Analyzing Cloud Computing Risks and Security Measures
VerifiedAdded on 2020/04/01
|12
|5019
|71
AI Summary
AzuraTech Solutions is planning a transition to cloud-based software and infrastructure, necessitating a comprehensive analysis of potential security concerns. The adoption of cloud computing brings forth several challenges, including data breaches, loss of control over sensitive information, and compliance with regulatory standards like the Privacy Act 1988 (Cth). This summary explores these issues by examining key threats such as unauthorized access, insecure interfaces, and account hijacking, drawing on research from prominent sources in cloud security. It provides an assessment framework for AzuraTech to identify vulnerabilities within its IT infrastructure and proposes mitigation strategies, including encryption practices, robust authentication mechanisms, and regular security audits. By addressing these concerns proactively, AzuraTech can ensure a secure transition to cloud computing while safeguarding against potential data breaches and maintaining compliance with legal obligations.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running Head: IT RISK ASSESMENT 1
IT Risk Assessment
IT Risk Assessment
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT Risk Assessment 2
Executive Summary
The present report examines the concept of security in the IT environment. In the present times,
IT security has become an important issue as information technology and digitized mediums are
commonly used for storing and the retrieval of information. In the present information age, the
volume of information has become drastically large; therefore, it is important that the
organization stores their information in the digital medium. Therefore, with the advent of
technology, all the business organizations have started using digitized mediums to store the
confidential and non-confidential information of the organization.
The technology has also increased the volume of the data available and it is important to use the
digitized mediums for storing the vast amount of information. In this regard, the present report
highlights the concept of cloud computing for storage of information. Aztek is a financial
organization which is trying to adopt an IT service which can address the issue of data storage in
the organization. As it is a financial organization, it deals with highly confidential information
related to the finances of the customers. It is important to maintain the privacy of the customers
and protect the data from unauthorized mediums. It is due to the reason that if hackers attain this
data, it can be misused. However, it is important for the organization to adopt cloud services due
to the enormous amount of data it is dealing with. It is a technology based n sharing of resources.
The organization can rent the cloud services for storing data. In cloud computing, data is stored
in online mediums which can be accessed from anywhere and from any device. It can drastically
impact on the efficiency of the services provided by the business organization.
The present report has discussed the issues which will be created with the adoption of cloud
computing in the organization. The company needs to implement several security protocols such
as firewall and intrusion detection system for identifying the external parties who can enter the
system. The selection of vendor also impacts on the security provided to the customers. Aztek
should check whether the external cloud service provider is abiding by all the compliance has
and data privacy Acts. The vendor should also be able to provide adequate bandwidth to its
customer so that the operations can run smoothly. The report has conducted a risk assessment
and proposed solutions which can be used to address these risks. The report reflects on all the
issues which may arise on data privacy and security due to adoption of cloud services. At last,
the report has also shed light on various approaches which can be used to mitigate the data
security risk in the organization.
Executive Summary
The present report examines the concept of security in the IT environment. In the present times,
IT security has become an important issue as information technology and digitized mediums are
commonly used for storing and the retrieval of information. In the present information age, the
volume of information has become drastically large; therefore, it is important that the
organization stores their information in the digital medium. Therefore, with the advent of
technology, all the business organizations have started using digitized mediums to store the
confidential and non-confidential information of the organization.
The technology has also increased the volume of the data available and it is important to use the
digitized mediums for storing the vast amount of information. In this regard, the present report
highlights the concept of cloud computing for storage of information. Aztek is a financial
organization which is trying to adopt an IT service which can address the issue of data storage in
the organization. As it is a financial organization, it deals with highly confidential information
related to the finances of the customers. It is important to maintain the privacy of the customers
and protect the data from unauthorized mediums. It is due to the reason that if hackers attain this
data, it can be misused. However, it is important for the organization to adopt cloud services due
to the enormous amount of data it is dealing with. It is a technology based n sharing of resources.
The organization can rent the cloud services for storing data. In cloud computing, data is stored
in online mediums which can be accessed from anywhere and from any device. It can drastically
impact on the efficiency of the services provided by the business organization.
The present report has discussed the issues which will be created with the adoption of cloud
computing in the organization. The company needs to implement several security protocols such
as firewall and intrusion detection system for identifying the external parties who can enter the
system. The selection of vendor also impacts on the security provided to the customers. Aztek
should check whether the external cloud service provider is abiding by all the compliance has
and data privacy Acts. The vendor should also be able to provide adequate bandwidth to its
customer so that the operations can run smoothly. The report has conducted a risk assessment
and proposed solutions which can be used to address these risks. The report reflects on all the
issues which may arise on data privacy and security due to adoption of cloud services. At last,
the report has also shed light on various approaches which can be used to mitigate the data
security risk in the organization.
IT Risk Assessment 3
Table of Contents
Introduction......................................................................................................................................4
Review of the Project with respect to the Financial Services Sector..............................................4
Review of the project impact on the current security posture of Aztec...........................................6
Risk assessment based derived from IT control framework............................................................7
Addressing risks for Data Security..................................................................................................9
Conclusion.....................................................................................................................................10
References......................................................................................................................................11
Table of Contents
Introduction......................................................................................................................................4
Review of the Project with respect to the Financial Services Sector..............................................4
Review of the project impact on the current security posture of Aztec...........................................6
Risk assessment based derived from IT control framework............................................................7
Addressing risks for Data Security..................................................................................................9
Conclusion.....................................................................................................................................10
References......................................................................................................................................11
IT Risk Assessment 4
Introduction
In the present scenario, Information Technology (IT) has intruded the daily lives of
people and has immense applications in the business operations. IT infrastructure assists the
organization in increasing efficiency and productivity of the organization. Today, most of the
business organizations have embraced technology to ease their business process. These business
organizations cannot operate in the absence of technology as all the operations are dependent
upon it. However, with the advent of technology, several risks have also arisen in the business
operations of the company. Most of the risk is associated with the confidentiality and the privacy
of the data stored on the online mediums. In the present times, the size of the information and the
data used in the business organization has become vast. Therefore, digital mediums are
commonly used to store this data or information. However, the information stored in these digital
mediums can be accessed easily from any part of the world. Therefore, it is important that the
business organizations adopt security protocols to prevent unauthorized mediums to secure the
private information of the organization (Almorsy, Grundy & Müller, 2016). Aztek Finance is
company which deals in the financial industrial sector; therefore, it is important that the business
organization should implement security measures to prevent the data breach. The present report
will conduct an IT risk assessment with respect to the implementation of cloud services in the
company. In order to increase the efficiency and the productivity of the organization, the
business organizations is taking into account a number of changes in its IT infrastructure such as
BYOD (Bring your Own Device), cloud computing and use of other similar services. In these
changes, cloud computing has been selected as the preferred choice as it will bring down the cost
to the organization radically. The present report will conduct a risk assessment related to the
deployment of cloud services, provide recommendation on how to address them and review the
current stand of the organization with respect to the security of the cloud services.
Review of the Project with respect to the Financial Services Sector
Aztek is a financial corporation which deals with the financial information of the customers.
Being a business organization in the financial industry, the company has to deal with the
sensitive and the confidential information of the customers. The government has also developed
strict policies for the companies working in the financial industry. The Privacy Act 1988 controls
the collection, use and disclose of the personal data. This Act is applicable to all the companies
as well as the industries. The Privacy Act is applicable to all the companies in the in private
sectors and the public sectors. This Act regulates the personal information of the users and its
misuse. The personal information refers to the information which can reveal the identity of an
individual regardless of the point. The Act is applicable regardless of whether the information is
true or the individual is named, if the information is specific and enables the identification of a
person it is considered as a breach of the individual privacy. All the financial and the banking
organizations are regulate by Australian Privacy Principles (APPs). The personal information
encompasses the information or an opinion which can identify an individual or allow the people
to work out their identity. This information may include an individual’s name, address, financial
information, marital status and billing status.
Introduction
In the present scenario, Information Technology (IT) has intruded the daily lives of
people and has immense applications in the business operations. IT infrastructure assists the
organization in increasing efficiency and productivity of the organization. Today, most of the
business organizations have embraced technology to ease their business process. These business
organizations cannot operate in the absence of technology as all the operations are dependent
upon it. However, with the advent of technology, several risks have also arisen in the business
operations of the company. Most of the risk is associated with the confidentiality and the privacy
of the data stored on the online mediums. In the present times, the size of the information and the
data used in the business organization has become vast. Therefore, digital mediums are
commonly used to store this data or information. However, the information stored in these digital
mediums can be accessed easily from any part of the world. Therefore, it is important that the
business organizations adopt security protocols to prevent unauthorized mediums to secure the
private information of the organization (Almorsy, Grundy & Müller, 2016). Aztek Finance is
company which deals in the financial industrial sector; therefore, it is important that the business
organization should implement security measures to prevent the data breach. The present report
will conduct an IT risk assessment with respect to the implementation of cloud services in the
company. In order to increase the efficiency and the productivity of the organization, the
business organizations is taking into account a number of changes in its IT infrastructure such as
BYOD (Bring your Own Device), cloud computing and use of other similar services. In these
changes, cloud computing has been selected as the preferred choice as it will bring down the cost
to the organization radically. The present report will conduct a risk assessment related to the
deployment of cloud services, provide recommendation on how to address them and review the
current stand of the organization with respect to the security of the cloud services.
Review of the Project with respect to the Financial Services Sector
Aztek is a financial corporation which deals with the financial information of the customers.
Being a business organization in the financial industry, the company has to deal with the
sensitive and the confidential information of the customers. The government has also developed
strict policies for the companies working in the financial industry. The Privacy Act 1988 controls
the collection, use and disclose of the personal data. This Act is applicable to all the companies
as well as the industries. The Privacy Act is applicable to all the companies in the in private
sectors and the public sectors. This Act regulates the personal information of the users and its
misuse. The personal information refers to the information which can reveal the identity of an
individual regardless of the point. The Act is applicable regardless of whether the information is
true or the individual is named, if the information is specific and enables the identification of a
person it is considered as a breach of the individual privacy. All the financial and the banking
organizations are regulate by Australian Privacy Principles (APPs). The personal information
encompasses the information or an opinion which can identify an individual or allow the people
to work out their identity. This information may include an individual’s name, address, financial
information, marital status and billing status.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT Risk Assessment 5
Aztek collects personal information which may encompass the name, contact details,
occupational details, and affiliations to the organization, payment details and enquiry details.
There are also various others laws and Acts applicable which includes Anti-Money Laundering
and Counter-Terrorism Act 2006 which requires the identification of clients. In this
identification, the personal information is collected from different methods such as client
questionnaire, interaction with the banking organization, public resources, third party and the
information service providers. However, while dealing with the enormous amount of personal
data and information, the organizations need to protect their data warehouse so that no breach of
personal information occurs.
In order to foster growth and increase the profitability of the organization, the organization is
focusing on deploying additional IT projects. There are a large number of projects under the
consideration; however, in the present case, cloud computing is selected for the deployment.
Cloud computing is an innovative technology which encourages the organizations to share
resources so that they can operate in a cost-effective manner. It reduces the cost to the
organization as the organization has to invest less in the infrastructural resources. They can rent
the data storage and retrieval services from the cloud service provider. However, there are
increased security concerns with the use of cloud services. The customers give control to handle
the information to the service provider. Moreover, as the resources are shared, a third party can
gain access over the crucial information. The present report will discuss the security issues with
cloud computing and propose solutions through which these security issues can be addressed
(Grobauer, Walloschek & Stocker, 2011).
The financial industry face several threats related to the data integrity and security such as data
breach, identity theft and associated fraud in the industry. The issue of the data breach is a
concern for types of industries; however, the financial industry is the most common victim of the
situation due to the inherent value of the data collected and stored in the financial resources. Due
to the inherent nature of the business, a significant amount of confidential customer and client
data is stored from the daily transactions of the business.
Due to these issues, it is required for the financial industry to have more stringent data security
standards in comparison to other countries. The financial companies have to regularly deal with
highly sensitive and confidential financial data of its customers. It includes the bank account
number, debit or credit card information and other confidential data. The loss if this information
can create a serious dent on the reputation and integrity of the organization. The failure to protect
the confidential and the private data of the customers can result in termination of the operations
or heavy penalty from the companies. The success or the failure of a financial firm depends upon
how it uses the consumer data while maintaining the privacy of the organization. It is imperative
that the financial organizations have to share the consumer data to exploit the current trend in
growth opportunities; however, they should also comply with the regulations regarding the
consumer privacy so that no malicious use of the consumer information can be conducted (Iqbal,
2012).
Currently, there are a large number of consumer privacy regulations in Australia as well as other
countries which protect the consumers from any misuse from their information. These laws set
norms on how the information is stored, processed and used by these companies. The data
privacy laws are present in almost all the countries and encompass various variables of consumer
Aztek collects personal information which may encompass the name, contact details,
occupational details, and affiliations to the organization, payment details and enquiry details.
There are also various others laws and Acts applicable which includes Anti-Money Laundering
and Counter-Terrorism Act 2006 which requires the identification of clients. In this
identification, the personal information is collected from different methods such as client
questionnaire, interaction with the banking organization, public resources, third party and the
information service providers. However, while dealing with the enormous amount of personal
data and information, the organizations need to protect their data warehouse so that no breach of
personal information occurs.
In order to foster growth and increase the profitability of the organization, the organization is
focusing on deploying additional IT projects. There are a large number of projects under the
consideration; however, in the present case, cloud computing is selected for the deployment.
Cloud computing is an innovative technology which encourages the organizations to share
resources so that they can operate in a cost-effective manner. It reduces the cost to the
organization as the organization has to invest less in the infrastructural resources. They can rent
the data storage and retrieval services from the cloud service provider. However, there are
increased security concerns with the use of cloud services. The customers give control to handle
the information to the service provider. Moreover, as the resources are shared, a third party can
gain access over the crucial information. The present report will discuss the security issues with
cloud computing and propose solutions through which these security issues can be addressed
(Grobauer, Walloschek & Stocker, 2011).
The financial industry face several threats related to the data integrity and security such as data
breach, identity theft and associated fraud in the industry. The issue of the data breach is a
concern for types of industries; however, the financial industry is the most common victim of the
situation due to the inherent value of the data collected and stored in the financial resources. Due
to the inherent nature of the business, a significant amount of confidential customer and client
data is stored from the daily transactions of the business.
Due to these issues, it is required for the financial industry to have more stringent data security
standards in comparison to other countries. The financial companies have to regularly deal with
highly sensitive and confidential financial data of its customers. It includes the bank account
number, debit or credit card information and other confidential data. The loss if this information
can create a serious dent on the reputation and integrity of the organization. The failure to protect
the confidential and the private data of the customers can result in termination of the operations
or heavy penalty from the companies. The success or the failure of a financial firm depends upon
how it uses the consumer data while maintaining the privacy of the organization. It is imperative
that the financial organizations have to share the consumer data to exploit the current trend in
growth opportunities; however, they should also comply with the regulations regarding the
consumer privacy so that no malicious use of the consumer information can be conducted (Iqbal,
2012).
Currently, there are a large number of consumer privacy regulations in Australia as well as other
countries which protect the consumers from any misuse from their information. These laws set
norms on how the information is stored, processed and used by these companies. The data
privacy laws are present in almost all the countries and encompass various variables of consumer
IT Risk Assessment 6
protection such as data security, access, data integrity, consent, disclosure and notice (Buyya,
Yeo, Venugopal, Broberg, & Brandic, 2009).
The changing technology has an important role in changing privacy environment. The basic
essence of the privacy laws is to protect the personal information of the consumers; however, the
stringent nature of these laws can create business challenge for the business organization. The
organizations need to decide and make regulations regarding data protection. The cost of data
breach in the financial industry is very high.
Review of the project impact on the current security posture of Aztec
Aztec Solution is a financial service organization. The business organization has
implemented several security protocols to enhance the security of the organization. The business
organization has implemented several methods as it handles crucial financial information of the
customers. Aztek Solution has IT security infrastructure which controls the network anomaly and
malicious behavior. The organization has implemented firewall and security `detection methods
to detect abnormal behavior in the organization network. The organization has also implemented
user activity control mechanism. It controls the activities of the users in the network. The access
of the user in the network is controlled. The users can only access the information which is
essential for them. There are several stages of information access. The users are only provided
information which is essential for their operations. Other than that, the organization also
monitors the users’ activity. If the activity of the users is found suspicious then his access to the
system is prevented.
However, the security requirements for the system will be changed according with the
implementation of the cloud computing solution. The cloud computing is implemented to reduce
the potential cost to the business and increase the efficiency in the use of resources. However,
failure to implement appropriate security protection methods while using the cloud services can
result in high cost and loss of business which can reduce the benefits of cloud computing. There
are a large number of security risks associated with the cloud computing which are discussed
below:
Loss of Governance: In the public cloud deployment, the customers give control for the
information access and protection to the security to the cloud service provider. The cloud service
provider my not offer commitment to resolve these issues; therefore, they may leave gaps in the
security defense of the organization (Saini, Saini, Yousif and Khandage, 2011).
Responsibility Ambiguity: The security responsibility over several different aspects of cloud
computing may be split over the provider and the customer; therefore, some aspects of the cloud
computing security may remain unguarded.
Authentication and Authorization: The information stored in the cloud services can be accessed
from anywhere on the internet. Therefore, it is important to establish the identity of the user for
the heightened security. In cloud computing, strong authentication and authorization has become
a critical concern (Hashizume, Rosado, Fernández-Medina & Fernandez, 2013).
protection such as data security, access, data integrity, consent, disclosure and notice (Buyya,
Yeo, Venugopal, Broberg, & Brandic, 2009).
The changing technology has an important role in changing privacy environment. The basic
essence of the privacy laws is to protect the personal information of the consumers; however, the
stringent nature of these laws can create business challenge for the business organization. The
organizations need to decide and make regulations regarding data protection. The cost of data
breach in the financial industry is very high.
Review of the project impact on the current security posture of Aztec
Aztec Solution is a financial service organization. The business organization has
implemented several security protocols to enhance the security of the organization. The business
organization has implemented several methods as it handles crucial financial information of the
customers. Aztek Solution has IT security infrastructure which controls the network anomaly and
malicious behavior. The organization has implemented firewall and security `detection methods
to detect abnormal behavior in the organization network. The organization has also implemented
user activity control mechanism. It controls the activities of the users in the network. The access
of the user in the network is controlled. The users can only access the information which is
essential for them. There are several stages of information access. The users are only provided
information which is essential for their operations. Other than that, the organization also
monitors the users’ activity. If the activity of the users is found suspicious then his access to the
system is prevented.
However, the security requirements for the system will be changed according with the
implementation of the cloud computing solution. The cloud computing is implemented to reduce
the potential cost to the business and increase the efficiency in the use of resources. However,
failure to implement appropriate security protection methods while using the cloud services can
result in high cost and loss of business which can reduce the benefits of cloud computing. There
are a large number of security risks associated with the cloud computing which are discussed
below:
Loss of Governance: In the public cloud deployment, the customers give control for the
information access and protection to the security to the cloud service provider. The cloud service
provider my not offer commitment to resolve these issues; therefore, they may leave gaps in the
security defense of the organization (Saini, Saini, Yousif and Khandage, 2011).
Responsibility Ambiguity: The security responsibility over several different aspects of cloud
computing may be split over the provider and the customer; therefore, some aspects of the cloud
computing security may remain unguarded.
Authentication and Authorization: The information stored in the cloud services can be accessed
from anywhere on the internet. Therefore, it is important to establish the identity of the user for
the heightened security. In cloud computing, strong authentication and authorization has become
a critical concern (Hashizume, Rosado, Fernández-Medina & Fernandez, 2013).
IT Risk Assessment 7
Isolation Failure: The primary characteristics of cloud computing are multi-tenancy and shared
resources which increases the privacy and the confidentiality of the data. The risk category
include the usage of storage, memory, routing and he reputation between tenants.
Compliance and Legal Risks: In cloud computing, the customer and the service provider remain
at different places. Therefore, there are several compliance and legal risk associated with the
cloud services. The customers must check the compliance by checking that the service provider
has appropriate certificates with them.
Handling of Security Risk: The cloud service provider should be able to handle the security
breaches in the service. However, the breach in the security is may impact the security breach of
the customer. Therefore, it is important that the service provider should assure to inform the
customers for any potential security breaches. The customers should not remain unaware or
uninformed in any unacceptable manner.
Interface Vulnerability: The interface which is used to manage the public cloud service can be
accessed through internet. They allow access to large set of resources; however, the perceived
risk is higher due to the remote access vulnerability.
The current security mechanism of the organization is not such that the organization can
implement cloud computing. The organization should explore all the issues which can potentially
harm the confidentiality, integrity and the availability of the data. It is important that security
architecture is set up so protect the resources of the organization such as employees,
infrastructure and the IT systems.
Risk assessment based derived from IT control framework
There are several benefits of the cloud computing which includes reduction of the cost,
movement from capital infrastructure to operational expenditure and agility in the operations.
The risk profile of cloud computing is complex as the existing technology is maturing and new
services are emerging in the technology. The cloud service providers offer different services
related to monitoring, transformation, portability, provisioning and the integration of IT services.
The risk associated with the cloud computing can be analyzed with the help of IT risk assessment
framework. The organization should also design framework which can detect the risks in the
cloud computing platforms:
Risk Type Characteristic Cloud Risk
Functionality Suitability, accurateness,
interoperability, compliance
and security
The developed solution does
not meet the business
requirements
The regulatory compliance is
also important for the
organization
The security needs to be
enforced by an external
application (ENISA, 2009)
Reliability Maturity, Fault tolerance and
ability to recover from disaster
Lack of quality, resilience,
business continuity and lack of
Isolation Failure: The primary characteristics of cloud computing are multi-tenancy and shared
resources which increases the privacy and the confidentiality of the data. The risk category
include the usage of storage, memory, routing and he reputation between tenants.
Compliance and Legal Risks: In cloud computing, the customer and the service provider remain
at different places. Therefore, there are several compliance and legal risk associated with the
cloud services. The customers must check the compliance by checking that the service provider
has appropriate certificates with them.
Handling of Security Risk: The cloud service provider should be able to handle the security
breaches in the service. However, the breach in the security is may impact the security breach of
the customer. Therefore, it is important that the service provider should assure to inform the
customers for any potential security breaches. The customers should not remain unaware or
uninformed in any unacceptable manner.
Interface Vulnerability: The interface which is used to manage the public cloud service can be
accessed through internet. They allow access to large set of resources; however, the perceived
risk is higher due to the remote access vulnerability.
The current security mechanism of the organization is not such that the organization can
implement cloud computing. The organization should explore all the issues which can potentially
harm the confidentiality, integrity and the availability of the data. It is important that security
architecture is set up so protect the resources of the organization such as employees,
infrastructure and the IT systems.
Risk assessment based derived from IT control framework
There are several benefits of the cloud computing which includes reduction of the cost,
movement from capital infrastructure to operational expenditure and agility in the operations.
The risk profile of cloud computing is complex as the existing technology is maturing and new
services are emerging in the technology. The cloud service providers offer different services
related to monitoring, transformation, portability, provisioning and the integration of IT services.
The risk associated with the cloud computing can be analyzed with the help of IT risk assessment
framework. The organization should also design framework which can detect the risks in the
cloud computing platforms:
Risk Type Characteristic Cloud Risk
Functionality Suitability, accurateness,
interoperability, compliance
and security
The developed solution does
not meet the business
requirements
The regulatory compliance is
also important for the
organization
The security needs to be
enforced by an external
application (ENISA, 2009)
Reliability Maturity, Fault tolerance and
ability to recover from disaster
Lack of quality, resilience,
business continuity and lack of
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT Risk Assessment 8
quality in system and service
Usability The ability of the user to
operate the technology
The learning capability of the
employees
The technical and the user
efforts required for the new
skill
The service is not as expected
The staff members have
inadequate skills to perform
the roles and responsibilities
There are inadequate people in
to support the IT system
Efficiency Efficiency in time (Response
and processing time)
Resource Behavior
(Multitenant Impact)
The system support the
programming; however, it is
capable to perform complex
business reporting functions
Maintainability Transparency in technicality,
stability and robustness of the
system
Testability (the availability of
test environment for the
system)
Portability Adaptation according to
different business processes,
installation and ability to
replace
The security related risk can also be assessed in the similar process. The security risk in the cloud
computing are analyzed and discussed in the below section:
In the cloud computing environment, the management of IT security is a major issue. It can
result in the loss of governance. In the cloud computing environment, the organization should
maintain appropriate safeguards to maintain the security of the system. When the client avail the
service of the cloud computing, he let go of the power to store, adapt and manipulate the data.
Therefore, the cloud service provider can use this data for malicious intent or pass it on to
someone else. In this regard, it is important that the service provider follows the safety standards
and abide by the regulations designed for the cloud environment (Foster, Zhao, Raicu & Lu,
2008, November).
Data: In the recent times, the cloud based applications have been commonly used by the
organizations to store data. However, the accessibility of the data has increased with the cloud
based applications. Cloud services encourage sharing of resources. As a result, other users can
accidentally or intentionally use the resource of the other organization. This information can be
used for malicious purpose by the business organizations. The cloud service provider is also
unable to share access information as it may increase the security vulnerability of the
organization (Stewart, 2015).
Access: The cloud based solutions should increase the accessibility to the data and the
information. In cloud services, the users gain access to the organization’s information from
quality in system and service
Usability The ability of the user to
operate the technology
The learning capability of the
employees
The technical and the user
efforts required for the new
skill
The service is not as expected
The staff members have
inadequate skills to perform
the roles and responsibilities
There are inadequate people in
to support the IT system
Efficiency Efficiency in time (Response
and processing time)
Resource Behavior
(Multitenant Impact)
The system support the
programming; however, it is
capable to perform complex
business reporting functions
Maintainability Transparency in technicality,
stability and robustness of the
system
Testability (the availability of
test environment for the
system)
Portability Adaptation according to
different business processes,
installation and ability to
replace
The security related risk can also be assessed in the similar process. The security risk in the cloud
computing are analyzed and discussed in the below section:
In the cloud computing environment, the management of IT security is a major issue. It can
result in the loss of governance. In the cloud computing environment, the organization should
maintain appropriate safeguards to maintain the security of the system. When the client avail the
service of the cloud computing, he let go of the power to store, adapt and manipulate the data.
Therefore, the cloud service provider can use this data for malicious intent or pass it on to
someone else. In this regard, it is important that the service provider follows the safety standards
and abide by the regulations designed for the cloud environment (Foster, Zhao, Raicu & Lu,
2008, November).
Data: In the recent times, the cloud based applications have been commonly used by the
organizations to store data. However, the accessibility of the data has increased with the cloud
based applications. Cloud services encourage sharing of resources. As a result, other users can
accidentally or intentionally use the resource of the other organization. This information can be
used for malicious purpose by the business organizations. The cloud service provider is also
unable to share access information as it may increase the security vulnerability of the
organization (Stewart, 2015).
Access: The cloud based solutions should increase the accessibility to the data and the
information. In cloud services, the users gain access to the organization’s information from
IT Risk Assessment 9
different devices; however, in order to maintain the integrity and confidentiality of the data, it is
important that the identity of the user is assured before providing user access. The illegal access
can compromise the confidentiality of the data if the user is not genuine.
Availability: The availability of the services all the time is another issue for the cloud service
provider. The bandwidth of the services is fixed; however, the service provider manages by
allocating it to different users according to their requirements. However, if the frequency of the
users who try to reach the service varies with time, the service provider faces the challenge
whether he will be able to provide the service or not.
Compliance: The compliance to the government regulations and laws is important in the
financial industry. In order to protect the privacy and the confidentiality of the user data, the
government has created various policies and laws. These regulations are regarding the security
audits, operational traceability and the data access. The service user should also be aware
regarding different security regulations and examine if the cloud service provider is following
these regulations.
Addressing risks for Data Security
The cloud computing brings new threats to the data security. Therefore, the cloud service
provider should ensure that the cloud system is in compliance with the governance and security
policies. Aztek Solutions should conduct permanent monitoring of user access which may
include video monitoring system, movement sensors, alarm system and trained security
personnel. Other systems and infrastructural facilities which are essential for the operation of the
cloud service such as internet or electricity should be designed to be redundant.
Other than that, the organization should also design fire protection system so that data center fire
can be prevented. This system should be regularly tested by the IT managers. The data center
should have adequate security protection methods so that protection can be provided against
external elements such as storms, flood and against unauthorized access. The service provider
should also provide high level of service availability if the customer requires a particularly high
level of services. It should also provide backup or redundant data centers which can be used for
the services if the data centers are unavailable. If the service provider is using SaaS services, then
he does not handle cloud infrastructure. In this case, it should be assured that the subcontractor
meet all the service requirements (Armbrust, Fox, Griffith, Joseph, Katz, Konwinski & Zaharia,
2009).
The server security is also essential to attain a secure cloud environment. The server represents
the environment wherein the processes and their computation are performed. The operating
system and the server should be designed so that there is minimal possibility of attack.
Therefore, it is important to install only necessary software packages and any superfluous
services should be disabled or uninstalled. Other than that, standard measures such as protection
of host firewalls and intrusion detection system can be used to monitor the IT infrastructure
system. These systems analyze the system security such as policy violations by the users, failed
login attempts and malware detection. The security of the cloud system can be enhanced by
using broadband connection, standardized and commonly-used transmission protocols, service
oriented architecture and virtualization.
different devices; however, in order to maintain the integrity and confidentiality of the data, it is
important that the identity of the user is assured before providing user access. The illegal access
can compromise the confidentiality of the data if the user is not genuine.
Availability: The availability of the services all the time is another issue for the cloud service
provider. The bandwidth of the services is fixed; however, the service provider manages by
allocating it to different users according to their requirements. However, if the frequency of the
users who try to reach the service varies with time, the service provider faces the challenge
whether he will be able to provide the service or not.
Compliance: The compliance to the government regulations and laws is important in the
financial industry. In order to protect the privacy and the confidentiality of the user data, the
government has created various policies and laws. These regulations are regarding the security
audits, operational traceability and the data access. The service user should also be aware
regarding different security regulations and examine if the cloud service provider is following
these regulations.
Addressing risks for Data Security
The cloud computing brings new threats to the data security. Therefore, the cloud service
provider should ensure that the cloud system is in compliance with the governance and security
policies. Aztek Solutions should conduct permanent monitoring of user access which may
include video monitoring system, movement sensors, alarm system and trained security
personnel. Other systems and infrastructural facilities which are essential for the operation of the
cloud service such as internet or electricity should be designed to be redundant.
Other than that, the organization should also design fire protection system so that data center fire
can be prevented. This system should be regularly tested by the IT managers. The data center
should have adequate security protection methods so that protection can be provided against
external elements such as storms, flood and against unauthorized access. The service provider
should also provide high level of service availability if the customer requires a particularly high
level of services. It should also provide backup or redundant data centers which can be used for
the services if the data centers are unavailable. If the service provider is using SaaS services, then
he does not handle cloud infrastructure. In this case, it should be assured that the subcontractor
meet all the service requirements (Armbrust, Fox, Griffith, Joseph, Katz, Konwinski & Zaharia,
2009).
The server security is also essential to attain a secure cloud environment. The server represents
the environment wherein the processes and their computation are performed. The operating
system and the server should be designed so that there is minimal possibility of attack.
Therefore, it is important to install only necessary software packages and any superfluous
services should be disabled or uninstalled. Other than that, standard measures such as protection
of host firewalls and intrusion detection system can be used to monitor the IT infrastructure
system. These systems analyze the system security such as policy violations by the users, failed
login attempts and malware detection. The security of the cloud system can be enhanced by
using broadband connection, standardized and commonly-used transmission protocols, service
oriented architecture and virtualization.
IT Risk Assessment 10
Hypervisors are commonly used for the server virtualization which controls the access of the
shared resources. The virtualization machines must be made secure if the cloud service provider
provides guidelines to the customers for hardening the virtualization machines.
The network security is also essential in developing an integral and secure cloud computing
system. The cloud service provider should take effective security measures so that the cloud
computing platforms are not misused by malware or the processing power is not used to control
the command and control servers (Asma, Chaurasia & Mokhtar, 2012).
The organization should also use suitable cryptographic methods to store, process and transport
sensitive information and data. In the cloud computing environment, the management of the
cryptographic keys is essential; however, there are no appropriate keys which can be used for the
management of the sensitive data or information. The customers should also have the option to
store the data before storage. If the service provider is encrypting the data, the security measures
should be implemented at each phase so that the keys generated, shared and destroyed should
enhance the confidentiality, integrity and the authenticity of the data. Several management
practices can be implemented to enhance the encryption of the available data. The encryption
keys should be generated in a secure environment with the help of suitable key generators. The
keys should not be opened in the system in an open form; however, they should be always
encrypted. It will assure that the system does not lose a key. The storage should also be
redundant so that no key is lost in the process.
Conclusion
It can be concluded that Aztek Solutions is a financial service provider which provide
several financial services to its customers. The organization is deploying several IT projects to
ease its business process and increase productivity and efficiency. In this regard, the project of
cloud computing has been selected for deployment in the organization. The present report has
conducted a risk assessment in which several risks encountered in the deployment of cloud
services has been discussed. The present report has examined different risks such as data
security, operational and legislative threat which will arise with the deployment of cloud services
in the organization. The organization can use several methods such as encryption, firewall and
other techniques to address the situation. Other than that, Aztek can also monitor the user activity
and the user access to enhance the security of the organization.
Hypervisors are commonly used for the server virtualization which controls the access of the
shared resources. The virtualization machines must be made secure if the cloud service provider
provides guidelines to the customers for hardening the virtualization machines.
The network security is also essential in developing an integral and secure cloud computing
system. The cloud service provider should take effective security measures so that the cloud
computing platforms are not misused by malware or the processing power is not used to control
the command and control servers (Asma, Chaurasia & Mokhtar, 2012).
The organization should also use suitable cryptographic methods to store, process and transport
sensitive information and data. In the cloud computing environment, the management of the
cryptographic keys is essential; however, there are no appropriate keys which can be used for the
management of the sensitive data or information. The customers should also have the option to
store the data before storage. If the service provider is encrypting the data, the security measures
should be implemented at each phase so that the keys generated, shared and destroyed should
enhance the confidentiality, integrity and the authenticity of the data. Several management
practices can be implemented to enhance the encryption of the available data. The encryption
keys should be generated in a secure environment with the help of suitable key generators. The
keys should not be opened in the system in an open form; however, they should be always
encrypted. It will assure that the system does not lose a key. The storage should also be
redundant so that no key is lost in the process.
Conclusion
It can be concluded that Aztek Solutions is a financial service provider which provide
several financial services to its customers. The organization is deploying several IT projects to
ease its business process and increase productivity and efficiency. In this regard, the project of
cloud computing has been selected for deployment in the organization. The present report has
conducted a risk assessment in which several risks encountered in the deployment of cloud
services has been discussed. The present report has examined different risks such as data
security, operational and legislative threat which will arise with the deployment of cloud services
in the organization. The organization can use several methods such as encryption, firewall and
other techniques to address the situation. Other than that, Aztek can also monitor the user activity
and the user access to enhance the security of the organization.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT Risk Assessment 11
References
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R. H., Konwinski, A., ... & Zaharia, M.
(2009). Above the clouds: A berkeley view of cloud computing (Vol. 17). Technical
Report UCB/EECS-2009-28, EECS Department, University of California, Berkeley.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., ... & Zaharia, M.
(2010). A view of cloud computing. Communications of the ACM, 53(4), 50-58.
Asma, A., Chaurasia, M. A., & Mokhtar, H. (2012). Cloud Computing Security
Issues. International Journal of Application or Innovation in Engineering &
Management, 1(2), 141-147.
Buyya, R., Yeo, C. S., Venugopal, S., Broberg, J., & Brandic, I. (2009). Cloud computing and
emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th
utility. Future Generation computer systems, 25(6), 599-616.
Campbell, J., McDonald, C. and Sethibe, T., 2010. Public and private sector IT governance:
Identifying contextual differences. Australasian Journal of Information Systems, 16(2).
Carden, M., 2012, August. Digital Archiving at the National Archives of Australia: Putting
Principles into Practice. In International Council on Archives Congress, Brisbane,
Australia, August (pp. 20-24).
Carlin, S., & Curran, K. (2011). Cloud computing security.
Chen, Y., Paxson, V., & Katz, R. H. (2010). What’s new about cloud computing
security. University of California, Berkeley Report No. UCB/EECS-2010-5
January, 20(2010), 2010-5.
Chou, T. S. (2013). Security threats on cloud computing vulnerabilities. International Journal of
Computer Science & Information Technology, 5(3), 79.
Dahbur, K., Mohammad, B., & Tarakji, A. B. (2011, April). A survey of risks, threats and
vulnerabilities in cloud computing. In Proceedings of the 2011 International conference
on intelligent semantic Web-services and applications (p. 12). ACM.
ENISA. (2009). Cloud Computing: Benefits, risks and recommendations for information
security.
Foster, I., Zhao, Y., Raicu, I., & Lu, S. (2008, November). Cloud computing and grid computing
360-degree compared. In Grid Computing Environments Workshop, 2008. GCE'08 (pp.
1-10).
Grobauer, B., Walloschek, T., & Stocker, E. (2011). Understanding cloud computing
vulnerabilities. IEEE Security & Privacy, 9(2), 50-57.
References
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R. H., Konwinski, A., ... & Zaharia, M.
(2009). Above the clouds: A berkeley view of cloud computing (Vol. 17). Technical
Report UCB/EECS-2009-28, EECS Department, University of California, Berkeley.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., ... & Zaharia, M.
(2010). A view of cloud computing. Communications of the ACM, 53(4), 50-58.
Asma, A., Chaurasia, M. A., & Mokhtar, H. (2012). Cloud Computing Security
Issues. International Journal of Application or Innovation in Engineering &
Management, 1(2), 141-147.
Buyya, R., Yeo, C. S., Venugopal, S., Broberg, J., & Brandic, I. (2009). Cloud computing and
emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th
utility. Future Generation computer systems, 25(6), 599-616.
Campbell, J., McDonald, C. and Sethibe, T., 2010. Public and private sector IT governance:
Identifying contextual differences. Australasian Journal of Information Systems, 16(2).
Carden, M., 2012, August. Digital Archiving at the National Archives of Australia: Putting
Principles into Practice. In International Council on Archives Congress, Brisbane,
Australia, August (pp. 20-24).
Carlin, S., & Curran, K. (2011). Cloud computing security.
Chen, Y., Paxson, V., & Katz, R. H. (2010). What’s new about cloud computing
security. University of California, Berkeley Report No. UCB/EECS-2010-5
January, 20(2010), 2010-5.
Chou, T. S. (2013). Security threats on cloud computing vulnerabilities. International Journal of
Computer Science & Information Technology, 5(3), 79.
Dahbur, K., Mohammad, B., & Tarakji, A. B. (2011, April). A survey of risks, threats and
vulnerabilities in cloud computing. In Proceedings of the 2011 International conference
on intelligent semantic Web-services and applications (p. 12). ACM.
ENISA. (2009). Cloud Computing: Benefits, risks and recommendations for information
security.
Foster, I., Zhao, Y., Raicu, I., & Lu, S. (2008, November). Cloud computing and grid computing
360-degree compared. In Grid Computing Environments Workshop, 2008. GCE'08 (pp.
1-10).
Grobauer, B., Walloschek, T., & Stocker, E. (2011). Understanding cloud computing
vulnerabilities. IEEE Security & Privacy, 9(2), 50-57.
IT Risk Assessment 12
Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of
security issues for cloud computing. Journal of Internet Services and Applications, 4(1),
5.
Iqbal, S., 2012. Australian Government Launches Discussion Paper on Privacy Breach
Notification. Retrieved 27 September 2017 from https://www.insideprivacy.com/data-
security/australian-government-launches-discussion-paper-on-privacy-breach-
notification/
Leavitt, N., 2013. Today's mobile security requires a new approach. Computer, 46(11), pp.16-19.
Saini, S.L., Saini, D.K., Yousif, J.H. and Khandage, S.V., 2011. Cloud computing and enterprise
resource planning systems. In Proceedings of the world Congress on Engineering (Vol. 1,
pp. 6-8).
Stewart, D., 2015. Assessing Access to Information in Australia: The Impact of Freedom of
Information Laws on the Scrutiny and Operation of the Commonwealth Government.
Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of
security issues for cloud computing. Journal of Internet Services and Applications, 4(1),
5.
Iqbal, S., 2012. Australian Government Launches Discussion Paper on Privacy Breach
Notification. Retrieved 27 September 2017 from https://www.insideprivacy.com/data-
security/australian-government-launches-discussion-paper-on-privacy-breach-
notification/
Leavitt, N., 2013. Today's mobile security requires a new approach. Computer, 46(11), pp.16-19.
Saini, S.L., Saini, D.K., Yousif, J.H. and Khandage, S.V., 2011. Cloud computing and enterprise
resource planning systems. In Proceedings of the world Congress on Engineering (Vol. 1,
pp. 6-8).
Stewart, D., 2015. Assessing Access to Information in Australia: The Impact of Freedom of
Information Laws on the Scrutiny and Operation of the Commonwealth Government.
1 out of 12
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.