Cloud Privacy and Security Report: Risks and Mitigation Strategies
VerifiedAdded on 2023/06/08
|19
|5918
|457
Report
AI Summary
This report addresses cloud privacy and security concerns for a charity utilizing SaaS applications. It begins with an introduction outlining the report's purpose: to guide the charity in managing privacy and security when using cloud computing. The report explores employee data security, including threats like data breaches and account hijacking, and examines SaaS-specific risks. It details the potential consequences of these threats, emphasizing the importance of data confidentiality and encryption. Further, the report delves into employee data privacy, discussing existing threats such as malware and unorganized data, as well as additional risks associated with SaaS migration. It covers digital identity issues and provider solution concerns, including the importance of contracts and data encryption. The report also addresses ethical considerations and concludes with a summary of key findings and recommendations for maintaining data security and privacy in the cloud environment. The charity's primary concern is protecting employee data, ensuring confidentiality, and preventing unauthorized access.
Running head: CLOUD PRIVACY AND SECURITY
CLOUD PRIVACY AND SECURITY
Name of the Student
Name of the University
Author Note
CLOUD PRIVACY AND SECURITY
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1CLOUD PRIVACY AND SECURITY
Table of Contents
Introduction:...............................................................................................................................2
Employee Data Security:............................................................................................................2
Threats and Risk:....................................................................................................................2
SaaS Risks:.............................................................................................................................3
Results of Threats:..................................................................................................................4
Employee Data Privacy:.............................................................................................................5
Existing Threats:....................................................................................................................5
Additional Risk:.....................................................................................................................6
Result of Risks:......................................................................................................................7
Digital Identity Issue:.................................................................................................................8
Provider Solution Issues:..........................................................................................................10
Key Cloud Provider:............................................................................................................10
Contract:...............................................................................................................................11
Infrastructure of Enterprise:.................................................................................................11
Data Encryption:..................................................................................................................11
Data Sensitivity:.......................................................................................................................12
Ethical Issues:.......................................................................................................................12
Conclusion:..............................................................................................................................13
Table of Contents
Introduction:...............................................................................................................................2
Employee Data Security:............................................................................................................2
Threats and Risk:....................................................................................................................2
SaaS Risks:.............................................................................................................................3
Results of Threats:..................................................................................................................4
Employee Data Privacy:.............................................................................................................5
Existing Threats:....................................................................................................................5
Additional Risk:.....................................................................................................................6
Result of Risks:......................................................................................................................7
Digital Identity Issue:.................................................................................................................8
Provider Solution Issues:..........................................................................................................10
Key Cloud Provider:............................................................................................................10
Contract:...............................................................................................................................11
Infrastructure of Enterprise:.................................................................................................11
Data Encryption:..................................................................................................................11
Data Sensitivity:.......................................................................................................................12
Ethical Issues:.......................................................................................................................12
Conclusion:..............................................................................................................................13
2CLOUD PRIVACY AND SECURITY
Introduction:
The purpose this report is to discuss about the privacy and security that are needed to
be implemented by the cloud computing technology. The main objective of the charity is to
provide health care facility to the peoples who do not get benefits from the society, and does
not receive any advantages . As a principal consultant of the charity, I need to prepare a
report that will provide the guidelines for managing the privacy and policies while using this
technology. For managing their personal data , the charity bought application from an
organization which is US based for providing the SaaS platform (Pearson, 2013). The report
will focus on all the possible risks that can get provoked by the use of cloud computing
technology and their services. The main concern of the organization is to protect the data of
the employee, so that unauthorized person does not get the access over it. The data of each
employee needs to keep secured and safe. Charity needs to plan things in order to preserve
the security and privacy of the data provided by them in the cloud system (Xiao & Xiao,
2013). The report will discuss about the effects that may arise once the system is being
migrated to the SaaS application. The possible risk that may arise with this is also being
discussed in the report. The data is being stored in such a way so that it can maintain the
privacy and the confidentiality of this information from getting data breached. Further, the
stored data needs to be encrypted, so in case of data breaching the confidentiality of the data
will be maintained.
Employee Data Security:
Threats and Risk:
Every organization prepare some set of rules in order to provide their employee with
security. An employee will join an organization after learning about the privacy and security
provided by them and a good security provided by any organization will attract attention and
Introduction:
The purpose this report is to discuss about the privacy and security that are needed to
be implemented by the cloud computing technology. The main objective of the charity is to
provide health care facility to the peoples who do not get benefits from the society, and does
not receive any advantages . As a principal consultant of the charity, I need to prepare a
report that will provide the guidelines for managing the privacy and policies while using this
technology. For managing their personal data , the charity bought application from an
organization which is US based for providing the SaaS platform (Pearson, 2013). The report
will focus on all the possible risks that can get provoked by the use of cloud computing
technology and their services. The main concern of the organization is to protect the data of
the employee, so that unauthorized person does not get the access over it. The data of each
employee needs to keep secured and safe. Charity needs to plan things in order to preserve
the security and privacy of the data provided by them in the cloud system (Xiao & Xiao,
2013). The report will discuss about the effects that may arise once the system is being
migrated to the SaaS application. The possible risk that may arise with this is also being
discussed in the report. The data is being stored in such a way so that it can maintain the
privacy and the confidentiality of this information from getting data breached. Further, the
stored data needs to be encrypted, so in case of data breaching the confidentiality of the data
will be maintained.
Employee Data Security:
Threats and Risk:
Every organization prepare some set of rules in order to provide their employee with
security. An employee will join an organization after learning about the privacy and security
provided by them and a good security provided by any organization will attract attention and
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3CLOUD PRIVACY AND SECURITY
trust of their employee. Several risks are faced by the database that is maintained by cloud
system, this will affect the system adversely. This cloud database contains a lot of precious
and personal database that are needed to be protected from the attackers (Kshetri, 2013). The
concern is to discuss about the risk and threats that can affect the data of the Charity. The
risks and the threats are discussed below:
APIs: API stands for application programme interface. API establishes a communication
with the cloud by user. The organization that adopted cloud-computing technology had
modified their security process, in order to protect the system from cyber attackers. Still their
remains chances of facing problems in the area of API administration.
Data Breach: Data breaching is a method of altering someone else data without their
permission. This is a major threat faced by cloud computing. Through this method of data
breaching the attackers get information from the cloud database and as this re sensitive data
that’s why this are stored in the cloud (Wei et al., 2014). The details of users like the name,
address, bank information and other personal details are exposed to the hackers. Data breach
can affect million of peoples at a time.
Hijacking account: Account hijack is another risk that are likely to be faced by the users.
The account of the users is hacked by the victims. This is done by the method of phishing.
Phishing is a method through which the data can be effected, this search for the holes in the
network and enters through their to attack the system. With the help of this method the one
who is in search of hole for attacking the system can easily, access data and information
stored (Suo et al., 2013).
SaaS Risks:
When a database is migrating to a SaaS application, many risks are generated and one
of the main threats is the security of the data. It is possible with every SaaS application that
trust of their employee. Several risks are faced by the database that is maintained by cloud
system, this will affect the system adversely. This cloud database contains a lot of precious
and personal database that are needed to be protected from the attackers (Kshetri, 2013). The
concern is to discuss about the risk and threats that can affect the data of the Charity. The
risks and the threats are discussed below:
APIs: API stands for application programme interface. API establishes a communication
with the cloud by user. The organization that adopted cloud-computing technology had
modified their security process, in order to protect the system from cyber attackers. Still their
remains chances of facing problems in the area of API administration.
Data Breach: Data breaching is a method of altering someone else data without their
permission. This is a major threat faced by cloud computing. Through this method of data
breaching the attackers get information from the cloud database and as this re sensitive data
that’s why this are stored in the cloud (Wei et al., 2014). The details of users like the name,
address, bank information and other personal details are exposed to the hackers. Data breach
can affect million of peoples at a time.
Hijacking account: Account hijack is another risk that are likely to be faced by the users.
The account of the users is hacked by the victims. This is done by the method of phishing.
Phishing is a method through which the data can be effected, this search for the holes in the
network and enters through their to attack the system. With the help of this method the one
who is in search of hole for attacking the system can easily, access data and information
stored (Suo et al., 2013).
SaaS Risks:
When a database is migrating to a SaaS application, many risks are generated and one
of the main threats is the security of the data. It is possible with every SaaS application that
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4CLOUD PRIVACY AND SECURITY
the data is breached. When migrating to the SaaS application the main responsibility of the
data is taken care of by the provider of the SaaS. But it is not sure that they will treat this data
as the highest priority (Hashizume et al., 2013). It is the responsibility of the SaaS provider
to take care of the database and maintain the safety.
Once the data are being migrated to the SaaS application, users need to rely on the
vendor for getting the update about their data. The users will not have any power to control
their data .In case anyone tries to destroy the data externally it will directly affect on the
organization and the employee. This are the main risks that are involved with the database
migrating to SaaS application. It becomes essential for the SaaS provider to collaborate with
such team which will provide better risk assessment strategies (Sen, 2014).
Another factor that is a reason of risk is the location factor. The data are being
migrated to SaaS platform from different countries and this becomes a matter of risk as the
data are being exposed to everyone over that platform. Their also remains chances of having
legal risks on migrating data from countries.
Results of Threats:
There are several risks and threats that are associated with the use of technology is
discussed in the previous part of the report. These threats can affect both the organization and
the individual largely. The main concern of the Charity is to maintain the security of the data
stored in their database. The chances of greeting affected are increasing day by day as the
attackers are using recent technologies now days. This is resulting in data breaching over last
few years (Ryan, 2013). Data breaching has a very negative impact on individuals and even
on the organization as they causes leak of data, which is very sensitive for that particular
person. Hence, this becomes very much necessary to maintain the confidentiality and to
secure this private data by implementing essential preventive measures. With the method of
the data is breached. When migrating to the SaaS application the main responsibility of the
data is taken care of by the provider of the SaaS. But it is not sure that they will treat this data
as the highest priority (Hashizume et al., 2013). It is the responsibility of the SaaS provider
to take care of the database and maintain the safety.
Once the data are being migrated to the SaaS application, users need to rely on the
vendor for getting the update about their data. The users will not have any power to control
their data .In case anyone tries to destroy the data externally it will directly affect on the
organization and the employee. This are the main risks that are involved with the database
migrating to SaaS application. It becomes essential for the SaaS provider to collaborate with
such team which will provide better risk assessment strategies (Sen, 2014).
Another factor that is a reason of risk is the location factor. The data are being
migrated to SaaS platform from different countries and this becomes a matter of risk as the
data are being exposed to everyone over that platform. Their also remains chances of having
legal risks on migrating data from countries.
Results of Threats:
There are several risks and threats that are associated with the use of technology is
discussed in the previous part of the report. These threats can affect both the organization and
the individual largely. The main concern of the Charity is to maintain the security of the data
stored in their database. The chances of greeting affected are increasing day by day as the
attackers are using recent technologies now days. This is resulting in data breaching over last
few years (Ryan, 2013). Data breaching has a very negative impact on individuals and even
on the organization as they causes leak of data, which is very sensitive for that particular
person. Hence, this becomes very much necessary to maintain the confidentiality and to
secure this private data by implementing essential preventive measures. With the method of
5CLOUD PRIVACY AND SECURITY
fishing all the details of the employee can be received and can be used to exploit their data .
Attackers use phishing method to get into the victims personal data. Over last few years, the
number of devices used by users is getting higher and higher. The attackers track the
activities of the person, whose data they require then they find the loophole, get into the
system, and destroy the data in the database.
Employee Data Privacy:
The main concern of the organization is regarding data privacy of employees. It
become necessary to maintain the privacy of data , as this are very confidential for each
employee . This need to be kept with best security and not at any cost this information can be
disclosed in front of any other person . There are companies who monitor the activities of
their employee such as what they are doing on the net and their mail activities. The motive of
the company is quite valid but they also ensure that the data privacy will be maintained The
association should make sure that no employee can use the device or other employees data
without their permission. This is a criminal offense , and this should be taken care of by the
HR (Heath, 2013). This data also contains health information of the employee so this
becomes necessary to maintain the privacy.
Existing Threats:
There are several threats that exist for the database security purpose. The threats are
discussed below that are likely to affect the in house database:
Malware: Malware attack is a perpetual threat for database. This causes great damage for the
in house database (Rittinghouse&Ransome, 2016). Malware targets the affected devices and
then steals the information that they require from database and then use this data to affect
other databases
fishing all the details of the employee can be received and can be used to exploit their data .
Attackers use phishing method to get into the victims personal data. Over last few years, the
number of devices used by users is getting higher and higher. The attackers track the
activities of the person, whose data they require then they find the loophole, get into the
system, and destroy the data in the database.
Employee Data Privacy:
The main concern of the organization is regarding data privacy of employees. It
become necessary to maintain the privacy of data , as this are very confidential for each
employee . This need to be kept with best security and not at any cost this information can be
disclosed in front of any other person . There are companies who monitor the activities of
their employee such as what they are doing on the net and their mail activities. The motive of
the company is quite valid but they also ensure that the data privacy will be maintained The
association should make sure that no employee can use the device or other employees data
without their permission. This is a criminal offense , and this should be taken care of by the
HR (Heath, 2013). This data also contains health information of the employee so this
becomes necessary to maintain the privacy.
Existing Threats:
There are several threats that exist for the database security purpose. The threats are
discussed below that are likely to affect the in house database:
Malware: Malware attack is a perpetual threat for database. This causes great damage for the
in house database (Rittinghouse&Ransome, 2016). Malware targets the affected devices and
then steals the information that they require from database and then use this data to affect
other databases
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6CLOUD PRIVACY AND SECURITY
Unorganized Data: For every organization, it becomes necessary to maintain and manage
their data properly, so that no mess and miscommunication occurs. This becomes necessary
to organize data in a proper way, as it is very difficult to keep track on unorganized data.
Sometimes it happens that the important data are not stored in the database and this lead to
problem in finding details when required (Rewagad&Pawar, 2013). As there is no track of
unmanaged data , it will not get monitored and attackers can easily exploit or alter with the
database.
Excessive Permissions: In case any employee is granted with excessive permission to
access the database , it may generate risk for the organization. According to researchers , a
minimal right of accessing the database is given to the employees. Because once the
employee is being granted with excessive permission, they may use this power to exploit or
harm the database maintained by some other employee. So it is essential to grant right which
is required no less than that , no more than that limit (Rong,Nguyen &Jaatun, 2013).
Database affected by Injection Attacks:
Injection attacks in several ways can affect database. This can exploit database and
can expose data to third person. The targeted database of this kind of attackers is basically the
database with no SQL and the traditional database.
Additional Risk:
On moving to SaaS application there are several risks that are likely to arise. The risks
that may arise with the data security are listed below:
Fragile Cloud Standard: Cloud vendor providers are touting regarding the security
credentials and this has been observed after auditing SAS 70. Due to low standard of the
SaaS platform, it is providing less security and privacy towards their customer. The business
Unorganized Data: For every organization, it becomes necessary to maintain and manage
their data properly, so that no mess and miscommunication occurs. This becomes necessary
to organize data in a proper way, as it is very difficult to keep track on unorganized data.
Sometimes it happens that the important data are not stored in the database and this lead to
problem in finding details when required (Rewagad&Pawar, 2013). As there is no track of
unmanaged data , it will not get monitored and attackers can easily exploit or alter with the
database.
Excessive Permissions: In case any employee is granted with excessive permission to
access the database , it may generate risk for the organization. According to researchers , a
minimal right of accessing the database is given to the employees. Because once the
employee is being granted with excessive permission, they may use this power to exploit or
harm the database maintained by some other employee. So it is essential to grant right which
is required no less than that , no more than that limit (Rong,Nguyen &Jaatun, 2013).
Database affected by Injection Attacks:
Injection attacks in several ways can affect database. This can exploit database and
can expose data to third person. The targeted database of this kind of attackers is basically the
database with no SQL and the traditional database.
Additional Risk:
On moving to SaaS application there are several risks that are likely to arise. The risks
that may arise with the data security are listed below:
Fragile Cloud Standard: Cloud vendor providers are touting regarding the security
credentials and this has been observed after auditing SAS 70. Due to low standard of the
SaaS platform, it is providing less security and privacy towards their customer. The business
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7CLOUD PRIVACY AND SECURITY
should implement rules that will ensure high privacy and security towards the data of the
employees who have recently moved to SaaS.
Confidentiality: The cloud vendor tries to show that they provide the best security in their
service and confidentiality will be maintained with them. However, in reality they are not
capable of giving that much of security. And people thinks SaaS provides best security ,
that’s why they migrate to SaaS application. The thinking of the clients using cloud server is
that SaaS does not provide that much of security in their platform .
The cloud vendor has the tendency not to expose exact amount of centres and the
functions and facility they provide. As the vendors does not expose all the information, so
their remains a chance that the vendor may compromise with the security provided by them.
SaaS providers should response to the organizations customer and analyst (Modi et al., 2013).
The organization should only share the data of their clients and employee only if the vendor
shows transparency in their work.
Result of Risks:
This part of the report will discuss about the result of risks that are likely to be faced
by any organization .The risks are already being discussed in the previous part of the report,
there are several outcome of this threats and have some adverse effect on individual. Malware
attack can cause a major part of data getting breached from the organization database The
malware attack in the database can cause a major data breach in the company and can affect
most people by just one malware. Individuals are required to secure their systems from
malware attack. According to the research it has been found that around 40 percent of data
breaches is a result of human negligence (Sun et al., 2014). Sometimes this happens when
there is lack of knowledge regarding the security issues. For securing the network, it becomes
necessary for every individual to defend his or her service from cyber attackers. It becomes
should implement rules that will ensure high privacy and security towards the data of the
employees who have recently moved to SaaS.
Confidentiality: The cloud vendor tries to show that they provide the best security in their
service and confidentiality will be maintained with them. However, in reality they are not
capable of giving that much of security. And people thinks SaaS provides best security ,
that’s why they migrate to SaaS application. The thinking of the clients using cloud server is
that SaaS does not provide that much of security in their platform .
The cloud vendor has the tendency not to expose exact amount of centres and the
functions and facility they provide. As the vendors does not expose all the information, so
their remains a chance that the vendor may compromise with the security provided by them.
SaaS providers should response to the organizations customer and analyst (Modi et al., 2013).
The organization should only share the data of their clients and employee only if the vendor
shows transparency in their work.
Result of Risks:
This part of the report will discuss about the result of risks that are likely to be faced
by any organization .The risks are already being discussed in the previous part of the report,
there are several outcome of this threats and have some adverse effect on individual. Malware
attack can cause a major part of data getting breached from the organization database The
malware attack in the database can cause a major data breach in the company and can affect
most people by just one malware. Individuals are required to secure their systems from
malware attack. According to the research it has been found that around 40 percent of data
breaches is a result of human negligence (Sun et al., 2014). Sometimes this happens when
there is lack of knowledge regarding the security issues. For securing the network, it becomes
necessary for every individual to defend his or her service from cyber attackers. It becomes
8CLOUD PRIVACY AND SECURITY
the responsibility of the organization to manage the database of the employees and the
patients. As the data, security is only applied on the organized and the unorganized data can’t
be protected. So this becomes necessary to protect the data. Organization must eliminate
those systems, which are infected, as attackers wait for the loopholes to get into the system,
and an infected system is fool loopholes. It becomes essential for organization to control the
advantage of security officer (Yan et al., 2013).This ensures that the officers will not get
excessive permission and will not be able to access the data on the cloud system.
Digital Identity Issue:
With the migration of normal database to SaaS application , there is a high chance of
digital identity getting exposed to outsiders. Digital identity gets stored in cloud database
while using online resources or any type of network. The main aim of using digital identity is
to maintain the data security and to protect the system from cyber crimes. Several threats may
arise while moving the digital identity to SaaS.
There are chances of several risks getting generated in case anyone compromises with
someone else identity. This attacks on online will harm the society on real basis,. As with this
online attack one can withdraw all the money without letting them know. This will create
financial issue for that individual. However, it is the responsibility of each online website to
maintain the security and privacy of the data of their users. Nevertheless, sometimes situation
occurs that due to lack of attention, this data is leaked and questions the security of the
website (Xia et al., 2016). The department that gets affected from this data leak is the
department of finance. All the credential identity is being stored by the system. The attacker
keeps an eye on the activities on the social media and gets the password from their login with
any social platform . It is the tendency of people to maintain same password for several
website on internet, this helps the website to change their password automatically and
the responsibility of the organization to manage the database of the employees and the
patients. As the data, security is only applied on the organized and the unorganized data can’t
be protected. So this becomes necessary to protect the data. Organization must eliminate
those systems, which are infected, as attackers wait for the loopholes to get into the system,
and an infected system is fool loopholes. It becomes essential for organization to control the
advantage of security officer (Yan et al., 2013).This ensures that the officers will not get
excessive permission and will not be able to access the data on the cloud system.
Digital Identity Issue:
With the migration of normal database to SaaS application , there is a high chance of
digital identity getting exposed to outsiders. Digital identity gets stored in cloud database
while using online resources or any type of network. The main aim of using digital identity is
to maintain the data security and to protect the system from cyber crimes. Several threats may
arise while moving the digital identity to SaaS.
There are chances of several risks getting generated in case anyone compromises with
someone else identity. This attacks on online will harm the society on real basis,. As with this
online attack one can withdraw all the money without letting them know. This will create
financial issue for that individual. However, it is the responsibility of each online website to
maintain the security and privacy of the data of their users. Nevertheless, sometimes situation
occurs that due to lack of attention, this data is leaked and questions the security of the
website (Xia et al., 2016). The department that gets affected from this data leak is the
department of finance. All the credential identity is being stored by the system. The attacker
keeps an eye on the activities on the social media and gets the password from their login with
any social platform . It is the tendency of people to maintain same password for several
website on internet, this helps the website to change their password automatically and
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9CLOUD PRIVACY AND SECURITY
attackers can easily get into their account. Wide range of threats arises in the online website
as they targets the security and privacy of an individual.
Recent times addressed that identity leak occurs while accessing to some websites.
Websites ask for the individual’s password while giving the permission to access a particular,
that time they track their activities and later on attack their system. The way they are tracking
the data of an individual is very sophisticated and without the knowledge of that individual .
They are unaware of the fact that their data are getting used by someone else (Rahimi et al.,
2014).
Sometimes digital identity theft also occurs. This leads to initiate activities that are not
ethical by using someone else identity One of the main threat that possessed on the digital
identity is the identity theft. The attackers uses others identity to impersonate others
information. This is done by a method called “Phishing”, this takes an individual’s identity
and then this will be used to attack other individual.
Another risk that is likely to arise in this situation is related with identity tampering.
This type of attacks can be prevented by the method of property integrity. This kind of attack
can only be prevented by the integrity property. There are several standards proposed to
prevent tampering of data identity. Tampering of data occurs because the private key is being
shared between the receiver and the sender (Zhang et al., 2017).
Another issue is the personal data theft in which the confidential data is being theft by
the attackers. The digital identity like the passwords and the data of biometric is a data which
is needed to be kept secret. The property of confidentiality says that the private data is only to
be used by the person owns it and no other unauthorized user will be able to use the data
without the permission of the concerned user (Fernando,Loke&Rahayu, 2013).
attackers can easily get into their account. Wide range of threats arises in the online website
as they targets the security and privacy of an individual.
Recent times addressed that identity leak occurs while accessing to some websites.
Websites ask for the individual’s password while giving the permission to access a particular,
that time they track their activities and later on attack their system. The way they are tracking
the data of an individual is very sophisticated and without the knowledge of that individual .
They are unaware of the fact that their data are getting used by someone else (Rahimi et al.,
2014).
Sometimes digital identity theft also occurs. This leads to initiate activities that are not
ethical by using someone else identity One of the main threat that possessed on the digital
identity is the identity theft. The attackers uses others identity to impersonate others
information. This is done by a method called “Phishing”, this takes an individual’s identity
and then this will be used to attack other individual.
Another risk that is likely to arise in this situation is related with identity tampering.
This type of attacks can be prevented by the method of property integrity. This kind of attack
can only be prevented by the integrity property. There are several standards proposed to
prevent tampering of data identity. Tampering of data occurs because the private key is being
shared between the receiver and the sender (Zhang et al., 2017).
Another issue is the personal data theft in which the confidential data is being theft by
the attackers. The digital identity like the passwords and the data of biometric is a data which
is needed to be kept secret. The property of confidentiality says that the private data is only to
be used by the person owns it and no other unauthorized user will be able to use the data
without the permission of the concerned user (Fernando,Loke&Rahayu, 2013).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10CLOUD PRIVACY AND SECURITY
Property Authorization is also a part of digital identity. Some rights are reserved for
the authorization. This falls under the classic access control. There are several number of
risks associated with authorization of property is known as privilege escalation
(Stojmenovic& Wen 2014). Issues arises with data identity, the main issues that arise is that
the misuse of identity. The attackers uses someone else identity to attack others profile. The
revocation becomes essential in case when identity is used for accessing someone else
sensitive data. The time of revocation is valid up to a certain period for preventing the access
of data by unauthorized person.
Provider Solution Issues:
There are various problems associated with the SaaS application. Growing technology
are having both positive and negative effects on the organization . As their increases the
ration of gaining success , with this their also increase the chances of threats towards the
database stored in the cloud server. Maintaining security is getting difficult day by day. In
order to achieve the best security for the data it becomes necessary to mitigate the risks that
are expected to arise with this situation. Safety towards the data of the organization is
provided by the SaaS application (Almorsy, Grundy & Müller, 2016). The help line provided
byb the SaaS is throughout the day . Several mitigation methods are there and are discussed
below:
Key Cloud Provider:
Key cloud provider is the one who will provide the cloud service to the organization .
the organization needs to find a provider who is reliable .There are different policies of
different cloud provider for maintain their database and the security provided by them are
also different (Shahzad, 2014). Before choosing the vendor they should be aware that the
data vendor will not get closed.
Property Authorization is also a part of digital identity. Some rights are reserved for
the authorization. This falls under the classic access control. There are several number of
risks associated with authorization of property is known as privilege escalation
(Stojmenovic& Wen 2014). Issues arises with data identity, the main issues that arise is that
the misuse of identity. The attackers uses someone else identity to attack others profile. The
revocation becomes essential in case when identity is used for accessing someone else
sensitive data. The time of revocation is valid up to a certain period for preventing the access
of data by unauthorized person.
Provider Solution Issues:
There are various problems associated with the SaaS application. Growing technology
are having both positive and negative effects on the organization . As their increases the
ration of gaining success , with this their also increase the chances of threats towards the
database stored in the cloud server. Maintaining security is getting difficult day by day. In
order to achieve the best security for the data it becomes necessary to mitigate the risks that
are expected to arise with this situation. Safety towards the data of the organization is
provided by the SaaS application (Almorsy, Grundy & Müller, 2016). The help line provided
byb the SaaS is throughout the day . Several mitigation methods are there and are discussed
below:
Key Cloud Provider:
Key cloud provider is the one who will provide the cloud service to the organization .
the organization needs to find a provider who is reliable .There are different policies of
different cloud provider for maintain their database and the security provided by them are
also different (Shahzad, 2014). Before choosing the vendor they should be aware that the
data vendor will not get closed.
11CLOUD PRIVACY AND SECURITY
Contract:
Before starting any work , every vendor provides a contract to the one with whom
they are collaborating . It becomes necessary for every organization to go through the
contract very carefully before signing it . Once the contract is being signed no one can back
out , so it is required to understand the terms and condition very well before signing the
contract
(Ali,Khan &Vasilakos, 2015).
Facilities Recovery:
The vendor to organization provides facility recovery. This ensures that there will be
policies available which will help to recover data in case there arises a situation of data loss
in the organization. Every vendor provides such facility , as the data are very important for
every organization.
Infrastructure of Enterprise:
Infrastructure of enterprise is the main factor for every organization. For better
growth, it is necessary to have infrastructure with best facilities. Appropriate safety
infrastructure needs to be implemented in enterprise for maintaining data security.
Data Encryption:
Data encryption method is a way to encrypt the data. Only those who have the
encryption keys, this helps to maintain the privacy of the data. It becomes necessary for every
cloud vendor to use encryption method in the time of maintaining the records. Once the cloud
vendor do the encryption for the database , there is no need to worry about the security of the
data as no one will be get the permission to access(Arora, Parashar, & Transforming,2013).
Data encryption also prevents data from being breached. The HR should identify the
encryption method required for maintaining the data security in the database cloud.
Contract:
Before starting any work , every vendor provides a contract to the one with whom
they are collaborating . It becomes necessary for every organization to go through the
contract very carefully before signing it . Once the contract is being signed no one can back
out , so it is required to understand the terms and condition very well before signing the
contract
(Ali,Khan &Vasilakos, 2015).
Facilities Recovery:
The vendor to organization provides facility recovery. This ensures that there will be
policies available which will help to recover data in case there arises a situation of data loss
in the organization. Every vendor provides such facility , as the data are very important for
every organization.
Infrastructure of Enterprise:
Infrastructure of enterprise is the main factor for every organization. For better
growth, it is necessary to have infrastructure with best facilities. Appropriate safety
infrastructure needs to be implemented in enterprise for maintaining data security.
Data Encryption:
Data encryption method is a way to encrypt the data. Only those who have the
encryption keys, this helps to maintain the privacy of the data. It becomes necessary for every
cloud vendor to use encryption method in the time of maintaining the records. Once the cloud
vendor do the encryption for the database , there is no need to worry about the security of the
data as no one will be get the permission to access(Arora, Parashar, & Transforming,2013).
Data encryption also prevents data from being breached. The HR should identify the
encryption method required for maintaining the data security in the database cloud.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 19
