Cloud Computing Report: Privacy and Data Strategy for DAS - Analysis

Verified

Added on  2022/10/17

|24
|7085
|19
Report
AI Summary
This report addresses the privacy and data strategy for the Department of Administrative Services (DAS), an Australian state government department transitioning to a shared services model using cloud computing. The report outlines the need for a privacy strategy to manage personal information securely within a centralized database, considering the use of a SaaS application for HR and personnel management. It proposes strategies for managing personal information, including data collection, use, and disclosure, along with secure digital identity management and data access controls. The report also identifies and recommends controls for mitigating privacy risks associated with cloud usage, such as loss of data control and the use of unsecure devices. Furthermore, it develops a strategy for personal data protection, focusing on authorized access, data security, and the implementation of recommended controls to ensure data confidentiality and integrity. The report emphasizes the importance of authentication, encryption, and adherence to privacy policies to safeguard personal data within the shared services environment.
tabler-icon-diamond-filled.svg

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: CLOUD COMPUTING
Cloud Computing
Name of Student
Name of University
Author Note
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1
CLOUD COMPUTING
Table of Contents
Introduction..........................................................................................................................2
1. Privacy Strategy for Personal Data..................................................................................3
2. Recommended Privacy Controls.....................................................................................6
2.1. Control for Mitigation of Privacy Risks...................................................................6
2.2. Implementation of Privacy Strategy.........................................................................8
3. Personal Data Protection Strategy...................................................................................8
3.1. Protection of Personal Information...........................................................................9
3.2. Authorised access and Disclosure of Personal Information...................................11
3.3. Use of Personal Digital Identities...........................................................................13
4. Recommended Personal Data Protection Controls........................................................14
4.1. Mitigation of Data Security Risks..........................................................................14
4.2. Implementation of Personal Data Protection Strategy............................................16
Conclusion.........................................................................................................................17
References..........................................................................................................................19
Document Page
2
CLOUD COMPUTING
Introduction
DAS (The Department of Administrative Services), is known for delivering services in
several departments under the state government of Australia. The services offered by DAS
encompasses payroll services, contact tendering, management of the contractors and
management of the procurement. DAS have been providing all these services through their own
data centres. However, in relation to modification in existing policy, DAS needs to move to a
“Shared service” method by centralizing all the services offered by DAS. This indicates that each
department under DAS needs to transfer their data to DAS servers. This is needed so that the
data can be tracked and managed centrally. The migration to a centralized database is further
linked with a policy defined by government that mandates a “cloud first” method of data
processing and procuring the software services. For that, a HR and an application for personnel
management is obtained from a company in US. The configuration, processing and updates will
be handled by the processing centre situated in Bangalore India. The centralised database will
provide a complete access to the information related to HR management and Performance
management to the employees through a link that is placed on DAS intranet. The information
and data access will be authenticated by the use of the digital ID of DAS.
The report aims in preparation of a strategy correlated to personal information and
strategy for privacy data security for DAS. The report will be presenting the proposal of privacy
strategy for the use of DAS. The strategy will encompass effective administration of personal
information that encompasses the collection and also managing of the solicited personal and
confidential information. The policy will address the secure use of the personal information of
the staffs and will look after the security of that information while it is being disclosed. The use
of SaaS cloud is associated with a certain amount of privacy risk that is needed to be addressed
Document Page
3
CLOUD COMPUTING
(Ahmed & Hossain, 2014). The report will recommend certain controls for addressing of the
privacy risks of using SaaS cloud. In this context, a privacy strategy will be proposed that can be
implemented to safeguard of confidentiality of the data. The report further aims in developing a
strategy for DAS related to personal data protection that will enable in enforcing authorised
usage and exposure of the private data. It will further help in security of the personal data. The
use of cloud is linked with certain amount of data security risks. The report aims in
implementation of a proper strategy for securing personal data. In the following paragraphs the
privacy strategy linked with the personal data usage, recommendation for privacy control,
strategy for protection of private data and recommendations for personal data controls are
discussed.
1. Privacy Strategy for Personal Data
This section of the report aims in developing a proposal for privacy process in DAS. It is
necessary to develop a privacy strategy for DAS as this department provides several services to
different departments in Australian state government and privacy of the data of the customers is
the foremost consideration of this department. The movement of DAS to a shared services
approach increases the privacy risks linked with storage and access of the data from a centralized
database (Rao & Selvamani, 2015). The privacy strategy that is being proposed for DAS will
help in effective administration of the personal data that is kept in the centralized database. The
strategy aims in enforcing security in storage and access of personal information. This privacy
proposal is needed as data privacy is one significant challenge faced by the organization making
use of a cloud model. While making use of a shared service, it is quite obligatory to manage and
safeguard the personal data associated with the staffs and employees of an organization (Shaikh
& Sasikumar, 2015). The privaate information access should strictly be constrained to the
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
4
CLOUD COMPUTING
intended individual to address the privacy issues. Proper authentication prior to data access
should be enforced to ascertain that the data is being addressed by the intended audience only.
The privacy strategy proposal for DAS are documented as follows-
a) Management of Personal Information: This is one of the most integral considerations
of the strategy for privacy (Latif et al., 2014). The administration of the personal data involves
restriction of the data use and access to the intended individual. Since the entire data processing
will be managed by the cloud vendors’ processing centre, the confidentiality of the personal
information might be at risk. The strategy is to enforce identity and access management
controls to ascertain that only the intended users are accessing the data that too from the
approved devices only (Jouini & Rabai, 2019). The identity management control will eliminate
the chances of any illegal data access thus managing the private data that is kept in DAS.
b) Collecting and Managing solicited Personal Information: collection of the personal
data is one of the business needs of DAS. However, the gathering of the solicited private data
should be subjected to the individual’s consent. The strategy is to let the person know about the
real need of collection of personal data, its intended use and the process in which the privacy of
the collected data will be maintained (Cuzzocrea, 2014). Furthermore, the collected private data
should be kept in an encrypted manner and should be subjected to proper access control so that it
can be accessed only by the intended audience.
c) Use and Disclosure of Personal Information: Disclosing any private data to any
unintended person should be completely restricted (Kalaiprasath, Elankavi & Udayakumar,
2017). The private information usage should be constrained only for the use of individual and for
authenticating the identity of the individual. The storage of the personal information over the
Document Page
5
CLOUD COMPUTING
centralized database should be subjected to proper authentication so that illegal access to the
same can be restricted (Kumar, Lakshmi & Balamurugan, 2015). Apart from that a privacy
policy should be enforced that will document the process in which the users of the shared
database will comply with the privacy policy linked with the managing and disclosure of the
private data and data of the users.
d) Use and security of Digital Identity: The secure usage of digital identity is an
important consideration of DAS. The strategy is to provide unique digital ID to each employee
which should be kept confidential by the employee. An employee by no means is allowed to
share his/her digital ID. A unique digital ID is created by the DAS active Directory instance
which can be effectively used for proper authorization and authentication. Another strategy for
securing the digital identity is to make use of updated antivirus software in the devices through
which the data is accessed (Sun et al., 2014). It is recommended to check all the security settings
regularly to eliminate any risk on the use and safety of digital identity.
e) Security of Personal Information: Personal data security is a key consideration of
privacy strategy of DAS mainly because it is making use of shared services (Narula & Jain,
2015). The use and access of the personal data is subjected to abiding the data and the privacy
policy of DAS. The strategy is to govern the process in which a particular data is collected,
shared and used.
f) Access to Personal Information: Personal data access is needed to be restricted so as
to prevent any kind of misuse of that information (Choo, 2014). The privacy strategy that DAS
should follow involves proper authentication so that the misuse of personal information can be
restricted. DAS should possess a proper privacy policy that all the staffs of the organization
Document Page
6
CLOUD COMPUTING
should follow. Privacy policy is needed by DAS as a part of privacy strategy so that the access to
the same can be restricted only to the intended individual (Krishna et al., 2016). Along with that,
the personal data storage should be subjected to encryption. The information can be decrypted
only by the intended personnel thus protecting the confidentiality of the data.
g) Quality and correction of Personal Information: The personal data correction can
only be done by the intended individual (Rasheed, 2014). The strategy of correction involves
validation of the need of modifying the personal information. Followed by that, proper validation
of the identity of the individual is needed to done so that the correction is done in authenticated
manner.
The above point indicates the proposed privacy strategy for DAS. In consideration to the
administration of the privacy and confidentiality of the private data, preparing a proposal for
privacy strategy was necessary since DAS is moving to a shared service (Kalaiprasath, Elankavi
& Udayakumar, 2017). In shared service access of the information is not restricted to a particular
individual thus increasing the data and privacy risk (Duncan & Whittington, 2016). The privacy
strategy indicates that data and information confidentiality can be ascertained by encryption and
proper authentication check. However, the access of the information from shared database is
authenticated by DAS digital ID. Along with that the DAS active directory instance is used for
required authentication and authorization.
2. Recommended Privacy Controls
This part of the report will provide an idea of the privacy risks that can be faced while
making use of the shared services (Rittinghouse & Ransome, 2017). The section aims in
implementation of effective controls for addressing the identified privacy risks.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7
CLOUD COMPUTING
2.1. Control for Mitigation of Privacy Risks
Management of the information security risks in cloud becomes a necessity to sustain the
privacy of the stored data in the system. There are certain privacy risks and implications linked
with the cloud usage and usage of SaaS (Cayirci et al., 2014). Ineffective management of the
privacy risks linked with cloud computing can result in data security risks persisting in the
system. The identified privacy implications linked with the usage of cloud technology include,
Loss of control over the stored data, cloud vendor having the control of the data stored, use of
any device on accessing the data and data mining (Hendre & Joshi, 2015). Addressing these
major privacy risks becomes a necessity so that the risks in making use of the new services as
proposed by DAS can be mitigated. The strategy for addressing the identified privacy risks are
indicated as follows-
Loss of control over the Data: This is one most prominent privacy risk linked with the
use of SaaS. The controls that can be enforced for mitigation of the privacy risk include
maintaining transparency with the cloud vendor regarding the storage of the personal and critical
information in the cloud database (Vacca, 2016). The access to those information should be
allowed only to the personnel who is authorised for the same.
Risk of Cloud Vendor having data control: In SaaS, cloud vendor generally has an
access and control over the data stored (Sadiku, Musa & Momoh, 2014). This gives rise to a
major privacy risk as well. As a mitigation to this problem, a trusted cloud vendor is needed to be
chosen and a legal agreement should be made with the cloud vendor regarding maintaining the
data confidentiality and the confidentiality of the information stored over cloud database.
Document Page
8
CLOUD COMPUTING
Use of unsecure Device: The use of SaaS provides an advantage of accessing the data
from any device. Use of any unsecure device can result in data theft and therefore, it is one
prominent privacy risk linked with cloud (Tari, 2014). As a mitigation approach of the same, the
use of unsecure devices should be completely restricted and the employees should be trained
about the need of making use of up to date antivirus in their devices to protect the confidential
information of the organization.
Data Mining: Data mining is another privacy risk that is linked with the cloud usage. It is
quite difficult to mitigate this risk (Hussain et al., 2017). The only way is to enforce encrypted
storage so that this risk can be addressed.
The above paragraphs indicate the major privacy risk that is linked with the current
system and discusses the mitigation strategies that can be applied to address those risks.
2.2. Implementation of Privacy Strategy
The above discussed privacy strategy is required to be executed in DAS to safeguard the
data privacy kept in the system (Gai et al., 2016). The employees and the staffs of the
organization needs to understand the risks linked with making use of the SaaS service and needs
to know about the mitigation strategies that can be enforced to addresses those risks (Gai, Qiu &
Zhao, 2017). Therefore, it is recommended to enforce a training program to educate the
individuals about the various processes in which the privacy risks can be mitigated. Apart from
that DAS should release and circulate a documented form of the controls and measures that have
been proposed so that each and every individual associated with the organization have an idea of
the major data control strategies linked with the organization (Kalaiprasath, Elankavi &
Document Page
9
CLOUD COMPUTING
Udayakumar, 2017). Therefore, each individual needs to have an idea of the privacy risks and
their controls so that the effect of the same can be minimized.
3. Personal Data Protection Strategy
The strategy for data protection in an organization help the same in management of the
data security risks and helps in safeguarding of personal data. Data of a company is considered to
be one of the most valuable assets of an organization (Mollah, Azad & Vasilakos, 2017). A
breach of the data in the organization can led to costly, legal and financial consequences.
Therefore, it is needed for DAS to prepare proper strategy for personal data protection that can
ascertain security of the private data by ensuring proper and authorised usage of the personal
data and effective disclosure of the same. Designing and implementation of privacy and data
protection plan is necessary for protection of the data associated with the organization (Esposito
et al. 2016). In this particular part of the report a strategy for safeguarding the personal data will
be developed along with outlining the process in which access and usage to personal information
can be carried out in an authorised manner. A strategy will be developed for protecting the
personal digital identity usage.
3.1. Protection of Personal Information
Security measures are needed to be taken for protecting the personal data that is kept over
centralised database. The strategy of safeguarding the private information will help the
information in protection of the accidental damage, targeted destruction along with protection
against the unauthorised access (Gupta & Chourey, 2014). The strategy for safeguarding the
personal data are indicated as follows-
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
10
CLOUD COMPUTING
Identification and management of the internal and external data security threats is an
important consideration for management of the data security threats. DAS needs to draft
an advice on implementation of proper compliant contracting strategies that will help in
effective protection of the data rights along with supporting the use of data sharing
(Chou, 2015).
It is needed for the organization to conduct effective privacy and impact examination of
the major security risks so that the private data can be protected.
It is recommended to conduct privacy and impact assessment of the major security and
privacy issues so that protection of the personal data can be ascertained.
One of the most effective strategies for personal information protection is that DAS could
make use of, includes appointing a data protection officer who will be in charge of
monitoring and mapping the requirements linked to protection of personal data and
information (Kalaiprasath, Elankavi & Udayakumar, 2017).
The most effective step that can be considered to protect the privacy and confidentiality
of personal data include effective analysis of the data privacy risks persisting in the
organization (Daniel, 2014). DAS should be aware of the privacy requirements of the
organization to design effective privacy policy and security controls.
It is recommended for DAS to design and create a data privacy policy as an effective
strategy for protecting the private data. The policy can be a documented set of guidelines
for formulation of the internal and external factors linked with the objectives of the
company (Dinadayalan, Jegadeeswari & Gnanambigai, 2014). The data privacy policy
must include a proper statement related to the organizational context including the basic
data privacy rules that will help in protection of the data privacy. Clear definition of the
Document Page
11
CLOUD COMPUTING
roles and responsibilities of data protection is one of the necessary steps for protection of
data privacy within an organization.
As a strategy of protection of personal information DAS will be creating a data privacy
procedure that will focus on the strategic aspects of privacy protection (Rao &
Selvamani, 2015). It will include common procedures such as taking an individual’s
consent before accessing or sharing private data of the users.
It is recommended to implement the necessary data privacy controls for mitigation,
avoiding and transferring the risk linked with use and access of the private data and
information (Hoepman, 2014). The data privacy control will include both technical and
non-technical requirements as an essential step of limiting the access to private and
personal data kept in the centralised database.
It is needed to initiate a data privacy training and awareness to the staffs so that they can
understand the most basic requirements of working with private data (Szádeczky, 2015).
The training will be imparted to all the IT staffs along with the security team.
Monitoring is an essential step for protection of personal information (Kalaiprasath,
Elankavi & Udayakumar, 2017). The continuous monitoring process can help in
identification of the major risks and issues linked with the process adopted for personal
data protection.
The above points indicate the strategy that DAS should implement for safeguarding the
private data. Monitoring of the risk that is linked with the personal information is crucial to
ascertain that the information of the users are not being used by any unauthorized individual. In
the following section, the strategy for protection of data for authorised use and exposer of the
private data are discussed.
Document Page
12
CLOUD COMPUTING
3.2. Authorised access and Disclosure of Personal Information
The changes in the DAS indicate development of effective strategies for authorised
access and use of the private data. Cloud database is linked with several security threats that are
needed to be addressed (Danezis et al., 2015). Having an effective control on the personal data is
needed to address the major data security risks linked with the access of the personal data that is
kept over the cloud database. The strategy for enforcing authorised access and use of the
personal and private data are indicated in the following paragraphs-
For authorised use of the personal and private data, DAS will be making use of digital
IDs for collection of data and information form the HR and Performance Management system.
This is an effective strategy for limiting the use of data only to an authorised personnel. The
internal digital identity through which the authorization will be done will be provided by the
active directory instance of DAS. This will help in proper internal authentication and
authorization. Since the SAML 2.0 certificate will authorize the authentication, unauthorised
access to the data can be stopped. However, effective strategies are needed to be identified for
enforcing authorised access and effective usage of the private data.
The access of the data should only be allowed through company’s intranet. This will help
in restricting any kind of unauthorised data access (Viji, Saravanan & Hemavathi, 2017)
Every system should have an up to date firewall protection that will protect the system
from malicious attack, which in turn will help in restricting the unauthorised access to the
confidential and private data.
The identity of each users should be cross checked and validated before providing access
to any information that is kept over the centralized database of the company. This will
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
13
CLOUD COMPUTING
ascertain that only the authorized individuals are accessing the data and the information
from the database thus limiting the unauthorised access to the same.
DAS should implement commercially reasonable security measures as per the industry
standards for protection of the private data of the staffs and the users. It is the duty of
DAS to protect the confidentiality of those information even in case of electronic storage
or its transformation over the internet (Kavis, 2014).
The above strategies indicate that protection of personal data is possible only on account
of restriction of the access to those data only to the authorised personnel. Along with that, proper
monitoring of the data is required to be ascertained so that illegal access to the same can be
checked. Along with this, the use of the personal digital identifies are needed to be safeguarded
as well. The following section outlines the strategies for the usage of personal digital identities.
Following these strategies is necessary for protection of the digital identities.
3.3. Use of Personal Digital Identities
Digital identity can be indicated as information of an entity that can be used by different
computer systems for representing an external agent. This agent can be a person, any
organization and application. Safeguarding the personal digital identity generally represents the
protection of the identity of the individual (Rittinghouse & Ransome, 2017). DAS needs to
ascertain that personal digital identity of the individual users are protected. The strategy for
effective use of the personal digital identity of the user are indicated as follows-
1. Each user of the system is necessary to have one unique digital identity so that misuse
of the same can be restricted.
Document Page
14
CLOUD COMPUTING
2. If access to a system is protected by a password, it is required to frequently change the
password so that the information content of the system can be safeguarded.
3. The unique digital ID should only be provided to the trusted individuals or the
employees of higher rank in order to prevent the misuse of the same (Palos-Sanchez, Arenas-
Marquez, & Aguayo-Camacho, 2017).
The enforcement of the above three control measures can significantly help in
management and control of the usage of the personal digital identities. DAS should document the
same and let the employees and the users know about the processes that should be followed for
security of the private data and providing authorised access to the usage of the private data of the
users (Motavaselalhagh, Esfahani & Arabnia, 2015). However, DAS needs to act upon the major
data security risks that might be present within the organization as a result of making use of
shared services and SaaS cloud service. The following section of the report documents the major
data security risks linked with the organization to understand the process in which these data
security risks can be mitigated to provide a safe platform to the users for access and management
of the data that is being kept in the cloud platform.
4. Recommended Personal Data Protection Controls
This part of the report will recommend effective strategies for safeguarding and
controlling the private data and information. It is observed that the storage of data over an
insecure platform like cloud is subjected to major data protection risks. Proper identification and
mitigation of these data security risks are essential to confirm secure storage of the personal and
confidential users’ data along with the private data of the company. The following subsections
Document Page
15
CLOUD COMPUTING
provide a detailed understanding of the major data security risks and provides an idea of
implementation of strategy for protection of private data in a proper manner.
4.1. Mitigation of Data Security Risks
Storage of data over cloud is linked with certain amount of data security risks that are
needed to be mitigated. The use of Software as a Service platform although improves the
effectiveness and efficiency of data storage, it is linked with a fair amount of data security risks
that are required to be addressed and mitigated (Almorsy, Grundy & Müller, 2016). There are
certain most prominent data security risks linked with the usage of SaaS and cloud computing,
which are needed to be mitigated. The main security risks linked with the usage of cloud
computing include the data breaches, incorrect data entry and modification as a result of human
error, hijacking the users’ account or identity theft and malware infection. These include the
most common security threats that can affect the normal performance of DAS. Therefore,
mitigation of these major risks becomes a necessity.
Data Breaches: This is the most common data security threat that is linked with the use
of cloud computing. Quite lately the cybersecurity crimes linked with data breaches have
increased at an exponential rate and therefore, protection of the system from the data breaches
becomes a necessity. Data breach can occur due to phishing scams, hacking or infection of
ransomware. (Soofi et al., 2014) The strategy of managing the risk of data breach include the
use of encrypted storage and multi-factor authentication security measures to ascertain complete
restriction of any illegal data access.
Human Error: This is another prominent data security risk that needs attention. The
mitigation of this type of data security risk is difficult as reduction of human error might be
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
16
CLOUD COMPUTING
complex. However, as a mitigation approach, the staffs and the employees of the organization
are needed to be trained about the correct process of data entry so that human error and its
associated risk can be mitigated.
Identity Theft: Identity theft can be a major contributor of the data security risks that can
be identified in DAS. As a mitigation approach to this problem, it is recommended that staffs and
employees of the organization should be trained about proper protection of the digital identity
and their personal information so that identity theft can be prevented (Motavaselalhagh, Esfahani
& Arabnia, 2015). Along with that access to the confidential information should only be given to
trusted and experienced personnel to prevent the misuse of the same.
Malware Infection: Malware infection mainly occurs when a malicious software
infiltrates into the system. This is one of the most dangerous forms of data security threats and is
therefore needed to be addressed on a priority basis. There can be several processes of protecting
a system from malware infection (Rao & Selvamani, 2015). For DAS, it is necessary to make use
of updated operating systems, browsers and plugins so that there are less chances of facing a
malware infection. Apart from that, use of up to date antivirus software in every systems is
necessary to eliminate the risk of the cloud database being infected by malware infection.
The above paragraphs provide an idea of the major data security risks in DAS and
effective mitigation approach for reducing the risks in the organization as a result of the
identified data security threats. However, it is quite necessary to implement proper strategy
forpersonal data protection as a control measure against the data security risks and threats
persisting in the organization.
4.2. Implementation of Personal Data Protection Strategy
Document Page
17
CLOUD COMPUTING
It is quite integral to enforce an effective strategy for protection of personal and private
data so that the major risks and threats connected with a system can be addressed. Implementing
of strategy for personal and private data protection in DAS is crucial to eiminate the major risks
and the issues persisting in the organization. Implementation of effective strategy for security of
data in DAS will involve the following stages-
1. It is necessary for each individual to understand the specific policies along with the
corrective measures for dealing with the major security flaws that can persist in an organization.
This will help in acting against any security threat in a proper manner.
2. It is identified that some of the security problems that an organization faces can be a
cause of human error. Therefore, it is necessary for the network admin to properly train
himself/herself to the proper data retention standards so that those particular errors can be
handled and effectively mitigated (Motavaselalhagh, Esfahani & Arabnia, 2015).
3. Robust monitoring and reporting can be considered as another effective strategies for
detection of any potential threats or errors in the system. This is an effective personal data
protection strategy as well.
4. Keeping a read to implement disaster recovery plan is another effective strategy for
minimizing the major risks and the issues that can infect a system.
The above four points indicates the personal and private data protection controls that
should be incorporated in DAS to minimize the threats and issues linked with the system.
Conclusion
Document Page
18
CLOUD COMPUTING
The report discusses the main risks and the theats linked with the cloud deployment
model and further proposes the mitigation approaches of the identified risks. The Department of
Administrative Services in Australia has undergone certain changes in the mode of delivery of
the services, which include moving to a shared service approach and centralization of a number
of services. This drastic changes brings about a lot of problems concerning the storage and the
access of the data that is stored over the centralised database. The report aims in addressing the
major privacy issues and the data security threats that DAS might face with this change. The
report gives an idea of the major privacy strategy that is proposed for DAS. The strategy that is
being proposed mainly aims in managing and collecting personal and private information linked
with the organization. The strategy that is being proposed ascertains security of the personal data
along with the secure use of digital identities. Personal data access should be effectively
monitored for reducing the risk of unauthorised access. The report further discusses the major
privacy risks and recommends effective strategies for controlling those risks. The staffs and the
employees are needed to be trained about the major risks so that in case of any emergency, the
correct step can be taken. In this context, the report develops a strategy for effective personal and
private data protection and security of the personal identities. At the end, the report recommends
needed measures for effective mitigation of acknowledged data security risks and issues. The
recommended controls are needed to be induced into the current system of DAS so that majority
of the risks and the privacy issues can be effectively monitored, controlled and mitigated.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
19
CLOUD COMPUTING
References
Ahmed, M., & Hossain, M. A. (2014). Cloud computing and security issues in the
cloud. International Journal of Network Security & Its Applications, 6(1), 25.
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Cayirci, E., Garaga, A., Santana, A., & Roudier, Y. (2014, December). A cloud adoption risk
assessment model. In 2014 IEEE/ACM 7th International Conference on Utility and
Cloud Computing (pp. 908-913). IEEE.
Choo, K. K. R. (2014). A cloud security risk-management strategy. IEEE Cloud
Computing, 1(2), 52-56.
Chou, D. C. (2015). Cloud computing: A value creation model. Computer Standards &
Interfaces, 38, 72-77.
Cuzzocrea, A. (2014, November). Privacy and security of big data: current challenges and future
research perspectives. In Proceedings of the First International Workshop on Privacy
and Secuirty of Big Data (pp. 45-47). ACM.
Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J. H., Metayer, D. L., Tirtea, R., &
Schiffner, S. (2015). Privacy and data protection by design-from policy to
engineering. arXiv preprint arXiv:1501.03726.
Daniel, W. K. (2014, April). Challenges on privacy and reliability in cloud computing security.
In 2014 International Conference on Information Science, Electronics and Electrical
Engineering (Vol. 2, pp. 1181-1187). IEEE.
Document Page
20
CLOUD COMPUTING
Dinadayalan, P., Jegadeeswari, S., & Gnanambigai, D. (2014, February). Data security issues in
cloud environment and solutions. In 2014 World Congress on Computing and
Communication Technologies (pp. 88-91). IEEE.
Duncan, R. A. K., & Whittington, M. (2016). Enhancing cloud security and privacy: The power
and the weakness of the audit trail. CLOUD COMPUTING 2016.
Esposito, C., Castiglione, A., Martini, B., & Choo, K. K. R. (2016). Cloud manufacturing:
security, privacy, and forensic concerns. IEEE Cloud Computing, 3(4), 16-22.
Gai, K., Qiu, M., & Zhao, H. (2017). Privacy-preserving data encryption strategy for big data in
mobile cloud computing. IEEE Transactions on Big Data.
Gai, K., Qiu, M., Zhao, H., & Xiong, J. (2016, June). Privacy-aware adaptive data encryption
strategy of big data in cloud computing. In 2016 IEEE 3rd International Conference on
Cyber Security and Cloud Computing (CSCloud) (pp. 273-278). IEEE.
Gupta, A., & Chourey, V. (2014, July). Cloud computing: Security threats & control strategy
using tri-mechanism. In 2014 International Conference on Control, Instrumentation,
Communication and Computational Technologies (ICCICCT) (pp. 309-316). IEEE.
Hendre, A., & Joshi, K. P. (2015, June). A semantic approach to cloud security and compliance.
In 2015 IEEE 8th International Conference on Cloud Computing (pp. 1081-1084). IEEE.
Hoepman, J. H. (2014, June). Privacy design strategies. In IFIP International Information
Security Conference (pp. 446-459). Springer, Berlin, Heidelberg.
Document Page
21
CLOUD COMPUTING
Hussain, S. A., Fatima, M., Saeed, A., Raza, I., & Shahzad, R. K. (2017). Multilevel
classification of security concerns in cloud computing. Applied Computing and
Informatics, 13(1), 57-65.
Jouini, M., & Rabai, L. B. A. (2019). A security framework for secure cloud computing
environments. In Cloud security: Concepts, methodologies, tools, and applications (pp.
249-263). IGI Global.
Kalaiprasath, R., Elankavi, R., & Udayakumar, D. R. (2017). Cloud. Security and Compliance-A
Semantic Approach in End to End Security. International Journal Of Mechanical
Engineering And Technology (Ijmet), 8(5), 987-994.
Kavis, M. J. (2014). Architecting the cloud: design decisions for cloud computing service models
(SaaS, PaaS, and IaaS). John Wiley & Sons.
Krishna, B. H., Kiran, S., Murali, G., & Reddy, R. P. K. (2016). Security issues in service model
of cloud computing environment. Procedia Computer Science, 87, 246-251.
Kumar, N. S., Lakshmi, G. R., & Balamurugan, B. (2015). Enhanced attribute based encryption
for cloud computing. Procedia Computer Science, 46, 689-696.
Latif, R., Abbas, H., Assar, S., & Ali, Q. (2014). Cloud computing risk assessment: a systematic
literature review. In Future information technology (pp. 285-295). Springer, Berlin,
Heidelberg.
Mollah, M. B., Azad, M. A. K., & Vasilakos, A. (2017). Security and privacy challenges in
mobile cloud computing: Survey and way ahead. Journal of Network and Computer
Applications, 84, 38-54.
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
22
CLOUD COMPUTING
Motavaselalhagh, F., Esfahani, F. S., & Arabnia, H. R. (2015). Knowledge-based adaptable
scheduler for SaaS providers in cloud computing. Human-centric Computing and
Information Sciences, 5(1), 16.
Narula, S., & Jain, A. (2015, February). Cloud computing security: Amazon web service.
In 2015 Fifth International Conference on Advanced Computing & Communication
Technologies (pp. 501-505). IEEE.
Palos-Sanchez, P. R., Arenas-Marquez, F. J., & Aguayo-Camacho, M. (2017). Cloud computing
(SaaS) adoption as a strategic technology: Results of an empirical study. Mobile
Information Systems, 2017.
Rao, R. V., & Selvamani, K. (2015). Data security challenges and its solutions in cloud
computing. Procedia Computer Science, 48, 204-209.
Rasheed, H. (2014). Data and infrastructure security auditing in cloud computing
environments. International Journal of Information Management, 34(3), 364-368.
Rittinghouse, J. W., & Ransome, J. F. (2017). Cloud computing: implementation, management,
and security. CRC press.
Sadiku, M. N., Musa, S. M., & Momoh, O. D. (2014). Cloud computing: opportunities and
challenges. IEEE potentials, 33(1), 34-36.
Shaikh, R., & Sasikumar, M. (2015). Data Classification for achieving Security in cloud
computing. Procedia computer science, 45, 493-498.
Document Page
23
CLOUD COMPUTING
Soofi, A. A., Khan, M. I., Talib, R., & Sarwar, U. (2014). Security issues in SaaS delivery model
of cloud computing. International journal of computer science and mobile
computing, 3(3), 15-21.
Sun, Y., Zhang, J., Xiong, Y., & Zhu, G. (2014). Data security and privacy in cloud
computing. International Journal of Distributed Sensor Networks, 10(7), 190903.
Szádeczky, T. (2015). Information Security Law and Strategy in Hungary. Academic and
Applied Research In Public Management Science, 14(4), 281-289.
Tari, Z. (2014). Security and Privacy in Cloud Computing. IEEE Cloud Computing, 1(1), 54-57.
Vacca, J. R. (Ed.). (2016). Cloud computing security: foundations and challenges. CRC Press.
Viji, D., Saravanan, K., & Hemavathi, D. (2017, June). A journey on privacy protection
strategies in big data. In 2017 International Conference on Intelligent Computing and
Control Systems (ICICCS) (pp. 1344-1347). IEEE.
chevron_up_icon
1 out of 24
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]