Cloud Privacy and Security: A Comprehensive Report for DAS Analysis

Verified

Added on 2020/05/11

AI Summary

This report, prepared by a student, addresses cloud privacy and security, focusing on strategies and recommendations for the Department of Administrative Services (DAS). It begins with an introduction to cloud computing and its advantages and disadvantages, highlighting the importance of security and privacy. The report then details personal data privacy strategies, including management of personal information, collection and management of solicited personal information, use and disclosure of personal information, use and security of digital identities, security of personal information, access to personal information, and quality and correction of personal information. It also provides privacy control recommendations, addressing risks such as malicious code, denial of service, personal information leakage, and identity theft, with corresponding mitigation plans and implementation strategies. Finally, it includes personal data protection strategies covering the protection of personal information, authorized access and disclosure of personal information, de-identification of personal data, use of personal digital identities, security of personal data, and archiving of personal data, concluding with privacy control recommendations. The report emphasizes the importance of proactive measures to secure data in the cloud environment.

Running head: CLOUD PRIVACY AND SECURITY
Cloud Privacy and Security
Name of the Student
Name of the University
Author’s Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
CLOUD PRIVACY AND SECURITY
Table of Contents
Introduction......................................................................................................................................3
Discussion........................................................................................................................................4
1. Personal Data Privacy Strategy...............................................................................................4
1.1 Management of Personal Information...............................................................................4
1.2 Collection and Management of Solicited Personal Information........................................5
1.3 Use and Disclosure of Personal Information.....................................................................5
1.4 Use and Security of Digital Identities................................................................................6
1.5 Security of Personal Information.......................................................................................6
1.6 Access to Personal Information.........................................................................................7
1.7 Quality and Correction of Personal Information...............................................................7
2. Privacy Control Recommendations.........................................................................................8
3. Personal Data Protection Strategies.......................................................................................14
3.1 Protection of Personal Information..................................................................................14
3.2 Authorized Access and Disclosure of Personal Information...........................................15
3.3 De-Identification of Personal Data..................................................................................15
3.4 Use of Personal Digital Identities....................................................................................15
3.5 Security of Personal Data................................................................................................16
3.6 Archiving of Personal Data.............................................................................................16
4. Privacy Control Recommendations.......................................................................................16

2
CLOUD PRIVACY AND SECURITY
Conclusion.....................................................................................................................................23
References......................................................................................................................................25

3
CLOUD PRIVACY AND SECURITY
Introduction
Cloud computing is the tool or technique by which confidential information or data or
any other services can be easily transferred. These services refer to the computing services,
which include storage, software, networking, servers, analytics and many more (Arora, Parashar
& Transforming, 2013). This cloud computing technique delivers or transfers the data or
computing services through Internet. Without an Internet enabled device, it is impossible to
utilize cloud computing. There are particular organizations or businesses that provide the typical
types of computing services and they are known as the cloud providers or the providers of cloud.
Cloud computing is the most effective and popular technology for transfer of data. This
particular technology delivers the software, whenever they are needed (Dinh et al., 2013). Cloud
computing secures the data or information by analyzing them. Moreover, it streams various types
of audio and video. The main advantages of cloud computing is that the confidential data or
information is absolutely safe and secured in a cost effective way. There are many more
advantages as well like the speed of transferring of data. This even increases the overall
productivity of the computing services. Cloud computing is extremely flexible and reliable and
this makes this technology extremely popular for almost all organizations (Bonomi et al., 2012).
However, every coin has an opposite side. This particular technology does have some of the
major disadvantages. The most significant disadvantage of cloud computing is that it is
absolutely dependent on the Internet. Cloud computing does not work with poor Internet
connectivity. The second main disadvantage of cloud computing is the issues with security and
privacy. In spite of being extremely reliable, data is often hacked or deleted in cloud computing
and there is a high chance that the data will lost its integrity and confidentiality (Khalil,

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
CLOUD PRIVACY AND SECURITY
Khreishah & Azeem, 2014). The most common types of cloud services are Software as a Service
or SaaS, Platform as a Service or PaaS and Infrastructure as a Service or IaaS.
This particular report covers the basic concept of privacy and security strategies on the
given case study of Department of Administrative Services or DAS. It provides all kinds of
services to the Australian State Government (Gellman, 2012). The services are of several
categories and types. The main services are the procurement management, payroll, personnel
management, human resources management and contractor management. The following report
describes about the several privacy and security strategies. Proper approaches are mentioned in
the report for mitigating the security or data risks or threats. Moreover, relevant suggestions are
also provided in the report for DAS case study.
Discussion
1. Personal Data Privacy Strategy
1.1 Management of Personal Information
Management of personal information is the most important step for DAS. They will have
to control their information, so that the information is not lost. There are few steps to manage or
secure the data. They are as follows:
a) Passwords: The most simple and efficient way of securing any type of information is
keeping passwords (Lee & Zomaya, 2012). The passwords prevent any type of hacker from
intruder in the cloud. Moreover, passwords should be changed or altered periodically.
b) Secured Browser: A secured browser is also helpful for any type of security of
information (Gampala, Inuganti & Muppidi, 2012). The secured browser prevents or disallows

5
CLOUD PRIVACY AND SECURITY
all types of malware and malicious code in the system and thus personal information is managed
easily.
1.2 Collection and Management of Solicited Personal Information
This is the second step for personal data privacy strategy. Certain steps complete the
collection and management of information easily. They are as follows:
a) Reliable Source: The major step is the collecting, gathering and acquiring of the
information or data from a reliable source.
b) Filtering of Information: Once the information is collected from a basic reliable
source, the information is thorughly filtered (Yang & Jia, 2013). This filtration of confidential
information will remove all the undesired information.
c) Review: The third step of the process of collection and management is to review the
personal information. When the information is relevant it is kept and it is removed or deleted, if
found to be useless.
1.3 Use and Disclosure of Personal Information
Only authenticated and sanctioned users must utilize and disclose the information
(Garrison, Kim & Wakefield, 2012). There are several ways for securing and blocking the access
from any type of unsanctioned users. They are as follows:
a) Logging Out: The moment a user logs in into his/her account containing all the
important and confidential information, the chance exists that the information would be lost.

6
CLOUD PRIVACY AND SECURITY
b) Limited Access to Systems: Another way of protecting the personal information from
being utilized and disclosed with the unsanctioned users (Pearson, 2013). The access to the
information must be restricted to stop the intruders from tracking the information.
1.4 Use and Security of Digital Identities
The confidential information of a particular organization, which is used for representing a
particular external representative, is called a digital identity (Yang & Jia, 2013). The digital
identity can be anything like an individual or organization. The digital identities have several
benefits. The main benefits of digital identities are as follows:
a) Data Integrity
b) Security
c) Fast
d) Simple
1.5 Security of Personal Information
Security is the principal step in the privacy and security strategy. Leakage of the personal
information is not at all permissible, as the cyber threats are increased. The most efficient ways
of securing personal information are as follows:
a) Passwords: The most simple and efficient way of securing any type of information is
keeping passwords (Chaisiri, Lee & Niyato, 2012). The passwords prevent any type of hacker
from intruder in the cloud. Moreover, passwords should be changed or altered periodically.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
CLOUD PRIVACY AND SECURITY
b) Antivirus: Antivirus is software that secures a system from malicious codes or
malware. When the system is protected, the information is also protected (Hashizume et al.,
2013). DAS should protect every system with antivirus for protecting their information.
1.6 Access to Personal Information
The access to the personal information should be restricted for the unsanctioned and
unauthenticated users (Yu et al., 2013). The several methods for protecting the access to the
personal information are as follows:
a) Access Control: The access to the system should be restricted and controlled so that all
the users access the personal information.
b) Limited Access to Systems: Another way of protecting the personal information from
being utilized and disclosed with the unsanctioned users (Pearson, 2013). The access to the
information must be restricted to stop the intruders from tracking the information.
1.7 Quality and Correction of Personal Information
Quality of the personal information ensures the fact that the information stored by the
organization is not false. DAS should protect and secure their information by undertaking
various steps (Arora, Parashar & Transforming, 2013). This is done by ensuring the quality of
the information. This removes the useless information. Moreover, if by chance wrong
information is stored or any type of erroneous information is stored within the system, the
correction is done immediately. Thus, this step is extremely needed.

8
CLOUD PRIVACY AND SECURITY
2. Privacy Control Recommendations
S.
No
“Privacy Controls
Risks
(Personal data)”
“Mitigation Plans” “Implementation “
Student 1 Student ID
1. Malicious Code or
Software: Malicious
code or software is
usually applied in a
particular system for
hacking (Rong,
Nguyen & Jaatun,
2013). An intruder
performs hacking so
that he can easily
hack into the system
1. Antivirus: This is the
simplest way for any type of
risk in the personal data
(Khalil, Khreishah &
Azeem, 2014). This type of
software helps to detect and
prevent the virus attacks and
malicious codes or software
from entering into the
system.
1. Implementation of
antivirus is done by
installing the software in
the system easily.

9
CLOUD PRIVACY AND SECURITY
and get access all the
confidential
information.
Malicious software
can automatically
replicate itself and
the moment the code
is injected into a
system, it gets
formatted.
2. Firewalls: Firewalls are
another measure of securing
the data. These firewalls
normally act just like walls
for security. The firewalls
detect any type of
vulnerability and prevent
the risks.
2. Implementation of
firewalls is extremely
simple. There are several
software that help in the
process of
implementation (Rong,
Nguyen & Jaatun, 2013).
The entire process is
extremely simple.
2. Denial of Service:
The second type of
risk is the denial of
service
(Rittinghouse &
Ransome, 2016).
The victim has
absolutely zero idea
about the attack. The
intruder denies the
1. Increment in the
Bandwidth of Server: This
is the easiest way for
mitigating and reducing the
attacks regarding to denial
of service (Chen & Zhao,
2012). The increment in the
bandwidth of the server can
reduce these attacks.
1. The bandwidth of the
server can be incremented
by simply incrementing
the overall budget.
Although, it is expensive
in nature, once
implemented completely
reduces the attacks
regarding to denial of
service

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

10
CLOUD PRIVACY AND SECURITY
access and the
personal information
is easily hacked.
2. Architecture: The
architecture of the system
should be strong enough for
preventing these types of
attacks (Lin & Chen, 2012).
2. The architecture is the
most important part of
any system. The
architecture should be
strong for locating the
specific servers in various
data centres.

11
CLOUD PRIVACY AND SECURITY
3. Personal
Information
Leakage: This is
another major risk or
threat that occurs for
personal
information. The
confidential and
personal information
can be easily
exposed or leaked in
Internet and the
integrity would be
lost.
1. Encryption: Encryption
is the simplest way for
protecting the information
in a particular system
(Srinivasan et al., 2012).
The procedure of enclosing
a confidential text or
message into a typical
cipher text so that the
message is no hacked is
known as encryption. It is
the best technology for
securing any information.
Encryption should be opted
by DAS.
1. Encryption mainly has
two algorithms namely
symmetric key and
asymmetric key
algorithms. In a
symmetric key algorithm,
the key for encoding and
decoding the message is
same. The major benefit
of symmetric key
algorithm is the simplicity
in implementation. In
asymmetric key
algorithm, there are two
different keys for
encoding and decoding.
This is complicated than
the symmetric key as two
keys are involved.