Cloud Privacy and Security Report: Risks, Threats, and Solutions
VerifiedAdded on 2023/06/08
|19
|6060
|166
Report
AI Summary
This report, prepared for a charity organization, addresses critical issues in cloud privacy and security. It begins with an introduction to the project's scope, outlining the charity's cloud infrastructure, data storage capacity, and the consultant's role in assessing data security policies. The report delves into employee data security, identifying various threats and risks, including data breaches, API vulnerabilities, and account hijacking. It also examines the specific risks associated with SaaS applications, such as data security, downtime, and locational risks. The report further explores employee data privacy, existing threats like malware and human factors, and additional risks when migrating to SaaS, such as immature identity management and weak cloud standards. The report addresses data sensitivity, ethical and legal issues, and concludes with recommendations for securing cloud systems and protecting sensitive employee data. The report also includes a data flow chart, data encryption, and the business service of security. The report provides solutions to protect the data from unauthorized access.
Running head: CLOUD PRIVACY AND SECURITY
Cloud Privacy and Security
Name of the Student
Name of the University
Author Note
Cloud Privacy and Security
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1CLOUD PRIVACY AND SECURITY
Table of Contents
Introduction:............................................................................................................................................................................. 3
Employee Data Security:..........................................................................................................................................................4
Threats and Risk:................................................................................................................................................................. 4
SaaS Risks:..........................................................................................................................................................................5
Results of Threats:............................................................................................................................................................... 5
Employee Data Privacy:...........................................................................................................................................................6
Existing Threats:.................................................................................................................................................................6
Additional Risk:..................................................................................................................................................................7
Result of Risks:................................................................................................................................................................... 8
Digital Identity Issue:............................................................................................................................................................... 9
Provider Solution Issues:........................................................................................................................................................ 11
Key Cloud Provider:.......................................................................................................................................................... 11
Contract:............................................................................................................................................................................ 11
Facilities Recovery:........................................................................................................................................................... 12
Infrastructure of Enterprise:...............................................................................................................................................12
Data Encryption:................................................................................................................................................................12
Business Service of Security:............................................................................................................................................12
Data Flow Chart:............................................................................................................................................................... 12
Data Sensitivity:.....................................................................................................................................................................13
Ethical Issues:....................................................................................................................................................................13
Legal Issues:......................................................................................................................................................................14
Conclusion:............................................................................................................................................................................. 15
Table of Contents
Introduction:............................................................................................................................................................................. 3
Employee Data Security:..........................................................................................................................................................4
Threats and Risk:................................................................................................................................................................. 4
SaaS Risks:..........................................................................................................................................................................5
Results of Threats:............................................................................................................................................................... 5
Employee Data Privacy:...........................................................................................................................................................6
Existing Threats:.................................................................................................................................................................6
Additional Risk:..................................................................................................................................................................7
Result of Risks:................................................................................................................................................................... 8
Digital Identity Issue:............................................................................................................................................................... 9
Provider Solution Issues:........................................................................................................................................................ 11
Key Cloud Provider:.......................................................................................................................................................... 11
Contract:............................................................................................................................................................................ 11
Facilities Recovery:........................................................................................................................................................... 12
Infrastructure of Enterprise:...............................................................................................................................................12
Data Encryption:................................................................................................................................................................12
Business Service of Security:............................................................................................................................................12
Data Flow Chart:............................................................................................................................................................... 12
Data Sensitivity:.....................................................................................................................................................................13
Ethical Issues:....................................................................................................................................................................13
Legal Issues:......................................................................................................................................................................14
Conclusion:............................................................................................................................................................................. 15
2CLOUD PRIVACY AND SECURITY
Introduction:
The topic that is going to discuss is based on the cloud computing security and
privacy. In this project scenario is, I have appointed as the consultant for charity which is
based on charity. This charity does several work to provide benefits to the below category
people who do not get advantages of the community. The charity also make their own data
centre where many servers are running and the systems they are using of red hat enterprise
which is a Linux based operating system. The community also provide cloud support around
500 people via several vendors of the cloud. The cloud storage capacity of the charity is
around 200TB. The charity board asked me to prepare a general report about the security and
privacy policy of data. The charity also purchased applications for personal management
from a company that is based on US and provides solution for the SaaS (Pearson, 2013). The
report will mainly assess the risks that are associated with the cloud computing and its
services. The main objective of the report is to secure the data of the people that are
associated with the charity. It is necessary to secure the data of the all employee. A proper
plan is needed to make for the charity so that the data and the cloud system get a secure
environment and the data can stay safe. The charity must ensure that the data of the employee
must kept private because it contains many data that are confidential (Xiao & Xiao, 2013).
The report will identify all the risks and the issues that are associated with the cloud
computing and with this charity. SaaS application and the risk with this application will be
discussed further in the report. The issues that will be identified for the technology will
provided several solutions for the issues. The report will also discuss the data sensitivity
which is the value of the data. Several type of data are stored in the cloud storage so data
security and privacy is must be controlled in a proper way so that the data will not get
breached. The data must be encrypted in the cloud storage so if the data get breached the
unauthorized people cannot use the data as it is encrypted.
Introduction:
The topic that is going to discuss is based on the cloud computing security and
privacy. In this project scenario is, I have appointed as the consultant for charity which is
based on charity. This charity does several work to provide benefits to the below category
people who do not get advantages of the community. The charity also make their own data
centre where many servers are running and the systems they are using of red hat enterprise
which is a Linux based operating system. The community also provide cloud support around
500 people via several vendors of the cloud. The cloud storage capacity of the charity is
around 200TB. The charity board asked me to prepare a general report about the security and
privacy policy of data. The charity also purchased applications for personal management
from a company that is based on US and provides solution for the SaaS (Pearson, 2013). The
report will mainly assess the risks that are associated with the cloud computing and its
services. The main objective of the report is to secure the data of the people that are
associated with the charity. It is necessary to secure the data of the all employee. A proper
plan is needed to make for the charity so that the data and the cloud system get a secure
environment and the data can stay safe. The charity must ensure that the data of the employee
must kept private because it contains many data that are confidential (Xiao & Xiao, 2013).
The report will identify all the risks and the issues that are associated with the cloud
computing and with this charity. SaaS application and the risk with this application will be
discussed further in the report. The issues that will be identified for the technology will
provided several solutions for the issues. The report will also discuss the data sensitivity
which is the value of the data. Several type of data are stored in the cloud storage so data
security and privacy is must be controlled in a proper way so that the data will not get
breached. The data must be encrypted in the cloud storage so if the data get breached the
unauthorized people cannot use the data as it is encrypted.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3CLOUD PRIVACY AND SECURITY
Employee Data Security:
Threats and Risk:
It is necessary for each and every company to secure the data of its employees as the
data contain personal information as well as the information about the company. There are
many kind of different threats and risks are there for the informations and data in the HR in-
house database. The database system of the cloud having several known threats that are
affecting the cloud computing technology. It contains large amount of sensitive data which
are the main target for the cyber attackers (Kshetri, 2013). These issues cause several network
concerns for the organization. In this report the charity is also having a big amount of
database and for this there are several threats are possessed. Several threats and the risks that
are associated with the cloud computing technology is given bellow:
Data Breach: Data breach is one of the threat that is common for the cloud
computing technology. Because of the data breach the attackers got the information of the
victim or the association as because the sensitive data are stored in the cloud database (Wei et
al., 2014). The credentials of the user are also exposed by the hackers like the name, address,
bank information and many other personal details. A data breach can affect millions of
people at a time.
APIs: API is the application programme interface by which the communication with
the cloud can be established by the users. The company that are providing the cloud storage
are implied advance security to the APIs so that it secure from the attackers. But there is
always a possibility of vulnerabilities to access the administrator areas of the APIs.
Hijacking account: in an attempt of hijacking the attackers attacks the victim to get
the control of the victims account. This hijacking mainly done by the use of phishing method.
Phishing basically search for the loop hole in the security systems and enter into the network
Employee Data Security:
Threats and Risk:
It is necessary for each and every company to secure the data of its employees as the
data contain personal information as well as the information about the company. There are
many kind of different threats and risks are there for the informations and data in the HR in-
house database. The database system of the cloud having several known threats that are
affecting the cloud computing technology. It contains large amount of sensitive data which
are the main target for the cyber attackers (Kshetri, 2013). These issues cause several network
concerns for the organization. In this report the charity is also having a big amount of
database and for this there are several threats are possessed. Several threats and the risks that
are associated with the cloud computing technology is given bellow:
Data Breach: Data breach is one of the threat that is common for the cloud
computing technology. Because of the data breach the attackers got the information of the
victim or the association as because the sensitive data are stored in the cloud database (Wei et
al., 2014). The credentials of the user are also exposed by the hackers like the name, address,
bank information and many other personal details. A data breach can affect millions of
people at a time.
APIs: API is the application programme interface by which the communication with
the cloud can be established by the users. The company that are providing the cloud storage
are implied advance security to the APIs so that it secure from the attackers. But there is
always a possibility of vulnerabilities to access the administrator areas of the APIs.
Hijacking account: in an attempt of hijacking the attackers attacks the victim to get
the control of the victims account. This hijacking mainly done by the use of phishing method.
Phishing basically search for the loop hole in the security systems and enter into the network
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4CLOUD PRIVACY AND SECURITY
to violate the accounts on the network. By this method the information and the data stored in
the cloud can be easily accessed by the attackers (Suo et al., 2013).
SaaS Risks:
When a data storage is migrating to a SaaS application many risks are generated and
one of the main threat is the security of the data. It is possible with every SaaS application
that the data get breached. When migrating to the SaaS application the main responsibility of
the data is taken care of by the provider of the SaaS. It is not sure that they will take of our
data as the highest priority so the safety of the data may not be there in the SaaS application
(Hashizume et al., 2013). It is necessary that the provider of the SaaS application must take
care of those data.
When the organisation will move to the SaaS application, there will be risk of more
down time. As all the data are moved to the provider of the SaaS so the user have to rely on
the providers to keep up the running of data. The user will no longer have the control on data.
any mishap if happen in data controlling so it will impact a lot in the particular organization.
This the main risk of transferring the data to the SaaS application. It is necessary for the SaaS
providers to work with a lower downtime so that the risks can mitigated (Sen, 2014).
The locational risk is another function like if a data is moved in the SaaS provider of
another country so there will be several risks will become with this move. In that case legal
risks are also can be possessed on the migrated data.
Results of Threats:
Threats and the risks that are associated with the technology is already discussed
above. The threats can be affect the individuals as well as the organisations. The headache of
the organizations in the recent days is the security of data. The vulnerability is getting higher
day by day as the cyber attackers are using the latest technology and for that in the last year
to violate the accounts on the network. By this method the information and the data stored in
the cloud can be easily accessed by the attackers (Suo et al., 2013).
SaaS Risks:
When a data storage is migrating to a SaaS application many risks are generated and
one of the main threat is the security of the data. It is possible with every SaaS application
that the data get breached. When migrating to the SaaS application the main responsibility of
the data is taken care of by the provider of the SaaS. It is not sure that they will take of our
data as the highest priority so the safety of the data may not be there in the SaaS application
(Hashizume et al., 2013). It is necessary that the provider of the SaaS application must take
care of those data.
When the organisation will move to the SaaS application, there will be risk of more
down time. As all the data are moved to the provider of the SaaS so the user have to rely on
the providers to keep up the running of data. The user will no longer have the control on data.
any mishap if happen in data controlling so it will impact a lot in the particular organization.
This the main risk of transferring the data to the SaaS application. It is necessary for the SaaS
providers to work with a lower downtime so that the risks can mitigated (Sen, 2014).
The locational risk is another function like if a data is moved in the SaaS provider of
another country so there will be several risks will become with this move. In that case legal
risks are also can be possessed on the migrated data.
Results of Threats:
Threats and the risks that are associated with the technology is already discussed
above. The threats can be affect the individuals as well as the organisations. The headache of
the organizations in the recent days is the security of data. The vulnerability is getting higher
day by day as the cyber attackers are using the latest technology and for that in the last year
5CLOUD PRIVACY AND SECURITY
many data beaches happen in the whole world (Ryan, 2013). The data breach has a major
impact on the human being as the data contains confidential information of the person like
the bank details. The data breach has a huge impact on the human being. So it is necessary
secure the data of the personal network by taking proper measurement. The phishing can
expose all the account details to the attacker and the attacker can exploit and destroy the data
as per his/ her choice. In the recent years the number of devices used by the user are getting
higher and higher. This left a huge space for the cyber attackers. First the attackers target the
victim and watches their activities then they asses the network of the persons. Any kind of
small loop whole can impact huge for the individuals.
Employee Data Privacy:
Data privacy of the employees is the main concern for the organizations as the data
contains the information about the individual and the information of the company as well.
There are many company in the market that monitor the internet activities like the mail. The
purpose of company is valid but they have to make sure that the data will not be disclosed at
any cost. The organization have to make sure that no employee can use the devices or the
information of another employee, as this offence can be treated as the criminal offence
(Heath, 2013). The information of the employees is also contains health information which is
highly confidential for any individuals.
Existing Threats:
There are many threats that are existing for the security of the in house database. The
threats of the in house database is discussed below:
Malware: malware is a perennial threat for the in house database. Malware mainly attacks
the devices that are infected and then steal the data that are sensitive from the database.
many data beaches happen in the whole world (Ryan, 2013). The data breach has a major
impact on the human being as the data contains confidential information of the person like
the bank details. The data breach has a huge impact on the human being. So it is necessary
secure the data of the personal network by taking proper measurement. The phishing can
expose all the account details to the attacker and the attacker can exploit and destroy the data
as per his/ her choice. In the recent years the number of devices used by the user are getting
higher and higher. This left a huge space for the cyber attackers. First the attackers target the
victim and watches their activities then they asses the network of the persons. Any kind of
small loop whole can impact huge for the individuals.
Employee Data Privacy:
Data privacy of the employees is the main concern for the organizations as the data
contains the information about the individual and the information of the company as well.
There are many company in the market that monitor the internet activities like the mail. The
purpose of company is valid but they have to make sure that the data will not be disclosed at
any cost. The organization have to make sure that no employee can use the devices or the
information of another employee, as this offence can be treated as the criminal offence
(Heath, 2013). The information of the employees is also contains health information which is
highly confidential for any individuals.
Existing Threats:
There are many threats that are existing for the security of the in house database. The
threats of the in house database is discussed below:
Malware: malware is a perennial threat for the in house database. Malware mainly attacks
the devices that are infected and then steal the data that are sensitive from the database.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6CLOUD PRIVACY AND SECURITY
Human Factor: the main reason behind the data breaches is because of the negligence of the
data. Many reports says that the humans are needed to be more cautious about their network
system. As any kind of shortcoming in the network can impact huge for the device
(Rittinghouse & Ransome, 2016).
Unmanaged Data: there are several companies that are struggled to manage the data of the
employees properly. As the people who maintain the database sometime forget to store a
data, and most of the cases the data contains sensitive and important data (Rewagad & Pawar,
2013). These data will not be monitored by the database security team so these can be
exposed by the violators.
Excessive Permissions: if one employee gets the excessive privilege to use the database then
it can be risky for the organization. Many researchers says that only minimum permission
will be given to the employees. When an employee get the excessive privilege then he can do
uncertain things which is not in their expertise do the data can be lost or can be exploit. So it
is necessary to give the privilege to the employee that they required only not more than that
or less than that limit (Rong, Nguyen & Jaatun, 2013).
Injection Attacks in Database:
Injection attacks are performed on the database to exploit the database and the breach
the data. These attackers mainly targets two types of database one is the traditional database
another is the NoSql.
Additional Risk:
There are several risks that are associated when the employee data is moved to the SaaS. The
risks with the data security is given bellow:
Immature Management of Identity: the cloud providers are not that sophisticated about the
service identity that are behind the firewall of the enterprise. As there are several third party
Human Factor: the main reason behind the data breaches is because of the negligence of the
data. Many reports says that the humans are needed to be more cautious about their network
system. As any kind of shortcoming in the network can impact huge for the device
(Rittinghouse & Ransome, 2016).
Unmanaged Data: there are several companies that are struggled to manage the data of the
employees properly. As the people who maintain the database sometime forget to store a
data, and most of the cases the data contains sensitive and important data (Rewagad & Pawar,
2013). These data will not be monitored by the database security team so these can be
exposed by the violators.
Excessive Permissions: if one employee gets the excessive privilege to use the database then
it can be risky for the organization. Many researchers says that only minimum permission
will be given to the employees. When an employee get the excessive privilege then he can do
uncertain things which is not in their expertise do the data can be lost or can be exploit. So it
is necessary to give the privilege to the employee that they required only not more than that
or less than that limit (Rong, Nguyen & Jaatun, 2013).
Injection Attacks in Database:
Injection attacks are performed on the database to exploit the database and the breach
the data. These attackers mainly targets two types of database one is the traditional database
another is the NoSql.
Additional Risk:
There are several risks that are associated when the employee data is moved to the SaaS. The
risks with the data security is given bellow:
Immature Management of Identity: the cloud providers are not that sophisticated about the
service identity that are behind the firewall of the enterprise. As there are several third party
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7CLOUD PRIVACY AND SECURITY
application which can access the data in the SaaS as several data do not have the identity.
Access control and the identity management is the main challenge that the information
technology is facing in the recent time (Li et al., 2013).
Weak Cloud Standard: after auditing the SAS 70, the cloud vendors are touting about the
security credentials. There are no safety of the data in the SaaS as because the standard is
low. The company must adapt the security that is having high security for the employee data
when it is migrated to the SaaS.
Secrecy: The main problem with the vendor of cloud is that they show that they are capable
of giving more security to the data than they actually can. And most of the people thinks that
the SaaS security is that good. The customers of the cloud vendors do not believe that the
SaaS providers are secretive about their processes of the security.
Most of the cloud vendors do not shows the actual amount of data centres and the
operations they actually provides. As they do not disclose all the necessary information to the
customers so there is a chance of compromising with the security. Customers and analysts of
the industry is tired by the response by the SaaS providers (Modi et al., 2013). The customer
must not give their data for the security if the vendor is not transparent.
Result of Risks:
The risks that are associated is already discussed above, there are many outcomes of
these threats that are affecting human being. The malware attack in the database can cause a
major data breach in the company and can affect most people by just one malware. The
people must be securing themselves so that their system must get protected from any kind of
malware attack. Around 30 per cent data breaches happens because of the human negligence
towards their personal data (Sun et al., 2014). This can happen because of lacking knowledge
about the security issues. To secure the network, it is necessary for the human to install
application which can access the data in the SaaS as several data do not have the identity.
Access control and the identity management is the main challenge that the information
technology is facing in the recent time (Li et al., 2013).
Weak Cloud Standard: after auditing the SAS 70, the cloud vendors are touting about the
security credentials. There are no safety of the data in the SaaS as because the standard is
low. The company must adapt the security that is having high security for the employee data
when it is migrated to the SaaS.
Secrecy: The main problem with the vendor of cloud is that they show that they are capable
of giving more security to the data than they actually can. And most of the people thinks that
the SaaS security is that good. The customers of the cloud vendors do not believe that the
SaaS providers are secretive about their processes of the security.
Most of the cloud vendors do not shows the actual amount of data centres and the
operations they actually provides. As they do not disclose all the necessary information to the
customers so there is a chance of compromising with the security. Customers and analysts of
the industry is tired by the response by the SaaS providers (Modi et al., 2013). The customer
must not give their data for the security if the vendor is not transparent.
Result of Risks:
The risks that are associated is already discussed above, there are many outcomes of
these threats that are affecting human being. The malware attack in the database can cause a
major data breach in the company and can affect most people by just one malware. The
people must be securing themselves so that their system must get protected from any kind of
malware attack. Around 30 per cent data breaches happens because of the human negligence
towards their personal data (Sun et al., 2014). This can happen because of lacking knowledge
about the security issues. To secure the network, it is necessary for the human to install
8CLOUD PRIVACY AND SECURITY
required measures for defending any kind of cyber-attacks. The company must organize their
data of the employee properly so that any data will not remain managed because the un
managed data do not comes under the security so these data can be exploit the details of the
company or the personal. The company must remove the devices that are infected because
the attackers targets the devices which are infected and it is easy to exploit the data of the
injected device as there are many loopholes created in the security of the network. It is also
necessary for the company to manage the privilege of the security officer (Yan et al., 2013).
So that the officers will not get excessive permission to access the database.
Digital Identity Issue:
The chances are high that when the data is migrated to the SaaS application a chance
that digital identity might get exposed. Digital identity stored in the database of cloud when
we use any kind of network or online resource. The digital identity is used mainly for the data
security and for cyber-crime prevention. There are many kind of threats that are possessed
when the digital identity is moved to SaaS application.
If the identity is compromised then several risks can be generated. The attack on any
online identity will lead towards a real harm to the human being. Though the online websites
make sure that the all system is secured, but many identity I leaked some time because of less
attention towards the data security (Xia et al., 2016). The main identity happen in the
department of finance where if the identity is revealed then the attacker can earn a huge
amount of revenue. The consequences of leaked identity is many. The system holds all the
credentials of the digital identity. The attacker mainly targets the social websites for getting
the passwords as many people uses same passwords for multiple account on the internet.
There are several websites that changes the password of the user account automatically so the
required measures for defending any kind of cyber-attacks. The company must organize their
data of the employee properly so that any data will not remain managed because the un
managed data do not comes under the security so these data can be exploit the details of the
company or the personal. The company must remove the devices that are infected because
the attackers targets the devices which are infected and it is easy to exploit the data of the
injected device as there are many loopholes created in the security of the network. It is also
necessary for the company to manage the privilege of the security officer (Yan et al., 2013).
So that the officers will not get excessive permission to access the database.
Digital Identity Issue:
The chances are high that when the data is migrated to the SaaS application a chance
that digital identity might get exposed. Digital identity stored in the database of cloud when
we use any kind of network or online resource. The digital identity is used mainly for the data
security and for cyber-crime prevention. There are many kind of threats that are possessed
when the digital identity is moved to SaaS application.
If the identity is compromised then several risks can be generated. The attack on any
online identity will lead towards a real harm to the human being. Though the online websites
make sure that the all system is secured, but many identity I leaked some time because of less
attention towards the data security (Xia et al., 2016). The main identity happen in the
department of finance where if the identity is revealed then the attacker can earn a huge
amount of revenue. The consequences of leaked identity is many. The system holds all the
credentials of the digital identity. The attacker mainly targets the social websites for getting
the passwords as many people uses same passwords for multiple account on the internet.
There are several websites that changes the password of the user account automatically so the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9CLOUD PRIVACY AND SECURITY
risk is less on those websites that the identity get leaked. A wide range of threats is possessed
on the websites which targets the privacy and the property of the user.
The main thing that came up in the recent time with the identity leak is many websites
tracks the activity of the user and stored the digital identity of that individual. The way in
which they track the data is very sophisticated and the individuals is not aware of the fact that
his/ her data is being tracked (Rahimi et al., 2014).
One of the main threat that possessed on the digital identity is the identity theft. The
cyber attackers uses he digital identity of various individual to impersonate them. The
identity theft manly done using the attack called “Phising” which will take the identity of the
victim and then the identity will used further for other attacks.
Another issue that is related with the digital identity is the identity tampering. This
kind of attack can only be prevented by the integrity property. Many standards are proposed
to prevent the identity tampering, mainly the digital identity tampered because of the sharing
of the standard key between the sender and receiver (Zhang et al., 2017).
Another issue is the personal data theft in which the confidential data is being theft by
the attackers. The digital identity like the passwords and the data of biometric is a data which
is needed to be kept secret. The property of confidentiality says that the private data is only to
be used by the person owns it and no other unauthorized user will be able to use the data
without the permission of the concerned user (Fernando, Loke & Rahayu, 2013).
Authorization property is also there in the digital identity. There are specific rights
that the authorization factor have. This case is comes under the solution of classic access
control. The number of threats that are associated with the property of authorization is called
as privilege escalation (Stojmenovic & Wen 2014). The attackers tried to gain the maximum
access on the victim’s system.
risk is less on those websites that the identity get leaked. A wide range of threats is possessed
on the websites which targets the privacy and the property of the user.
The main thing that came up in the recent time with the identity leak is many websites
tracks the activity of the user and stored the digital identity of that individual. The way in
which they track the data is very sophisticated and the individuals is not aware of the fact that
his/ her data is being tracked (Rahimi et al., 2014).
One of the main threat that possessed on the digital identity is the identity theft. The
cyber attackers uses he digital identity of various individual to impersonate them. The
identity theft manly done using the attack called “Phising” which will take the identity of the
victim and then the identity will used further for other attacks.
Another issue that is related with the digital identity is the identity tampering. This
kind of attack can only be prevented by the integrity property. Many standards are proposed
to prevent the identity tampering, mainly the digital identity tampered because of the sharing
of the standard key between the sender and receiver (Zhang et al., 2017).
Another issue is the personal data theft in which the confidential data is being theft by
the attackers. The digital identity like the passwords and the data of biometric is a data which
is needed to be kept secret. The property of confidentiality says that the private data is only to
be used by the person owns it and no other unauthorized user will be able to use the data
without the permission of the concerned user (Fernando, Loke & Rahayu, 2013).
Authorization property is also there in the digital identity. There are specific rights
that the authorization factor have. This case is comes under the solution of classic access
control. The number of threats that are associated with the property of authorization is called
as privilege escalation (Stojmenovic & Wen 2014). The attackers tried to gain the maximum
access on the victim’s system.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10CLOUD PRIVACY AND SECURITY
The claims on identity is changing over the time as many identities are misused by the
attackers. The revocation is necessary when the digital identity is used for accessing the data
which is sensitive. The period of revocation has a limited validity to prevent the unauthorized
use of sensitive data.
Provider Solution Issues:
It is already discussed that the risks and threats that are associated with SaaS
application. In the recent time number of malicious attacks has been grown up rapidly on the
public network, web mail and that affecting individuals in many way. The data security is
becoming more complex than before. To provide optimum security of data it necessary to
mitigate all the risk that are associated with. SaaS provide security to the data of big,
medium, and small companies and the partner of the provider. In is necessary for the provider
to manage the data security properly (Almorsy, Grundy & Müller, 2016). The SaaS provider
must available 24x7 so the experts of the security can provide data security whenever
required. Several mitigation method of the threats and risk associate with employee data
security in SaaS is discussed below.
Key Cloud Provider:
First and the fore most requirement of the data security is to find a proper provider of
cloud. Different vendor of cloud has different security plans and different techniques of data
management (Shahzad, 2014). The vendors who provide the cloud must be established well,
having data security experience, high standards and regulation. So it will be secure that the
data vendor will not be closed.
Contract:
The contract will be made with the cloud vendor must be clear. If the contract is clear
then any kind of error can be mitigated from both side.
The claims on identity is changing over the time as many identities are misused by the
attackers. The revocation is necessary when the digital identity is used for accessing the data
which is sensitive. The period of revocation has a limited validity to prevent the unauthorized
use of sensitive data.
Provider Solution Issues:
It is already discussed that the risks and threats that are associated with SaaS
application. In the recent time number of malicious attacks has been grown up rapidly on the
public network, web mail and that affecting individuals in many way. The data security is
becoming more complex than before. To provide optimum security of data it necessary to
mitigate all the risk that are associated with. SaaS provide security to the data of big,
medium, and small companies and the partner of the provider. In is necessary for the provider
to manage the data security properly (Almorsy, Grundy & Müller, 2016). The SaaS provider
must available 24x7 so the experts of the security can provide data security whenever
required. Several mitigation method of the threats and risk associate with employee data
security in SaaS is discussed below.
Key Cloud Provider:
First and the fore most requirement of the data security is to find a proper provider of
cloud. Different vendor of cloud has different security plans and different techniques of data
management (Shahzad, 2014). The vendors who provide the cloud must be established well,
having data security experience, high standards and regulation. So it will be secure that the
data vendor will not be closed.
Contract:
The contract will be made with the cloud vendor must be clear. If the contract is clear
then any kind of error can be mitigated from both side.
11CLOUD PRIVACY AND SECURITY
Facilities Recovery:
The vendors of cloud must provide best policies for the facilities of recovery. So the
data if lost in any situation can be recovered immediately so the data will not be lost forever.
Infrastructure of Enterprise:
To grow the enterprise it is necessary to have a better infrastructure and the facilities.
Proper security infrastructure must be implemented in the in the enterprise for data security.
Data Encryption:
The vendor of cloud must use the encryption method while storing the data on the
cloud. If the data is encrypted properly then the cloud vendor will not have that worry about
data breach because encrypted data cannot be accessed by unauthorized persons (Arora,
Parashar, & Transforming, 2013). The security offices must identify the required encryption
method for each of the data so the data stay safe in the database of cloud.
Business Service of Security:
Mainly designed for the customers of small business but it is also applicable for the
bigger companies as well. These security service protects all the devices that are connected
within the network of office, company on and road (Ali, Khan & Vasilakos, 2015).
Data Flow Chart:
A chart must be maintained by cloud vendors regarding the flow of data. This will
give idea to the data managers that where the data is going and where the data is stored and
sharing measures of data. A total data analysis have to be performed for the employee data
security.
Facilities Recovery:
The vendors of cloud must provide best policies for the facilities of recovery. So the
data if lost in any situation can be recovered immediately so the data will not be lost forever.
Infrastructure of Enterprise:
To grow the enterprise it is necessary to have a better infrastructure and the facilities.
Proper security infrastructure must be implemented in the in the enterprise for data security.
Data Encryption:
The vendor of cloud must use the encryption method while storing the data on the
cloud. If the data is encrypted properly then the cloud vendor will not have that worry about
data breach because encrypted data cannot be accessed by unauthorized persons (Arora,
Parashar, & Transforming, 2013). The security offices must identify the required encryption
method for each of the data so the data stay safe in the database of cloud.
Business Service of Security:
Mainly designed for the customers of small business but it is also applicable for the
bigger companies as well. These security service protects all the devices that are connected
within the network of office, company on and road (Ali, Khan & Vasilakos, 2015).
Data Flow Chart:
A chart must be maintained by cloud vendors regarding the flow of data. This will
give idea to the data managers that where the data is going and where the data is stored and
sharing measures of data. A total data analysis have to be performed for the employee data
security.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 19
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.