Risk Assessment of Public Cloud Network for Charity Organization
VerifiedAdded on 2019/10/09
|20
|6902
|292
Report
AI Summary
This report assesses the risks associated with migrating a community-based charity's data and services to a public cloud (SaaS) environment. It begins by examining the limitations and vulnerabilities of the charity's existing on-premise Windows Server 2008 R2 system, particularly concerning employee data security. The report identifies key risks such as security breaches, performance problems, lack of visibility, and limited service capabilities inherent in the private cloud setup. It then explores the specific threats that arise during the transition to a public cloud, including data transfer negligence, complexity, and manipulation, as well as data access risks, instability, and a lack of transparency. The report uses a matrix to evaluate the severity of identified threats, highlighting data access risks and poor service provider security as extreme threats. Finally, the report addresses employee privacy threats in both the current and proposed cloud environments, focusing on excessive data access privileges, data stealing, and mismanagement of employee information. The analysis underscores the importance of robust security measures and careful planning to mitigate these risks when moving to a public cloud infrastructure.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Assessment-2- Risk Assessment of Public Cloud network
About the Case
A community-based charity is providing healthcare and community services to the
disadvantaged people in the community. The community is having its own data centre (50*86
64-bit Windows server 2008 R2) for its desktop, database and file service. For public, it runs Red
Hat Enterprise Linux 5 which it is using for web service.
Since the requirements of storage and confidentiality of healthcare information is getting more,
the charitable institution is looking for a public cloud that will solve all these issues. So in this
report we are going to look at the current level risk, risk management in public cloud service
(SaaS) and the approach of security and confidentiality in public cloud network.
Employee Data Security
The first aspect of changing the data storage and services starts with identifying the risks and
threats relating to organizational data in the existing system. One of the key data for an
organization is “employee data”. So our first task is to find the sphere of employee data security
breach and vulnerability in the existing HR database management. [Chen, Y.,et.al2010]
Current threats and risks with employee data
One of the key limitation of Windows 64-bit server R2 is its maximum storage limit. As the
Microsoft Inc., it can store only up to 2TB data at its best. As the company’s information, the
organization is looking for storing around 200TB data that means at least 25% or 40TB data will
be required for employees thus current system is no way efficient or eligible to fulfil the
information requirement or data storage of the employees.
Apart from the maximum limit, there are further limitations to the server systems such as-
It works with single CPU system thus any additional CPU will get ignored.
About the Case
A community-based charity is providing healthcare and community services to the
disadvantaged people in the community. The community is having its own data centre (50*86
64-bit Windows server 2008 R2) for its desktop, database and file service. For public, it runs Red
Hat Enterprise Linux 5 which it is using for web service.
Since the requirements of storage and confidentiality of healthcare information is getting more,
the charitable institution is looking for a public cloud that will solve all these issues. So in this
report we are going to look at the current level risk, risk management in public cloud service
(SaaS) and the approach of security and confidentiality in public cloud network.
Employee Data Security
The first aspect of changing the data storage and services starts with identifying the risks and
threats relating to organizational data in the existing system. One of the key data for an
organization is “employee data”. So our first task is to find the sphere of employee data security
breach and vulnerability in the existing HR database management. [Chen, Y.,et.al2010]
Current threats and risks with employee data
One of the key limitation of Windows 64-bit server R2 is its maximum storage limit. As the
Microsoft Inc., it can store only up to 2TB data at its best. As the company’s information, the
organization is looking for storing around 200TB data that means at least 25% or 40TB data will
be required for employees thus current system is no way efficient or eligible to fulfil the
information requirement or data storage of the employees.
Apart from the maximum limit, there are further limitations to the server systems such as-
It works with single CPU system thus any additional CPU will get ignored.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
It works with 8GB Ram and additional RAM inclusion is not possible thus when the data
load increases, it will hang the system which can cause loss of employee data.
It consists of 15 User CALs thus if the number increases, the system will produce
warning message.
It allows only 50 desktop connections at a time but having an employee base of 500
people, the system is vulnerable.
The system can’t be virtualised.
It can’t be used as Hyper V spot.
It can’t be used as Domain Controller where more than 15 accounts are in the Domain
and also can’t fit to the system where trust relationship exist.[Gonzalez, N et.al2012]
Now, these are foundational limitations for which the management thought of HR database
into Public (SaaS) cloud server. But, what about the risk factors associated with existing
system.
Here we can draw 5 such risks that are present in this private cloud service-
Security Breach
Unlike public cloud which are managed by some IT experts with load of experience, private
clouds are managed by the organisational people only. Many at times, the organizations don’t
have such experts to manage private cloud network due to resources constraints. This charity
organisation is facing the same issue. Although public clouds are on target but private clouds
are easy to hack if internal people get involved. With such healthcare organisations, the
security breach risk is more in order to steal confidential health data for selling to third party.
[Krutz, R. L.,et.al2010]
Performance Problem
Because of dynamic nature of environment, it is very difficult to predict changing load at
infrastructural level that can affect application performance and user experience. In public,
clouds the user knows the cloud bandwidth, latency, jitter and resource sharing and that can’t
be altered easily (for e.g. blockchain technology) but private clouds are having flexibility in
load increases, it will hang the system which can cause loss of employee data.
It consists of 15 User CALs thus if the number increases, the system will produce
warning message.
It allows only 50 desktop connections at a time but having an employee base of 500
people, the system is vulnerable.
The system can’t be virtualised.
It can’t be used as Hyper V spot.
It can’t be used as Domain Controller where more than 15 accounts are in the Domain
and also can’t fit to the system where trust relationship exist.[Gonzalez, N et.al2012]
Now, these are foundational limitations for which the management thought of HR database
into Public (SaaS) cloud server. But, what about the risk factors associated with existing
system.
Here we can draw 5 such risks that are present in this private cloud service-
Security Breach
Unlike public cloud which are managed by some IT experts with load of experience, private
clouds are managed by the organisational people only. Many at times, the organizations don’t
have such experts to manage private cloud network due to resources constraints. This charity
organisation is facing the same issue. Although public clouds are on target but private clouds
are easy to hack if internal people get involved. With such healthcare organisations, the
security breach risk is more in order to steal confidential health data for selling to third party.
[Krutz, R. L.,et.al2010]
Performance Problem
Because of dynamic nature of environment, it is very difficult to predict changing load at
infrastructural level that can affect application performance and user experience. In public,
clouds the user knows the cloud bandwidth, latency, jitter and resource sharing and that can’t
be altered easily (for e.g. blockchain technology) but private clouds are having flexibility in
choosing the cloud infrastructure in terms of hardware and software thus it provides scope for
the IT manipulator or hackers to access systems easily to steal HR data or change performance
figures for personal benefit. [Sabahi, F. (2011)]
Open-source platform
Private clouds are majorly customised in nature as per the requirements and suitability to the
organisational environment. Many at times, when the private cloud network is set up, some
standard protocols are decided and that is followed for operating in the cloud. If the senior
management has set protocols in accordance to their personal benefit, they can manipulate HR
database in order to show better performance while reporting. [Dahbur, K., et.al2011] For ex- A
senior management may favour an employee by increasing his attendance over the network
using proxy ID. This will be possible because cloud infrastructure and operation is open to
people working inside the organisation especially the senior management.
Lack of visibility
Private cloud like Windows Server 2008 R2 may face “East-West traffic” i.e. network traffic
flowing between virtual machines. [Zissis, D et.al2012] Any issues over the cloud can’t be
monitored with traditional IT monitoring tools. Suppose the HR manager tries to enter into any
unsecured website or application, the hackers can easily hack the system HR is using (if that is
operated virtually in an open Wi-Fi service). This will make employees data vulnerable.
Limited service
Private clouds are limited due to customisation fact. It is the IT team and management who will
decide what services should be included and what shouldn’t be. Now, if the management
shows biasness while adding a specific feature or functionality for project scope, the ability to
innovate private cloud will be limited. For ex- If management allows open access to employees
for looking at payroll and performance, the employees can try to manipulate the data if that is
not in their favour.
Employee data risk and threats while shifting to SaaS
the IT manipulator or hackers to access systems easily to steal HR data or change performance
figures for personal benefit. [Sabahi, F. (2011)]
Open-source platform
Private clouds are majorly customised in nature as per the requirements and suitability to the
organisational environment. Many at times, when the private cloud network is set up, some
standard protocols are decided and that is followed for operating in the cloud. If the senior
management has set protocols in accordance to their personal benefit, they can manipulate HR
database in order to show better performance while reporting. [Dahbur, K., et.al2011] For ex- A
senior management may favour an employee by increasing his attendance over the network
using proxy ID. This will be possible because cloud infrastructure and operation is open to
people working inside the organisation especially the senior management.
Lack of visibility
Private cloud like Windows Server 2008 R2 may face “East-West traffic” i.e. network traffic
flowing between virtual machines. [Zissis, D et.al2012] Any issues over the cloud can’t be
monitored with traditional IT monitoring tools. Suppose the HR manager tries to enter into any
unsecured website or application, the hackers can easily hack the system HR is using (if that is
operated virtually in an open Wi-Fi service). This will make employees data vulnerable.
Limited service
Private clouds are limited due to customisation fact. It is the IT team and management who will
decide what services should be included and what shouldn’t be. Now, if the management
shows biasness while adding a specific feature or functionality for project scope, the ability to
innovate private cloud will be limited. For ex- If management allows open access to employees
for looking at payroll and performance, the employees can try to manipulate the data if that is
not in their favour.
Employee data risk and threats while shifting to SaaS
As the Charitable institution is planning to have a SaaS cloud system for management of
database, it will require to shift data from the private clouds into the public cloud. While doing
so, the following security threats may emerge- [Bamiah, M. A.,et.al 2011]
Negligence of data transfer
When the charitable institution is going to transfer the data from its private network to the
public cloud network, there is a high level chances of forgetfulness of the significant HR data
that may not be transferred by the personnel. In such case, such negligence (intentionally or by
mistake) can cause data stealing risk. As after transfer the private network data will be erased
thus recovery of such data may not be possible later.
Data transfer complexity
Many at times, when the transfer takes place, the IT manager faces difficulty to transfer all data
into new systems. When the private network data is stored for a long period of time and the
person managing the data forgot the directories where the files are stored in what form, then it
will be very difficult for the IT manager to locate the files to send into new system. If the data
are not understandable, then transfer won’t take place and that may cause loss.
Manipulated data transfer
As long as the private network, the controller has full accessibility to see and change the
information within the structure as he/she has the idea of the structure. But, while it is get
transferred into a public cloud (SaaS) which is not under the control, the concerned person may
not transfer the information that can be beneficial for him/her or will refrain his personal
intention.
Data access risk
SaaS is vendor operated could service thus the vendor may access the confidential information
in HR database that can be used for profitable purpose.
Instability
database, it will require to shift data from the private clouds into the public cloud. While doing
so, the following security threats may emerge- [Bamiah, M. A.,et.al 2011]
Negligence of data transfer
When the charitable institution is going to transfer the data from its private network to the
public cloud network, there is a high level chances of forgetfulness of the significant HR data
that may not be transferred by the personnel. In such case, such negligence (intentionally or by
mistake) can cause data stealing risk. As after transfer the private network data will be erased
thus recovery of such data may not be possible later.
Data transfer complexity
Many at times, when the transfer takes place, the IT manager faces difficulty to transfer all data
into new systems. When the private network data is stored for a long period of time and the
person managing the data forgot the directories where the files are stored in what form, then it
will be very difficult for the IT manager to locate the files to send into new system. If the data
are not understandable, then transfer won’t take place and that may cause loss.
Manipulated data transfer
As long as the private network, the controller has full accessibility to see and change the
information within the structure as he/she has the idea of the structure. But, while it is get
transferred into a public cloud (SaaS) which is not under the control, the concerned person may
not transfer the information that can be beneficial for him/her or will refrain his personal
intention.
Data access risk
SaaS is vendor operated could service thus the vendor may access the confidential information
in HR database that can be used for profitable purpose.
Instability
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
The platform is not limited to any single user thus it will increase the competition among the
users to use the service to the fullest. When the service provider is unable to provide more
space and will shut the service, it will directly affect the database of the charity.
Transparency
Although SaaS ensures high level security to the client but it doesn’t answer all the questions of
security. If the service provider is manipulating data over the cloud service, the client’s data will
be at greater risk. Until a detailed security and privacy agreement is signed, the gap of security
will be there.
Uncertainty of data location
As the information provided by the company, the database is having replica in Dublin, Ireland
alongside the main centre in California. However the processing and configuration are done in
Bangalore India. This shows that data will move more than 1 location and will be available to
multiple personnel thus at any level, data breaching or stealing can be done which the client
won’t able to find.
No direct control of own data
The whole payroll is shifting to Commercial off the Shelf (COTS0 application which is a public
cloud service. When you hand entire payroll responsibility to a third party, they get full access
to your payroll structure which they can steal and give it to competitors for a good
consideration.
Service provider poor security standards
The service provider hasn’t expressed anything regarding firewalls and standard security
protocols that they are using to keep the information security. Until they provide hard to
decode firewall and antivirus system over the network, data stealing and manipulation will be
there.
Assessment of Severity of HR database security threat
users to use the service to the fullest. When the service provider is unable to provide more
space and will shut the service, it will directly affect the database of the charity.
Transparency
Although SaaS ensures high level security to the client but it doesn’t answer all the questions of
security. If the service provider is manipulating data over the cloud service, the client’s data will
be at greater risk. Until a detailed security and privacy agreement is signed, the gap of security
will be there.
Uncertainty of data location
As the information provided by the company, the database is having replica in Dublin, Ireland
alongside the main centre in California. However the processing and configuration are done in
Bangalore India. This shows that data will move more than 1 location and will be available to
multiple personnel thus at any level, data breaching or stealing can be done which the client
won’t able to find.
No direct control of own data
The whole payroll is shifting to Commercial off the Shelf (COTS0 application which is a public
cloud service. When you hand entire payroll responsibility to a third party, they get full access
to your payroll structure which they can steal and give it to competitors for a good
consideration.
Service provider poor security standards
The service provider hasn’t expressed anything regarding firewalls and standard security
protocols that they are using to keep the information security. Until they provide hard to
decode firewall and antivirus system over the network, data stealing and manipulation will be
there.
Assessment of Severity of HR database security threat
The following is the matrix that is going to be applied for measuring the severity of the security
threat of HR database.
The security threat severity is measured on two important indicators which are-
Severity Rating Exposure
Minor severity- to do
vulnerability, it requires a lot
of information which is
subject to cause a little loss
1 Minor exposure- the vulnerability effect is
constrained to a certain level and that won’t exploit
other parts of information.
Moderate severity-
Vulnerability requires
significant resources or little
resources to cause moderate
loss
2 Moderate exposure- the vulnerability can affect
more than one system or information sources that
can increase exploitation to more areas.
High severity- Vulnerability
requires few resources to
cause a higher loss
3 High exposure- This vulnerability affects majority of
components on the system and can affect the
entire system.
[Kuo, A. M. H. (2011)]
Vulnerability Rating Combinations
1. Minor exposure and minor severity
2. Minor exposure and moderate severity/moderate exposure and minor severity
3. High exposure and minor severity/minor exposure and high severity/moderate exposure
and moderate severity
4. High exposure and moderate severity and moderate exposure and high severity
5. High exposure and high severity
Considering the above matrix and identified threat, we can put in this form
Employee Security threat Rating
Negligence of data transfer into new system 3
threat of HR database.
The security threat severity is measured on two important indicators which are-
Severity Rating Exposure
Minor severity- to do
vulnerability, it requires a lot
of information which is
subject to cause a little loss
1 Minor exposure- the vulnerability effect is
constrained to a certain level and that won’t exploit
other parts of information.
Moderate severity-
Vulnerability requires
significant resources or little
resources to cause moderate
loss
2 Moderate exposure- the vulnerability can affect
more than one system or information sources that
can increase exploitation to more areas.
High severity- Vulnerability
requires few resources to
cause a higher loss
3 High exposure- This vulnerability affects majority of
components on the system and can affect the
entire system.
[Kuo, A. M. H. (2011)]
Vulnerability Rating Combinations
1. Minor exposure and minor severity
2. Minor exposure and moderate severity/moderate exposure and minor severity
3. High exposure and minor severity/minor exposure and high severity/moderate exposure
and moderate severity
4. High exposure and moderate severity and moderate exposure and high severity
5. High exposure and high severity
Considering the above matrix and identified threat, we can put in this form
Employee Security threat Rating
Negligence of data transfer into new system 3
Complexity of data transfer 2
Manipulated data transfer 4
Data access risk 5
Instability of SaaS 1
Transparency 4
Uncertainty of data location 2
No direct control over own data 3
Service provider poor protection system 5
From the above, it is quite clear that data access risk, service provider poor IT security system
are the extreme threat situation in public cloud while transparency and manipulated data
transfer are the high level threats.
Employee Privacy Threats
Current privacy threats
Employee and client privacy are the two most essential factors that an organization must not
lose at any cost. As organization keeps a trust relationship with employees and clients, it
becomes the duty and responsibility of the organization to keep the privacy of information
which can affect the organisation as well as the person.
The below threats can take place with top level management to employee data
Excessive privilege to access employee data-
The current system is under full control of the IT management which may be controlled or
influenced by the senior management for personal usage. As there is no such clause or
agreement is done with employees, the top level management can access personal or sensitive
information of employees for their own benefit.
Data stealing-
Manipulated data transfer 4
Data access risk 5
Instability of SaaS 1
Transparency 4
Uncertainty of data location 2
No direct control over own data 3
Service provider poor protection system 5
From the above, it is quite clear that data access risk, service provider poor IT security system
are the extreme threat situation in public cloud while transparency and manipulated data
transfer are the high level threats.
Employee Privacy Threats
Current privacy threats
Employee and client privacy are the two most essential factors that an organization must not
lose at any cost. As organization keeps a trust relationship with employees and clients, it
becomes the duty and responsibility of the organization to keep the privacy of information
which can affect the organisation as well as the person.
The below threats can take place with top level management to employee data
Excessive privilege to access employee data-
The current system is under full control of the IT management which may be controlled or
influenced by the senior management for personal usage. As there is no such clause or
agreement is done with employees, the top level management can access personal or sensitive
information of employees for their own benefit.
Data stealing-
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
The top level management can steal the confidential data about employees to use it illegally or
unethically in outside profitable purpose. As the charitable organisation is related to healthcare
service, thus stealing employees’ performance data can open the gateway to steal client’s
confidential information.
Mismanagement of employee data
It can be the most probable threat that is possible with the existing private server system. As
the data entry, processing, configuration and protection is done by the people inside the
organisation who can be forced by the top management to misplace data to get their personal
interest. Such mismanagement can cause financial, psychological and emotional damage to the
employees.
Employee’s action threat to privacy of other employees
It is not only the top level or IT manager or HR head who can do manipulation in the existing
database system but also an employee can use the system for taking personal advantage by
putting others in trouble.
Access of other’s data- The current system includes authentication and accessibility of
employees using unique ID given by the Charity. Suppose an employee gets other’s ID and code,
he/she can manipulate the database using proxy server. As it is a private or loop system, the
employees may find space to decode the structural security using virus or malware. [Chen,
D.,et.al2012]
Use of infected system- Employee intentionally or unintentionally may use his portal through an
infected (virus or malware infected) system to access HR data. By doing such, the cyber threats
will enter into the central database and will make the system corrupt.
Leak of confidential information about the organisation- As employees have accessibility to
internal records of the organisation, they can use it for personal advantages. They may leak HR
database information to rivalry organisations for monetary consideration.
Additional risks and threats with SaaS
unethically in outside profitable purpose. As the charitable organisation is related to healthcare
service, thus stealing employees’ performance data can open the gateway to steal client’s
confidential information.
Mismanagement of employee data
It can be the most probable threat that is possible with the existing private server system. As
the data entry, processing, configuration and protection is done by the people inside the
organisation who can be forced by the top management to misplace data to get their personal
interest. Such mismanagement can cause financial, psychological and emotional damage to the
employees.
Employee’s action threat to privacy of other employees
It is not only the top level or IT manager or HR head who can do manipulation in the existing
database system but also an employee can use the system for taking personal advantage by
putting others in trouble.
Access of other’s data- The current system includes authentication and accessibility of
employees using unique ID given by the Charity. Suppose an employee gets other’s ID and code,
he/she can manipulate the database using proxy server. As it is a private or loop system, the
employees may find space to decode the structural security using virus or malware. [Chen,
D.,et.al2012]
Use of infected system- Employee intentionally or unintentionally may use his portal through an
infected (virus or malware infected) system to access HR data. By doing such, the cyber threats
will enter into the central database and will make the system corrupt.
Leak of confidential information about the organisation- As employees have accessibility to
internal records of the organisation, they can use it for personal advantages. They may leak HR
database information to rivalry organisations for monetary consideration.
Additional risks and threats with SaaS
Like security threat, privacy is also under question mark in SaaS. Although the level of privacy
risk and threats are not that much like in earlier case, still some privacy concerns do exist.
Here are the some of the key privacy risk or threats factors that the charitable organisation HR
department-
Client’s data leak- Since it is a community cum healthcare organisation, majority of the
employees are expected to have information regarding the clients to give varieties of service in
accordance to their need. In SaaS system, the employees are going to put data into the vendor
service system where if the vendor does any negligence on data storing or processing, the client
data will be vulnerable. Healthcare and community services information come under highly
confidential information, if it leaks through employee portal, it will put the client service under
scanner.
Lack of internal control- SaaS is a publically managed software service provision. The control
over its management and usage lie with the vendor only. Thus, the organisation doesn’t have
control over its storage and supply of information. If the vendor doesn’t provide adequate
firewall security, it will expose confidential data of employees and clients in a public network.
Lack of transparency- Privacy has lot to do with transparency. The vendor may not provide
adequate assistance to upload the data into the system or may not agree to take any risk of
data uploading. As in such case, any mistake done by the HR department or employees
regarding their performance or payroll will make vulnerability of data. Even data loss can take
place with loads of data entry into the same system used by any other client.
Limited service- SaaS vendor is providing restricted software application services to the client
thus they are limiting the uploading of the data. There can be some confidential information of
employees and clients that vendor may not provide under agreement which then have to store
in local network. This will be subject to privacy breach as local network (intranet) may not be
secured adequately.
Virtual support- This is another important concern for privacy of employee data. As per the
organisation request, the data will be uploaded by the employees only which will be processed,
risk and threats are not that much like in earlier case, still some privacy concerns do exist.
Here are the some of the key privacy risk or threats factors that the charitable organisation HR
department-
Client’s data leak- Since it is a community cum healthcare organisation, majority of the
employees are expected to have information regarding the clients to give varieties of service in
accordance to their need. In SaaS system, the employees are going to put data into the vendor
service system where if the vendor does any negligence on data storing or processing, the client
data will be vulnerable. Healthcare and community services information come under highly
confidential information, if it leaks through employee portal, it will put the client service under
scanner.
Lack of internal control- SaaS is a publically managed software service provision. The control
over its management and usage lie with the vendor only. Thus, the organisation doesn’t have
control over its storage and supply of information. If the vendor doesn’t provide adequate
firewall security, it will expose confidential data of employees and clients in a public network.
Lack of transparency- Privacy has lot to do with transparency. The vendor may not provide
adequate assistance to upload the data into the system or may not agree to take any risk of
data uploading. As in such case, any mistake done by the HR department or employees
regarding their performance or payroll will make vulnerability of data. Even data loss can take
place with loads of data entry into the same system used by any other client.
Limited service- SaaS vendor is providing restricted software application services to the client
thus they are limiting the uploading of the data. There can be some confidential information of
employees and clients that vendor may not provide under agreement which then have to store
in local network. This will be subject to privacy breach as local network (intranet) may not be
secured adequately.
Virtual support- This is another important concern for privacy of employee data. As per the
organisation request, the data will be uploaded by the employees only which will be processed,
configured and stored over the cloud at different places. After uploading, at no stage physical
support is given to the employee’s data, whole responsibility is on the people sitting in
California, Doblin and Bangalore to keep the privacy. If at any place, they open up the
information without knowledge of the charitable institution, it will put the client service in deep
trouble.
Rating of Employee privacy threat
The privacy risk assessment will take place in the following manner –
Risk rating table-
Risk rating Factor score
High risk 15
Moderate risk 6-14
Low risk X<5
The privacy risk factors are presented with two important indicators which are-
1. Impact on privacy
2. Likelihood of occurrence
The matrix can be presented as-
Impact Likelihood of Occurrence
High 15 14 9
Moderate 13 7 6
Low 10-12 8 1-3
High Moderate Low
As per the above identified privacy risk factors we can put the same in the above matrix in the
following manner-
Impact Likelihood of Occurrence
support is given to the employee’s data, whole responsibility is on the people sitting in
California, Doblin and Bangalore to keep the privacy. If at any place, they open up the
information without knowledge of the charitable institution, it will put the client service in deep
trouble.
Rating of Employee privacy threat
The privacy risk assessment will take place in the following manner –
Risk rating table-
Risk rating Factor score
High risk 15
Moderate risk 6-14
Low risk X<5
The privacy risk factors are presented with two important indicators which are-
1. Impact on privacy
2. Likelihood of occurrence
The matrix can be presented as-
Impact Likelihood of Occurrence
High 15 14 9
Moderate 13 7 6
Low 10-12 8 1-3
High Moderate Low
As per the above identified privacy risk factors we can put the same in the above matrix in the
following manner-
Impact Likelihood of Occurrence
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
High Client Data
leak
Moderate Lack of
internal
control
Virtual
support
Lack of
transparency
Low Limited
service
High Moderate Low
[Saripalli, P et.al2011]
From the above, it is quite clear that client data leak will be a great trouble for the charitable
organisation involved in community service. Internal control and virtual support are the
moderate level privacy risk factors while limited service seems to be low privacy risk factor. The
consequences of these threats can result as-
1. Loss of personal data
2. Loss of integrity and trust
3. Loss of confidentiality- (considered as the major impact)
Digital identity threats and risks
Digital identity is now among the trends in technology where the employees are given unique
identification account and password to create their digital identity and use it for the
organisation work in a secured manner. One of the key motive behind digital identity is to avoid
the paperwork and delay in identifying or searching for employee data. This system ensures
availability of information about the employees by just a click only. [Chou, T. S. (2013).]
Until now, the digital identity was with the charitable organisation only but after mitigation to
SaaS, the employee’s directory will move into 3 locations where the data movement is going to
leak
Moderate Lack of
internal
control
Virtual
support
Lack of
transparency
Low Limited
service
High Moderate Low
[Saripalli, P et.al2011]
From the above, it is quite clear that client data leak will be a great trouble for the charitable
organisation involved in community service. Internal control and virtual support are the
moderate level privacy risk factors while limited service seems to be low privacy risk factor. The
consequences of these threats can result as-
1. Loss of personal data
2. Loss of integrity and trust
3. Loss of confidentiality- (considered as the major impact)
Digital identity threats and risks
Digital identity is now among the trends in technology where the employees are given unique
identification account and password to create their digital identity and use it for the
organisation work in a secured manner. One of the key motive behind digital identity is to avoid
the paperwork and delay in identifying or searching for employee data. This system ensures
availability of information about the employees by just a click only. [Chou, T. S. (2013).]
Until now, the digital identity was with the charitable organisation only but after mitigation to
SaaS, the employee’s directory will move into 3 locations where the data movement is going to
take place. In earlier case, if vulnerability takes place, it can easily be detected as people within
the organisation can do so but when it is in public platform, the risk proportion increases.
Here are the potential risk and threats that employees of this charitable institution can face-
Privacy under check- In SaaS arrangement, the employees are required to upload their personal
and professional information (required under employment agreement) to the third party. Even
if the organisation does a privacy agreement with the vendor but the organisation has hardly
any accessibility to cross check the data trespassing over their software application. The vendor
may secretly leak all private information about employees or information about client using
proxy code or identity for own benefit. In that case, the employee’s privacy will be at greater
risk.
At hacker’s target- Public cloud network is always under the target of hackers and when it
comes to healthcare information which is considered to be the most sensitive information
about an individual, any sort of leak or destruction of information will lead to severe loss of the
organisation and the personal as well. The charitable institution’s employees may have client
details associated with their performance thus if hackers succeed to crack the application, it will
not only take the employee’s personal data but also will steal the client’s data for monetary
consideration. [Saripalli, P.,et.al2012]
Dummy ID- [Ko, R. K.,et.al2012]Virtual ID allows to make fake or dummy accounts to steal
confidential information about the organisation and client. In public cloud network, opening
such ID is easier than in private network. If anyone opens a dummy id that resembles with the
charitable employees Id, it will allow a direct accessibility to the detail records of clients and
employees. Information like their bank details, health information etc. can be used for unethical
or illegal purpose. Although such opening is not possible without involvement of internal
persons, but risk is always there.
Control of information- When employee data goes into SaaS, there the control over information
security and privacy stays with the vendor only. Now onwards, it all depends on the vendor
regarding how they will provide protection to the employee data. Suppose they don’t provide
the organisation can do so but when it is in public platform, the risk proportion increases.
Here are the potential risk and threats that employees of this charitable institution can face-
Privacy under check- In SaaS arrangement, the employees are required to upload their personal
and professional information (required under employment agreement) to the third party. Even
if the organisation does a privacy agreement with the vendor but the organisation has hardly
any accessibility to cross check the data trespassing over their software application. The vendor
may secretly leak all private information about employees or information about client using
proxy code or identity for own benefit. In that case, the employee’s privacy will be at greater
risk.
At hacker’s target- Public cloud network is always under the target of hackers and when it
comes to healthcare information which is considered to be the most sensitive information
about an individual, any sort of leak or destruction of information will lead to severe loss of the
organisation and the personal as well. The charitable institution’s employees may have client
details associated with their performance thus if hackers succeed to crack the application, it will
not only take the employee’s personal data but also will steal the client’s data for monetary
consideration. [Saripalli, P.,et.al2012]
Dummy ID- [Ko, R. K.,et.al2012]Virtual ID allows to make fake or dummy accounts to steal
confidential information about the organisation and client. In public cloud network, opening
such ID is easier than in private network. If anyone opens a dummy id that resembles with the
charitable employees Id, it will allow a direct accessibility to the detail records of clients and
employees. Information like their bank details, health information etc. can be used for unethical
or illegal purpose. Although such opening is not possible without involvement of internal
persons, but risk is always there.
Control of information- When employee data goes into SaaS, there the control over information
security and privacy stays with the vendor only. Now onwards, it all depends on the vendor
regarding how they will provide protection to the employee data. Suppose they don’t provide
much firewall protection, then any intruder to the system will hack the information someday.
Even the vendor may steal information for own benefit.[Dahbur, K.,et.al2012]
Software are not hack-proof- COTS software, which the charity is going to apply for managing
the payroll of all the employees, is not free from hacking. As COTS use alphabets and numbers
to codify the digital identity, hackers can easily break the codes using different combination
from proxy servers. In that case, the payroll details will go public and this way privacy is
breached.
Thus overall, even if the charitable institution moves to SaaS system, privacy and security risk
factors will be there. The only way such risk factors can be minimised through adequate
monitoring and providing enough firewall support to minimise denial of service, malware or
virus attack. This is possible with having a strong privacy agreement.
Service Provider’s Issue
The vendor has promised to provide full HR solution that will include employee’s performance,
payroll and other HR data. As the SaaS provider is keeping the database at different location,
there can be a two way effect on the privacy and security of the HR data.
In this case, we have two things to consider where one is the benefit and issues of the solution
and the other one is benefit and issues with multi-location database management system.
Let us first look at the benefits of operational solution- [Krutz, R. L.,et.al2010]
1. Up-front investment- With SaaS, the charitable organisation doesn’t need to bother about
buying hardware and software for data base management. They don’t need to appoint or
have an IT team to constantly watch the network. By handing over the charge to provider,
they can reduce the capital investment. As the service provider is an expert in database
management, they will take a good care of HR database with better security provision.
2. Speedy implementation- The charitable institution doesn’t need to bother about shifting
information into the public cloud. It is the vendor who will care of the entire HR data base
system. In this case, the institution is just required to upload the information in the software
Even the vendor may steal information for own benefit.[Dahbur, K.,et.al2012]
Software are not hack-proof- COTS software, which the charity is going to apply for managing
the payroll of all the employees, is not free from hacking. As COTS use alphabets and numbers
to codify the digital identity, hackers can easily break the codes using different combination
from proxy servers. In that case, the payroll details will go public and this way privacy is
breached.
Thus overall, even if the charitable institution moves to SaaS system, privacy and security risk
factors will be there. The only way such risk factors can be minimised through adequate
monitoring and providing enough firewall support to minimise denial of service, malware or
virus attack. This is possible with having a strong privacy agreement.
Service Provider’s Issue
The vendor has promised to provide full HR solution that will include employee’s performance,
payroll and other HR data. As the SaaS provider is keeping the database at different location,
there can be a two way effect on the privacy and security of the HR data.
In this case, we have two things to consider where one is the benefit and issues of the solution
and the other one is benefit and issues with multi-location database management system.
Let us first look at the benefits of operational solution- [Krutz, R. L.,et.al2010]
1. Up-front investment- With SaaS, the charitable organisation doesn’t need to bother about
buying hardware and software for data base management. They don’t need to appoint or
have an IT team to constantly watch the network. By handing over the charge to provider,
they can reduce the capital investment. As the service provider is an expert in database
management, they will take a good care of HR database with better security provision.
2. Speedy implementation- The charitable institution doesn’t need to bother about shifting
information into the public cloud. It is the vendor who will care of the entire HR data base
system. In this case, the institution is just required to upload the information in the software
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
database provided by the vendor. Rest works like its processing, integration, storage,
configuration and security will be taken care of by the vendor only. Thus speedy
implementation is possible.
3. Seamless upgrade- As the charitable institution may not be the only client for the vendor,
thus it is expected that vendor will have advanced software system in order to retain
varieties of client. Thus, the client (here the charitable institution) doesn’t need to bother
about the outdated software or virus attacks on owned software which can cost millions of
dollar. Hence risk of denial of service and virus risk is minimised.
4. Contractual guarantee service- In case of the traditional private cloud software, the
guarantee on its running is not given generally but with SaaS, the guarantee is provided (for
ex- Workbooks provide 99.5% guarantee of application availability at any time.) In case, the
SaaS fails to deliver application service, it pays penalty for that.
5. Backups and data recovery- In case of private cloud, one of the major risk is “deletion or
destruction of data completely”. It is possible because the database centre is present in the
premise or at the place where more or less personnel working in the organisation can
access. But in case of SaaS, the data storage and processing centre is different thus it is not
possible for any scrupulous person to delete data from the database. Even if somehow
deletion takes place, these providers have automatic backup services without any
intervention to restore all data in the network.
6. Work from anywhere- Charitable institution doesn’t need to bother about working at the
premise only for securing HR data. With SaaS solutions, now employees and management
can operate and get updates of their work performance, payroll and various other HR data
from the secured public cloud network. As the public clouds are having block chain
technologies these days, breaking the code or making the network vulnerable is not
possible.
7. Highly secured- As per the information provided, the database centre will be in California
and backup centre will be in Dublin. Moreover the processing and configuration will be
done in Bangalore. This means at any point of time if any centre undergoes for maintenance
configuration and security will be taken care of by the vendor only. Thus speedy
implementation is possible.
3. Seamless upgrade- As the charitable institution may not be the only client for the vendor,
thus it is expected that vendor will have advanced software system in order to retain
varieties of client. Thus, the client (here the charitable institution) doesn’t need to bother
about the outdated software or virus attacks on owned software which can cost millions of
dollar. Hence risk of denial of service and virus risk is minimised.
4. Contractual guarantee service- In case of the traditional private cloud software, the
guarantee on its running is not given generally but with SaaS, the guarantee is provided (for
ex- Workbooks provide 99.5% guarantee of application availability at any time.) In case, the
SaaS fails to deliver application service, it pays penalty for that.
5. Backups and data recovery- In case of private cloud, one of the major risk is “deletion or
destruction of data completely”. It is possible because the database centre is present in the
premise or at the place where more or less personnel working in the organisation can
access. But in case of SaaS, the data storage and processing centre is different thus it is not
possible for any scrupulous person to delete data from the database. Even if somehow
deletion takes place, these providers have automatic backup services without any
intervention to restore all data in the network.
6. Work from anywhere- Charitable institution doesn’t need to bother about working at the
premise only for securing HR data. With SaaS solutions, now employees and management
can operate and get updates of their work performance, payroll and various other HR data
from the secured public cloud network. As the public clouds are having block chain
technologies these days, breaking the code or making the network vulnerable is not
possible.
7. Highly secured- As per the information provided, the database centre will be in California
and backup centre will be in Dublin. Moreover the processing and configuration will be
done in Bangalore. This means at any point of time if any centre undergoes for maintenance
or having troubleshoot, still the application and data will be operative. One of the key
reason is backups at each centre.
8. No threat of mismanagement- As the software service is undertaken by the vendor, the
charitable institution doesn't need to worry about mismanagement at the premise. The
entire system will be on public cloud server which an individual can’t manipulate easily.
Limitations with multiple operational vendor solution-
Here are some of the challenges that can pose a greater threat to charitable institution’s HR
data.
1. Immature identity management- Although the public cloud providers say that they are
integrating their services with the client database but to what extend the integration has
taken place is not known most of the times to the client. Moreover, the charitable
institution has only put HR Database management into public clouds, thus client database is
still in private clouds which the vendor won’t consider at any stage. Any loss of client data
will be a loss to organisation only.
2. Cloud standards are not adequate- There is hardly any common standard or laws
formulated to look after the adequacy or auditing of vendor’s service for security credential.
There are standards like ISO-27001 and SAS-70 for auditing of security credential of the
vendors but these are not extensively used. Most of the cases, internal IT audit is given as
the final audit report for the stakeholders. The above guidelines are not giving 100%
guarantee that data will safe if the vendor follows the said guidelines. So there is a big gap
or question mark is there on data security despite regulations. Like employee privacy
agreement in client business, the vendor also requires privacy match with the employees. If
they breach, the loss will be on client. This can happen in charitable institution case as well.
3. Secrecy- Cloud vendors normally argue that they are more able to secure data that the
client itself but the perception is somewhere on the flipside. SaaS vendor opens up about
the data storage and processing but they never discloses the security measures completely
to the client. One the reason they give to escape from such dilemma is ‘security concerns.”
Here in this case, the data storage and management is taking at multiple place, so security
reason is backups at each centre.
8. No threat of mismanagement- As the software service is undertaken by the vendor, the
charitable institution doesn't need to worry about mismanagement at the premise. The
entire system will be on public cloud server which an individual can’t manipulate easily.
Limitations with multiple operational vendor solution-
Here are some of the challenges that can pose a greater threat to charitable institution’s HR
data.
1. Immature identity management- Although the public cloud providers say that they are
integrating their services with the client database but to what extend the integration has
taken place is not known most of the times to the client. Moreover, the charitable
institution has only put HR Database management into public clouds, thus client database is
still in private clouds which the vendor won’t consider at any stage. Any loss of client data
will be a loss to organisation only.
2. Cloud standards are not adequate- There is hardly any common standard or laws
formulated to look after the adequacy or auditing of vendor’s service for security credential.
There are standards like ISO-27001 and SAS-70 for auditing of security credential of the
vendors but these are not extensively used. Most of the cases, internal IT audit is given as
the final audit report for the stakeholders. The above guidelines are not giving 100%
guarantee that data will safe if the vendor follows the said guidelines. So there is a big gap
or question mark is there on data security despite regulations. Like employee privacy
agreement in client business, the vendor also requires privacy match with the employees. If
they breach, the loss will be on client. This can happen in charitable institution case as well.
3. Secrecy- Cloud vendors normally argue that they are more able to secure data that the
client itself but the perception is somewhere on the flipside. SaaS vendor opens up about
the data storage and processing but they never discloses the security measures completely
to the client. One the reason they give to escape from such dilemma is ‘security concerns.”
Here in this case, the data storage and management is taking at multiple place, so security
concerns are more because the centres may not be following the similar security protocol.
The vendor mayn’t share security details to the charitable organisation. The personnel
working in the vendor’s organisation may leak information for personal benefit. Many such
doubts can arise until “privacy and security” disclosure is done by vendor. (Microsoft has
done such for the clients but Amazon hasn’t done.)
4. Accessibility from anywhere- Although the SaaS system makes it easier for the employees to
make updates in database management even if they are not physically present in the
premise but such freedom also raised the risk. As the service availability is possible
anywhere, if the employees try to access the network using unprotected wireless
connectivity or at home or at any places where public access is easily possible, they are
actually troubling the utility of the service. If any person steals the unique ID and password,
he can easily manipulate the database which vendor won’t even doubt. Unless some
specific encryption such as retina scan, finger prints scan or any other unique identification
marks are aligned to the network, the risk of data stealing or manipulation will still be there.
5. In-house support needed- As per the condition of management, uploading of the data will
be done at the premise only. Even if the HR database management is handled by the
vendor, the preliminary database is actually managed by the employees who are uploading
it. If they start manipulating or concealing data before uploading to the network, the service
agreement with vendor will of no use.
We see that, having a SaaS service has both benefits and limitations regarding privacy and
security issues. Until the management and vendor comes with a proper privacy disclosure
agreement and agrees to IT audit by the external party, the risk will be there.
Ethical Issues Consideration
There are certain ethical issues that charitable organisation must consider before implementing
SaaS system in HR database management. The following can be described as the ethical issues-
1. Security and Privacy of the uploaded data
2. Service accessibility and availability
3. Power consumption and waste management
The vendor mayn’t share security details to the charitable organisation. The personnel
working in the vendor’s organisation may leak information for personal benefit. Many such
doubts can arise until “privacy and security” disclosure is done by vendor. (Microsoft has
done such for the clients but Amazon hasn’t done.)
4. Accessibility from anywhere- Although the SaaS system makes it easier for the employees to
make updates in database management even if they are not physically present in the
premise but such freedom also raised the risk. As the service availability is possible
anywhere, if the employees try to access the network using unprotected wireless
connectivity or at home or at any places where public access is easily possible, they are
actually troubling the utility of the service. If any person steals the unique ID and password,
he can easily manipulate the database which vendor won’t even doubt. Unless some
specific encryption such as retina scan, finger prints scan or any other unique identification
marks are aligned to the network, the risk of data stealing or manipulation will still be there.
5. In-house support needed- As per the condition of management, uploading of the data will
be done at the premise only. Even if the HR database management is handled by the
vendor, the preliminary database is actually managed by the employees who are uploading
it. If they start manipulating or concealing data before uploading to the network, the service
agreement with vendor will of no use.
We see that, having a SaaS service has both benefits and limitations regarding privacy and
security issues. Until the management and vendor comes with a proper privacy disclosure
agreement and agrees to IT audit by the external party, the risk will be there.
Ethical Issues Consideration
There are certain ethical issues that charitable organisation must consider before implementing
SaaS system in HR database management. The following can be described as the ethical issues-
1. Security and Privacy of the uploaded data
2. Service accessibility and availability
3. Power consumption and waste management
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Security and Privacy of the data
This can have 4 more ethical consideration which are-
1. Privacy and security of the data upload
2. Privacy and security of data storage
3. Privacy and security of data flow
4. Privacy and security of the charitable institution profile
Privacy and Security of data upload
This is the first and the foremost important ethical consideration that the charitable institution
should ensure that whoever are engaged in data uploading are keeping the privacy and security
guidelines in mind. The privacy and security guidelines are basically the organisational policies
that protects clients’ and employees’ personal and sensitive data at any cost. They shouldn’t
put the unnecessary data into public platform. Even they are bound to use the encrypted ID and
password to enter into the system but not from any open network.
Privacy and security of data storage
The charitable institution must ask the vendor to give reports on privacy and security of the
stored data in California and Dublin on regular basis. For that, it should ask the vendor to
conduct an IT audit as per ISO-27001. Apart from that whether the vendor is following the
cloud privacy and security agreement of the particular region must be checked by asking the
vendor to submit report of compliance. [Kshetri, N. (2013).]
Privacy and security of data flow
As the data processing and configuration is taking place between California-Dublin-Bangalore,
so the organisation will inquire about the status of the data uploaded. This is necessary because
whether the data flow is taking place as per the service agreement or not. Many at times,
internally stealing of data takes place. Thus, by asking the client to report about the data flow
status, such ethical issues can be managed.
Privacy and security of charitable institution profile
This can have 4 more ethical consideration which are-
1. Privacy and security of the data upload
2. Privacy and security of data storage
3. Privacy and security of data flow
4. Privacy and security of the charitable institution profile
Privacy and Security of data upload
This is the first and the foremost important ethical consideration that the charitable institution
should ensure that whoever are engaged in data uploading are keeping the privacy and security
guidelines in mind. The privacy and security guidelines are basically the organisational policies
that protects clients’ and employees’ personal and sensitive data at any cost. They shouldn’t
put the unnecessary data into public platform. Even they are bound to use the encrypted ID and
password to enter into the system but not from any open network.
Privacy and security of data storage
The charitable institution must ask the vendor to give reports on privacy and security of the
stored data in California and Dublin on regular basis. For that, it should ask the vendor to
conduct an IT audit as per ISO-27001. Apart from that whether the vendor is following the
cloud privacy and security agreement of the particular region must be checked by asking the
vendor to submit report of compliance. [Kshetri, N. (2013).]
Privacy and security of data flow
As the data processing and configuration is taking place between California-Dublin-Bangalore,
so the organisation will inquire about the status of the data uploaded. This is necessary because
whether the data flow is taking place as per the service agreement or not. Many at times,
internally stealing of data takes place. Thus, by asking the client to report about the data flow
status, such ethical issues can be managed.
Privacy and security of charitable institution profile
One of the ethical consideration that charitable organisation should ensure is the profile of
organisation in vendor’s public cloud. If the organisational information goes public, it will create
problems with the data management especially with personal data of employees and sensitive
data of client of the organisation. This is possible if any anonymous gets the code or key to
unlock the database.
Service accessibility and availability-
This includes to what extend the accessibility and availability with the SaaS system. As the SaaS
solution is web-based, the organisation needs to determine the compatible hardware and
operating systems, browsers etc. before entering into the service agreement. It should also set
the accessibility time and duration with the vendor. The organisation must ensure a guarantee
agreement with the vendor regarding availability of the services. The agreement must include
the authorised personnel who can have the accessibility and availability to the system. One of
the key factor must be considered is “purpose of system.” It shouldn’t allow SaaS usage in some
other purpose. [Ryan, M. D. (2011).]
Power consumption and Waste management
This includes the ethical consideration of application of hardware, power usage and waste
management (data destruction). For the hardware, ethical consideration from the charity
should be taken for the hardware components that vendor is using to store and process the
data. The charity should ensure that vendor is using latest software systems and cloud platform
that is well protected and encrypted. It should also align with cost of service. [Miller, K. W
et.al2012]
Regarding power usage, CO2 emission, air pollution and other eco-friendly regulations must be
enquired by the charity from the vendor so that the service agreement will stay valid.
Otherwise such violation can close down the vendor’s operation.
The charity organisation should put the condition of disclosure of the data that are said to
destroy. As many of the information that are taken into system are confidential and sensitive, if
at any stage the charity wants to erase the data, it should enquire “how the data will be
organisation in vendor’s public cloud. If the organisational information goes public, it will create
problems with the data management especially with personal data of employees and sensitive
data of client of the organisation. This is possible if any anonymous gets the code or key to
unlock the database.
Service accessibility and availability-
This includes to what extend the accessibility and availability with the SaaS system. As the SaaS
solution is web-based, the organisation needs to determine the compatible hardware and
operating systems, browsers etc. before entering into the service agreement. It should also set
the accessibility time and duration with the vendor. The organisation must ensure a guarantee
agreement with the vendor regarding availability of the services. The agreement must include
the authorised personnel who can have the accessibility and availability to the system. One of
the key factor must be considered is “purpose of system.” It shouldn’t allow SaaS usage in some
other purpose. [Ryan, M. D. (2011).]
Power consumption and Waste management
This includes the ethical consideration of application of hardware, power usage and waste
management (data destruction). For the hardware, ethical consideration from the charity
should be taken for the hardware components that vendor is using to store and process the
data. The charity should ensure that vendor is using latest software systems and cloud platform
that is well protected and encrypted. It should also align with cost of service. [Miller, K. W
et.al2012]
Regarding power usage, CO2 emission, air pollution and other eco-friendly regulations must be
enquired by the charity from the vendor so that the service agreement will stay valid.
Otherwise such violation can close down the vendor’s operation.
The charity organisation should put the condition of disclosure of the data that are said to
destroy. As many of the information that are taken into system are confidential and sensitive, if
at any stage the charity wants to erase the data, it should enquire “how the data will be
erased”. If the data destruction is not done properly, the historical data may be stolen and used
for fraudulent purpose. This will impact the organisation. [Subashini, S.,et.al2012]
References
1. Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud
computing. Wiley Publishing.
2. Sabahi, F. (2011, May). Cloud computing security threats and responses. In Communication
Software and Networks (ICCSN), 2011 IEEE 3rd International Conference on (pp. 245-249).
IEEE.
3. Dahbur, K., Mohammad, B., & Tarakji, A. B. (2011, April). A survey of risks, threats and
vulnerabilities in cloud computing. In Proceedings of the 2011 International conference on
intelligent semantic Web-services and applications (p. 12). ACM.
4. Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future
Generation computer systems, 28(3), 583-592.
5. Chou, T. S. (2013). Security threats on cloud computing vulnerabilities. International Journal
of Computer Science & Information Technology, 5(3), 79.
for fraudulent purpose. This will impact the organisation. [Subashini, S.,et.al2012]
References
1. Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud
computing. Wiley Publishing.
2. Sabahi, F. (2011, May). Cloud computing security threats and responses. In Communication
Software and Networks (ICCSN), 2011 IEEE 3rd International Conference on (pp. 245-249).
IEEE.
3. Dahbur, K., Mohammad, B., & Tarakji, A. B. (2011, April). A survey of risks, threats and
vulnerabilities in cloud computing. In Proceedings of the 2011 International conference on
intelligent semantic Web-services and applications (p. 12). ACM.
4. Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future
Generation computer systems, 28(3), 583-592.
5. Chou, T. S. (2013). Security threats on cloud computing vulnerabilities. International Journal
of Computer Science & Information Technology, 5(3), 79.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
6. Saripalli, P., & Walters, B. (2010, July). Quirc: A quantitative impact and risk assessment
framework for cloud security. In Cloud Computing (CLOUD), 2010 IEEE 3rd International
Conference on (pp. 280-288). Ieee.
7. Ko, R. K., Jagadpramana, P., Mowbray, M., Pearson, S., Kirchberg, M., Liang, Q., & Lee, B. S.
(2011, July). TrustCloud: A framework for accountability and trust in cloud computing.
In Services (SERVICES), 2011 IEEE World Congress on (pp. 584-588). IEEE.
8. Dahbur, K., Mohammad, B., & Tarakji, A. B. (2011, April). A survey of risks, threats and
vulnerabilities in cloud computing. In Proceedings of the 2011 International conference on
intelligent semantic Web-services and applications (p. 12). ACM.
9. Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud
computing. Wiley Publishing.
10. Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of
cloud computing. Journal of network and computer applications, 34(1), 1-11.
11. Zhang, X., Wuwong, N., Li, H., & Zhang, X. (2010, June). Information security risk
management framework for the cloud computing environments. In Computer and
Information Technology (CIT), 2010 IEEE 10th International Conference on (pp. 1328-1334).
IEEE.
12. Gonzalez, N., Miers, C., Redigolo, F., Simplicio, M., Carvalho, T., Näslund, M., & Pourzandi,
M. (2012). A quantitative analysis of current security concerns and solutions for cloud
computing. Journal of Cloud Computing: Advances, Systems and Applications, 1(1), 11.
13. Saripalli, P., & Walters, B. (2010, July). Quirc: A quantitative impact and risk assessment
framework for cloud security. In Cloud Computing (CLOUD), 2010 IEEE 3rd International
Conference on (pp. 280-288). Ieee.
14. Kuo, A. M. H. (2011). Opportunities and challenges of cloud computing to improve health
care services. Journal of medical Internet research, 13(3).
15. Chen, D., & Zhao, H. (2012, March). Data security and privacy protection issues in cloud
computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International
Conference on (Vol. 1, pp. 647-651). IEEE.
framework for cloud security. In Cloud Computing (CLOUD), 2010 IEEE 3rd International
Conference on (pp. 280-288). Ieee.
7. Ko, R. K., Jagadpramana, P., Mowbray, M., Pearson, S., Kirchberg, M., Liang, Q., & Lee, B. S.
(2011, July). TrustCloud: A framework for accountability and trust in cloud computing.
In Services (SERVICES), 2011 IEEE World Congress on (pp. 584-588). IEEE.
8. Dahbur, K., Mohammad, B., & Tarakji, A. B. (2011, April). A survey of risks, threats and
vulnerabilities in cloud computing. In Proceedings of the 2011 International conference on
intelligent semantic Web-services and applications (p. 12). ACM.
9. Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud
computing. Wiley Publishing.
10. Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of
cloud computing. Journal of network and computer applications, 34(1), 1-11.
11. Zhang, X., Wuwong, N., Li, H., & Zhang, X. (2010, June). Information security risk
management framework for the cloud computing environments. In Computer and
Information Technology (CIT), 2010 IEEE 10th International Conference on (pp. 1328-1334).
IEEE.
12. Gonzalez, N., Miers, C., Redigolo, F., Simplicio, M., Carvalho, T., Näslund, M., & Pourzandi,
M. (2012). A quantitative analysis of current security concerns and solutions for cloud
computing. Journal of Cloud Computing: Advances, Systems and Applications, 1(1), 11.
13. Saripalli, P., & Walters, B. (2010, July). Quirc: A quantitative impact and risk assessment
framework for cloud security. In Cloud Computing (CLOUD), 2010 IEEE 3rd International
Conference on (pp. 280-288). Ieee.
14. Kuo, A. M. H. (2011). Opportunities and challenges of cloud computing to improve health
care services. Journal of medical Internet research, 13(3).
15. Chen, D., & Zhao, H. (2012, March). Data security and privacy protection issues in cloud
computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International
Conference on (Vol. 1, pp. 647-651). IEEE.
1 out of 20
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.