Cloud Privacy and Security Report: HR Data Security and Privacy
VerifiedAdded on 2020/02/23
|23
|5094
|679
Report
AI Summary
This report addresses the cloud privacy and security concerns of the Department of Administrative Services (DAS) regarding its employee data. It begins by examining the current threats and risks within the in-house HR database, including deployment failures, security flaws, data leaks, misuse, and SQL injection vulnerabilities. The report then assesses the risks and threats associated with migrating to SaaS applications, considering factors like compliance, maintenance costs, data security, and potential disruptions. It evaluates the severity of these risks, including data theft, neglect, and loss, while also considering privacy issues like breaches, anonymization problems, and data masking inadequacies. The report further explores the risks to digital identities and potential discrimination. It also provides considerations for operational solutions and locations of SaaS providers, and concludes with a discussion of data sensitivity and jurisdictional issues. The report emphasizes the importance of backup plans, adherence to data security regulations, and mitigation strategies to safeguard employee data.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: CLOUD PRIVACY AND SECURITY
Cloud Privacy and Security
Name of the Student
Name of the University
Author’s note
Cloud Privacy and Security
Name of the Student
Name of the University
Author’s note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1CLOUD PRIVACY AND SECURITY
Executive Summary
The Department of Administrative Services (DAS) gives multiple services to various
departments of the Australian State Government; the multiple services involve the contractor
management, HR management, payroll management and procurement. DAS is concerned
about the security of the employees of the organisation and their sensitive data. DAS
employees can be greatly benefitted from the cloud vendor Shore and Amazon AWS in terms
of advanced cloud solutions and advanced security solutions. DAS employees enter the data
and so the organization is concerned about the security and privacy issues of the employees.
The result highlighted all the security threats and risks within in house HR database. The
report also focused on the threats and risks associated with the DAS employees and also the
severities of risks of the employees have been explained. Since DAS decides to move to the
cloud, their approach is to enhance the business as well as the security of the organization as
well as the employees. The threats related to digital identities have been elaborated in this
report as well. The two operational solutions to secure and protect the HR database have been
showcased in this report. Further, the usage of IaaS solution has been highlighted in the
report.
Executive Summary
The Department of Administrative Services (DAS) gives multiple services to various
departments of the Australian State Government; the multiple services involve the contractor
management, HR management, payroll management and procurement. DAS is concerned
about the security of the employees of the organisation and their sensitive data. DAS
employees can be greatly benefitted from the cloud vendor Shore and Amazon AWS in terms
of advanced cloud solutions and advanced security solutions. DAS employees enter the data
and so the organization is concerned about the security and privacy issues of the employees.
The result highlighted all the security threats and risks within in house HR database. The
report also focused on the threats and risks associated with the DAS employees and also the
severities of risks of the employees have been explained. Since DAS decides to move to the
cloud, their approach is to enhance the business as well as the security of the organization as
well as the employees. The threats related to digital identities have been elaborated in this
report as well. The two operational solutions to secure and protect the HR database have been
showcased in this report. Further, the usage of IaaS solution has been highlighted in the
report.
2CLOUD PRIVACY AND SECURITY
Table of Contents
1. Introduction............................................................................................................................3
2. Consideration of the data and information that DAS holds on its employees in the current
HR system..................................................................................................................................3
2.1. Establishment of the existing threats and risks to the security of that data and
information contained in the in house HR database...............................................................3
2.2. The risks and threats to the employee data after migration to a SaaS application..........5
2.3. Assess the resulting severity of risk and threat to employee data...................................7
3. Consideration of the privacy of the data for those employees who will move to a SaaS
application..................................................................................................................................9
3.1. Establishment of the existing threats and risks to the privacy of that data and
information contained in the in house HR database...............................................................9
3.2. The risks and threats to the privacy of the employee data after migration to a SaaS
application..............................................................................................................................9
3.3. Assess the resulting severity of risk and threat to the privacy of employee data..........11
4. The threats and risks to the digital identities of Government employees from the move to
SaaS applications.....................................................................................................................11
5. Consideration of the operational solution and location(s) of the two SaaS providers for HR
and Contractor management....................................................................................................13
6. The issues of data sensitivity or jurisdiction that should be considered other than the issues
discussed..................................................................................................................................17
7. Conclusion............................................................................................................................17
8. References............................................................................................................................18
Table of Contents
1. Introduction............................................................................................................................3
2. Consideration of the data and information that DAS holds on its employees in the current
HR system..................................................................................................................................3
2.1. Establishment of the existing threats and risks to the security of that data and
information contained in the in house HR database...............................................................3
2.2. The risks and threats to the employee data after migration to a SaaS application..........5
2.3. Assess the resulting severity of risk and threat to employee data...................................7
3. Consideration of the privacy of the data for those employees who will move to a SaaS
application..................................................................................................................................9
3.1. Establishment of the existing threats and risks to the privacy of that data and
information contained in the in house HR database...............................................................9
3.2. The risks and threats to the privacy of the employee data after migration to a SaaS
application..............................................................................................................................9
3.3. Assess the resulting severity of risk and threat to the privacy of employee data..........11
4. The threats and risks to the digital identities of Government employees from the move to
SaaS applications.....................................................................................................................11
5. Consideration of the operational solution and location(s) of the two SaaS providers for HR
and Contractor management....................................................................................................13
6. The issues of data sensitivity or jurisdiction that should be considered other than the issues
discussed..................................................................................................................................17
7. Conclusion............................................................................................................................17
8. References............................................................................................................................18
3CLOUD PRIVACY AND SECURITY
1. Introduction
The Department of Administrative Services (DAS) gives multiple services to various
departments of the Australian State Government (Shostack, 2014); the multiple services
involve the contractor management, HR management, payroll management and procurement.
DAS is concerned about the security of the employees of the organisation and their sensitive
data.
This report will highlight prevalent risks and threats associated with the organisation
within in house HR database, will also showcase the risks and threats associated with the
employees, severity of the risks involved with the employee data. DAS has planned to move
to the cloud, the threats and the issues they can face will be detailed and the solutions to
mitigate those risks. Amazon AWS and Sore’s impact will be elaborately discussed as well.
2. Consideration of the data and information that DAS holds on its employees in the
current HR system
2.1. Establishment of the existing threats and risks to the security of that data and
information contained in the in house HR database
The threats and risks associated with the database are –
i. Deployment failures: The failures related to database generally occurs due to
inattentive use of the database, generally the faulty issues occur at the time of execution of
the database files (Rhodes-Ousley, 2013). Though the database is developed and tested the
database is not tested as a whole, some bugs still exist and due to that technical fault, the
database fails.
1. Introduction
The Department of Administrative Services (DAS) gives multiple services to various
departments of the Australian State Government (Shostack, 2014); the multiple services
involve the contractor management, HR management, payroll management and procurement.
DAS is concerned about the security of the employees of the organisation and their sensitive
data.
This report will highlight prevalent risks and threats associated with the organisation
within in house HR database, will also showcase the risks and threats associated with the
employees, severity of the risks involved with the employee data. DAS has planned to move
to the cloud, the threats and the issues they can face will be detailed and the solutions to
mitigate those risks. Amazon AWS and Sore’s impact will be elaborately discussed as well.
2. Consideration of the data and information that DAS holds on its employees in the
current HR system
2.1. Establishment of the existing threats and risks to the security of that data and
information contained in the in house HR database
The threats and risks associated with the database are –
i. Deployment failures: The failures related to database generally occurs due to
inattentive use of the database, generally the faulty issues occur at the time of execution of
the database files (Rhodes-Ousley, 2013). Though the database is developed and tested the
database is not tested as a whole, some bugs still exist and due to that technical fault, the
database fails.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4CLOUD PRIVACY AND SECURITY
ii. Database security flaws: Due to security issues the worms and the virus attack
occurs within the database, the hackers take advantage of the bugs residing within the
database and acquire the personal information of the database.
Fig 1: Database data security threats and risks
(Source: Safa et al., 2015, pp-65-78)
iii. Data leaks: Database act as the back end of any business organisation and the
organisations generally want their database safe and secured, but the business organisations
actually cannot protect the database as a whole, the database is connected to the networking
interface, the intruders take advantage of the insecure network and exploit the network
completely (Haynes & Giblin, 2014).
iv. The misuse of the database: The misuse of the database and the underlying
database features also leads to the security breach of the database, the users integrate and
configured their database by adding various plugins, in this database becomes buggy and
ii. Database security flaws: Due to security issues the worms and the virus attack
occurs within the database, the hackers take advantage of the bugs residing within the
database and acquire the personal information of the database.
Fig 1: Database data security threats and risks
(Source: Safa et al., 2015, pp-65-78)
iii. Data leaks: Database act as the back end of any business organisation and the
organisations generally want their database safe and secured, but the business organisations
actually cannot protect the database as a whole, the database is connected to the networking
interface, the intruders take advantage of the insecure network and exploit the network
completely (Haynes & Giblin, 2014).
iv. The misuse of the database: The misuse of the database and the underlying
database features also leads to the security breach of the database, the users integrate and
configured their database by adding various plugins, in this database becomes buggy and
5CLOUD PRIVACY AND SECURITY
heavy and more vulnerable, in this way various loopholes get generated within the database
(Chockalingam et al., 2017).
v. Hopscotch approach: The hackers or the intruders here can gain access to the
database and acquire one’s personal data along with the account numbers without the use of
the credit card information, so the intruders are always in search for the loopholes (Albakri et
al., 2014).
vi. SQL injection: The front end database is not always secured with the firewall
technology and the variables are not tested for the SQL injection during the testing method.
vii. Key management: The database administrators often keep the important keys on
their disk drives, and there lies the vulnerability, placing those keys in the unprotected area of
the database can lead to disaster, through the loopholes the intruders can attack and can make
the system totally vulnerable to use (Chockalingam et al., 2017).
viii. Database inconsistency: The database developers and the database
administrators must check for the threat and vulnerabilities in the database daily if any
mishap occurs they should immediately make concern and update the details (Feng, Wang &
Li, 2014).
2.2. The risks and threats to the employee data after migration to a SaaS application
The possible risks associated are-
i. If the organisation holds sensitive data then moving to the cloud and manage those data can
be tough task initially, the compliance alternates will restrict the choices.
ii. If the organisation is earning benefits then they do not have to worry about moving to the
cloud so easily, as because the cloud computing requires maintenance, scaling and the
availability.
heavy and more vulnerable, in this way various loopholes get generated within the database
(Chockalingam et al., 2017).
v. Hopscotch approach: The hackers or the intruders here can gain access to the
database and acquire one’s personal data along with the account numbers without the use of
the credit card information, so the intruders are always in search for the loopholes (Albakri et
al., 2014).
vi. SQL injection: The front end database is not always secured with the firewall
technology and the variables are not tested for the SQL injection during the testing method.
vii. Key management: The database administrators often keep the important keys on
their disk drives, and there lies the vulnerability, placing those keys in the unprotected area of
the database can lead to disaster, through the loopholes the intruders can attack and can make
the system totally vulnerable to use (Chockalingam et al., 2017).
viii. Database inconsistency: The database developers and the database
administrators must check for the threat and vulnerabilities in the database daily if any
mishap occurs they should immediately make concern and update the details (Feng, Wang &
Li, 2014).
2.2. The risks and threats to the employee data after migration to a SaaS application
The possible risks associated are-
i. If the organisation holds sensitive data then moving to the cloud and manage those data can
be tough task initially, the compliance alternates will restrict the choices.
ii. If the organisation is earning benefits then they do not have to worry about moving to the
cloud so easily, as because the cloud computing requires maintenance, scaling and the
availability.
6CLOUD PRIVACY AND SECURITY
iii. The organisation will not able to deploy everything according to their choice, as cloud
vendor controls everything (Safa et al., 2015).
iv. The organisation will have to host a strong network server, based on which the
applications will be deployed; they have to bear extra cost due to this.
v. The organisation will have to pay to the cloud vendor every month for the update, for the
maintenance of the database.
vi. There is a risk of data security and privacy, that means the employees’ data can be hacked
and hence there is a risk the organisation’s security can be compromised due to the intruders,
virus and malware attacks. All these can lead to data theft.
vi. If any SaaS applications become unavailable then the business operations can be disrupted
and can suffer huge loss (de Gusmão et al., 2016). All the applications must be accessible all
throughout the day and night, and the server and the internet connection must be available all
throughout day and night, any kind of disruption will halt the entire business.
iii. The organisation will not able to deploy everything according to their choice, as cloud
vendor controls everything (Safa et al., 2015).
iv. The organisation will have to host a strong network server, based on which the
applications will be deployed; they have to bear extra cost due to this.
v. The organisation will have to pay to the cloud vendor every month for the update, for the
maintenance of the database.
vi. There is a risk of data security and privacy, that means the employees’ data can be hacked
and hence there is a risk the organisation’s security can be compromised due to the intruders,
virus and malware attacks. All these can lead to data theft.
vi. If any SaaS applications become unavailable then the business operations can be disrupted
and can suffer huge loss (de Gusmão et al., 2016). All the applications must be accessible all
throughout the day and night, and the server and the internet connection must be available all
throughout day and night, any kind of disruption will halt the entire business.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7CLOUD PRIVACY AND SECURITY
Fig 2: Employees’ data risk assessment
(Source: Feng, Wang & Li, 2014, pp-57-73)
vii. The organisation must have a backup plan or risk management plan to get access gain of
the data; this can definitely mitigate the disaster or help to control the risks (Shameli-Sendi,
Aghababaei-Barzegar & Cheriet, 2016).
viii. They have to follow the rules and regulations related to the data security procedures as
these can diminish the risks associated and should make sure their cloud vendors also abide
by the rules and regulations of the laws related to digital security and should follow the
requirements.
2.3. Assess the resulting severity of risk and threat to employee data
The employees’ data can be breached and the security risks associated with it are-
Theft: Deliberate attacks include the attack on the system over the insecure network
and the theft of those vital data or information, this may occur due to some grudge against the
organisation.
Neglect: The data of the employees can be lost when the hard disk drives are sold in
the market, the employees do not aware their laptop contains the important data, also when
their devices or the laptops or the mobiles malfunctions they hand it over to the local shop for
repair, the devices' data thus can be lost or compromised and in another scenario, the
intruders can purposefully delete or erase the data from the computer (Kirti et al., 2017).
Fig 2: Employees’ data risk assessment
(Source: Feng, Wang & Li, 2014, pp-57-73)
vii. The organisation must have a backup plan or risk management plan to get access gain of
the data; this can definitely mitigate the disaster or help to control the risks (Shameli-Sendi,
Aghababaei-Barzegar & Cheriet, 2016).
viii. They have to follow the rules and regulations related to the data security procedures as
these can diminish the risks associated and should make sure their cloud vendors also abide
by the rules and regulations of the laws related to digital security and should follow the
requirements.
2.3. Assess the resulting severity of risk and threat to employee data
The employees’ data can be breached and the security risks associated with it are-
Theft: Deliberate attacks include the attack on the system over the insecure network
and the theft of those vital data or information, this may occur due to some grudge against the
organisation.
Neglect: The data of the employees can be lost when the hard disk drives are sold in
the market, the employees do not aware their laptop contains the important data, also when
their devices or the laptops or the mobiles malfunctions they hand it over to the local shop for
repair, the devices' data thus can be lost or compromised and in another scenario, the
intruders can purposefully delete or erase the data from the computer (Kirti et al., 2017).
8CLOUD PRIVACY AND SECURITY
Fig 3: Data security design based on data threats and risks
(Source: Albakri et al., 2014, pp-2114-2124)
Loss: If the device gets lost then the data can be breached very easily, many time the
employees or the users do not set a password for their devices, the personal data can be easily
lost in this way (Cherdantseva et al., 2016). The intruders can see the sensitive organisation
emails and thus the organisation's data can be threatened due to those pitfalls.
Fig 3: Data security design based on data threats and risks
(Source: Albakri et al., 2014, pp-2114-2124)
Loss: If the device gets lost then the data can be breached very easily, many time the
employees or the users do not set a password for their devices, the personal data can be easily
lost in this way (Cherdantseva et al., 2016). The intruders can see the sensitive organisation
emails and thus the organisation's data can be threatened due to those pitfalls.
9CLOUD PRIVACY AND SECURITY
3. Consideration of the privacy of the data for those employees who will move to a SaaS
application
3.1. Establishment of the existing threats and risks to the privacy of that data and
information contained in the in house HR database
Privacy risks and the threats include
i. Privacy breaches: The leaking of sensitive information can lead to embarrassment
of the individual or employee in this case since the HR database is not secure, the privacy
breaches are possible.
ii. Issues related to anonymisation: The database is not programmed effectively to
uniquely identify an individual, hence if the employee updates the data of the database there
is a chance of data duplication (Younis, Malaiya, & Ray, 2014).
iii. Issues related to data masking: Data masking is the procedure to create a
structure similar to the inauthentic version of the organisation data; however, it is not the
standalone procedure to ensure the safety of the employee however, the data the breaches
stay inside (Landucci et al., 2017).
3.2. The risks and threats to the privacy of the employee data after migration to a SaaS
application
After migration to the cloud, after migration to the SaaS applications, the privacy
issues pertain, those are-
i. Unethical action: The SaaS applications assist in the finding out each and every
detail of the employees, it basically keeps track of every move the employees, thus it may
happen unknowingly they can reveal the information of the employees which may not be
3. Consideration of the privacy of the data for those employees who will move to a SaaS
application
3.1. Establishment of the existing threats and risks to the privacy of that data and
information contained in the in house HR database
Privacy risks and the threats include
i. Privacy breaches: The leaking of sensitive information can lead to embarrassment
of the individual or employee in this case since the HR database is not secure, the privacy
breaches are possible.
ii. Issues related to anonymisation: The database is not programmed effectively to
uniquely identify an individual, hence if the employee updates the data of the database there
is a chance of data duplication (Younis, Malaiya, & Ray, 2014).
iii. Issues related to data masking: Data masking is the procedure to create a
structure similar to the inauthentic version of the organisation data; however, it is not the
standalone procedure to ensure the safety of the employee however, the data the breaches
stay inside (Landucci et al., 2017).
3.2. The risks and threats to the privacy of the employee data after migration to a SaaS
application
After migration to the cloud, after migration to the SaaS applications, the privacy
issues pertain, those are-
i. Unethical action: The SaaS applications assist in the finding out each and every
detail of the employees, it basically keeps track of every move the employees, thus it may
happen unknowingly they can reveal the information of the employees which may not be
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10CLOUD PRIVACY AND SECURITY
illegal but may cost lives of the employees. It can ruin the lives of the employees completely
(Band et al., 2015).
ii. Inaccurate SaaS applications: The cloud applications are still in testing mode or
beta mode, so it may happen the database holds the incorrect data of the employees,
implementing wrong data models or faulty algorithms can result in unpredicted result, the
employees can be in trouble due to the mess up, the organisation can take any wrong action
against the person, and can get into trouble (Szwed & Skrzyński, 2014).
Fig 4: The risks incurred due to migration to cloud and its management
(Source: Haynes & Giblin, 2014, pp- 30-53)
illegal but may cost lives of the employees. It can ruin the lives of the employees completely
(Band et al., 2015).
ii. Inaccurate SaaS applications: The cloud applications are still in testing mode or
beta mode, so it may happen the database holds the incorrect data of the employees,
implementing wrong data models or faulty algorithms can result in unpredicted result, the
employees can be in trouble due to the mess up, the organisation can take any wrong action
against the person, and can get into trouble (Szwed & Skrzyński, 2014).
Fig 4: The risks incurred due to migration to cloud and its management
(Source: Haynes & Giblin, 2014, pp- 30-53)
11CLOUD PRIVACY AND SECURITY
iii. Discrimination: The organisation based on the analytics can discriminate among
the employees. The data is available to all the time, anyone can take the opportunity and seek
advantage of the data, and thus the privacy issues can be threatening (Modi et al., 2013).
iv. No legal protections: Currently there are no legal enhance protection of the data,
no specific rules and regulations as the cloud computing are relatively new; some can
illegally use the data (Best et al., 2017).
v. e-discovery concerns: The organisation can create documentation based on the
finding results which is unethical and in this way some sensitive information can pop up of
the employees.
3.3. Assess the resulting severity of risk and threat to the privacy of employee data
The severe risk and threat associated is the reveal of personal information of the
employees to the public. Therefore, there is an authentication demand of the employees to
solve the privacy issues related to cloud computing. This privacy issue can take away the life
of the employees. The hackers or the intruders can hack the HR database and can exploit
data; the personal information residing within can be threatened by this approach (Erdogan et
al., 2015). As the HR database contains all the important data of the employees it must be
secured, but since the cloud databases, as well as the SaaS applications, are impossible, it will
take time to bridge the gaps.
4. The threats and risks to the digital identities of Government employees from the
move to SaaS applications
The threats and the risks associated with the digital identities of the Government
employees from the move to the SaaS applications-
iii. Discrimination: The organisation based on the analytics can discriminate among
the employees. The data is available to all the time, anyone can take the opportunity and seek
advantage of the data, and thus the privacy issues can be threatening (Modi et al., 2013).
iv. No legal protections: Currently there are no legal enhance protection of the data,
no specific rules and regulations as the cloud computing are relatively new; some can
illegally use the data (Best et al., 2017).
v. e-discovery concerns: The organisation can create documentation based on the
finding results which is unethical and in this way some sensitive information can pop up of
the employees.
3.3. Assess the resulting severity of risk and threat to the privacy of employee data
The severe risk and threat associated is the reveal of personal information of the
employees to the public. Therefore, there is an authentication demand of the employees to
solve the privacy issues related to cloud computing. This privacy issue can take away the life
of the employees. The hackers or the intruders can hack the HR database and can exploit
data; the personal information residing within can be threatened by this approach (Erdogan et
al., 2015). As the HR database contains all the important data of the employees it must be
secured, but since the cloud databases, as well as the SaaS applications, are impossible, it will
take time to bridge the gaps.
4. The threats and risks to the digital identities of Government employees from the
move to SaaS applications
The threats and the risks associated with the digital identities of the Government
employees from the move to the SaaS applications-
12CLOUD PRIVACY AND SECURITY
The employees’ authenticity can be threatened if the move to the cloud SaaS
applications. Authenticity is the procedure by which the server can identify the employees or
the users who are accessing the internet, if the network is not authenticated properly, the
intruders will gain access to the system and attack the employees, the users can get into
serious trouble, the user can get into the trouble due to the lack of adequate firewall and.
insecure network. Thus the cloud network should have an effective network management
(Shuaibu et al., 2015). A Denial of Service attack can access the employees’ system and
sabotage the system, in this way the employees can lose their identity and will not able to
access their own device.
The eavesdropping involves the access over the network and accesses the chat
conversation carried out over the network illegally, the employees’ official conversation can
be accessed and thus they can get into serious trouble.
The masquerade includes the attack which hibernates the real identity of the owner
and by taking the employees' name they can communicate with others and can acquire the
sensitive information, thus the security of the organisation can be threatened (Bermudez,
2013).
The employees’ authenticity can be threatened if the move to the cloud SaaS
applications. Authenticity is the procedure by which the server can identify the employees or
the users who are accessing the internet, if the network is not authenticated properly, the
intruders will gain access to the system and attack the employees, the users can get into
serious trouble, the user can get into the trouble due to the lack of adequate firewall and.
insecure network. Thus the cloud network should have an effective network management
(Shuaibu et al., 2015). A Denial of Service attack can access the employees’ system and
sabotage the system, in this way the employees can lose their identity and will not able to
access their own device.
The eavesdropping involves the access over the network and accesses the chat
conversation carried out over the network illegally, the employees’ official conversation can
be accessed and thus they can get into serious trouble.
The masquerade includes the attack which hibernates the real identity of the owner
and by taking the employees' name they can communicate with others and can acquire the
sensitive information, thus the security of the organisation can be threatened (Bermudez,
2013).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13CLOUD PRIVACY AND SECURITY
Fig 5: Cloud computing- SaaS
(Source: Kshetri, 2013, pp-372-386)
The files exchanged over the network can also be threatened due to the insecure
network and the insecure SaaS applications (Almorsy, Grundy & Müller, 2016). The file can
be stolen in between and can be modified. In this way, the employees' identity and the
employees’ personal file can be hijacked.
Sabotage is the procedure where the intruders can lock the device of the victims by
accessing the devices of employees over the insecure SaaS applications.
The web site intrusion basically deals with the hijacking into employees’ data and
exploiting the sensitive data (Rong, Nguyen & Jaatun, 2013).
Thus the availability, confidentiality and integrity can be threatened due to the
security breaches and these are the risks involved if they are willing to move to the SaaS
cloud application (Ryan, 2013).
Fig 5: Cloud computing- SaaS
(Source: Kshetri, 2013, pp-372-386)
The files exchanged over the network can also be threatened due to the insecure
network and the insecure SaaS applications (Almorsy, Grundy & Müller, 2016). The file can
be stolen in between and can be modified. In this way, the employees' identity and the
employees’ personal file can be hijacked.
Sabotage is the procedure where the intruders can lock the device of the victims by
accessing the devices of employees over the insecure SaaS applications.
The web site intrusion basically deals with the hijacking into employees’ data and
exploiting the sensitive data (Rong, Nguyen & Jaatun, 2013).
Thus the availability, confidentiality and integrity can be threatened due to the
security breaches and these are the risks involved if they are willing to move to the SaaS
cloud application (Ryan, 2013).
14CLOUD PRIVACY AND SECURITY
5. Consideration of the operational solution and location(s) of the two SaaS providers
for HR and Contractor management
The two popular SaaS providers that can facilitate the organisations' digital security
risks are Shore.com and Amazon AWS.
Shore.com, a German based SaaS provider 441offers certain advantages, and it is
quite popular among the masses.Shore.com offers the following security to mitigate the risks
and control associated with the cloud security and the risks-
i. SaaS provides the platform where the organisation will not have to think about the future
updates and management of the applications (Kshetri, 2013). The organisation will not have
to take extra effort to secure the network, thus the employees, as well as they're sensitive, are
data are secured.
ii. SaaS share their cloud server so that the organisation does not have to pay huge expenses
to hire the cloud server from the vendor; additionally, it offers the safety and the security and
daily maintenance services (Rong, Nguyen & Jaatun, 2013). Thus overall, the employees can
acquire profitable services from the cloud vendor as well as from the organisation.
iii. SaaS embellish the execution of the cloud apps and in this way can provide the employees
agile effective services.
iv. SaaS apps can be accessed in any places at any time.
v. The security design involves the elements that describe the employees which data can be
shared and which data cannot be shared and Shore has certain policies regarding that.
5. Consideration of the operational solution and location(s) of the two SaaS providers
for HR and Contractor management
The two popular SaaS providers that can facilitate the organisations' digital security
risks are Shore.com and Amazon AWS.
Shore.com, a German based SaaS provider 441offers certain advantages, and it is
quite popular among the masses.Shore.com offers the following security to mitigate the risks
and control associated with the cloud security and the risks-
i. SaaS provides the platform where the organisation will not have to think about the future
updates and management of the applications (Kshetri, 2013). The organisation will not have
to take extra effort to secure the network, thus the employees, as well as they're sensitive, are
data are secured.
ii. SaaS share their cloud server so that the organisation does not have to pay huge expenses
to hire the cloud server from the vendor; additionally, it offers the safety and the security and
daily maintenance services (Rong, Nguyen & Jaatun, 2013). Thus overall, the employees can
acquire profitable services from the cloud vendor as well as from the organisation.
iii. SaaS embellish the execution of the cloud apps and in this way can provide the employees
agile effective services.
iv. SaaS apps can be accessed in any places at any time.
v. The security design involves the elements that describe the employees which data can be
shared and which data cannot be shared and Shore has certain policies regarding that.
15CLOUD PRIVACY AND SECURITY
Fig 6: Shore cloud platform
(Source: "Vereinfachen Sie Ihr Geschäftsleben mit Shore!", 2017 )
vi. Shore provides better CRM facilities; in this scenario, Shore can provide benefits to the
organisation as well as the organisations' employees. The Shore can keep track of the
employees’ data, can monitor them and in this way they the organisation can know their
employees’ interests and demands (Almorsy, Grundy & Müller, 2016). In addition, due to the
secure database, they do not have to worry about the security of the employees, also they do
not have worry about the records, the sensitive data can be tracked and maintained by the
Shore, the Shore provides the facility to keep track of a huge list of employees and any
associated information. They can access the employee data all at once from the database
anywhere anytime, this saves a lot of time of the clients and the employees (Band et al.,
2015). Shore offers the secured CRM services from which the employees can be largely
benefitted.
Amazon AWS, a US based SaaS provider provide the various security capabilities –
Fig 6: Shore cloud platform
(Source: "Vereinfachen Sie Ihr Geschäftsleben mit Shore!", 2017 )
vi. Shore provides better CRM facilities; in this scenario, Shore can provide benefits to the
organisation as well as the organisations' employees. The Shore can keep track of the
employees’ data, can monitor them and in this way they the organisation can know their
employees’ interests and demands (Almorsy, Grundy & Müller, 2016). In addition, due to the
secure database, they do not have to worry about the security of the employees, also they do
not have worry about the records, the sensitive data can be tracked and maintained by the
Shore, the Shore provides the facility to keep track of a huge list of employees and any
associated information. They can access the employee data all at once from the database
anywhere anytime, this saves a lot of time of the clients and the employees (Band et al.,
2015). Shore offers the secured CRM services from which the employees can be largely
benefitted.
Amazon AWS, a US based SaaS provider provide the various security capabilities –
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
16CLOUD PRIVACY AND SECURITY
i. Infrastructure capabilities: Amazon has network firewalls which are incorporated
with the Amazon PVC and the firewalls associated with the web apps create opportunities for
Amazon and help in gain access to the cloud platform. This offers private and dedicated
connected service from anywhere.
ii. DDoS attack: Amazon has a specific defence strategy to fight against the DDoS
attack. The AWS services can mitigate the risks associated with the DDoS attack (Bermudez
et al., 2013). The features of Amazon AWS services like Amazon 53, auto scaling and
Amazon CloudFront assist to diminish the adverse effect of the DDoS attack.
iii. Data Encryption: Redshift, EBS, Oracle RDS, S3, SQL Server RDS offers the
data encryption capabilities which will protect the employee's data and it is not easy for the
intruders to break the shackles (Bermudez et al., 2013). The dedicated software and hardware
solutions from Amazon thus assist in securing the database.
i. Infrastructure capabilities: Amazon has network firewalls which are incorporated
with the Amazon PVC and the firewalls associated with the web apps create opportunities for
Amazon and help in gain access to the cloud platform. This offers private and dedicated
connected service from anywhere.
ii. DDoS attack: Amazon has a specific defence strategy to fight against the DDoS
attack. The AWS services can mitigate the risks associated with the DDoS attack (Bermudez
et al., 2013). The features of Amazon AWS services like Amazon 53, auto scaling and
Amazon CloudFront assist to diminish the adverse effect of the DDoS attack.
iii. Data Encryption: Redshift, EBS, Oracle RDS, S3, SQL Server RDS offers the
data encryption capabilities which will protect the employee's data and it is not easy for the
intruders to break the shackles (Bermudez et al., 2013). The dedicated software and hardware
solutions from Amazon thus assist in securing the database.
17CLOUD PRIVACY AND SECURITY
Fig 7: Amazon AWS cloud platform
(Source: Bermudez et al., 2013, pp. 230-234)
iv. Advance Management tools: The advanced management tools like AWS Config,
Amazon Inspector assist to identify the AWS resources and this help into the track and
manage changes to the resources made.
v. Policies: Amazon offers specific policies-
AWS Directory Services, AWS Identity and Access Management (IAM) and AWS Multi-
Factor Authentication help to manage and define the user policies for the benefits of AWS
services and the employees (Band et al., 2015).
6. The issues of data sensitivity or jurisdiction that should be considered other than the
issues discussed
DAS must adopt the IaaS cloud architecture for good alongside the SaaS solutions. To
prevent security breaches IaaS security framework can be the best solution for the
organization. IaaS provides the best hardware, software and applications solutions for the
organization; it replaces the outdated hardware and software with the new ones (Band et al.,
2015). The cloud vendor like Amazon provides the cloud architecture, they regularly update
and maintain the components, so the organization need not have to worry, the outdated
software and hardware the organization uses can be a threat as the intruders and attackers can
take advantage of this outdated resources and can exploit them at will (Feng, Wang & Li,
2014). Since it is advisable to use the updated hardware and software the organization must
update their hardware and software or they will have to adopt the IaaS solution.
Fig 7: Amazon AWS cloud platform
(Source: Bermudez et al., 2013, pp. 230-234)
iv. Advance Management tools: The advanced management tools like AWS Config,
Amazon Inspector assist to identify the AWS resources and this help into the track and
manage changes to the resources made.
v. Policies: Amazon offers specific policies-
AWS Directory Services, AWS Identity and Access Management (IAM) and AWS Multi-
Factor Authentication help to manage and define the user policies for the benefits of AWS
services and the employees (Band et al., 2015).
6. The issues of data sensitivity or jurisdiction that should be considered other than the
issues discussed
DAS must adopt the IaaS cloud architecture for good alongside the SaaS solutions. To
prevent security breaches IaaS security framework can be the best solution for the
organization. IaaS provides the best hardware, software and applications solutions for the
organization; it replaces the outdated hardware and software with the new ones (Band et al.,
2015). The cloud vendor like Amazon provides the cloud architecture, they regularly update
and maintain the components, so the organization need not have to worry, the outdated
software and hardware the organization uses can be a threat as the intruders and attackers can
take advantage of this outdated resources and can exploit them at will (Feng, Wang & Li,
2014). Since it is advisable to use the updated hardware and software the organization must
update their hardware and software or they will have to adopt the IaaS solution.
18CLOUD PRIVACY AND SECURITY
7. Conclusion
It can be concluded from the above discourse that DAS employees can be greatly
benefitted from the cloud vendor Shore and Amazon AWS in terms of advanced cloud
solutions and advanced security solutions. DAS employees enter the data and so the
organization is concerned about the security and privacy issues of the employees. The result
highlighted all the security threats and risks within in house HR database. The report also
focused on the threats and risks associated with the DAS employees and also the severities of
risks of the employees have been explained. Since DAS decides to move to the cloud, their
approach is to enhance the business as well as the security of the organization as well as the
employees. The threats related to digital identities have been elaborated in this report as well.
The two operational solutions to secure and protect the HR database have been showcased in
this report. Further, the use of IaaS solution has been showcased in this report.
7. Conclusion
It can be concluded from the above discourse that DAS employees can be greatly
benefitted from the cloud vendor Shore and Amazon AWS in terms of advanced cloud
solutions and advanced security solutions. DAS employees enter the data and so the
organization is concerned about the security and privacy issues of the employees. The result
highlighted all the security threats and risks within in house HR database. The report also
focused on the threats and risks associated with the DAS employees and also the severities of
risks of the employees have been explained. Since DAS decides to move to the cloud, their
approach is to enhance the business as well as the security of the organization as well as the
employees. The threats related to digital identities have been elaborated in this report as well.
The two operational solutions to secure and protect the HR database have been showcased in
this report. Further, the use of IaaS solution has been showcased in this report.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
19CLOUD PRIVACY AND SECURITY
8. References
Albakri, S. H., Shanmugam, B., Samy, G. N., Idris, N. B., & Ahmed, A. (2014). Security risk
assessment framework for cloud computing environments. Security and
Communication Networks, 7(11), 2114-2124.
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Band, I., Engelsman, W., Feltus, B. C., Paredes, S. G., & Diligens, D. (2015). Modeling
Enterprise Risk Management and Security with the ArchiMate®.
Bermudez, I., Traverso, S., Mellia, M., & Munafo, M. (2013, April). Exploring the cloud
from passive measurements: The Amazon AWS case. In INFOCOM, 2013
Proceedings IEEE (pp. 230-234). IEEE.
Best, D. M., Bhatia, J., Peterson, E. S., & Breaux, T. D. (2017, April). Improved cyber threat
indicator sharing by scoring privacy risk. In Technologies for Homeland Security
(HST), 2017 IEEE International Symposium on (pp. 1-5). IEEE.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K.
(2016). A review of cyber security risk assessment methods for SCADA
systems. computers & security, 56, 1-27.
Chockalingam, S., Hadziosmanovic, D., Pieters, W., Teixeira, A., & van Gelder, P. (2017).
Integrated Safety and Security Risk Assessment Methods: Key Characteristics and
Applications. arXiv preprint arXiv:1707.02140.
de Gusmão, A. P. H., e Silva, L. C., Silva, M. M., Poleto, T., & Costa, A. P. C. S. (2016).
Information security risk analysis model using fuzzy decision theory. International
Journal of Information Management, 36(1), 25-34.
8. References
Albakri, S. H., Shanmugam, B., Samy, G. N., Idris, N. B., & Ahmed, A. (2014). Security risk
assessment framework for cloud computing environments. Security and
Communication Networks, 7(11), 2114-2124.
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Band, I., Engelsman, W., Feltus, B. C., Paredes, S. G., & Diligens, D. (2015). Modeling
Enterprise Risk Management and Security with the ArchiMate®.
Bermudez, I., Traverso, S., Mellia, M., & Munafo, M. (2013, April). Exploring the cloud
from passive measurements: The Amazon AWS case. In INFOCOM, 2013
Proceedings IEEE (pp. 230-234). IEEE.
Best, D. M., Bhatia, J., Peterson, E. S., & Breaux, T. D. (2017, April). Improved cyber threat
indicator sharing by scoring privacy risk. In Technologies for Homeland Security
(HST), 2017 IEEE International Symposium on (pp. 1-5). IEEE.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K.
(2016). A review of cyber security risk assessment methods for SCADA
systems. computers & security, 56, 1-27.
Chockalingam, S., Hadziosmanovic, D., Pieters, W., Teixeira, A., & van Gelder, P. (2017).
Integrated Safety and Security Risk Assessment Methods: Key Characteristics and
Applications. arXiv preprint arXiv:1707.02140.
de Gusmão, A. P. H., e Silva, L. C., Silva, M. M., Poleto, T., & Costa, A. P. C. S. (2016).
Information security risk analysis model using fuzzy decision theory. International
Journal of Information Management, 36(1), 25-34.
20CLOUD PRIVACY AND SECURITY
Erdogan, G., Seehusen, F., Stølen, K., Hofstad, J., & Aagedal, J. Ø. (2015). Assessing the
usefulness of testing for validating and correcting security risk models based on two
industrial case studies. International Journal of Secure Software Engineering
(IJSSE), 6(2), 90-112.
Feng, N., Wang, H. J., & Li, M. (2014). A security risk analysis model for information
systems: Causal relationships of risk factors and vulnerability propagation
analysis. Information sciences, 256, 57-73.
Haynes, M. R., & Giblin, M. J. (2014). Homeland security risk and preparedness in police
agencies: The insignificance of actual risk factors. Police Quarterly, 17(1), 30-53.
Kirti, G., Gupta, R., Biswas, K., & Turlapati, R. R. S. (2017). Washington, DC: U.S. Patent
and Trademark Office.
Kshetri, N. (2013). Privacy and security issues in cloud computing: The role of institutions
and institutional evolution. Telecommunications Policy, 37(4), 372-386.
Landucci, G., Argenti, F., Cozzani, V., & Reniers, G. (2017). Assessment of attack likelihood
to support security risk assessment studies for chemical facilities. Process Safety and
Environmental Protection.
Modi, C., Patel, D., Borisaniya, B., Patel, A., & Rajarajan, M. (2013). A survey on security
issues and solutions at different layers of Cloud computing. The Journal of
Supercomputing, 63(2), 561-592.
Rhodes-Ousley, M. (2013). Information security the complete reference. McGraw Hill
Professional.
Erdogan, G., Seehusen, F., Stølen, K., Hofstad, J., & Aagedal, J. Ø. (2015). Assessing the
usefulness of testing for validating and correcting security risk models based on two
industrial case studies. International Journal of Secure Software Engineering
(IJSSE), 6(2), 90-112.
Feng, N., Wang, H. J., & Li, M. (2014). A security risk analysis model for information
systems: Causal relationships of risk factors and vulnerability propagation
analysis. Information sciences, 256, 57-73.
Haynes, M. R., & Giblin, M. J. (2014). Homeland security risk and preparedness in police
agencies: The insignificance of actual risk factors. Police Quarterly, 17(1), 30-53.
Kirti, G., Gupta, R., Biswas, K., & Turlapati, R. R. S. (2017). Washington, DC: U.S. Patent
and Trademark Office.
Kshetri, N. (2013). Privacy and security issues in cloud computing: The role of institutions
and institutional evolution. Telecommunications Policy, 37(4), 372-386.
Landucci, G., Argenti, F., Cozzani, V., & Reniers, G. (2017). Assessment of attack likelihood
to support security risk assessment studies for chemical facilities. Process Safety and
Environmental Protection.
Modi, C., Patel, D., Borisaniya, B., Patel, A., & Rajarajan, M. (2013). A survey on security
issues and solutions at different layers of Cloud computing. The Journal of
Supercomputing, 63(2), 561-592.
Rhodes-Ousley, M. (2013). Information security the complete reference. McGraw Hill
Professional.
21CLOUD PRIVACY AND SECURITY
Rong, C., Nguyen, S. T., & Jaatun, M. G. (2013). Beyond lightning: A survey on security
challenges in cloud computing. Computers & Electrical Engineering, 39(1), 47-54.
Ryan, M. D. (2013). Cloud computing security: The scientific challenge, and a survey of
solutions. Journal of Systems and Software, 86(9), 2263-2268.
Safa, N. S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N. A., & Herawan, T. (2015).
Information security conscious care behaviour formation in organizations. Computers
& Security, 53, 65-78.
Shameli-Sendi, A., Aghababaei-Barzegar, R., & Cheriet, M. (2016). Taxonomy of
information security risk assessment (ISRA). Computers & Security, 57, 14-30.
Shostack, A. (2014). Threat modeling: Designing for security. John Wiley & Sons.
Shuaibu, B. M., Norwawi, N. M., Selamat, M. H., & Al-Alwani, A. (2015). Systematic
review of web application security development model. Artificial Intelligence
Review, 43(2), 259-276.
Szwed, P., & Skrzyński, P. (2014). A new lightweight method for security risk assessment
based on fuzzy cognitive maps. International Journal of Applied Mathematics and
Computer Science, 24(1), 213-225.
Vereinfachen Sie Ihr Geschäftsleben mit Shore!. (2017). Shore.com. Retrieved 2 September
2017, from https://www.shore.com/de/
Younis, A. A., Malaiya, Y. K., & Ray, I. (2014, January). Using attack surface entry points
and reachability analysis to assess the risk of software vulnerability exploitability.
In High-Assurance Systems Engineering (HASE), 2014 IEEE 15th International
Symposium on (pp. 1-8). IEEE.
Rong, C., Nguyen, S. T., & Jaatun, M. G. (2013). Beyond lightning: A survey on security
challenges in cloud computing. Computers & Electrical Engineering, 39(1), 47-54.
Ryan, M. D. (2013). Cloud computing security: The scientific challenge, and a survey of
solutions. Journal of Systems and Software, 86(9), 2263-2268.
Safa, N. S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N. A., & Herawan, T. (2015).
Information security conscious care behaviour formation in organizations. Computers
& Security, 53, 65-78.
Shameli-Sendi, A., Aghababaei-Barzegar, R., & Cheriet, M. (2016). Taxonomy of
information security risk assessment (ISRA). Computers & Security, 57, 14-30.
Shostack, A. (2014). Threat modeling: Designing for security. John Wiley & Sons.
Shuaibu, B. M., Norwawi, N. M., Selamat, M. H., & Al-Alwani, A. (2015). Systematic
review of web application security development model. Artificial Intelligence
Review, 43(2), 259-276.
Szwed, P., & Skrzyński, P. (2014). A new lightweight method for security risk assessment
based on fuzzy cognitive maps. International Journal of Applied Mathematics and
Computer Science, 24(1), 213-225.
Vereinfachen Sie Ihr Geschäftsleben mit Shore!. (2017). Shore.com. Retrieved 2 September
2017, from https://www.shore.com/de/
Younis, A. A., Malaiya, Y. K., & Ray, I. (2014, January). Using attack surface entry points
and reachability analysis to assess the risk of software vulnerability exploitability.
In High-Assurance Systems Engineering (HASE), 2014 IEEE 15th International
Symposium on (pp. 1-8). IEEE.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
22CLOUD PRIVACY AND SECURITY
1 out of 23
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.