
Table of Contents
Introduction................................................................................................................................3
Security of employee data..........................................................................................................3
Privacy of employee data...........................................................................................................4
Digital identity issue..................................................................................................................6
Provider solution issue...............................................................................................................7
Data sensitivity...........................................................................................................................7
Conclusion..................................................................................................................................9
References................................................................................................................................10
3CLOUD PRIVACY AND SECURITY
Introduction
The concept of cloud computing can be considered one of the most advanced sectors
which can be related to the latest technology which are in use in recent times. The technology
is being adopted by most of the organisation due to the factor that there is a vast field of
advantage which can be achieved from the concept. The main aim of the concept of the
adaptation is that to exhibit different security aspects in the data which is stored in the
concept of the cloud (Ali, Khan & Vasilakos, 2015). Despite the different risk factors which
are involved in the technology the field of advantage which can be achieved from the concept
is very much on the higher end. The cloud concept helps the organisation to concentrate more
on the critical internal activity of the organisation rather than spending time on data security
and other aspects which are taken care of by the cloud providers. Most of the data which is
saved in the concept of the cloud can be considered to be very much crucial so it can be
stated here that the security of the data can be considered as one of the major priority in this
concept. There are different types of the provision of data security which are implemented by
the cloud provider so that there is no unethical activity possess in the data (Avram, 2014). In
the concept of cloud, there is not the only aspect of storing of data of the organisation, but it
can be used for other purposes as different types of services (SaaS, PaaS and Iaas) which can
be very much beneficial for the organisation
The main aim of the report is to take into consideration different aspects which are
related to the concept of cloud computing. The community-based charity organisation is
planning to move to a public cloud vendor to provide some services. Taking into
consideration the different movement aspects are taken into consideration in the report, and
the overall parameters of the cloud are majorly discussed in the report.
Introduction
The concept of cloud computing can be considered one of the most advanced sectors
which can be related to the latest technology which are in use in recent times. The technology
is being adopted by most of the organisation due to the factor that there is a vast field of
advantage which can be achieved from the concept. The main aim of the concept of the
adaptation is that to exhibit different security aspects in the data which is stored in the
concept of the cloud (Ali, Khan & Vasilakos, 2015). Despite the different risk factors which
are involved in the technology the field of advantage which can be achieved from the concept
is very much on the higher end. The cloud concept helps the organisation to concentrate more
on the critical internal activity of the organisation rather than spending time on data security
and other aspects which are taken care of by the cloud providers. Most of the data which is
saved in the concept of the cloud can be considered to be very much crucial so it can be
stated here that the security of the data can be considered as one of the major priority in this
concept. There are different types of the provision of data security which are implemented by
the cloud provider so that there is no unethical activity possess in the data (Avram, 2014). In
the concept of cloud, there is not the only aspect of storing of data of the organisation, but it
can be used for other purposes as different types of services (SaaS, PaaS and Iaas) which can
be very much beneficial for the organisation
The main aim of the report is to take into consideration different aspects which are
related to the concept of cloud computing. The community-based charity organisation is
planning to move to a public cloud vendor to provide some services. Taking into
consideration the different movement aspects are taken into consideration in the report, and
the overall parameters of the cloud are majorly discussed in the report.
You're viewing a preview
Unlock full access by subscribing today!
4CLOUD PRIVACY AND SECURITY
Security of employee data
In the concept of the cloud, there can be different issues which are related to the
employee data security. The main aspect which can be stated here that who has the overall
access of the data. The security aspect of the data can be judged directly from the aspect of
the different security solution which is provided from the end of the cloud providers. There
are different methods which can be used for the attackers to attack the cloud environment.
When there is an insecure network phone to access the network directly, the user can get
hacked or get attacked. On the other hand, the contractor of the network uses the application
of web that has a vulnerability which is embedded, it can be a backdoor which is not
protected, and in such situation, the user can get attacked.
In some of the situation it can be stated that during the password transfer between the
user and the cloud providers, the account can be hacked. The nature of cloud computing it
can be stated that it involves some of the ceding control from the aspect of the customer to
the providers of the service (Avram, 2014). The aspect of security and control cannot be
related to each other. According to research, it can be stated that data security in the concept
of cloud computing is potentially superior to the security in a corporate data centre due to the
same technique which drives so much good through the marketplace: division of labour and
economics of scale. Due to the security cost are distributed among a large number of
customers in the centre of the cloud, the cloud providers are very much able to apply far more
resources in the physical, operational security measure and technical (Ali, Khan & Vasilakos,
2015). The security measures which are implemented are far better than the security aspects
which are delivered by the government agencies and most of the corporations. Most of the
large providers of cloud also implement operating multiple data centre with replicated data
across facilities to safeguard the data from intruders. The core business which is related to the
operation of cloud service providers is delivering IT services and operating.
Security of employee data
In the concept of the cloud, there can be different issues which are related to the
employee data security. The main aspect which can be stated here that who has the overall
access of the data. The security aspect of the data can be judged directly from the aspect of
the different security solution which is provided from the end of the cloud providers. There
are different methods which can be used for the attackers to attack the cloud environment.
When there is an insecure network phone to access the network directly, the user can get
hacked or get attacked. On the other hand, the contractor of the network uses the application
of web that has a vulnerability which is embedded, it can be a backdoor which is not
protected, and in such situation, the user can get attacked.
In some of the situation it can be stated that during the password transfer between the
user and the cloud providers, the account can be hacked. The nature of cloud computing it
can be stated that it involves some of the ceding control from the aspect of the customer to
the providers of the service (Avram, 2014). The aspect of security and control cannot be
related to each other. According to research, it can be stated that data security in the concept
of cloud computing is potentially superior to the security in a corporate data centre due to the
same technique which drives so much good through the marketplace: division of labour and
economics of scale. Due to the security cost are distributed among a large number of
customers in the centre of the cloud, the cloud providers are very much able to apply far more
resources in the physical, operational security measure and technical (Ali, Khan & Vasilakos,
2015). The security measures which are implemented are far better than the security aspects
which are delivered by the government agencies and most of the corporations. Most of the
large providers of cloud also implement operating multiple data centre with replicated data
across facilities to safeguard the data from intruders. The core business which is related to the
operation of cloud service providers is delivering IT services and operating.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
5CLOUD PRIVACY AND SECURITY
An expertise level of security and experience are brought together in the concept of
data security by the managed cloud service providers. It can be stated here that security
expertise and technologies in the data of the cloud may surpass that in different data centres
of the corporation there is a valid concern which is related to the security. In what it is
referred to as a “fourth tier” of the architecture of the cloud: the public internet through which
the services of the cloud are delivered to the end user.
Privacy of employee data
The privacy of the data in the concept of the cloud can be considered to be very much
important. The concept is due to the factor that in most of the cases crucial data of the
organisation are saved in the concept of the cloud. If there is any privacy issue in the data, it
would be very much a loss for the organisation. Sometimes it can be stated that attackers tend
to get hold of the data into the concept of the cloud for their gains. The loss of privacy which
is related to the cloud provider can be considered as a serious threat relating to
confidentiality, data integrity, and the principle of privacy. There was a resolution which was
passed in the year 2009 from fifty countries relating to the security of the data. It stated that
there was an urgent requirement of the setting of privacy laws within the world without any
boundary set between them and achieve a proposal for an international standard of law. Its
direct motive is to define a set of right and principle which has guaranteeing internationally
and uniformly with regards to the processing of data and facilitate the international flow of
inherent personal data in the globalised world.
The complexity of risk assessment
The complexity which is related to the service provider of the cloud has introduced
some parameters. The consumers and the service providers are cautioned respectively about
the guarantee which is related to the compliance services which are ready and adopting a
An expertise level of security and experience are brought together in the concept of
data security by the managed cloud service providers. It can be stated here that security
expertise and technologies in the data of the cloud may surpass that in different data centres
of the corporation there is a valid concern which is related to the security. In what it is
referred to as a “fourth tier” of the architecture of the cloud: the public internet through which
the services of the cloud are delivered to the end user.
Privacy of employee data
The privacy of the data in the concept of the cloud can be considered to be very much
important. The concept is due to the factor that in most of the cases crucial data of the
organisation are saved in the concept of the cloud. If there is any privacy issue in the data, it
would be very much a loss for the organisation. Sometimes it can be stated that attackers tend
to get hold of the data into the concept of the cloud for their gains. The loss of privacy which
is related to the cloud provider can be considered as a serious threat relating to
confidentiality, data integrity, and the principle of privacy. There was a resolution which was
passed in the year 2009 from fifty countries relating to the security of the data. It stated that
there was an urgent requirement of the setting of privacy laws within the world without any
boundary set between them and achieve a proposal for an international standard of law. Its
direct motive is to define a set of right and principle which has guaranteeing internationally
and uniformly with regards to the processing of data and facilitate the international flow of
inherent personal data in the globalised world.
The complexity of risk assessment
The complexity which is related to the service provider of the cloud has introduced
some parameters. The consumers and the service providers are cautioned respectively about
the guarantee which is related to the compliance services which are ready and adopting a
6CLOUD PRIVACY AND SECURITY
different type of services. The cloud service providers implemented a safe method of flow of
the personal data irrespective of the national boundaries, the challenge part which can be
associated with the concept is that checking of the life cycle of the data processing and its
direct compliance of the legal framework (Oliveira, Thomas, Espadanal, 2014). Relating to
the service which is offered by the cloud providers it can be stated that there are many
questions which can arise in the context which determines the risk which is associated with
the security and privacy of information.
Who are the direct stakeholders who are involved in the operation of the cloud?
What are their responsibility and roles?
Where is the place where the data are stored?
What are the policies which are implemented which would be directly meeting the
expectation of the privacy and security of the data in the cloud?
What are the rules which are related to the data processing aspect?
In regards to the issue which is related to the privacy of the data, the Madrid
Resolution stated that every person should have a clear idea of the transparent policies with
regards to the processing which are related to the personal data. The stakeholders should be
able to specify the requirement which is related to the meeting the expected level of privacy
and security.
Privacy by design
The recent Resolution of Madrid provides an international standard which is related to
the protection of privacy, but it can be stated here that there is no such universal privacy
legislation binding covering the countries in the world. In the aspect of cloud computing
service, the complexity of the privacy is increasing on a day to day basis (Ali, Khan &
Vasilakos, 2015). The application of legal framework into the concept of cloud can be
different type of services. The cloud service providers implemented a safe method of flow of
the personal data irrespective of the national boundaries, the challenge part which can be
associated with the concept is that checking of the life cycle of the data processing and its
direct compliance of the legal framework (Oliveira, Thomas, Espadanal, 2014). Relating to
the service which is offered by the cloud providers it can be stated that there are many
questions which can arise in the context which determines the risk which is associated with
the security and privacy of information.
Who are the direct stakeholders who are involved in the operation of the cloud?
What are their responsibility and roles?
Where is the place where the data are stored?
What are the policies which are implemented which would be directly meeting the
expectation of the privacy and security of the data in the cloud?
What are the rules which are related to the data processing aspect?
In regards to the issue which is related to the privacy of the data, the Madrid
Resolution stated that every person should have a clear idea of the transparent policies with
regards to the processing which are related to the personal data. The stakeholders should be
able to specify the requirement which is related to the meeting the expected level of privacy
and security.
Privacy by design
The recent Resolution of Madrid provides an international standard which is related to
the protection of privacy, but it can be stated here that there is no such universal privacy
legislation binding covering the countries in the world. In the aspect of cloud computing
service, the complexity of the privacy is increasing on a day to day basis (Ali, Khan &
Vasilakos, 2015). The application of legal framework into the concept of cloud can be
You're viewing a preview
Unlock full access by subscribing today!
7CLOUD PRIVACY AND SECURITY
considered to be a difficult task in hand when regimes are not harmonised, it directly depends
on the location of the data and directly involves blurred division of the responsibility between
the stakeholders.
A recent ENISA report stated that some challenges and rules are associated with the
directive 95/46/EC in the context of “the cloud computing environment, for which the roles
of controller and processor still need to be determined on a case-by-case basis and about the
nature of the cloud services”.
Using PETs
One of the objectives which are related to the ICT standard is to directly define the
effective and appropriate technical measures for the aspect of implementing the principle of
privacy in the cloud computing. The standard which exists in the mechanism of the privacy of
the data is stated below with the help of a table.
Data Life Cycle Privacy principle Privacy protection
measure
Example of PETs
and ICT standard
Collection Purpose and
proportionality
specification
Minimization of data Blind signature and
anonymous
communication
ISO/IEC JTC/SC 27
WG2 and WG5
Processing and
sharing
Fairness and
lawfulness, the right
of access and
consent
Data access control Dashboard of
privacy OASIS
XACML, ITU-T
X.1142.
Storage Security measures of Confidentiality AES NIST
considered to be a difficult task in hand when regimes are not harmonised, it directly depends
on the location of the data and directly involves blurred division of the responsibility between
the stakeholders.
A recent ENISA report stated that some challenges and rules are associated with the
directive 95/46/EC in the context of “the cloud computing environment, for which the roles
of controller and processor still need to be determined on a case-by-case basis and about the
nature of the cloud services”.
Using PETs
One of the objectives which are related to the ICT standard is to directly define the
effective and appropriate technical measures for the aspect of implementing the principle of
privacy in the cloud computing. The standard which exists in the mechanism of the privacy of
the data is stated below with the help of a table.
Data Life Cycle Privacy principle Privacy protection
measure
Example of PETs
and ICT standard
Collection Purpose and
proportionality
specification
Minimization of data Blind signature and
anonymous
communication
ISO/IEC JTC/SC 27
WG2 and WG5
Processing and
sharing
Fairness and
lawfulness, the right
of access and
consent
Data access control Dashboard of
privacy OASIS
XACML, ITU-T
X.1142.
Storage Security measures of Confidentiality AES NIST
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
8CLOUD PRIVACY AND SECURITY
sensitive data and
accountability
Encryption (FIPS
197)
Deletion Right to delete and
openness (Avram,
2014).
Confidentiality Deletion of
anonymisation hash
function protocol
ISO/IEC JTC1/SC
27 WG2
The second example which can be stated here is the duty of the confidentiality. The
data controller is those who are involved at any stage of the processing having the direct duty
to maintain the confidentiality of the data which are personal. The data which are stored in
the concept of the cloud should be highly secured for example the process of encryption
should be implemented properly into the concept of data so that there is no issue faced
relating to the privacy of the data. Nevertheless, it can be stated here that this method could
be very much expensive regarding computing power. The main advantage which is related to
the concept is directly cancelled out taking into consideration the overhead in the process
when the handling of the encryption of data making the process of encrypted data unpractical
for most of the use cases. It can be considered as one of the biggest questions about how and
if the process of encryption and cloud computing come together in a form which is meaning
full. At the end of the contractual relationship between the cloud provider and the data
subject, the data is directly subjected to the request from the person who is responsible for the
detection of the personal data that might be stated as unnecessary (Botta et al., 2014). There
are different techniques which can be implemented such as different methodology and
technical measure which can offer a solution for the aspect of requirement refining and avoid
of the disclosure of the data.
sensitive data and
accountability
Encryption (FIPS
197)
Deletion Right to delete and
openness (Avram,
2014).
Confidentiality Deletion of
anonymisation hash
function protocol
ISO/IEC JTC1/SC
27 WG2
The second example which can be stated here is the duty of the confidentiality. The
data controller is those who are involved at any stage of the processing having the direct duty
to maintain the confidentiality of the data which are personal. The data which are stored in
the concept of the cloud should be highly secured for example the process of encryption
should be implemented properly into the concept of data so that there is no issue faced
relating to the privacy of the data. Nevertheless, it can be stated here that this method could
be very much expensive regarding computing power. The main advantage which is related to
the concept is directly cancelled out taking into consideration the overhead in the process
when the handling of the encryption of data making the process of encrypted data unpractical
for most of the use cases. It can be considered as one of the biggest questions about how and
if the process of encryption and cloud computing come together in a form which is meaning
full. At the end of the contractual relationship between the cloud provider and the data
subject, the data is directly subjected to the request from the person who is responsible for the
detection of the personal data that might be stated as unnecessary (Botta et al., 2014). There
are different techniques which can be implemented such as different methodology and
technical measure which can offer a solution for the aspect of requirement refining and avoid
of the disclosure of the data.
9CLOUD PRIVACY AND SECURITY
Despite there being different kinds of concerns relating to the privacy of the cloud
computing there is no genuine standard which applies to the concept. To directly foster the
aspect of adaptation of the cloud services standard would be required to be set for the
assessment and the selection of the solution that would be meeting the level of privacy and
security of the data which is stored in the concept of the cloud. Working on the standard can
be considered as one of the most important sectors of the investigation. Over the past few
years, there has been a different organisation who are involved in bringing up the standard of
operation which would be included and would be implementing a standard of working in the
sector. This standard can be considered to be very much useful in the aspect of defining the
requirement and avoiding of the disclosure of the personal data of the organisation. Taking
into consideration a situation which occurred in the year 2006 relating to the breach of the
privacy by the AOL owing the anonymisation of the data of thousands of users that had been
posted online in the context of processing by researchers. This event resulted in the breach of
the data which hamper the normal working of thousands of people.
Digital identity issue
Generally speaking, it can be stated here that digital identity can be considered to be
fundamental in the concept of cloud computing, particularly with the aspect of recent
consequent scale and upsurge on which the architecture is implemented. In most of the cases,
the data which are stored in the concept of the cloud is accessed by the service providers.
During the deployment of the data, it can be stated that there are no known facts provided by
the end of the cloud providers about who is going to access the data. The identity of the
person who has the overall control of the data is not known due to the factor that there can be
a digital identity issue in the concept of the cloud. There are different concerns relating to the
identity aspect which is in charge of the data. Sometimes it can be stated that the identity
aspect of the data can be related to the security of the data. If there is an identity issue seen in
Despite there being different kinds of concerns relating to the privacy of the cloud
computing there is no genuine standard which applies to the concept. To directly foster the
aspect of adaptation of the cloud services standard would be required to be set for the
assessment and the selection of the solution that would be meeting the level of privacy and
security of the data which is stored in the concept of the cloud. Working on the standard can
be considered as one of the most important sectors of the investigation. Over the past few
years, there has been a different organisation who are involved in bringing up the standard of
operation which would be included and would be implementing a standard of working in the
sector. This standard can be considered to be very much useful in the aspect of defining the
requirement and avoiding of the disclosure of the personal data of the organisation. Taking
into consideration a situation which occurred in the year 2006 relating to the breach of the
privacy by the AOL owing the anonymisation of the data of thousands of users that had been
posted online in the context of processing by researchers. This event resulted in the breach of
the data which hamper the normal working of thousands of people.
Digital identity issue
Generally speaking, it can be stated here that digital identity can be considered to be
fundamental in the concept of cloud computing, particularly with the aspect of recent
consequent scale and upsurge on which the architecture is implemented. In most of the cases,
the data which are stored in the concept of the cloud is accessed by the service providers.
During the deployment of the data, it can be stated that there are no known facts provided by
the end of the cloud providers about who is going to access the data. The identity of the
person who has the overall control of the data is not known due to the factor that there can be
a digital identity issue in the concept of the cloud. There are different concerns relating to the
identity aspect which is in charge of the data. Sometimes it can be stated that the identity
aspect of the data can be related to the security of the data. If there is an identity issue seen in
You're viewing a preview
Unlock full access by subscribing today!
10CLOUD PRIVACY AND SECURITY
the data it can directly affect the access point of the data. The data can be hacked in the
process, and it can be used for different purpose (Oliveira, Thomas, Espadanal, 2014).
Identity lack can be seen in most of the cases which means that if there are any issue
faced within the concept of the data who is directly responsible for it cannot be depicted.
Digital identity can be considered one of the biggest problem in the sector of cloud
computing due to the factor that it directly reflects the security of the data which is stored in
the concept of the cloud. Research is being conducted in the field to minimize the gap which
exist in the sector. There are various methods which can be used in order to provide a method
which would be protecting the digital identity aspect of the data which are stated below:
Access should be given to the person who has the direct permission to indulge in the data.
There should be restricted access to the data.
Data should frequently be updated so that there is no problem associated with the quality
of the data.
Identification of the problem should be made in an optimal time manner so that they do
not impose any problem on the security of the system.
The customer or the organisation should be able to know who has the overall control of
the data which is stored in the concept of the cloud. This majorly means that who has the
overall control of the data of the cloud.
The communication aspect between the customer and the cloud providers should be
optimal (Yan et al., 2016). This provides a basic guideline which stated that how and
where the data would be saved in the concept of the cloud.
The security policy of the cloud should be updated which means the enhancement of the
security policy should be implemented so that there is no issue faced related to the
different sectors of the risk which are involved into the working of the system.
the data it can directly affect the access point of the data. The data can be hacked in the
process, and it can be used for different purpose (Oliveira, Thomas, Espadanal, 2014).
Identity lack can be seen in most of the cases which means that if there are any issue
faced within the concept of the data who is directly responsible for it cannot be depicted.
Digital identity can be considered one of the biggest problem in the sector of cloud
computing due to the factor that it directly reflects the security of the data which is stored in
the concept of the cloud. Research is being conducted in the field to minimize the gap which
exist in the sector. There are various methods which can be used in order to provide a method
which would be protecting the digital identity aspect of the data which are stated below:
Access should be given to the person who has the direct permission to indulge in the data.
There should be restricted access to the data.
Data should frequently be updated so that there is no problem associated with the quality
of the data.
Identification of the problem should be made in an optimal time manner so that they do
not impose any problem on the security of the system.
The customer or the organisation should be able to know who has the overall control of
the data which is stored in the concept of the cloud. This majorly means that who has the
overall control of the data of the cloud.
The communication aspect between the customer and the cloud providers should be
optimal (Yan et al., 2016). This provides a basic guideline which stated that how and
where the data would be saved in the concept of the cloud.
The security policy of the cloud should be updated which means the enhancement of the
security policy should be implemented so that there is no issue faced related to the
different sectors of the risk which are involved into the working of the system.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
11CLOUD PRIVACY AND SECURITY
Provider solution issue
When an organisation save a data in the concept of the cloud the data can be very
much important. In most of the cases, the cloud providers provide a detail report of the
security policy of the data which would be included in the process. This details may not have
enough of the detailing which provide an overview of the security aspects of the data. The
cloud providers do not in any context provide the security mechanism which would be
included in the working of the data. In the concept of the cloud, the customer or the
organisation does not have any idea of the place the data is stored this can be considered as a
problem because security aspects would be breached in this context (Oliveira, Thomas,
Espadanal, 2014). There are different sectors which should be taken into consideration in the
aspect of providing solution issue are the access point of the customer of the organisation, the
security of the data which is stored. The access permission of the data onto who can have
direct access to the data, how and from where the data can be accessed and the time which is
involved in the process which is involved in the retrieval of the data. The main risk factor
which can be included in this context is the problem related to ethical assess to the account.
The username and the password which are set should be strong enough so that attackers
cannot directly get indulged into the concept. The cloud provider should be able to detect the
problem at an early stage so that it does not reinforce a problem which is related to the breach
of data.
Data sensitivity
It can be stated here that not all data are meant are suitable to be stored in the concept
of the cloud. The assessment of risk and direct analysis can also be required in this context.
According to the recent research, it can be stated that there is a requirement of analysis and
risk assessment, the stake which is related to sensitive data in the concept of the cloud is very
much high even if the encryption of the data is done (Chen, 2015). One of the exceptions
Provider solution issue
When an organisation save a data in the concept of the cloud the data can be very
much important. In most of the cases, the cloud providers provide a detail report of the
security policy of the data which would be included in the process. This details may not have
enough of the detailing which provide an overview of the security aspects of the data. The
cloud providers do not in any context provide the security mechanism which would be
included in the working of the data. In the concept of the cloud, the customer or the
organisation does not have any idea of the place the data is stored this can be considered as a
problem because security aspects would be breached in this context (Oliveira, Thomas,
Espadanal, 2014). There are different sectors which should be taken into consideration in the
aspect of providing solution issue are the access point of the customer of the organisation, the
security of the data which is stored. The access permission of the data onto who can have
direct access to the data, how and from where the data can be accessed and the time which is
involved in the process which is involved in the retrieval of the data. The main risk factor
which can be included in this context is the problem related to ethical assess to the account.
The username and the password which are set should be strong enough so that attackers
cannot directly get indulged into the concept. The cloud provider should be able to detect the
problem at an early stage so that it does not reinforce a problem which is related to the breach
of data.
Data sensitivity
It can be stated here that not all data are meant are suitable to be stored in the concept
of the cloud. The assessment of risk and direct analysis can also be required in this context.
According to the recent research, it can be stated that there is a requirement of analysis and
risk assessment, the stake which is related to sensitive data in the concept of the cloud is very
much high even if the encryption of the data is done (Chen, 2015). One of the exceptions
12CLOUD PRIVACY AND SECURITY
which can be stated here is that when a private cloud is being used on premises of the
customer. Privacy, security and compliance can be considered as a responsibility which is
contractual between the customer and the cloud provider. It can be stated that the cloud
provider’s liability is very much limited. It is very much important to take into consideration
that ones the data which are sensitive are placed in the cloud, the organisation can no longer
have control over the data, and it prevails in the territory of the cloud providers.
There can be a different type of technique and schematics which can be used for the
aspect of minimisation of the risk factors which are related to the unauthorised sharing and
access. Relating to the risk events which occur in the concept of the cloud, 80% of the data
fraud and theft occur due to events which occur internally. Extend of minimisation of the risk
factors directly depends on the aspect of the extent of control of the data of the cloud and the
deployment of the customer’s data (Mei, Li & Li 2017). There is an increase in the number of
cyber criminals which directly shifts the attack of the target of the provider of the cloud since
the payload which is related to the sensitive data can be considered very much huge taking
into consideration multi organisations. Whenever there is an event of a hacker getting
indulged into the parameters of the cloud every data of the organisation can be a fair game to
get indulged, and the data can be retrieved quite easily. To get the in-depth security of the
data the cloud provider need to take into consideration different security architectures using
performing the following activities:
Data encryption versus disk encryption.
Vigilant monitoring relating to infrastructure and its employee.
The system configuration should be done to delete the temporary data file and encryption
keys which depends on the ending of the session.
Management which is done carefully and prompt destruction of the system snapshot
which is taken into system administration (these snapshots should also be managed under
which can be stated here is that when a private cloud is being used on premises of the
customer. Privacy, security and compliance can be considered as a responsibility which is
contractual between the customer and the cloud provider. It can be stated that the cloud
provider’s liability is very much limited. It is very much important to take into consideration
that ones the data which are sensitive are placed in the cloud, the organisation can no longer
have control over the data, and it prevails in the territory of the cloud providers.
There can be a different type of technique and schematics which can be used for the
aspect of minimisation of the risk factors which are related to the unauthorised sharing and
access. Relating to the risk events which occur in the concept of the cloud, 80% of the data
fraud and theft occur due to events which occur internally. Extend of minimisation of the risk
factors directly depends on the aspect of the extent of control of the data of the cloud and the
deployment of the customer’s data (Mei, Li & Li 2017). There is an increase in the number of
cyber criminals which directly shifts the attack of the target of the provider of the cloud since
the payload which is related to the sensitive data can be considered very much huge taking
into consideration multi organisations. Whenever there is an event of a hacker getting
indulged into the parameters of the cloud every data of the organisation can be a fair game to
get indulged, and the data can be retrieved quite easily. To get the in-depth security of the
data the cloud provider need to take into consideration different security architectures using
performing the following activities:
Data encryption versus disk encryption.
Vigilant monitoring relating to infrastructure and its employee.
The system configuration should be done to delete the temporary data file and encryption
keys which depends on the ending of the session.
Management which is done carefully and prompt destruction of the system snapshot
which is taken into system administration (these snapshots should also be managed under
You're viewing a preview
Unlock full access by subscribing today!
13CLOUD PRIVACY AND SECURITY
the policies which are strict and procedures and destroyed at an early stage as their
purpose is completed).
Provisioning the ability to detect the virtual machines rogue.
Ensuring that the compliance of requirement and privacy of the customer are not directly
breached as this may lead to exposure of the sensitive data of the organisation and the
customer.
Conducting regular external and internal assessment of vulnerability and analysis.
Daily conduct of audit since the network which is being worked upon can be very much
dynamic.
There can be different types of consideration which should be taken into consideration
while safeguard of the sensitive data of the organisation or the customer is taken into
consideration. There are different characteristics of the data which are stored in the concept
of the data. One of the most important aspects which can be taken into consideration is that
the customer or the organisation's data and who has control over the data. The organisation
before moving to the concept of the cloud have a tendency that the data of the organisation
are in safe hands, but it can be stated here that the cloud providers do not give a concise idea
of what are the security mechanism which would be included into the process and who would
be in access of the data and who would be protecting the data. There should be a constant law
which should be implemented by the cloud providers towards the customer so that they have
a clear idea about who is in control of the data and who is managing the overall data of the
organisation. Moreover, it can be stated that most of the people tend to indulge in the concept
of the cloud due to the various factors of advantage which is achieved from the concept. One
of the issues which are seen in the sector in this sector is the access point of the data (Sadiku,
Musa & Momoh, 2014). The data should be accessible to the customer and the organisation
at any point of time despite any discrepancy involved in the process.
the policies which are strict and procedures and destroyed at an early stage as their
purpose is completed).
Provisioning the ability to detect the virtual machines rogue.
Ensuring that the compliance of requirement and privacy of the customer are not directly
breached as this may lead to exposure of the sensitive data of the organisation and the
customer.
Conducting regular external and internal assessment of vulnerability and analysis.
Daily conduct of audit since the network which is being worked upon can be very much
dynamic.
There can be different types of consideration which should be taken into consideration
while safeguard of the sensitive data of the organisation or the customer is taken into
consideration. There are different characteristics of the data which are stored in the concept
of the data. One of the most important aspects which can be taken into consideration is that
the customer or the organisation's data and who has control over the data. The organisation
before moving to the concept of the cloud have a tendency that the data of the organisation
are in safe hands, but it can be stated here that the cloud providers do not give a concise idea
of what are the security mechanism which would be included into the process and who would
be in access of the data and who would be protecting the data. There should be a constant law
which should be implemented by the cloud providers towards the customer so that they have
a clear idea about who is in control of the data and who is managing the overall data of the
organisation. Moreover, it can be stated that most of the people tend to indulge in the concept
of the cloud due to the various factors of advantage which is achieved from the concept. One
of the issues which are seen in the sector in this sector is the access point of the data (Sadiku,
Musa & Momoh, 2014). The data should be accessible to the customer and the organisation
at any point of time despite any discrepancy involved in the process.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
14CLOUD PRIVACY AND SECURITY
Conclusion
The report can be concluded on a note that for the community-based charity the
movement to the concept of the cloud can be very much beneficial. There are different
aspects of the cloud which the organisation can indulge into and make use of the technology
to gain competitive advantage. There are few security aspects which are involved in the
concept of the cloud, but it can be stated that the sector of advantage is more in the concept.
Before inventing of the technology of cloud the organisation had to spend a lot of time in the
concept of securing the data of the organisation. The technology of cloud can be very much
beneficial in the way which reduces the pressure and takes the control over. It can be stated
here that shortly the concept of the cloud would be more beneficial in the way of enhancing
the services which are related to the concept. More and more organisation would be indulging
in the concept of the cloud which would be enhancing the services which are being primarily
being given by the cloud providers.
Conclusion
The report can be concluded on a note that for the community-based charity the
movement to the concept of the cloud can be very much beneficial. There are different
aspects of the cloud which the organisation can indulge into and make use of the technology
to gain competitive advantage. There are few security aspects which are involved in the
concept of the cloud, but it can be stated that the sector of advantage is more in the concept.
Before inventing of the technology of cloud the organisation had to spend a lot of time in the
concept of securing the data of the organisation. The technology of cloud can be very much
beneficial in the way which reduces the pressure and takes the control over. It can be stated
here that shortly the concept of the cloud would be more beneficial in the way of enhancing
the services which are related to the concept. More and more organisation would be indulging
in the concept of the cloud which would be enhancing the services which are being primarily
being given by the cloud providers.
15CLOUD PRIVACY AND SECURITY
References
Ali, M., Khan, S. U., & Vasilakos, A. V. (2015). Security in cloud computing: Opportunities
and challenges. Information sciences, 305, 357-383.
Avram, M. G. (2014). Advantages and challenges of adopting cloud computing from an
enterprise perspective. Procedia Technology, 12, 529-534.
Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2014, August). On the integration of
cloud computing and internet of things. In Future internet of things and cloud
(FiCloud), 2014 international conference on (pp. 23-30). IEEE.
Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2016). Integration of cloud computing
and internet of things: a survey. Future Generation Computer Systems, 56, 684-700.
Chen, X. (2015). Decentralized computation offloading game for mobile cloud
computing. IEEE Transactions on Parallel and Distributed Systems, 26(4), 974-983.
Chen, X., Jiao, L., Li, W., & Fu, X. (2016). Efficient multi-user computation offloading for
mobile-edge cloud computing. IEEE/ACM Transactions on Networking, (5), 2795-
2808.
Díaz, M., Martín, C., & Rubio, B. (2016). State-of-the-art, challenges, and open issues in the
integration of Internet of things and cloud computing. Journal of Network and
Computer Applications, 67, 99-117.
Etro, F. (2015). The economics of cloud computing. In Cloud Technology: Concepts,
Methodologies, Tools, and Applications (pp. 2135-2148). IGI Global.
Gai, K., Qiu, M., Zhao, H., Tao, L., & Zong, Z. (2016). Dynamic energy-aware cloudlet-
based mobile cloud computing model for green computing. Journal of Network and
Computer Applications, 59, 46-54.
References
Ali, M., Khan, S. U., & Vasilakos, A. V. (2015). Security in cloud computing: Opportunities
and challenges. Information sciences, 305, 357-383.
Avram, M. G. (2014). Advantages and challenges of adopting cloud computing from an
enterprise perspective. Procedia Technology, 12, 529-534.
Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2014, August). On the integration of
cloud computing and internet of things. In Future internet of things and cloud
(FiCloud), 2014 international conference on (pp. 23-30). IEEE.
Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2016). Integration of cloud computing
and internet of things: a survey. Future Generation Computer Systems, 56, 684-700.
Chen, X. (2015). Decentralized computation offloading game for mobile cloud
computing. IEEE Transactions on Parallel and Distributed Systems, 26(4), 974-983.
Chen, X., Jiao, L., Li, W., & Fu, X. (2016). Efficient multi-user computation offloading for
mobile-edge cloud computing. IEEE/ACM Transactions on Networking, (5), 2795-
2808.
Díaz, M., Martín, C., & Rubio, B. (2016). State-of-the-art, challenges, and open issues in the
integration of Internet of things and cloud computing. Journal of Network and
Computer Applications, 67, 99-117.
Etro, F. (2015). The economics of cloud computing. In Cloud Technology: Concepts,
Methodologies, Tools, and Applications (pp. 2135-2148). IGI Global.
Gai, K., Qiu, M., Zhao, H., Tao, L., & Zong, Z. (2016). Dynamic energy-aware cloudlet-
based mobile cloud computing model for green computing. Journal of Network and
Computer Applications, 59, 46-54.
You're viewing a preview
Unlock full access by subscribing today!
16CLOUD PRIVACY AND SECURITY
Gangwar, H., Date, H., & Ramaswamy, R. (2015). Understanding determinants of cloud
computing adoption using an integrated TAM-TOE model. Journal of Enterprise
Information Management, 28(1), 107-130.
Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The
rise of “big data” on cloud computing: Review and open research issues. Information
Systems, 47, 98-115.
Li, J., Li, J., Chen, X., Jia, C., & Lou, W. (2015). Identity-based encryption with outsourced
revocation in cloud computing. Ieee Transactions on computers, 64(2), 425-437.
Manvi, S. S., & Shyam, G. K. (2014). Resource management for Infrastructure as a Service
(IaaS) in cloud computing: A survey. Journal of Network and Computer
Applications, 41, 424-440.
Mei, J., Li, K., & Li, K. (2017). Customer-Satisfaction-Aware Optimal Multiserver
Configuration for Profit Maximization in Cloud Computing. T-SUSC, 2(1), 17-29.
Oliveira, T., Thomas, M., & Espadanal, M. (2014). Assessing the determinants of cloud
computing adoption: An analysis of the manufacturing and services
sectors. Information & Management, 51(5), 497-510.
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation,
management, and security. CRC press.
Sadiku, M. N., Musa, S. M., & Momoh, O. D. (2014). Cloud computing: opportunities and
challenges. IEEE potentials, 33(1), 34-36.
Sanaei, Z., Abolfazli, S., Gani, A., & Buyya, R. (2014). Heterogeneity in mobile cloud
computing: taxonomy and open challenges. IEEE Communications Surveys &
Tutorials, 16(1), 369-392.
Gangwar, H., Date, H., & Ramaswamy, R. (2015). Understanding determinants of cloud
computing adoption using an integrated TAM-TOE model. Journal of Enterprise
Information Management, 28(1), 107-130.
Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The
rise of “big data” on cloud computing: Review and open research issues. Information
Systems, 47, 98-115.
Li, J., Li, J., Chen, X., Jia, C., & Lou, W. (2015). Identity-based encryption with outsourced
revocation in cloud computing. Ieee Transactions on computers, 64(2), 425-437.
Manvi, S. S., & Shyam, G. K. (2014). Resource management for Infrastructure as a Service
(IaaS) in cloud computing: A survey. Journal of Network and Computer
Applications, 41, 424-440.
Mei, J., Li, K., & Li, K. (2017). Customer-Satisfaction-Aware Optimal Multiserver
Configuration for Profit Maximization in Cloud Computing. T-SUSC, 2(1), 17-29.
Oliveira, T., Thomas, M., & Espadanal, M. (2014). Assessing the determinants of cloud
computing adoption: An analysis of the manufacturing and services
sectors. Information & Management, 51(5), 497-510.
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation,
management, and security. CRC press.
Sadiku, M. N., Musa, S. M., & Momoh, O. D. (2014). Cloud computing: opportunities and
challenges. IEEE potentials, 33(1), 34-36.
Sanaei, Z., Abolfazli, S., Gani, A., & Buyya, R. (2014). Heterogeneity in mobile cloud
computing: taxonomy and open challenges. IEEE Communications Surveys &
Tutorials, 16(1), 369-392.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
17CLOUD PRIVACY AND SECURITY
Soyata, T., Ba, H., Heinzelman, W., Kwon, M., & Shi, J. (2015). Accelerating mobile-cloud
computing: A survey. In Cloud Technology: Concepts, Methodologies, Tools, and
Applications (pp. 1933-1955). IGI Global.
Wang, B., Zheng, Y., Lou, W., & Hou, Y. T. (2015). DDoS attack protection in the era of
cloud computing and software-defined networking. Computer Networks, 81, 308-319.
Wei, L., Zhu, H., Cao, Z., Dong, X., Jia, W., Chen, Y., & Vasilakos, A. V. (2014). Security
and privacy for storage and computation in cloud computing. Information
Sciences, 258, 371-386.
Xia, Z., Wang, X., Zhang, L., Qin, Z., Sun, X., & Ren, K. (2016). A privacy-preserving and
copy-deterrence content-based image retrieval scheme in cloud computing. IEEE
Transactions on Information Forensics and Security, 11(11), 2594-2608.
Yan, Q., Yu, F. R., Gong, Q., & Li, J. (2016). Software-defined networking (SDN) and
distributed denial of service (DDoS) attacks in cloud computing environments: A
survey, some research issues, and challenges. IEEE Communications Surveys &
Tutorials, 18(1), 602-622.
Zhan, Z. H., Liu, X. F., Gong, Y. J., Zhang, J., Chung, H. S. H., & Li, Y. (2015). Cloud
computing resource scheduling and a survey of its evolutionary approaches. ACM
Computing Surveys (CSUR), 47(4), 63.
Soyata, T., Ba, H., Heinzelman, W., Kwon, M., & Shi, J. (2015). Accelerating mobile-cloud
computing: A survey. In Cloud Technology: Concepts, Methodologies, Tools, and
Applications (pp. 1933-1955). IGI Global.
Wang, B., Zheng, Y., Lou, W., & Hou, Y. T. (2015). DDoS attack protection in the era of
cloud computing and software-defined networking. Computer Networks, 81, 308-319.
Wei, L., Zhu, H., Cao, Z., Dong, X., Jia, W., Chen, Y., & Vasilakos, A. V. (2014). Security
and privacy for storage and computation in cloud computing. Information
Sciences, 258, 371-386.
Xia, Z., Wang, X., Zhang, L., Qin, Z., Sun, X., & Ren, K. (2016). A privacy-preserving and
copy-deterrence content-based image retrieval scheme in cloud computing. IEEE
Transactions on Information Forensics and Security, 11(11), 2594-2608.
Yan, Q., Yu, F. R., Gong, Q., & Li, J. (2016). Software-defined networking (SDN) and
distributed denial of service (DDoS) attacks in cloud computing environments: A
survey, some research issues, and challenges. IEEE Communications Surveys &
Tutorials, 18(1), 602-622.
Zhan, Z. H., Liu, X. F., Gong, Y. J., Zhang, J., Chung, H. S. H., & Li, Y. (2015). Cloud
computing resource scheduling and a survey of its evolutionary approaches. ACM
Computing Surveys (CSUR), 47(4), 63.
1 out of 17
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.