Business Continuity and the Cloud: Risk Assessment Report - CYB/205

Verified

Added on 2021/11/23

AI Summary

This report, submitted for CYB/205, examines business continuity and disaster recovery in the context of cloud services. It defines business continuity and cloud disaster recovery, emphasizing their importance in risk management and organizational resilience. The report identifies risks that can be transferred to cloud providers, such as data loss and unauthorized access, and also highlights new risks associated with cloud services, including credential theft and data breaches. It then explores the costs and benefits of cloud-based solutions, including factors influencing costs and advantages like cost savings, improved collaboration, and remote accessibility. A risk assessment template is provided, and the report concludes by relating the risk assessment and cost/benefit analysis to business continuity and disaster recovery, advocating for the adoption of cloud computing services over traditional data centers. References to relevant research papers are included.

Running head: BUSINESS CONTINUITY AND THE CLOUD 1
Business Continuity and the Cloud
Lucrecia V. Fuentes
CYB/205
November 26, 2018
Mr. Denis Brookers

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

BUSINESS CONTINUITY AND THE CLOUD 2
Definition of Business Continuity and Disaster Recovery in the Context of the Cloud
Services
According to Randeree, Mahal & Narwani (2012), business continuity is the ability of an
organization or a company to maintain important functions during and after the occurrence of a
disaster. Through a business continuity planning, risk management procedures and processes are
established which are aimed to prevent mission-critical services interruptions and to reestablish
immediate full functions of the organization. Cloud disaster recovery (CDR) is a strategy that
involves backing up, storing and maintaining electronic copies in a cloud-computing
environment as a measure of security (Kaura & Lal 2017).
The Importance of Disaster Continuity and Disaster Recovery to the Function of the
Business
The main goal of disaster recovery in the cloud is to provide the organization with a way
of recovering data and implementing failover in an event of a natural catastrophe or man-made
disaster. Both businesses continuing planning and Disaster recovery are essential parts of overall
risk management for the organization. Some risks that exist in the organization cannot be
eliminated and therefore the implementation of business continuity plans and cloud disaster
recovery prepares for potential disruptive events that might occur within the organization. In
addition, disaster continuity and cloud disaster recovery are important because they provide the
organization with a detailed strategy of how the business will survive and continue immediately
after disasters and severe interruptions.

BUSINESS CONTINUITY AND THE CLOUD 3
Identification of Risks That Can Be Transferred To the Cloud Provider Based On
the Functions of the Business
Risk assessment is defined as a systematic process of evaluating all possible risks which
might be involved in a planned or and undertaking activity (Aven & Renn 2009). The risks that
can be transferred to the cloud provider include reduced risks of losing data, access of data by
unauthorized personnel, risks of data deletions, visibility and control among the consumers, data
leakages and incomplete date deletion as a result of transferring data over different devices. The
reduced visibility and control occur during the process of transacting assets or operation to the
cloud as organization losses control over the services.
New Risks Associated With Using Cloud Services Based On the Functions of the Business
The new risks associated with using cloud service are credentials can be stolen easily,
Increased Complexity Strains IT Staff, insider abuse of authorized access and loss of stored data.
Data stored in the cloud can be stolen. For example, if an attacker gains access to users cloud
credentials through hacking or other means, the attacker can still have access to CSP’s services
for the provision of additional resources. Furthermore, the attacker can influence the resources of
cloud computing. In addition, if the attacker has an access to CSP administrator’s cloud
credentials, may be in a position of using the credentials to access systems and data of agency
(Khan & Hamlen, 2012. Data stored in the cloud can be lost as a result of malicious attacks,
accidental deletion or physical catastrophic like fire and earthquake. Furthermore, loss of the
data can lead to permanent loss of customer data. The risks of straining IT staff and the
organization may end up losing skilled and experienced employees in the process. Furthermore,
straining of IT staff creates a room for errors.

BUSINESS CONTINUITY AND THE CLOUD 4
Risk assessment template
risk likelihood impact
Credentials are stolen medium Very high
Increased complexity strains IT staff Very high medium
Loss of stored data low catastrophic
Insiders abuse authorized data low high
Costs Associated With a Cloud-Based Solution for the Business
Cloud computing costs vary greatly with the cloud service required by the business. For
example, file sharing and cloud storage services like Dropbox start with accounts that are free,
although advanced features always come with paid plans. For the advanced features, the cost is a
minimum of $20 monthly per user. Cloud recovery services and backup like Carbonite cost
$59.99 each month (Foster, Zhao, Raicu & Lu, 2008). In addition, Amazon Web Services offer a
wide range of cloud services which lets businesses use its data centers either on a pay-as-you-go
basis or for free. The pricing of cloud-based software is also depended on the industry and
provider. According to Grossman (2009) additional factors affecting the cost associated with a
Cloud-Based Solution for the Business includes the number of users, contract terms, tech support
and how the business will be distributing and launching the software across the company.
Benefits Associated With a Cloud-Based Solution for the Business
The benefits of cloud services are endless for the business. Cloud computing saves
businesses money and time by promoting innovation, improving collaboration and boosting
productivity (Knorr & Gruman, 2008). Cloud computing will enable the business access

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

BUSINESS CONTINUITY AND THE CLOUD 5
information remotely with any device which is compatible. Instead of storing business
information in data centers which are susceptible to damage hence the risk of data loss, cloud
computing stores data on the internet. It makes information accessible from remote locations
with internet connectivity. In addition, cloud computing syncs data for all cloud-connected
devices which keeps them updated with real-time information. Furthermore, in a cloud
environment, the business will be in a position to access all file types, collaborate remotely when
different people in different locations are working on the same project, and allow the use of
applications.
Relation of the Risk Assessment and Cost/Benefit Analysis to the Business Continuity and
Disaster Recovery for the Needs of the Business
The determination of external and internal risks is vital to the process of disaster recovery
and business continuity (Sahebjamnia, Torabi & Mansouri, 2015). The risk analysis has
identified the prevalent risk and the likelihood of their occurrence as well as the level of damage
they could potentially cause. The data is used in conjunction with the business impact analysis
results. The cost/benefit analysis has analyzed the different costs associated with cloud
computing which will assist the organization in choosing the best cloud services provider. From
the analysis, it is clear that cloud services are better than data centers. Therefore, the business
should discontinue using datacenters and adopt cloud computing services to store its data.

BUSINESS CONTINUITY AND THE CLOUD 6
References
Aven, T., & Renn, O. (2009). On risk defined as an event where the outcome is uncertain.
Journal of risk research, 12(1), 1-11.
Randeree, K., Mahal, A., & Narwani, A. (2012). A business continuity management maturity
model for the UAE banking sector. Business Process Management Journal, 18(3), 472-
492
Sahebjamnia, N., Torabi, S. A., & Mansouri, S. A. (2015). Integrated business continuity and
disaster recovery planning: Towards organizational resilience. European Journal of
Operational Research, 242(1), 261-273.
Knorr, E., & Gruman, G. (2008). What cloud computing really means. InfoWorld, 7, 20-20.
Grossman, R. L. (2009). The case for cloud computing. IT professional, 11(2), 23-27.
Foster, I., Zhao, Y., Raicu, I., & Lu, S. (2008, November). Cloud computing and grid computing
360-degree compared. In Grid Computing Environments Workshop, 2008. GCE'08 (pp.
1-10). Ieee.
Khan, S. M., & Hamlen, K. W. (2012, June). AnonymousCloud: A data ownership privacy
provider framework in cloud computing. In Trust, Security and Privacy in Computing
and Communications (TrustCom), 2012 IEEE 11th International Conference on (pp. 170-
176). IEEE.
Kaura, W. C. N., & Lal, A. (2017, March). Survey paper on cloud computing security. In
Innovations in Information, Embedded and Communication Systems (ICIIECS), 2017
International Conference on (pp. 1-6). IEEE.