Cloud Security and Privacy: Personal Data Protection Strategy Report

Verified

Added on 2020/02/24

AI Summary

This report analyzes cloud security and privacy strategies for the Department of Administrative Service (DAS) in Australia. It addresses personal data protection, management, and security within a cloud computing environment. The report covers various aspects, including privacy strategies for personal data, recommended privacy controls, and personal data protection strategies. It delves into data collection, use, disclosure, digital identities, access, and quality, alongside recommended controls to mitigate identified risks. The report also examines the security of personal information, authorized access, de-identification, and archiving of personal data. The core focus is on implementing effective strategies to safeguard personal data, ensuring compliance with relevant laws, and mitigating potential risks associated with cloud-based solutions.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: CLOUD SECURITY AND PRIVACY
Cloud security and privacy
(Department of Administrative Service)
Name of the student:
Name of the university:
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1CLOUD SECURITY AND PRIVACY
Executive summary
The DAS or the Department of the Administrative Service at Australia supplies various services to
various departments of the state government of the country. The report is developed to keep the
privacy strategy for personal data and the personal data protection in mind. It has been also
recommending the privacy controls and the strategies of personal information protection.

2CLOUD SECURITY AND PRIVACY
Table of Contents
Introduction:..........................................................................................................................................4
1. Privacy strategy for personal data:....................................................................................................4
1.1. Management of personal information:........................................................................................4
1.2. Collection and management of solicited personal information:.................................................5
1.3. Use and disclosure of personal information:..............................................................................6
1.4. Use and security of digital identities:.........................................................................................6
1.5. Security of personal information:...............................................................................................7
1. 6. Access to personal information:................................................................................................8
1.7. Quality and correction of personal information:........................................................................8
2. Recommended Privacy controls:.......................................................................................................9
2.1. Mitigating the previously identified privacy risks:.....................................................................9
2.2. Implement the privacy strategy:...............................................................................................11
3. Personal data protection strategy:....................................................................................................14
3.1. Protection of personal information:..........................................................................................14
3.2. Authorized access & disclosure of personal information:........................................................15
3.3. De-identification of personal data:...........................................................................................16
3.4. Use of personal digital identities:.............................................................................................16
3.5. Security of personal data:.........................................................................................................18
3.6. Archiving of personal data:......................................................................................................19

3CLOUD SECURITY AND PRIVACY
4. Recommended personal data protection strategy:...........................................................................21
4.1. Mitigating the previously identified security risks:..................................................................21
4.2. Recommended personal data protection strategy:....................................................................25
Conclusion:..........................................................................................................................................27
References:..........................................................................................................................................28

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4CLOUD SECURITY AND PRIVACY
Introduction:
The cloud-based solution refers to various services, resources, applications that are available
to the users on demand through online from the cloud service providers. The organizations have
been typically using the cloud computing for increasing the capacity, improve the functionalities and
incorporate extra services on demand (Lafuente, 2015).
The DAS or the Department of the Administrative Service at Australia has been providing
various services to various sections of the state government of the country. A successful engagement
of their team is completed, for providing the privacy and security analysis for DAS. The group has
again attempted to create the strategies regarding the privacy and personal data protection.
The following report is prepared to keep the privacy strategy for personal data and the
personal data protection in mind. It has also recommended the privacy controls and the strategies of
personal information protection.
1. Privacy strategy for personal data:
1.1. Management of personal information:
This is all about searching, placing, managing and sustaining the information. It also deals
with the privacy management and the data flow. DAS needed to place the external factors away from
retrieving the data rather than providing permission from the cloud service providers. The
organization has needed to safeguard the time. They have been also concentrating on the retrieval of
data instead of taking permission from online. This personal information management denotes the
measuring and evaluating. DAS requires finding out whether the tool would harm or not. They
should also be aware of the alternate strategies (Felbermayr, Hauptmann & Schmerer, 2014). The

5CLOUD SECURITY AND PRIVACY
managing includes the abilities to make the data known. This has been referring to the learning and
the practices of the activities of the people. This is to achieve, generate, store, maintain, use,
distribute and organize the information required to meet the aims. Additionally, it has been focusing
on the documents like paper, electronic, web references and others for future storage and re-usage.
One of the popular concepts of the management is whether DAS possess the exact data in proper
format at the proper place inadequate amount. In actuality, DAS should be spending an important
section of time by doing away with the pervasive issues of the data fragmentation.
1.2. Collection and management of solicited personal information:
Since SaaS has been supplying various services and working with the employees, partners,
clients, and the volunteers engaged, it has been obvious that they have needed to collect and manage
the solicited personal data informing about the individuals. This has been the capability to bring the
critical and the ethical duties. DAS has required knowing the legal necessities for managing the
information regarding the people. DAS is responsible for the tasks and should assure that it does not
go against the relevant laws (Pfeifer, 2016). These laws have been collecting and using the string
data about the people. The people are turning to highly knowledgeable about the privacy and data
protection concerns. DAS must take into consideration the process very tactically for managing the
data of the persons. They must assure that the values of DAS get reflected and meet the reasonable
demands of the clients.
APP3 draws the APP entities that are collecting the solicited data. APP differentiates
between the collection of solicited data and the getting of unsolicited data done by the APP entities.
Since APP collects the data the perquisites have been showing variation according to its sensitivity
(Kristal, 2017). Apart from this, it has been also considering the entity as the company or agency. It

6CLOUD SECURITY AND PRIVACY
included how the APP entity collects the personal data. This needed the same necessities applied to
all the APP entities and to all types of personal data.
Moreover, it has been also considering the entity has been an agency or any company. This has been
including how the APP entity has been gathering the personal data. This has been the similar
requirements applying to every APP entities and to every kind of the personal data.
1.3. Use and disclosure of personal information:
For this reason, APP has been gathering the personal data. The basis on which the APP entity
has been using or disclosing the personal data is discussed here. It is never revealed to the entities
depending on any ground or to determine whether to shut the personal data till the disclosure or
usage is required by the law. The factor at section 6.1 of the APP standards is defined as the implied
or the express consent. The following one has been the checking of whether data has been providing
the content in a voluntarily way. This consent is denoting to a particular and the individuals have
possessed the ability to make sense and communicate with the consent. About the using and
disclosure of the personal data where there has been a high expectation of individuals and related to
basic reason to collect has been undergoing some principles.
The APP has been allowing the APP for using and disclosing the information for extra
reasons (Müller & Neumann, 2015). It occurs has the public demand the entity to make use or show
the data for this additional reason. It includes the searching of whether data has been sensitive or not.
It has also been including the finding whether the information is sensitive or not. The secondary
purpose here has been related to the basic cause of collection.
1.4. Use and security of digital identities:
Various trends have been driving the requirements for the digital identity systems. The initial
one is the rise of the volume of transaction. The quantity of the transaction depending on identities is

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7CLOUD SECURITY AND PRIVACY
developing because of the advent of the use of digital channels. Then there is the rise of the
transaction complexity. The transactions are rising through the disparate entities in spite of the
relationships established before. Let the instance of the cross-border transaction be taken here. It has
needed more accuracy and protection to identify the data that has been sensitive (Smith & Ross,
2014). Moreover, there has been the rise in the speed of the financial and harms regarding the
reputations. The ineffective actors are the financial systems increasingly sober in the usage of
technologies and tools. It is done to control the activities that are illicit. It has been also including the
abilities for causing the financial and the reputational harms by exploiting the actual systems of
identity. The digital identity system has comprised of different layers. All of them have been serving
different reasons.
As per the WEF report, there are six typical layers. The initial one is the standard. Their task
is to govern the overall activities to eradicate the issues regarding consistency and coordination.
Then there is the attribute collection. The required user attributes are appropriately achieved here.
They are also stored and the protected. The next one is the authentication. The mechanisms are
delivering the links to the users to the attributes to avoid the inconsistent authentication. The next
one is the exchange of attributes. The mechanisms have been delivering to exchange the attributes
among the different attributes (Kristal, 2017). The next one is the verification. The proper rules and
the relationships are needed to implement to authorize what the service users are entitled to access
on the attribute basis. Finally, there is the service delivery. In this case, the users are supplied with
the effective and easy-using services.
1.5. Security of personal information:
It was comprised of different terms as listed in the APP11. This includes the interference,
unauthorized accessing, misuse and loss unauthorized modification, and disclosure. There has been

8CLOUD SECURITY AND PRIVACY
lying different examples and analysis by which the terms have been retrieving common meanings.
Firstly there is the misuse. The personal data is misused as it is used by the APP entity that has not
been allowed by the Act. Then there is the interference. This takes place as there is no attack on the
personal data. Despite all this, it has not been updating the content as necessary. The next is the loss.
It has been covering the accidental loss or inadvertent of the personal data as held by the APP entity.
It has been including the APP entity losing the personal data and the losing the data (Rusinek &
Rycx, 2013). The next one is the unauthorized access. It has been taking place as the data upheld by
the entity of APP has been penetrated by some who have not been allowed to do so. The next step is
the disclosing of the unauthorized data. This type of incident occurs since the APP entity creates the
personal data transparent and accessible to the third parties of the entities. Its task is to release the
data from the efficient management such that it is not allowed by the APP Act.
1. 6. Access to personal information:
This is defined in the APP 12. It has been needed that APP to provide the access to the
personal data. It has not been supplying the appropriate access to all kinds of data. Here, the personal
data is referred to as the information or the opinion of the people identified for a reason. It has been
determining as the data or the opinion is real and is recorded in the proper format. The personal data
of one could be the personal data of the other individual. Additionally, the opinion could be personal
data of the subject or the providing choices.
1.7. Quality and correction of personal information:
It has been defined under the umbrella term such as the relevance, accuracy, up-gradation
and the completion. The personal information might of very poor quality. It has been regarding the
purpose for what it has been collected, disclosed or used. The initial reason is the accuracy. The

9CLOUD SECURITY AND PRIVACY
personal data is inaccurate since it has been containing the error. The data could also be proved to be
improper as it is misguided.
Then there is the up-gradation. It occurs as the data becomes outdated. This could take place
as it consists of the factual, opinions or the additional data that have gone obsolete. The next one is
the completion. It proves to be incomplete since it has to present the misleading scenario or the
partial viewpoint. The final one is the relevance (Finkin, 2015). Here the data could turn out to be
erroneous. This is because it could lose the ability to tolerate or connect with no cause. The instance
of is that when the client gathered for delivering the financial advisers. It occurs as the entity
discloses the personal data to buy the share representing the clients.
2. Recommended Privacy controls:
2.1. Mitigating the previously identified privacy risks:
The risks of cloud computing are identified by various researchers practicing in the area of
the privacy protection. It leads to the mitigation schemes and the most effective practices to be put
forward to assist the corporations and the public bodies. The most important tool for assessing the
risks is the Privacy Impact Assessment or the PIA. Through this manner, DAS could address and
identify the privacy concerns systematically under the data. Concurrently they should consider the
further outcomes of the proposed and the present action.
The risk management is the manner to control the risks that are inherent. It includes the non-
compliance with the rules, frauds, the competition of the legal expenses and the change to recognize
the effective impact and the risks of DAS.
A question has been rising as the PIA is considered. It has been indicating at what cases and
what stage has the DAS been needed to complete the PIA. There have been several criteria

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10CLOUD SECURITY AND PRIVACY
identified. Moreover, eight principles are brought forward to deal with the cross-border with the
analysis of the privacy impact. Next, there is the identification of the reason for what the PI is kept.
For every principle the series of queries, DAS must indulge deeper to every aspect needed to
be asked and replied with progression. It is to arrive at the fully informed decision to determine
whether the expected migration of the cross-border is totally compliant with the jurisdictional
necessities and the data security. Because of the lack of the worldwide standardization for the PIA
process, the guidelines are of critical importance. It has been assuring that these issues of the
differences regarding the legislation and the jurisdiction has been addressed.
Then there is another approach that has been referred against the conventional PIA. This is
the Privacy by Design and the PbD. The fundamental concept of PbD is to rely highly on the
promotion to impose the Privacy Enhancing Technologies or PET. The PET has been discriminated
into four distinct functionalities. All of them have been possessing distinct focuses. The objective of
them has been to protect the personal privacy.
The initial one is the PET that has been subject oriented. The aim has been to anonymize the
data subject and the deliver the pseudo-identification. Then there is the PET that has been objecting
oriented. The objective has been to conceal with every happening of the transaction. The final one
has been the system oriented PET. It is the combination of the previous three orientations.
The functionality and the characteristics are the combined format of the more decisive
mechanisms of the enhancing and the privacy protection. They are also regarded as the fundamental
actors in the strategies and the techniques for mitigating the privacy risks in the cloud computing
scenario. These are identified as the challenges of innovation to the norms since the consumers have
been individually or at the enterprise level running apart from the issues of privacy. Both of them
have been lying as the obstacles to adopt the cloud computing technology.

11CLOUD SECURITY AND PRIVACY
As per the recent survey was done by IBM, it has been found that about seventy percent of
the respondents have been trusting to adopt the technique. They have wanted to protect the privacy
more than half part concern expressed regarding the data breaches and loss. The viewpoints are the
clear indicators for directing what DAS needed to undertake. It has been assuring more up-gradation
of the technology. It has been also delivering the probability that the providers needed to follow the
effective security practices for mitigating the risks faced by the consumer and the providers. Despite
all these, it is not the case to identify the issues what has been covering the schemes of adoption like
the PbD. It has been posing serious barriers in adopting the CSPs.
2.2. Implement the privacy strategy:
The cloud users are needed to ensure that the personal data is stored appropriately with
proper protection and processing. By combining various models of the cloud deployment, DAS
might address the privacy issue sin cloud much better. Through undergoing by the appropriate model
of cloud deployment to deliver the fundamental aspects ate to assure the successful and the long-
term strategies of privacy.
As made the comparison with the on-premise deployment of the data deployment and then
implementing the IT solutions is the off-premise. It has been resulting in the much effective solution
to the personal data privacy.
As there have been the on-premise solutions that have been delivering few benefits it has
been also exposing the data to the larger risks since the DAS never has the sufficient security,
expertise, and the resources to support that all the day.
The on-premise resolutions are needed the dedicated area for the servers, system solutions,
hardware and the redundancy of the system to ensure the integrity and the data availability. Apart
from this, the on-premise deployments have been heavier on the capital expenses to the DAS. It has

12CLOUD SECURITY AND PRIVACY
been due to the factor that DAS must be on the dedicated area, the hardware, solutions, software, and
the human expertise to support that.
The knowledge of cloud is just the leap ahead in the IT transformation process. The crucial
step to creating the privacy strategy of DAS knows the landscape of the data brought from the
particular provider of the cloud. The plan has been to mitigate the cloud through making the
considerations regarding the following points are imperative regarding the addressing of the privacy
necessities to implement enough the policies of DAS. This also includes the process across the
clouds
Assessing the readiness of DAS for the cloud:
It has been imperative that the professionals of privacy are initiating the cloud readiness
before they transform the data in the cloud. Appropriate cloud readiness analysis must enable the
data-informed for mitigating to the cloud. This also includes the making of a sense of the controls of
security needed to be kept sufficiently for protecting the data. Then the compliance necessities are
addressed. As the model to be deployed is found out along with the workload of the data, the experts
of privacy require analyzing few features. The initial one has been the needs of the business and the
aims of DAS for mitigating into the cloud. The type of data the organization must be transforming to
the cloud has been also needed to be considered along with the data flows from where the
information is originating and where it is moving to get stored and processed. It has been also
including the particular requirements of privacy required to face on the grounds of the data types.
Apart from this, there has been also the determination of the limitations to transfer the
personal data to various areas outside the country. This has been also including the risk profiles and
find out what could mitigate the risk. This has been also considering the way DAS has been able to
implement the particular measures of organization for protecting the personal information.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

13CLOUD SECURITY AND PRIVACY
Next, there has been also the determination of the in-house technical capabilities of the DAS
offering the multi-cloud technical and optional abilities for supporting that. Moreover, there has been
the recognition as various cloud providers are required for specific workloads, the capacity for
deploying the exact measures that have been organizational and technical across the on-premise and
the off-premise solutions of the DAS. Next, there has been the capacity to deploy the exact technical
and the security measures of DAS across the on and off-premise solutions of the DAS. Lastly, there
has been the supporting and the model of service delivered by the providers of the cloud.
Planning the migration to cloud:
DAS should not adopt the transmitting of the mission complex data instead of any previous
study. During planning the migration towards the cloud, the DAS experts have been engaging the
exact expertise to conduct the due diligence on the application portfolio basis of the DAS, the data
types, business needs and the compliance necessities. Next, there has been understanding of the
connection points in the cross-cloud with the systems of third parties, software, and the
infrastructure.
The disaster recoveries in a robust way, the data redundancy and the backup plans of data
have been required to be placed in the proper area. Finally, there has been the identification about
who has been responsible for different aspects of the data protection and the security.
Designing the cloud solutions keeping the privacy in mind:
The phase has been permitting the DAS to integrate the policies of privacy with the
technologies. In designing the deployment of cloud, DAS should be considering the internal
supporting abilities, since it has been the ability of the prospective cloud provider.

14CLOUD SECURITY AND PRIVACY
There has been the assurance that the professionals of privacy must deliver the insights
regarding the requirements of privacy in that phase. It has been defining the clear objectives and the
implementation of the proper measures to protect the personal data and then address the compliance
requirements. A resolution is an approach on the basis of multi-cloud. It is regarded as the
combination of the public and the private cloud.
Multi-cloud flexibility:
It has been the benefits of privacy of the private and the hybrid cloud. Public clouds are ideal
regarding its quick deployment, models of utility billing and the fast scalability. Despite all this,
some applications and the data are demanded to the dedicated infrastructure and the hosting that has
been a single tenant. The dedicated infrastructure and the private cloud is the critical component of
the cloud’s ecosystem. It has been delivering the larger control of the environments and rise of the
security policies at the complicated workloads. The process of deployment of the appropriate hybrid
cloud and interacting with the dedicated private infrastructure to the public form of the cloud must
enable DAS to protect the critical data of the business with the private circuit. This is done bypassing
the internet for the connectivity that has been secured most to the data centers and the cloud
atmosphere of DAS.
3. Personal data protection strategy:
3.1. Protection of personal information:
For achieving the aims, DAS has been striving to create the goals striving to establish the
effective relationship through the clients. This has been also including the stakeholders. The
stakeholders have been incorporating the shareholders, employees and the business partners and

15CLOUD SECURITY AND PRIVACY
much more (Hudson & Pollitz, 2017). As the part of those efforts, the organization is able to
implement few policies as mentioned now. It is to protect and control the personal data properly.
The DAS has been allowing appointing the protection of personal data in all the companies
where the personal data is controlled. The role is to control the information in the proper mode. The
DAS has been collecting the personal information with the individual consents. It must be done
through particularizing the causes to use, contacting the inquiries and much more.
The DAS has been using the personal data once the scope of the reason to use the consented
data across the information system. The department must also react to the queries from the people
regarding the personal data.
To prevent the unauthorized access to the destruction, leakage, falsification, and loss of the
personal data, DAS should be controlling the data safety of the personal level. Additionally, for
complying with the related regulations and the laws, DAS should develop the activities at a personal
level. It has been done through considering the environmental changes.
3.2. Authorized access & disclosure of personal information:
As per as the authorized access and the disclosure of the personal data is considered, the
people and the personal data should be given by DAS under the control. They should also deliver the
data regarding the ways by which the person has been used by DAS.
The names of the people and the organization should be shown by the company. DAS has
also been providing the people with identifying the origins from where that is gained. It occurs till it
is reasonable in assuming the people could ascertain the sources (Taylor, Fritsch & Liederbach,
2014). The information should be protected by the privilege of those solicitor clients.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

16CLOUD SECURITY AND PRIVACY
The disclosure if data has been revealing the confidential data which is regarded to be
commercial. The time it gets disclosed can damage the competitive position of DAS.
The agency of credit agency is not required to show the people’s names and the DAS to
which the information has been revealed by those agencies. This disclosure is expected reasonably to
get threatened by the safeguard and the physical and mental health of the people apart from the
persons who created the request.
The disclosure has been reasonably expected for causing the quick or the harm to the safety
of the people’s health that made the request. The DAS has been providing the people with access to
the personal data as the data gets eradicated.
3.3. De-identification of personal data:
It has been aiming in permitting the information to get used others. It is done without the
individual being identified. The data-identification has been used to protect the privacy of the people
and DAS. This has been also including the assuring of the spatial location of the clients.
The identifiable data or that containing the personal data has been needed to get controlled in
careful manner. It is needed to be done by the access control and the security measures of the
security of the data (Feher, 2016). Every personal data while assimilated has been showing the
detailed scenario about the individuals. It has been including the choices and dislikes, their tasks and
when and where they have been doing that. It has been raising the important and the highly sensitive
issues regarding the privacy. There have been the arguments, debate and deliberation on the subject.

17CLOUD SECURITY AND PRIVACY
3.4. Use of personal digital identities:
The theft of identity begins has DAS has been starting to begin with the specific data sets.
The number of resources is listed below about the identity theft examining the review of the personal
digital identities.
The confidential information in the computer:
The malicious users have been conducting the port scans as any unauthorized entry has been
viewed in the machines. The successful intruders must install the primary-loggers and record
everything as entered by the users. There have been chances that there has been invasion of that kind
allowing the hacker quickly to steal those identities.
The information given freely in the social media sites and sharing with the others:
The social media users have been hesitating to consider the data heaped into the digital
identities at personal level. Thus there has been the possibility that the identity thieves could retrieve
the huge quantity of the useful data about the users without the consciousness of the users.
Commercial background that are checking organizations:
Numerous sites have been allowing the people in analyzing the background checks. The
varied data has been required to get examined that the DAS could deliver.
The commercial search engines containing the personal information of which DAS might be
unaware:
There has been little other methods that the ID thieves could retrieve the private data.
The “Cookies” placed on the computer:

18CLOUD SECURITY AND PRIVACY
The cookies are the small text files. They have been written to the computer to track the
Internet movements. They have been also revealing the personal preferences and the other data
(Taylor, Fritsch & Liederbach, 2014). The data falling in the wrong hands are in the risks to be used
by the identity thieves.
Discarding the storage media without permanently erasing, degaussing or destroying that:
The computer disks are been indefinitely retaining the data written over them. The people
have been selling and discarding the old machines. It could be done by believing that removing the
files has been indicating that they have been out. The skilled hackers have been able to reveal the
files deleted. Those thieves of identity are shopping at online for the used computers to obtain the
records that are confidential.
The computer disks have been indefinitely retaining the data that has been written on them.
These people has been selling or discarding the old machines. This is done through believing that
eradicating the files indicates that they have been out. The skilled hacker could restore the deleted
files (Feher, 2016). The identity thieves have been literally shopping in the Internet for the used
computers for obtaining the confidential records.
3.5. Security of personal data:
This has been including the numerous systems. They are analyzed hereafter.
The security of the electronic information system:
This has been one of the most significant resources. Both the organization and the individuals
have been responsible to assure the information to be protected (Smith & Ross, 2014).
The manual and the physical data security policies:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

19CLOUD SECURITY AND PRIVACY
In order to meet the necessities of DATA protection Act of Australia, the organization is
bound to have the system. It has been designed to ensure the safeguard of all the personal data.
Protecting the identity from theft:
Numerous attacks have been occurring currently. Apart from being prudent and not involved
in the lured to phish the scam or turn out the victim of the malware, virus or malware, the scopes are
restricted to safeguard the identity and the personal data from that theft. It has been unlikely that any
individual irrespective of person or business has been able to thwart with that kind of attacks. They
are designed and examined to poke and produce the elements that are vulnerable to the interaction
between human and technology. They are following the person who has been prone to that lucrative
targets or DAS marketing at online successfully (Feher, 2016). Since DAS has been determined, it
has been simple that none could halt them virtually.
Apart from this, they have been never indicating that DAS should not try. Additionally it has
not been indicating that might determine the attacks. Despite all this there have been concerns from
where to begin and where to finish. The information has been handed down by the few of the
foremost purveyors of the technical and legal knowledge of the world. This has to lots to reveal
regarding this subject. From some of the important attorneys in the privacy space and the data
security, DAS could be taking charge in the effort to safeguard from the hacking eyes. This could
also use some scopes that many people at DAS have been unknowing.
3.6. Archiving of personal data:
The data archives are often compared with the data backups. However both of them have
been regarded as the data copies. The data archives have been safeguarding the previous data which
has been not needed for the regular activities. This has been needed to get accessed at some of the
times. The data archives have been serving the manner to decrease the fundamental storage

20CLOUD SECURITY AND PRIVACY
consumption. This has been also including the relevant costs. Some of the data archives are treated
for achieving the data as the read-only to protect that from changes. The other data items of data
archiving are treated the information as the read or write. This has been mostly important for the
information to get retained because of the operational or the regulatory perquisites. It has been also
including the document files, old records, email messages at the database (Smith & Ross, 2014). The
highest advantage of the data archive is that it has been decreasing the expense of the fundamental
storage. It has been costly from the very first because of the reason that the storage array has been
producing the sufficient platform of the IOPS to meet the operational requirements of the activities
of the write and read of the users.
The archive storage has been less expensive because of the reason that it has been lying
typically on the base of the large-capacity storage medium and the low-performances. The storage
archiving reduces the quantity of information that has been required to be kept backed up. Through
removing the less frequent access of the data from the data set’s backup has been increasing the
backups and the restoring the performance (Feher, 2016). Additionally this has been reducing the
expense of the secondary storage.
The data archives has been undergoing through various kinds of the distinct forms. Some of
the systems have been placing the achieved data to the systems where it must be readily fetched.
These archives have been on the basis of files. Despite all this the object storage has been developing
in popularity.
The distinct archival systems have been utilizing the storage of the offline data where the
archived data is written for taping and the additional removable media. This has been done by using
the software to archive the data rather than placing that at online (Smith & Ross, 2014). Since this
tape could be eradicated the archives that has been tape based consumes much lesser capacity than

21CLOUD SECURITY AND PRIVACY
the system of the disks. Since the tape has been removed the archives that has been tape based has
been also translating to lessen the archiving costs.
The cloud storage is the other possible section of the target of the archiving data. For instance
the Amazon Glacier is designed to archive the data (Taylor, Fritsch & Liederbach, 2014). Moreover
the cloud storage has been not costly too much. Apart from this, it requires the present investment.
Additionally the expenses might develop over the time as much more information has been required
to the archive of the cloud.
The process of archival has been automated always via using the software of archiving. The
capabilities of the software vary from as per the type of the vendors. The software has been moving
automatically the previous data to the archives according to the policy of data. This has been set by
the administrator of the storage. It has been incorporate the special necessities of retention for all
type data.
Some of the archiving software has been automatically removing the data from the archives.
It has been done as it has been exceeding the lifecycle as mandated by the policy of data retention by
DAS. Numerous platforms of the software backup have been including the functionalities of
archiving to every items and products (Smith & Ross, 2014). This has been cost-expensive as per the
necessities. It has been also the smarter way for data archiving. However, the items have been
including all the functionality that has been found within the dedicated products for archiving the
software.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

22CLOUD SECURITY AND PRIVACY
4. Recommended personal data protection strategy:
4.1. Mitigating the previously identified security risks:
There lied the traditional embraced layered method to the security. The cloud security has not
been distinct. The entire layers alone are valuable. However they have not been impenetrable. Every
layer has been together forming the effective protection. All the layers serviced by the vendors of the
cloud have been effective. They could be highly trusted. Despite all this, many customers has been
fetching that with the homogeneous security delivering the surface of attractive attack and the one
with which the bad guys could experiment easily. Moreover it has been making the change
management very difficult. The reason has been that before creating the changes the switching of the
vendors has been turning out to be harder. Moreover there has been the vital internal and the external
audits. They have been required to renew the latest vendors. Both of them have been expensive and
time consuming.
Thus there has been some recommendations provided by providing the own layers of the
security. This has been besides from whatever the provider of cloud has been bringing in the table. It
has been including the encrypting of the sensitive information. The information has been exclusive
and owned by the DAS. The operating system and the applications have been of lesser significance
here. It has been kept in the cloud having the standard scenes.
It could also be recycled back simply to the main image during the shutting down. It has been
the ensuring the Firewall, IPS, IDS protecting all the virtual machines separately. Particularly in the
scenario of the public cloud, the virtual machines have been running on the same physical hardware.
This has been since DAS has been considering being hostile. The boundary of the firewall at the
cloud provider has not been able to help the organization here. Through decrypting the data in the
secure container, DAS has been establishing the virtual machines. The organization has been sure to

23CLOUD SECURITY AND PRIVACY
examine the tampering along with the malware of the information theft. This is done before the data
gets encrypts. Additionally, this could be assured that DAS has been in control to encryption of the
leys. This layering approach discussed below has been helping to mitigate the extreme threats.
The nefarious use and the abuse of cloud computing:
It has not been the specific threat to the cloud computing. It is because it has been applying to
the servers at physical levels same in the data centre. Thus the approach has been outlining that has
not been targeting to solve that. However the solutions of security combine the email, web and the
reputation of the file along with the correlation and the behavior analysis. It has been also able to
identify the patterns of usage and the blocking of the IP address. DAS should consider the necessary
components of the present protection from malware that of applied similarly for all the devices. This
has been from the virtual servers that are based on cloud by the notebooks and the smart-phones.
The insecure application of the programming interfaces:
By the encryption of the data, the cybercriminals could access the data. It might happen as
DAS does not authorize the release of keys. This might be able to make use of the insecure API
standards.
Malicious insiders:
There have been special technical supports of the arguments. It has been one of the
fundamental drivers for suggesting that DAS delivers the individual security. It is independent of the
providers of the cloud. The security has been delivering the protection against the insiders that are
malicious.
The issues of shared technology:

24CLOUD SECURITY AND PRIVACY
The machines of firewalling have been safeguarding them from the network attackers and the
encryption protects the data on the machines and SAN. The perimeter firewall has been turning out
to be the extra layer removing the threats before they could hit the machines (Lewis, 2013). These
shared internal networks has been imparting the challenges as DAS has been acquiring the layer of
the defense sever of DAS. No element possesses the ability to safeguard the RAM on the DAS from
being read. This is because anyone has been managing to breach the hypervisor.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

25CLOUD SECURITY AND PRIVACY
Data Loss or Leakage:
By the safeguarding of the data through the encryption and then decrypting that has been
within the secured container at the usage area. DAS needs to assure that the threats to data loss or
leakage from the public cloud. This has been tantamount to this. It has been in the traditional data
centre. The DAS could not halt the unsecured web application from the leakage of the personal data.
Account or Service Hijacking:
In order to get access to the sensitive data, within the model suggested, the individuals have
needed to hijack the account with the provider of the cloud service. Since the accounts have been
actually controlling many users with different password, it has been harder to tackle both at the same
time.
Unknown Risk Profile:
By providing DAS with the tools to control their individual security in the open cloud
scenario, the uncertainty must be eradicated. It could be provided by the providers and protecting
against the threats from the clients within the data centre. Moreover there has been the ability of
DAS to fluctuate between the providers by keeping the security intact.
Hence the appropriate approach and security solutions have been making the public cloud
gas been secure as the traditional corporate data centers. For DAS and the projects with appropriate
profiles some dramatic expense has been saving the stories that are heard at many places. The
organization should see the job in assuring that the security has been proving to be the facilitator not
the barrier. A strong security has been available and spread widely in the current world.

26CLOUD SECURITY AND PRIVACY
4.2. Recommended personal data protection strategy:
As all the stakeholders are found, the managers of compliance and the security managers of
IT should begin the process to discover through seeking some answers. At first, it must be
determined whether the DAS has possessed the policies of intellectual property by determining what
the policy has been.
It must be also determined whether there is any inventory of the formal property including
the trademarks, copyrighted materials and patents. It should also be determined whether there is the
incorporation of the security and the organizational policies and procedures in that inventory. The
roadblocks are also needed to be found out to develop the IP resources of that inventory. It includes
whether DAS could conduct the exercises of the counterintelligence to test the effectively of the
protection of IP.
In order to develop the domains of information, the technique of enterprise application is
considered by some percepts of the data management. They are discussed below.
The information classification and categorization:
The DAS claims to have the classification of the information scheme. This has not been
including the data or the system from where it originates. Though the system is declared and
distinguished as to be highly sensitive, it has been intertwined with the systems and interfaces of
low-sensitivity.
In this case of the digital watermark are assumed to be smaller than being large as it was
required to be. The data is needed to be distinguished as the low, medium and high as per as the
sensitivity. This has been also distinguished to the business functions. All the data flows are
documented to make sense of the way in which the data is controlled.

27CLOUD SECURITY AND PRIVACY
The periodic checking of the data correlation:
Many times, the information element has not been revealed much. The interrelating of the
aspect has been denoting a different story. The organization, DAS needs the reviewing of the data
that is posted in the online sites to determine as it could be manipulated. They also needs the
examining of the tests from the data that has been posted at the online sites to determine as it could
be manipulated for extracting more sensitive data. This also needs the analysis from the database to
seek as there has been any scope that the public information gets converted to the PII by merging
and matching the data.
The information classification and categorization:
The organization has been clamming to acquire the information distinguishing schemes and
not the system or the data from where it has been originating. As the system has been revealed and
categorized being highly sensitive. It has been intertwined with the systems of low-sensitivity and
the interfaces.
The periodic checking of the data correlation:
Many times, the data element has not been revealed much. The correlation of the aspect with
the other information sects has been revealing a distinct story. The DAS has needed the data that is
posted at their websites to determine that it has been manipulated to extract the more sensible
information. They also need the testing of the extracts from the database. They need to seek as there
is any opportunity that the public data gets transformed to PII via the data matching or merging.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

28CLOUD SECURITY AND PRIVACY
Conclusion:
The above report has discussed the privacy, business and the legal requirements for the cloud
deployment model of DAS. It has been also helpful in examining the risk management necessities
for the model of cloud deployment. It has critically analyzed the business, ethical and legal concerns
for the privacy and security of data deployed to cloud. Moreover, it has been also helpful to create
and display the series of suggested security controls. This is done manage the privacy and security of
the data deployed to cloud. DAS needs to figure out the way and what elements are needed to move
to cloud. It also needs to make sense of the underpinning risks. They must ensure that their legal
applications have been functioning smoothly. They should make partnership with the well-
established name in the domain of cloud. Moreover the plans could go wrong and the failure is
always the possibility. Hence they need to escape path open while migrating. The business of DAS
would be comfortable with being close physically to the data and having apprehensions regarding
the storing that virtually in the cloud. They must confirm the transparent downtime mechanism of
reporting as the necessity to serve the subscription. They should also understand how the migration
would be impacting their staff. They should also be managing the cost of cloud service more. As the
provider is new, they must be insisted to go to the run book. Additionally the employees must be
trained before and after.

29CLOUD SECURITY AND PRIVACY
References:
Abowd, J. M., McKinney, K. L., & Zhao, N. (2015). Earnings Inequality Trends in the United
States: Nationally Representative Estimates from Longitudinally Linked Employer-
Employee Data. NBER Chapters.
Amendola, S., Lodato, R., Manzari, S., Occhiuzzi, C., & Marrocco, G. (2014). RFID technology for
IoT-based personal healthcare in smart spaces. IEEE Internet of Things Journal, 1(2), 144-
152.
Brindley, C. (Ed.). (2017). Supply chain risk. Taylor & Francis.
Ciftler, B. S., Kadri, A., & Guvenc, I. (2017). IoT Localization for Bistatic Passive UHF RFID
Systems with 3D Radiation Pattern. IEEE Internet of Things Journal.
CPDP - Home. (2017). Cpdp.vic.gov.au. Retrieved 21 August 2017, from
https://www.cpdp.vic.gov.au/10-data-security
Davies, J. C. (2014). Comparing environmental risks: tools for setting government priorities.
Routledge.
Drennan, L. T., McConnell, A., & Stark, A. (2014). Risk and crisis management in the public sector.
Routledge.
Feher, K. (2016). Digital identity: The transparency of the self. In Applied Psychology: Proceedings
of the 2015 Asian Congress of Applied Psychology (ACAP 2015) (pp. 132-143).

30CLOUD SECURITY AND PRIVACY
Felbermayr, G., Hauptmann, A., & Schmerer, H. J. (2014). International trade and collective
bargaining outcomes: Evidence from German employer–employee data. The Scandinavian
Journal of Economics, 116(3), 820-837.
Finkin, M. (2015). The Acquisition and Dissemination of Employee Data: the Law of the European
Union and the United States Compared. Studia z zakresu prawa pracy i polityki
społecznej, 2015.
Frankenberger, K., Weiblen, T., & Gassmann, O. (2013). Network configuration, customer
centricity, and performance of open business models: A solution provider
perspective. Industrial Marketing Management, 42(5), 671-682.
Gaddam, A., Aissi, S., & Kgil, T. (2014). U.S. Patent Application No. 14/303,461.
Gholami, A., & Laure, E. (2016). Security and privacy of sensitive data in cloud computing: a
survey of recent developments. arXiv preprint arXiv:1601.01498.
Gope, P., Amin, R., Islam, S. H., Kumar, N., & Bhalla, V. K. (2017). Lightweight and privacy-
preserving RFID authentication scheme for distributed IoT infrastructure with secure
localization services for smart city environment. Future Generation Computer Systems.
Haimes, Y. Y. (2015). Risk modeling, assessment, and management. John Wiley & Sons.
Heining, J., Klosterhuber, W., & Seth, S. (2014). An Overview on the Linked Employer-Employee
Data of the Institute for Employment Research (IAB). Schmollers Jahrbuch, 134(1), 141-148.
Hopkin, P. (2017). Fundamentals of risk management: understanding, evaluating and implementing
effective risk management. Kogan Page Publishers.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

31CLOUD SECURITY AND PRIVACY
Hua, M. C., Peng, G. C., Lai, Y. J., & Liu, H. C. (2013, August). Angle of arrival estimation for
passive UHF RFID tag backscatter signal. In Green Computing and Communications
(GreenCom), 2013 IEEE and Internet of Things (iThings/CPSCom), IEEE International
Conference on and IEEE Cyber, Physical and Social Computing (pp. 1865-1869). IEEE.
Hudson, K. L., & Pollitz, K. (2017). Undermining Genetic Privacy? Employee Wellness Programs
and the Law. New England Journal of Medicine.
Ip, W. H. (2014). RFID/IOT applications and case study in a smart city.
Kang, Y. S., Park, I. H., Rhee, J., & Lee, Y. H. (2016). MongoDB-based repository design for IoT-
generated RFID/sensor big data. IEEE Sensors Journal, 16(2), 485-497.
Kim, T. H., Lee, B. H., Park, B. K., Choi, S. P., Moon, Y. S., Jung, J. W., ... & Choi, H. R. (2015).
Active IP-RFID System for Maritime Logistics. The Journal of Korean Institute of
Communications and Information Sciences, 40(12), 2511-2519.
Kristal, T. (2017). Who Gets and Who Gives Employer-Provided Benefits? Evidence from Matched
Employer-Employee Data. Social Forces, 1-33.
Kristal, T. (2017). Who Gets and Who Gives Employer-Provided Benefits? Evidence from Matched
Employer-Employee Data. Social Forces, 1-33.
Kypus, L., Vojtech, L., & Kvarda, L. (2015, July). Qualitative and security parameters inside
middleware centric heterogeneous RFID/IoT networks, on-tag approach.
In Telecommunications and Signal Processing (TSP), 2015 38th International Conference
on (pp. 21-25). IEEE.
Lafuente, G. (2015). The big data security challenge. Network security, 2015(1), 12-14.

32CLOUD SECURITY AND PRIVACY
Lam, J. (2014). Enterprise risk management: from incentives to controls. John Wiley & Sons.
Lewis, L. (2013). Digital identity: are students' views regarding digital representation
of'self'gendered?.
Libich, J., & Macháček, M. (2017). Insurance by government or against government? Overview of
public risk management policies. Journal of Economic Surveys, 31(2), 436-462.
McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative risk management: Concepts,
techniques and tools. Princeton university press.
Mcube, U., Gerber, M., & Von Solms, R. (2016, May). Scenario-based IT risk assessment in local
government. In IST-Africa Week Conference, 2016 (pp. 1-9). IEEE.
Müller, K. U., & Neumann, M. (2015). How reliable are incidence estimates based on cross-
sectional distributions? Evidence from simulations and linked employer-employee data.
Naskar, S., Basu, P., & Sen, A. K. (2017). A Literature Review of the Emerging Field of IoT Using
RFID and Its Applications in Supply Chain Management. In The Internet of Things in the
Modern Business Environment(pp. 1-27). IGI Global.
Occhiuzzi, C., Manzari, S., Amendola, S., & Marrocco, G. (2017, March). RFID sensing breadboard
for industrial IoT. In Applied Computational Electromagnetics Society Symposium-Italy
(ACES), 2017 International (pp. 1-3). IEEE.
Olson, D. L., & Wu, D. D. (2015). Enterprise risk management (Vol. 3). World Scientific Publishing
Co Inc.

33CLOUD SECURITY AND PRIVACY
Pandey, S. C. (2016, October). An efficient security solution for cloud environment. In Signal
Processing, Communication, Power and Embedded System (SCOPES), 2016 International
Conference on (pp. 950-959). IEEE.
Pfeifer, C. (2016). InTRA-fIRM WAge COMPRessIOn AnD COveRAge Of TRAInIng COsTs:
evIDenCe fROM LInkeD eMPLOyeR-eMPLOyee DATA. ILR Review, 69(2), 435-454.
Pritchard, C. L., & PMP, P. R. (2014). Risk management: concepts and guidance. CRC Press.
Rusinek, M., & Rycx, F. (2013). Rent‐Sharing under Different Bargaining Regimes: Evidence from
Linked Employer–Employee Data. British Journal of Industrial Relations, 51(1), 28-58.
Sadgrove, K. (2016). The complete guide to business risk management. Routledge.
Sari, K. (2013). Selection of RFID solution provider: a fuzzy multi-criteria decision model with
Monte Carlo simulation. Kybernetes, 42(3), 448-465.
Seo, D. S., Kang, M. S., & Jung, Y. G. (2017). The Developement of Real-time Information Support
Cart System based on IoT. The International Journal of Advanced Smart Convergence, 6(1),
44-49.
Smith, M., & Ross, A. (2014). Workplace law: Employee privacy: Take care when dealing with
records. Proctor, The, 34(4), 42.
Sundararajan, A. (2014). Peer-to-peer businesses and the sharing (collaborative) economy:
Overview, economic effects and regulatory issues. Written testimony for the hearing titled
The Power of Connection: Peer to Peer Businesses.
Taylor, R. W., Fritsch, E. J., & Liederbach, J. (2014). Digital crime and digital terrorism. Prentice
Hall Press.