ITC596 - IT Risk Management: Analyzing Cloud Computing Attacks

Verified

Added on 2024/07/01

AI Summary

This report provides an overview of cloud computing, highlighting its characteristics and associated risks. It discusses a recent security breach involving the National Institute of Mexico, where voter data was compromised due to vulnerabilities in cloud server security. The report identifies key points of failure, such as poor database configuration and multi-tenancy issues, and proposes mitigation approaches, including encryption algorithms, access control, and continuous system updates. Recommendations emphasize the importance of understanding cloud computing risks, securing data with antivirus software, and implementing strict cybersecurity penalties. The report concludes by suggesting future research on secure data transmission using authentication and encryption methods. Desklib offers a range of solved assignments and past papers for students.

ITC596 - IT Risk Management
Assessment 1: Cloud computing attacks and countermeasures
1

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Table of Contents
Form 1..............................................................................................................................................3
Characteristics of Cloud computing............................................................................................ 3
Risks associated with cloud computing....................................................................................... 3
Form 2..............................................................................................................................................5
A recent security breach or incident............................................................................................5
Vulnerabilities associated with the cloud computing..................................................................5
Point of failures............................................................................................................................5
Mitigation approaches................................................................................................................. 6
Recommendations........................................................................................................................6
References........................................................................................................................................7
2

Form 1
According to Jabir, et. al., (2016), Cloud computing is liable to several security threats that
include network threats, risk to information and other underlying infrastructure risks. It is a
booming technology that has been adopted and utilized by many companies. There are different
attacks and one of them is distributed denial of service attacks. It is an important technique for
data storage and there are different benefits of using such technique related to management of
data, Workload resilience, Pay per use and Migration flexibility etc. It is necessary for any
organization that before implementing cloud computing techniques in their business they should
be aware of its risks. Cloud computing reduces the traffic in devices and helps them performing
smoothly but there is always some risk of data leakages and different other security issues. Loss
or theft of the data and intellectual property of organization, lack of the control over the actions
of end users, diminished trust of customers etc are some issues and risks that an organization
may face due to the use of cloud computing in their businesses.
Characteristics of Cloud computing
Independence of Device and location: With the use of cloud computing the users can access
such information from any device and from any location. This tool is used through internet that
is why it can be connected from anywhere.
Easier maintenance: The maintenance of cloud computing is an easy process. These
applications are not required to be installed in each user’s device because these can be accessed
from any device and anywhere (Jabir, et. al., 2016).
Increased productivity: Cloud computing applications are useful in increasing the productivity
of users because any user can access the information and work on it rather than waiting for it to
be emailed or saved.
Risks associated with cloud computing
Reduced Visibility and control: If an organization is using Cloud computing technique then
there is risk of losing the visibility and control over those assets or the operations. Because the
responsibility regarding policies and infrastructure move to the CSP.
3

Increased complexity may Strain the IT staff: Migrating towards the cloud computing
techniques can be caused to bring the complexity into the IT operations. It is necessary that the
IT staff should have necessary skills to deal with such risks (Ramachandra, et. al., 2017).
Account hacking: This is one of the most trending and occurring threats with the use of Cloud
computing techniques. As there are so many unethical individuals seeking for the personal
information to misuse them for their own benefits and fraud purposes. To avoid this risk or
thread different applications and software can be installed in devices to protect the data (Carlin,
et. al., 2015).
Lack of transparency: This is an issue arises when the cloud service provider is not willing to
disclose its security measures and information which is implemented in the companies.
Authentication and Identity Management: It depicts the interoperability issue related to the
cloud computing due to ineffective access control security that provides access to the
unauthenticated users (Khan, 2016).
4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Form 2
A recent security breach or incident
In April 2016, a case that took place regarding the security attack in Mexico in which the private
and confidential data of voters from National Institute of Mexico was affected. The personal
information of approximately 93.4 million Mexican voters was taken offline. This personal
information contained their Government issues photo Ids, their municipality, their residence
information such as district information and database records such as voter’s name, Voter ID
number, address, date of birth, occupation, guardian’s information etc. All these information are
leaked because someone had put all these information on US-based Amazon cloud server from
where all these information were accessed by many people and it is still not known that how
many people still have access on such information (Ramachandra, et. al., 2017).
Vulnerabilities associated with the cloud computing
There were vulnerabilities regarding the security of the information uploaded on US-based
Amazon cloud server. The information and details were leaked due to poor configuration of
database through which the attacker get an access to the cloud system. Cloud server is not secure
always because there are risks related to leakage of information and account hacking etc
(Deshmukh & Devadkar, 2015).
Point of failures
The main point of failure was that the whole data was put on the US-based Amazon cloud server
and attackers get the access to the cloud system. The multi-tenancy and ineffective sharing of
resources lead to this kind of major problems. The data breaches, leakage, insecure interfaces,
unauthorized access and account hacking are some of the major risks that arise with the use of
cloud computing (Khan, 2016).
If someone is using these cloud computing techniques then it is necessary that they should have
the whole knowledge regarding risks and problems associated with such technique (Deshmukh &
Devadkar, 2015).
5

Mitigation approaches
Encryption algorithms help in ensuring privacy of data.
Access control security is essential that should be maintained.
Continuous update of system helps in prevention of different security problems and viruses that
ensures the security of cloud system to some extent.
Last but not the least, maintaining security standard, integrity of data and compliance maintains
cloud environment (Carlin, et. al., 2015).
Recommendations
Every organization and individual should have proper understanding of all risks and issues
related to the Cloud computing techniques and servers before using them. All data should be
secured with the help of different antivirus software’s so that the information cannot be attacked
and used by someone else. The risks should be mitigated or transferred accordingly as per the
requirements of the case. There should be strict penalties regarding such cybersecurity issues
occurring in any business so that these matters can be taken seriously by them.
Vulnerability scanning, quick response of security risks and effective as well as quick
management of updates are some of the ways that act as countermeasures to security issues in
cloud system.
For future work, analysis can be made of ensuring the secure transmission of data with the help
of authentication and encryption methods utilised for ensuring security in cloud environment.
6

References
Carlin, A., Hammoudeh, M., & Aldabbas, O. (2015). Defence for distributed denial of service
attacks in cloud computing. Procedia computer science, 73, 490-497. Retrieved from:
https://www-sciencedirect-com.ezproxy.csu.edu.au/science/article/pii/S1877050915034985.
Deshmukh, R. V., & Devadkar, K. K. (2015). Understanding DDoS attack & its effect in cloud
environment. Procedia Computer Science, 49, 202-210. Retrieved from: https://www-
sciencedirect-com.ezproxy.csu.edu.au/science/article/pii/S1877050915007541.
Jabir, R. M., Khanji, S. I. R., Ahmad, L. A., Alfandi, O., & Said, H. (2016). Analysis of cloud
computing attacks and countermeasures. In Advanced Communication Technology (ICACT),
2016 18th International Conference on (pp. 117-123). IEEE. Retrieved from: https://ieeexplore-
ieee-org.ezproxy.csu.edu.au/document/7423296/.
Khan, M. A. (2016). A survey of security issues for cloud computing. Journal of network and
computer applications, 71, 11-29. Retrieved from: https://www-sciencedirect-
com.ezproxy.csu.edu.au/science/article/pii/S1084804516301060.
Ramachandra, G., Iftikhar, M., & Khan, F. A. (2017). A Comprehensive Survey on Security in
Cloud Computing. Procedia Computer Science, 110, 465-472. Retrieved from: https://www-
sciencedirect-com.ezproxy.csu.edu.au/science/article/pii/S1877050917313030.
7