This report provides a comprehensive analysis of cloud security and privacy concerns for the Department of Administrative Services (DAS), focusing on the transition to a "Shared Services" approach and a "Cloud first" policy. The report examines both existing and new security threats to employee data, including Denial of Service attacks, malware, privilege abuse, database injection, and phishing. It then explores new risks associated with Software as a Service (SaaS) such as data deletion, API vulnerabilities, unauthenticated users, control reduction, and account hijacking. The report details the likelihood, impact, and priority of each threat, along with preventive actions and contingency plans. The document aims to provide a thorough understanding of the security and privacy challenges, offering practical solutions to mitigate risks and ensure the protection of sensitive employee data within the cloud environment. The report also discusses the importance of digital identity issues in the context of cloud computing.
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
