Cloud Security and Privacy Assessment Report for DAS - University
VerifiedAdded on 2022/10/17
|18
|5246
|12
Report
AI Summary
This report provides a detailed analysis of cloud security and privacy issues faced by the Department of Administrative Services (DAS), an Australian State Government department, as it migrates to a shared services approach. The report examines the security and privacy of employee data, identifying vulnerabilities such as DoS attacks, legitimate privilege abuses, database injection, and malware within the HR database. It further explores risks associated with SaaS migration, including data deletion, API access management issues, and reduced control. The assessment categorizes threats based on their severity (maximum, significant, limited, and negligible) and offers insights into potential impacts on data security and privacy. The report also delves into the implications of digital identity in the context of SaaS applications and provides a comprehensive overview of the challenges associated with cloud adoption.
Running head: CLOUD SECURITY AND PRIVACY
Cloud Security and Privacy
Name of the Student
Name of the University
Author’s Note:
Cloud Security and Privacy
Name of the Student
Name of the University
Author’s Note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
CLOUD SECURITY AND PRIVACY
Table of Contents
1. Introduction............................................................................................................................2
2. Discussion on Case Study......................................................................................................2
2.1 Security of the Employees’ Data......................................................................................3
2.2 Privacy of Employees’ Data.............................................................................................8
2.3 Digital Identity Issues....................................................................................................12
3. Conclusion............................................................................................................................13
References................................................................................................................................14
CLOUD SECURITY AND PRIVACY
Table of Contents
1. Introduction............................................................................................................................2
2. Discussion on Case Study......................................................................................................2
2.1 Security of the Employees’ Data......................................................................................3
2.2 Privacy of Employees’ Data.............................................................................................8
2.3 Digital Identity Issues....................................................................................................12
3. Conclusion............................................................................................................................13
References................................................................................................................................14
2
CLOUD SECURITY AND PRIVACY
1. Introduction
Cloud computing technology can be termed as the on demand accessibility of several
computer based system resource, majorly for the computing power as well as system
resource. This is being done even without any direct user management (Baron et al., 2019).
The large clouds comprise of the functionalities that are being distributed over numerous
locations from the centralized servers. When the respective connection to any specific user is
extremely closer, it might be subsequently designated over the edge servers. These typical
clouds might be restricted to any one organization, so that they are available to several
distinctive companies such as public cloud and even an amalgamation of both the clouds for
hybrid cloud (Almorsy, Grundy & Müller, 2016). The following report would be providing a
proper analysis of the case scenario of DAS about the recent movement of this company to
cloud services to enhance their overall productivity and performance management. The
various details related to security as well as privacy of employee’s confidential data and
information with subsequent identification of the various risks and vulnerabilities. The final
part of the report discusses about the major risks related to digital identifies from movement
to the applications of SaaS.
2. Discussion on Case Study
DAS is solely responsible for providing several products and services to every other
department f an Australian State Government. Each of the service mainly includes
procurement, management of contractors, management of contract tender, payroll,
management of human resources and personnel. All of these services are being provided from
the own data centres of the Department and as a result of the change within the policy of the
respective government policy, this particular organization of Department of Administrative
Services has decided to make a movement to the approach of Shared Services. The approach
CLOUD SECURITY AND PRIVACY
1. Introduction
Cloud computing technology can be termed as the on demand accessibility of several
computer based system resource, majorly for the computing power as well as system
resource. This is being done even without any direct user management (Baron et al., 2019).
The large clouds comprise of the functionalities that are being distributed over numerous
locations from the centralized servers. When the respective connection to any specific user is
extremely closer, it might be subsequently designated over the edge servers. These typical
clouds might be restricted to any one organization, so that they are available to several
distinctive companies such as public cloud and even an amalgamation of both the clouds for
hybrid cloud (Almorsy, Grundy & Müller, 2016). The following report would be providing a
proper analysis of the case scenario of DAS about the recent movement of this company to
cloud services to enhance their overall productivity and performance management. The
various details related to security as well as privacy of employee’s confidential data and
information with subsequent identification of the various risks and vulnerabilities. The final
part of the report discusses about the major risks related to digital identifies from movement
to the applications of SaaS.
2. Discussion on Case Study
DAS is solely responsible for providing several products and services to every other
department f an Australian State Government. Each of the service mainly includes
procurement, management of contractors, management of contract tender, payroll,
management of human resources and personnel. All of these services are being provided from
the own data centres of the Department and as a result of the change within the policy of the
respective government policy, this particular organization of Department of Administrative
Services has decided to make a movement to the approach of Shared Services. The approach
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
CLOUD SECURITY AND PRIVACY
refers to the fact that DAS would eventually centralize a series of services for the entire
Government or WofG. It is being evaluated that as a result of this type of movement, there
would be a requirement of the migration of their confidential data so that the data could be
consolidated into any one of the central database of DAS. The organization would then
provide the consolidated services to any other agency or department for the same
government.
According to any other policy of the government, there would be a mandatory cloud
first approach that helps in up gradation as well as acquiring of the services and software.
There are few strategic policy changes from the government, which include purchasing
applications of personnel as well as HR management from the United States based
organization, which gives a software as a service solution and movement of the DAS payroll
to the application of COTS, which could be controlled within a specific public cloud. This
transferring to cloud approach and application is responsible for eradicating all types of
issues ad complexities to a high level and hence reducing the overall expenses in a better
manner.
2.1 Security of the Employees’ Data
2.1.1 Establishment of Existing Vulnerabilities and Threats to Security of Data as well
as Information contained in the Database of HR
The confidential datum or information of the staff within the DAS major and
significant issues and threats related to security (Krasnyanskaya & Tylets, 2015). This type of
sensitive datum is being stored in the respective databases of HR department. As a result,
there exists some of the major issues related to data loss threat. The data might be under stake
and could even be completely lost. The major reason for such distinctive threat would be the
lack of recognition of every existing threat or risk in the database of human resources. The
CLOUD SECURITY AND PRIVACY
refers to the fact that DAS would eventually centralize a series of services for the entire
Government or WofG. It is being evaluated that as a result of this type of movement, there
would be a requirement of the migration of their confidential data so that the data could be
consolidated into any one of the central database of DAS. The organization would then
provide the consolidated services to any other agency or department for the same
government.
According to any other policy of the government, there would be a mandatory cloud
first approach that helps in up gradation as well as acquiring of the services and software.
There are few strategic policy changes from the government, which include purchasing
applications of personnel as well as HR management from the United States based
organization, which gives a software as a service solution and movement of the DAS payroll
to the application of COTS, which could be controlled within a specific public cloud. This
transferring to cloud approach and application is responsible for eradicating all types of
issues ad complexities to a high level and hence reducing the overall expenses in a better
manner.
2.1 Security of the Employees’ Data
2.1.1 Establishment of Existing Vulnerabilities and Threats to Security of Data as well
as Information contained in the Database of HR
The confidential datum or information of the staff within the DAS major and
significant issues and threats related to security (Krasnyanskaya & Tylets, 2015). This type of
sensitive datum is being stored in the respective databases of HR department. As a result,
there exists some of the major issues related to data loss threat. The data might be under stake
and could even be completely lost. The major reason for such distinctive threat would be the
lack of recognition of every existing threat or risk in the database of human resources. The
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
CLOUD SECURITY AND PRIVACY
major as well as the most vital vulnerabilities or risks that would be possible to the respective
security factor of employees’ data within the subsequent database of in house human resource
department are described in the following paragraphs:
i) DoS Attacks or Denial of Services Attacks: The first as well as the most significant
risk or threat related to this security of employees’ data would be DoS attack (Aljawarneh,
Alawneh & Jaradat, 2017). This is eventually taken into consideration as the most nefarious
attack, which can easily cause subsequent destruction to the respective in house database of
the human resource department within DAS. This is a kind of cyber threat, in which the
specific attacker eventually seeks within a machine and network for making it completely
unavailable or inaccessible to all authorized users. It is being executed after disruption of the
service of the respective host temporarily, which is being linked to a secured Internet
connection (Rittinghouse & Ransome, 2017). Another vital type of this denial of services
attack would be the DDoS or distributed denial of services, which is being referred to as the
specified incoming network traffic and flooding the victim’s system by originating from
various sources.
ii) Legitimate Privilege Abuses: The second important and significant risk and threat
to the respective database of human resources for DAS would be the legal privilege abuses.
All the clients, who comprises of the subsequent right for utilization of the data of the staffs,
could effortlessly and promptly exploit various distinctive privileges given to him, hence
could even use the confidential data from any kind of illegal or incorrect deed. This type of
threat or risk of legitimate privilege abuses could be eventually referred to as quite nefarious
for each and every database (Singh & Chatterjee, 2017). It is quite unlikely that these
personal copies of the employee record databases getting complied with the respective
policies of data protection. Hence, such abuses are termed as extremely dangerous for in
house HR database.
CLOUD SECURITY AND PRIVACY
major as well as the most vital vulnerabilities or risks that would be possible to the respective
security factor of employees’ data within the subsequent database of in house human resource
department are described in the following paragraphs:
i) DoS Attacks or Denial of Services Attacks: The first as well as the most significant
risk or threat related to this security of employees’ data would be DoS attack (Aljawarneh,
Alawneh & Jaradat, 2017). This is eventually taken into consideration as the most nefarious
attack, which can easily cause subsequent destruction to the respective in house database of
the human resource department within DAS. This is a kind of cyber threat, in which the
specific attacker eventually seeks within a machine and network for making it completely
unavailable or inaccessible to all authorized users. It is being executed after disruption of the
service of the respective host temporarily, which is being linked to a secured Internet
connection (Rittinghouse & Ransome, 2017). Another vital type of this denial of services
attack would be the DDoS or distributed denial of services, which is being referred to as the
specified incoming network traffic and flooding the victim’s system by originating from
various sources.
ii) Legitimate Privilege Abuses: The second important and significant risk and threat
to the respective database of human resources for DAS would be the legal privilege abuses.
All the clients, who comprises of the subsequent right for utilization of the data of the staffs,
could effortlessly and promptly exploit various distinctive privileges given to him, hence
could even use the confidential data from any kind of illegal or incorrect deed. This type of
threat or risk of legitimate privilege abuses could be eventually referred to as quite nefarious
for each and every database (Singh & Chatterjee, 2017). It is quite unlikely that these
personal copies of the employee record databases getting complied with the respective
policies of data protection. Hence, such abuses are termed as extremely dangerous for in
house HR database.
5
CLOUD SECURITY AND PRIVACY
iii) Database Injection Attack: Another distinctive and popular kind of vulnerability
or threat that would be existing in the HR databases of DAS would be database injection
attack. This particular attack can be referred to a major technique for injecting codes that is
being utilized for attacking all types of applications, which are being driven through data
(Zhao, Li & Liu, 2014). By considering thus type of attacks, the attack can easily insert SQL
statement into entry field for a better execution.
iv) Malware: This is the fourth subsequent and vital kind of vulnerability or threat
that is existing in the HR databases of DAS will be malware. This particular risk could be
easily defined as the kind of any specific malicious software, being designed to cause any
type of damage to the computerized network, systems and server. A subsequent damage to
the respective database could be done by considering help from malware (Kalaiprasath,
Elankavi & Udayakumar, 2017). It is generally found within the basic formation of few
executable codes, active contents and even executable script. A popular example of this type
of malware major involves Trojan horse, computerize virus, ransomware and adware. The
respective in house database of human resources for DAS can be easily attacked or hacked by
malware, thus making opportunity to steal the confidential data.
2.1.2 Other Vulnerability and Threats to Security of the Employees’ Data after
successful Migration to the SaaS
The organization has taken the core decision to move the services or workload to
cloud for bringing extra profit within the business. SaaS is licensing of software and
delivering model, in which the software could be licensed as per subscription. Each cloud
service model is being accessed by every user by the clients through web browsers (Singh &
Pandey, 2014). Microsoft Azure and CAD are termed as the most significant applications for
software as a service. Thus, as soon as the work load is being migrated to cloud service
CLOUD SECURITY AND PRIVACY
iii) Database Injection Attack: Another distinctive and popular kind of vulnerability
or threat that would be existing in the HR databases of DAS would be database injection
attack. This particular attack can be referred to a major technique for injecting codes that is
being utilized for attacking all types of applications, which are being driven through data
(Zhao, Li & Liu, 2014). By considering thus type of attacks, the attack can easily insert SQL
statement into entry field for a better execution.
iv) Malware: This is the fourth subsequent and vital kind of vulnerability or threat
that is existing in the HR databases of DAS will be malware. This particular risk could be
easily defined as the kind of any specific malicious software, being designed to cause any
type of damage to the computerized network, systems and server. A subsequent damage to
the respective database could be done by considering help from malware (Kalaiprasath,
Elankavi & Udayakumar, 2017). It is generally found within the basic formation of few
executable codes, active contents and even executable script. A popular example of this type
of malware major involves Trojan horse, computerize virus, ransomware and adware. The
respective in house database of human resources for DAS can be easily attacked or hacked by
malware, thus making opportunity to steal the confidential data.
2.1.2 Other Vulnerability and Threats to Security of the Employees’ Data after
successful Migration to the SaaS
The organization has taken the core decision to move the services or workload to
cloud for bringing extra profit within the business. SaaS is licensing of software and
delivering model, in which the software could be licensed as per subscription. Each cloud
service model is being accessed by every user by the clients through web browsers (Singh &
Pandey, 2014). Microsoft Azure and CAD are termed as the most significant applications for
software as a service. Thus, as soon as the work load is being migrated to cloud service
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
CLOUD SECURITY AND PRIVACY
model, such distinctive services can be termed as vulnerable to various kinds of threats and
such distinctive risks are provided in the following paragraphs:
i) Deletion of Data: This is the first risk, which could easily take place as soon as the
migration of SaaS gets completed (Aljawarneh & Yassein, 2016). Each and every risk that is
being associated to the data deletion and exist when the client has reduction of visibility or
control, where the respective confidential data could be stored within the cloud as well as a
reduction in the capability of proper verification of security of data. Due to easier procedure
of data deletion, migration of SaaS is being considered easily.
ii) Negotiating the Internet Access Management of Application Programming
Interfaces: This is the second important and significant risk that occurs after successful
migration to SaaS in the organization of DAS. The negotiation of the Internet access
management of APIs or application programming interfaces is referred to as the most
distinctive issue that is being faced by the users (Ali, Khan & Vasilakos, 2015). These
interfaces are being utilized by the respective users for the purpose of controlling or even
interacting with several services of cloud and are then substantially exposed to public.
Various risks are eventually present within the interface, thus such threats could be turned
into attacks.
iii) Self Service Inducing Unauthenticated User: the on demand self service is
eventually responsible to induce each and every unauthenticated and unauthorized user, thus
enabling the respective organizational staff towards provisional extra service (Tari, 2014). A
simplified implementation of the SaaS as well as lower expenses are termed as responsible
for unauthenticated use.
iv) Reduction of Control: This is yet another distinctive risk or threat that takes place
after SaaS migration. As soon as the operations and assets are eventually transitioned to the
CLOUD SECURITY AND PRIVACY
model, such distinctive services can be termed as vulnerable to various kinds of threats and
such distinctive risks are provided in the following paragraphs:
i) Deletion of Data: This is the first risk, which could easily take place as soon as the
migration of SaaS gets completed (Aljawarneh & Yassein, 2016). Each and every risk that is
being associated to the data deletion and exist when the client has reduction of visibility or
control, where the respective confidential data could be stored within the cloud as well as a
reduction in the capability of proper verification of security of data. Due to easier procedure
of data deletion, migration of SaaS is being considered easily.
ii) Negotiating the Internet Access Management of Application Programming
Interfaces: This is the second important and significant risk that occurs after successful
migration to SaaS in the organization of DAS. The negotiation of the Internet access
management of APIs or application programming interfaces is referred to as the most
distinctive issue that is being faced by the users (Ali, Khan & Vasilakos, 2015). These
interfaces are being utilized by the respective users for the purpose of controlling or even
interacting with several services of cloud and are then substantially exposed to public.
Various risks are eventually present within the interface, thus such threats could be turned
into attacks.
iii) Self Service Inducing Unauthenticated User: the on demand self service is
eventually responsible to induce each and every unauthenticated and unauthorized user, thus
enabling the respective organizational staff towards provisional extra service (Tari, 2014). A
simplified implementation of the SaaS as well as lower expenses are termed as responsible
for unauthenticated use.
iv) Reduction of Control: This is yet another distinctive risk or threat that takes place
after SaaS migration. As soon as the operations and assets are eventually transitioned to the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
CLOUD SECURITY AND PRIVACY
cloud, every organization has the core capability of losing data visibility and control
(Samarati et al., 2016). A subsequent shifting within the respective model of cloud service is
required for security monitoring.
2.1.3 Proper Assessment of Resulting Severity of Threats and Risks to the Security of
Employees’ Data
An assessment of the severity of the vulnerability and threats for security of the
confidential data of employees within DAS can be done effectively. These threats are being
sub divided into four major categories, which are described in the following paragraphs:
i) Maximum: This is the most important and significant category of the risks and
threats to measure overall severity. The total vulnerability of the specific risk could be
extremely high as compared to any other risk, before checking the lost data to be easily and
promptly being recovered (Wei et al., 2014). Hence, the respective company eventually faces
some of the distinctive problems. The specific risk category of maximum is extremely
important for getting ceased within time to stop the kind of threats. From each and every
identified risk and threat regarding security of the employees’ data within the organization of
DAS, the most nefarious attacks would be database injection attack.
ii) Significant: This is the next category for risks in the respective planning for
assessing risks. This particular category of risk is extremely helpful to provide extreme
destructions within the databases as well as affecting overall integrity or confidentiality of the
data (Nanavati et al., 2014). Amongst the identified threats and risks, DoS attack can be
termed as the part of significant risk category. The user gets no idea regarding such threat
before being attacked.
iii) Limited: In this risk category, those risks are being categorized, which are less
vulnerable as compared to the rest of risks. However, there exists some of the major issues
CLOUD SECURITY AND PRIVACY
cloud, every organization has the core capability of losing data visibility and control
(Samarati et al., 2016). A subsequent shifting within the respective model of cloud service is
required for security monitoring.
2.1.3 Proper Assessment of Resulting Severity of Threats and Risks to the Security of
Employees’ Data
An assessment of the severity of the vulnerability and threats for security of the
confidential data of employees within DAS can be done effectively. These threats are being
sub divided into four major categories, which are described in the following paragraphs:
i) Maximum: This is the most important and significant category of the risks and
threats to measure overall severity. The total vulnerability of the specific risk could be
extremely high as compared to any other risk, before checking the lost data to be easily and
promptly being recovered (Wei et al., 2014). Hence, the respective company eventually faces
some of the distinctive problems. The specific risk category of maximum is extremely
important for getting ceased within time to stop the kind of threats. From each and every
identified risk and threat regarding security of the employees’ data within the organization of
DAS, the most nefarious attacks would be database injection attack.
ii) Significant: This is the next category for risks in the respective planning for
assessing risks. This particular category of risk is extremely helpful to provide extreme
destructions within the databases as well as affecting overall integrity or confidentiality of the
data (Nanavati et al., 2014). Amongst the identified threats and risks, DoS attack can be
termed as the part of significant risk category. The user gets no idea regarding such threat
before being attacked.
iii) Limited: In this risk category, those risks are being categorized, which are less
vulnerable as compared to the rest of risks. However, there exists some of the major issues
8
CLOUD SECURITY AND PRIVACY
related to security, as soon as any proper action is being not undertaken within time
(Fernandes et al., 2014). After checking the identified risk related to employee data security
within DAS, malware could be categorized as limited.
iv) Negligible: This is the final risk category, in which those risks are categorized,
which do not provide vulnerability and could be considered as negligible. It eventually does
not impact on the confidentiality of data in the company and amongst every noted risk, the
most negligible risk would be legitimate privilege abuses.
2.2 Privacy of Employees’ Data
2.2.1 Establishment of Existing Vulnerability and Risks to Data Privacy contained in
the Database of HR
Overall privacy of these confidential as well as sensitive datum for the in house HR
database within the organization of DAS is not being observed perfectly (Jouini & Rabai,
2019). Due to the subsequent negligence for privacy of data, the respective organization
undergoes several vulnerabilities, which are quite dangerous for the company. Various
existing vulnerabilities and risks for privacy of data for the respective HR database are
provided in the following paragraphs:
i) Database Protocol Vulnerabilities: This is an important and subsequent risk, which
provides major vulnerability to the database. This specific issue allows any kind of
unauthenticated access of data, hence leading to corruption (Iqbal et al., 2016). Such
distinctive codes can be easily executed over the respective target database servers, before
checking whether attacks could be defeated after successful validation of SQL
communication. Each and every vulnerability is quite nefarious to the database.
ii) Exposure of Backing up of Data: This is yet another distinctive nefarious threat
towards privacy of data within DAS so that backing up of data could be easily exposed
CLOUD SECURITY AND PRIVACY
related to security, as soon as any proper action is being not undertaken within time
(Fernandes et al., 2014). After checking the identified risk related to employee data security
within DAS, malware could be categorized as limited.
iv) Negligible: This is the final risk category, in which those risks are categorized,
which do not provide vulnerability and could be considered as negligible. It eventually does
not impact on the confidentiality of data in the company and amongst every noted risk, the
most negligible risk would be legitimate privilege abuses.
2.2 Privacy of Employees’ Data
2.2.1 Establishment of Existing Vulnerability and Risks to Data Privacy contained in
the Database of HR
Overall privacy of these confidential as well as sensitive datum for the in house HR
database within the organization of DAS is not being observed perfectly (Jouini & Rabai,
2019). Due to the subsequent negligence for privacy of data, the respective organization
undergoes several vulnerabilities, which are quite dangerous for the company. Various
existing vulnerabilities and risks for privacy of data for the respective HR database are
provided in the following paragraphs:
i) Database Protocol Vulnerabilities: This is an important and subsequent risk, which
provides major vulnerability to the database. This specific issue allows any kind of
unauthenticated access of data, hence leading to corruption (Iqbal et al., 2016). Such
distinctive codes can be easily executed over the respective target database servers, before
checking whether attacks could be defeated after successful validation of SQL
communication. Each and every vulnerability is quite nefarious to the database.
ii) Exposure of Backing up of Data: This is yet another distinctive nefarious threat
towards privacy of data within DAS so that backing up of data could be easily exposed
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
CLOUD SECURITY AND PRIVACY
(Coppolino et al., 2017). Such backups must be perfectly encrypted, hence some of the
vendors explicitly provide a solution for utilization of futuristic DBMS. Data integrity is
being lost completely by this threat.
iii) Leakage of the Personal Data: This is the third vulnerability and risk to data
privacy that checks leakage of data (Tari et al., 2015). Since, the DAS payroll would be
moving to COTS, the confidential data often gets leaked within the cloud, hence losing
confidentiality completely.
iv) Lacking of Authentication: The most basic as well as the major threat towards the
privacy of data in the organization of DAS would be lacking of authentication. It is a vital
factor, which eventually helps in enabling all types of authorized users during prevention of
confidential data to get hacked (Taha et al., 2014). A successful implementation of 2 factor
authentication as well as password is needed for the purpose of authentication. Better
integration is also needed in this type of issue for enterprise directory and user infrastructure
management.
2.2.2 Other Vulnerabilities and Threats to the Privacy of Employees’ Data after
successful Migration to Cloud SaaS
As the organization of DAS has taken the core decision of shifting the services to
cloud or considering cloud approach, SaaS is one of the best choices amongst several other
choices (Kazim & Zhu, 2015). Cloud computing has the major goal of cutting down of costs,
before helping various users to emphasize over the major business and not only getting
impeded by the obstacles of information technology. Virtualization is considered as the main
enabling technology and this particular software can separate the physical computing device
to any virtual device. Every virtual device could be promptly being utilized as well as
controlled for performing the computing tasks or activities. By consideration of the operating
CLOUD SECURITY AND PRIVACY
(Coppolino et al., 2017). Such backups must be perfectly encrypted, hence some of the
vendors explicitly provide a solution for utilization of futuristic DBMS. Data integrity is
being lost completely by this threat.
iii) Leakage of the Personal Data: This is the third vulnerability and risk to data
privacy that checks leakage of data (Tari et al., 2015). Since, the DAS payroll would be
moving to COTS, the confidential data often gets leaked within the cloud, hence losing
confidentiality completely.
iv) Lacking of Authentication: The most basic as well as the major threat towards the
privacy of data in the organization of DAS would be lacking of authentication. It is a vital
factor, which eventually helps in enabling all types of authorized users during prevention of
confidential data to get hacked (Taha et al., 2014). A successful implementation of 2 factor
authentication as well as password is needed for the purpose of authentication. Better
integration is also needed in this type of issue for enterprise directory and user infrastructure
management.
2.2.2 Other Vulnerabilities and Threats to the Privacy of Employees’ Data after
successful Migration to Cloud SaaS
As the organization of DAS has taken the core decision of shifting the services to
cloud or considering cloud approach, SaaS is one of the best choices amongst several other
choices (Kazim & Zhu, 2015). Cloud computing has the major goal of cutting down of costs,
before helping various users to emphasize over the major business and not only getting
impeded by the obstacles of information technology. Virtualization is considered as the main
enabling technology and this particular software can separate the physical computing device
to any virtual device. Every virtual device could be promptly being utilized as well as
controlled for performing the computing tasks or activities. By consideration of the operating
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
CLOUD SECURITY AND PRIVACY
system virtualization technology, it becomes quite easy to create any particular scalable
system of several independent computing device (Tirthani & Ganesan, 2014). It is also
required for allocating the idle computing resource and using them quite effectively.
This virtualization even provides an agility that is needed for speeding up of the
operations of information technology, before reduction of the expenses after increment of
infrastructure usages. The phenomenon of autonomic computing even provides an
automation of the procedure by which any user could provision the on demand resources.
After minimization of the use involvement, this automation could easily speed up the entire
procedure by reduction of the labour expenses as well as possibility of the human errors. This
particular technology utilizes several concepts from the utility computing for the core reason
for providing metrics for the various services utilized (Khalil, Khreishah & Azeem, 2014).
The several distinctive threats and risks, which are extremely vulnerable and can also cause
subsequent problems for the purpose and these threats are provided in the following
paragraphs:
i) Increment of Complexities for Organizational Personnel: Each and every
organizational personnel has equivalent value, hence they might not have same knowledge
about the cloud service development model of SaaS. It eventually increments numerous
issues for the organizational personnel since they have to suffer from distinct complexities.
ii) Insiders Attack: The second common kind of risk, which is extremely dangerous
for overall privacy of the employees’ data in the database of DAS would be insider attack
(Khan & Tuteja, 2015). As soon as the migration of SaaS gets executed, all the vendors of
cloud or organizational personnel could easily obtain access to confidential data, thus this
type of data can be exploited. This type of attack is known as insider attack.
CLOUD SECURITY AND PRIVACY
system virtualization technology, it becomes quite easy to create any particular scalable
system of several independent computing device (Tirthani & Ganesan, 2014). It is also
required for allocating the idle computing resource and using them quite effectively.
This virtualization even provides an agility that is needed for speeding up of the
operations of information technology, before reduction of the expenses after increment of
infrastructure usages. The phenomenon of autonomic computing even provides an
automation of the procedure by which any user could provision the on demand resources.
After minimization of the use involvement, this automation could easily speed up the entire
procedure by reduction of the labour expenses as well as possibility of the human errors. This
particular technology utilizes several concepts from the utility computing for the core reason
for providing metrics for the various services utilized (Khalil, Khreishah & Azeem, 2014).
The several distinctive threats and risks, which are extremely vulnerable and can also cause
subsequent problems for the purpose and these threats are provided in the following
paragraphs:
i) Increment of Complexities for Organizational Personnel: Each and every
organizational personnel has equivalent value, hence they might not have same knowledge
about the cloud service development model of SaaS. It eventually increments numerous
issues for the organizational personnel since they have to suffer from distinct complexities.
ii) Insiders Attack: The second common kind of risk, which is extremely dangerous
for overall privacy of the employees’ data in the database of DAS would be insider attack
(Khan & Tuteja, 2015). As soon as the migration of SaaS gets executed, all the vendors of
cloud or organizational personnel could easily obtain access to confidential data, thus this
type of data can be exploited. This type of attack is known as insider attack.
11
CLOUD SECURITY AND PRIVACY
iii) Stolen Credential: Organizational credentials could be eventually be stolen as
soon as several services of the business gets migrated to cloud. Such credentials could be
quite vital since confidentiality gets hacked and can also not be prevented under any
circumstance. An attacker can hence easily access each and every service of authenticated
user for providing the resources.
iv) Insufficient Due Diligence: An insufficient due diligence is being performed only
after successful SaaS migration. This is quite common especially for SaaS cloud model and
every security measure may get affected due to this, thus enhancing such vulnerabilities.
2.2.3 Proper Assessment of Resulting Severity of the Threats and Risks to the Privacy of
Employee’s Data
Severity of these above mentioned vulnerability and threats regarding privacy of data
is being checked on the basis of four distinctive categories, which are provided in the
following paragraphs:
i) Maximum: This is the first and the most dangerous category of risk. Every
identified risk or threat identified for the case study of the DAS related to data privacy, the
threat of database protocol vulnerability could be categorized within the maximum category.
ii) Significant: This is the second important and significant category of risks (Huang
et al., 2015). As soon as any particular action is not undertaken perfectly, the respective risk
can be referred to as extremely dangerous as well as quite threatening for an organization.
Amongst the identified risks regarding data privacy, exposure of every backing up of data can
be referred to as significant in nature.
iii) Limited: This is the next important and nefarious category of risks. According to
the specified category, the risk might not be as vulnerable as compared to maximum and
significant categories. Leaking of employees’ personal data is one of the major examples of
CLOUD SECURITY AND PRIVACY
iii) Stolen Credential: Organizational credentials could be eventually be stolen as
soon as several services of the business gets migrated to cloud. Such credentials could be
quite vital since confidentiality gets hacked and can also not be prevented under any
circumstance. An attacker can hence easily access each and every service of authenticated
user for providing the resources.
iv) Insufficient Due Diligence: An insufficient due diligence is being performed only
after successful SaaS migration. This is quite common especially for SaaS cloud model and
every security measure may get affected due to this, thus enhancing such vulnerabilities.
2.2.3 Proper Assessment of Resulting Severity of the Threats and Risks to the Privacy of
Employee’s Data
Severity of these above mentioned vulnerability and threats regarding privacy of data
is being checked on the basis of four distinctive categories, which are provided in the
following paragraphs:
i) Maximum: This is the first and the most dangerous category of risk. Every
identified risk or threat identified for the case study of the DAS related to data privacy, the
threat of database protocol vulnerability could be categorized within the maximum category.
ii) Significant: This is the second important and significant category of risks (Huang
et al., 2015). As soon as any particular action is not undertaken perfectly, the respective risk
can be referred to as extremely dangerous as well as quite threatening for an organization.
Amongst the identified risks regarding data privacy, exposure of every backing up of data can
be referred to as significant in nature.
iii) Limited: This is the next important and nefarious category of risks. According to
the specified category, the risk might not be as vulnerable as compared to maximum and
significant categories. Leaking of employees’ personal data is one of the major examples of
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 18
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.