Cloud Privacy and Security Report: HR Data Security and Privacy
VerifiedAdded on 2020/02/23
|23
|5094
|679
Report
AI Summary
This report addresses the cloud privacy and security concerns of the Department of Administrative Services (DAS) regarding its employee data. It begins by examining the current threats and risks within the in-house HR database, including deployment failures, security flaws, data leaks, misuse, and SQL injection vulnerabilities. The report then assesses the risks and threats associated with migrating to SaaS applications, considering factors like compliance, maintenance costs, data security, and potential disruptions. It evaluates the severity of these risks, including data theft, neglect, and loss, while also considering privacy issues like breaches, anonymization problems, and data masking inadequacies. The report further explores the risks to digital identities and potential discrimination. It also provides considerations for operational solutions and locations of SaaS providers, and concludes with a discussion of data sensitivity and jurisdictional issues. The report emphasizes the importance of backup plans, adherence to data security regulations, and mitigation strategies to safeguard employee data.
Running head: CLOUD PRIVACY AND SECURITY
Cloud Privacy and Security
Name of the Student
Name of the University
Author’s note
Cloud Privacy and Security
Name of the Student
Name of the University
Author’s note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1CLOUD PRIVACY AND SECURITY
Executive Summary
The Department of Administrative Services (DAS) gives multiple services to various
departments of the Australian State Government; the multiple services involve the contractor
management, HR management, payroll management and procurement. DAS is concerned
about the security of the employees of the organisation and their sensitive data. DAS
employees can be greatly benefitted from the cloud vendor Shore and Amazon AWS in terms
of advanced cloud solutions and advanced security solutions. DAS employees enter the data
and so the organization is concerned about the security and privacy issues of the employees.
The result highlighted all the security threats and risks within in house HR database. The
report also focused on the threats and risks associated with the DAS employees and also the
severities of risks of the employees have been explained. Since DAS decides to move to the
cloud, their approach is to enhance the business as well as the security of the organization as
well as the employees. The threats related to digital identities have been elaborated in this
report as well. The two operational solutions to secure and protect the HR database have been
showcased in this report. Further, the usage of IaaS solution has been highlighted in the
report.
Executive Summary
The Department of Administrative Services (DAS) gives multiple services to various
departments of the Australian State Government; the multiple services involve the contractor
management, HR management, payroll management and procurement. DAS is concerned
about the security of the employees of the organisation and their sensitive data. DAS
employees can be greatly benefitted from the cloud vendor Shore and Amazon AWS in terms
of advanced cloud solutions and advanced security solutions. DAS employees enter the data
and so the organization is concerned about the security and privacy issues of the employees.
The result highlighted all the security threats and risks within in house HR database. The
report also focused on the threats and risks associated with the DAS employees and also the
severities of risks of the employees have been explained. Since DAS decides to move to the
cloud, their approach is to enhance the business as well as the security of the organization as
well as the employees. The threats related to digital identities have been elaborated in this
report as well. The two operational solutions to secure and protect the HR database have been
showcased in this report. Further, the usage of IaaS solution has been highlighted in the
report.
2CLOUD PRIVACY AND SECURITY
Table of Contents
1. Introduction............................................................................................................................3
2. Consideration of the data and information that DAS holds on its employees in the current
HR system..................................................................................................................................3
2.1. Establishment of the existing threats and risks to the security of that data and
information contained in the in house HR database...............................................................3
2.2. The risks and threats to the employee data after migration to a SaaS application..........5
2.3. Assess the resulting severity of risk and threat to employee data...................................7
3. Consideration of the privacy of the data for those employees who will move to a SaaS
application..................................................................................................................................9
3.1. Establishment of the existing threats and risks to the privacy of that data and
information contained in the in house HR database...............................................................9
3.2. The risks and threats to the privacy of the employee data after migration to a SaaS
application..............................................................................................................................9
3.3. Assess the resulting severity of risk and threat to the privacy of employee data..........11
4. The threats and risks to the digital identities of Government employees from the move to
SaaS applications.....................................................................................................................11
5. Consideration of the operational solution and location(s) of the two SaaS providers for HR
and Contractor management....................................................................................................13
6. The issues of data sensitivity or jurisdiction that should be considered other than the issues
discussed..................................................................................................................................17
7. Conclusion............................................................................................................................17
8. References............................................................................................................................18
Table of Contents
1. Introduction............................................................................................................................3
2. Consideration of the data and information that DAS holds on its employees in the current
HR system..................................................................................................................................3
2.1. Establishment of the existing threats and risks to the security of that data and
information contained in the in house HR database...............................................................3
2.2. The risks and threats to the employee data after migration to a SaaS application..........5
2.3. Assess the resulting severity of risk and threat to employee data...................................7
3. Consideration of the privacy of the data for those employees who will move to a SaaS
application..................................................................................................................................9
3.1. Establishment of the existing threats and risks to the privacy of that data and
information contained in the in house HR database...............................................................9
3.2. The risks and threats to the privacy of the employee data after migration to a SaaS
application..............................................................................................................................9
3.3. Assess the resulting severity of risk and threat to the privacy of employee data..........11
4. The threats and risks to the digital identities of Government employees from the move to
SaaS applications.....................................................................................................................11
5. Consideration of the operational solution and location(s) of the two SaaS providers for HR
and Contractor management....................................................................................................13
6. The issues of data sensitivity or jurisdiction that should be considered other than the issues
discussed..................................................................................................................................17
7. Conclusion............................................................................................................................17
8. References............................................................................................................................18
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3CLOUD PRIVACY AND SECURITY
1. Introduction
The Department of Administrative Services (DAS) gives multiple services to various
departments of the Australian State Government (Shostack, 2014); the multiple services
involve the contractor management, HR management, payroll management and procurement.
DAS is concerned about the security of the employees of the organisation and their sensitive
data.
This report will highlight prevalent risks and threats associated with the organisation
within in house HR database, will also showcase the risks and threats associated with the
employees, severity of the risks involved with the employee data. DAS has planned to move
to the cloud, the threats and the issues they can face will be detailed and the solutions to
mitigate those risks. Amazon AWS and Sore’s impact will be elaborately discussed as well.
2. Consideration of the data and information that DAS holds on its employees in the
current HR system
2.1. Establishment of the existing threats and risks to the security of that data and
information contained in the in house HR database
The threats and risks associated with the database are –
i. Deployment failures: The failures related to database generally occurs due to
inattentive use of the database, generally the faulty issues occur at the time of execution of
the database files (Rhodes-Ousley, 2013). Though the database is developed and tested the
database is not tested as a whole, some bugs still exist and due to that technical fault, the
database fails.
1. Introduction
The Department of Administrative Services (DAS) gives multiple services to various
departments of the Australian State Government (Shostack, 2014); the multiple services
involve the contractor management, HR management, payroll management and procurement.
DAS is concerned about the security of the employees of the organisation and their sensitive
data.
This report will highlight prevalent risks and threats associated with the organisation
within in house HR database, will also showcase the risks and threats associated with the
employees, severity of the risks involved with the employee data. DAS has planned to move
to the cloud, the threats and the issues they can face will be detailed and the solutions to
mitigate those risks. Amazon AWS and Sore’s impact will be elaborately discussed as well.
2. Consideration of the data and information that DAS holds on its employees in the
current HR system
2.1. Establishment of the existing threats and risks to the security of that data and
information contained in the in house HR database
The threats and risks associated with the database are –
i. Deployment failures: The failures related to database generally occurs due to
inattentive use of the database, generally the faulty issues occur at the time of execution of
the database files (Rhodes-Ousley, 2013). Though the database is developed and tested the
database is not tested as a whole, some bugs still exist and due to that technical fault, the
database fails.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4CLOUD PRIVACY AND SECURITY
ii. Database security flaws: Due to security issues the worms and the virus attack
occurs within the database, the hackers take advantage of the bugs residing within the
database and acquire the personal information of the database.
Fig 1: Database data security threats and risks
(Source: Safa et al., 2015, pp-65-78)
iii. Data leaks: Database act as the back end of any business organisation and the
organisations generally want their database safe and secured, but the business organisations
actually cannot protect the database as a whole, the database is connected to the networking
interface, the intruders take advantage of the insecure network and exploit the network
completely (Haynes & Giblin, 2014).
iv. The misuse of the database: The misuse of the database and the underlying
database features also leads to the security breach of the database, the users integrate and
configured their database by adding various plugins, in this database becomes buggy and
ii. Database security flaws: Due to security issues the worms and the virus attack
occurs within the database, the hackers take advantage of the bugs residing within the
database and acquire the personal information of the database.
Fig 1: Database data security threats and risks
(Source: Safa et al., 2015, pp-65-78)
iii. Data leaks: Database act as the back end of any business organisation and the
organisations generally want their database safe and secured, but the business organisations
actually cannot protect the database as a whole, the database is connected to the networking
interface, the intruders take advantage of the insecure network and exploit the network
completely (Haynes & Giblin, 2014).
iv. The misuse of the database: The misuse of the database and the underlying
database features also leads to the security breach of the database, the users integrate and
configured their database by adding various plugins, in this database becomes buggy and
5CLOUD PRIVACY AND SECURITY
heavy and more vulnerable, in this way various loopholes get generated within the database
(Chockalingam et al., 2017).
v. Hopscotch approach: The hackers or the intruders here can gain access to the
database and acquire one’s personal data along with the account numbers without the use of
the credit card information, so the intruders are always in search for the loopholes (Albakri et
al., 2014).
vi. SQL injection: The front end database is not always secured with the firewall
technology and the variables are not tested for the SQL injection during the testing method.
vii. Key management: The database administrators often keep the important keys on
their disk drives, and there lies the vulnerability, placing those keys in the unprotected area of
the database can lead to disaster, through the loopholes the intruders can attack and can make
the system totally vulnerable to use (Chockalingam et al., 2017).
viii. Database inconsistency: The database developers and the database
administrators must check for the threat and vulnerabilities in the database daily if any
mishap occurs they should immediately make concern and update the details (Feng, Wang &
Li, 2014).
2.2. The risks and threats to the employee data after migration to a SaaS application
The possible risks associated are-
i. If the organisation holds sensitive data then moving to the cloud and manage those data can
be tough task initially, the compliance alternates will restrict the choices.
ii. If the organisation is earning benefits then they do not have to worry about moving to the
cloud so easily, as because the cloud computing requires maintenance, scaling and the
availability.
heavy and more vulnerable, in this way various loopholes get generated within the database
(Chockalingam et al., 2017).
v. Hopscotch approach: The hackers or the intruders here can gain access to the
database and acquire one’s personal data along with the account numbers without the use of
the credit card information, so the intruders are always in search for the loopholes (Albakri et
al., 2014).
vi. SQL injection: The front end database is not always secured with the firewall
technology and the variables are not tested for the SQL injection during the testing method.
vii. Key management: The database administrators often keep the important keys on
their disk drives, and there lies the vulnerability, placing those keys in the unprotected area of
the database can lead to disaster, through the loopholes the intruders can attack and can make
the system totally vulnerable to use (Chockalingam et al., 2017).
viii. Database inconsistency: The database developers and the database
administrators must check for the threat and vulnerabilities in the database daily if any
mishap occurs they should immediately make concern and update the details (Feng, Wang &
Li, 2014).
2.2. The risks and threats to the employee data after migration to a SaaS application
The possible risks associated are-
i. If the organisation holds sensitive data then moving to the cloud and manage those data can
be tough task initially, the compliance alternates will restrict the choices.
ii. If the organisation is earning benefits then they do not have to worry about moving to the
cloud so easily, as because the cloud computing requires maintenance, scaling and the
availability.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6CLOUD PRIVACY AND SECURITY
iii. The organisation will not able to deploy everything according to their choice, as cloud
vendor controls everything (Safa et al., 2015).
iv. The organisation will have to host a strong network server, based on which the
applications will be deployed; they have to bear extra cost due to this.
v. The organisation will have to pay to the cloud vendor every month for the update, for the
maintenance of the database.
vi. There is a risk of data security and privacy, that means the employees’ data can be hacked
and hence there is a risk the organisation’s security can be compromised due to the intruders,
virus and malware attacks. All these can lead to data theft.
vi. If any SaaS applications become unavailable then the business operations can be disrupted
and can suffer huge loss (de Gusmão et al., 2016). All the applications must be accessible all
throughout the day and night, and the server and the internet connection must be available all
throughout day and night, any kind of disruption will halt the entire business.
iii. The organisation will not able to deploy everything according to their choice, as cloud
vendor controls everything (Safa et al., 2015).
iv. The organisation will have to host a strong network server, based on which the
applications will be deployed; they have to bear extra cost due to this.
v. The organisation will have to pay to the cloud vendor every month for the update, for the
maintenance of the database.
vi. There is a risk of data security and privacy, that means the employees’ data can be hacked
and hence there is a risk the organisation’s security can be compromised due to the intruders,
virus and malware attacks. All these can lead to data theft.
vi. If any SaaS applications become unavailable then the business operations can be disrupted
and can suffer huge loss (de Gusmão et al., 2016). All the applications must be accessible all
throughout the day and night, and the server and the internet connection must be available all
throughout day and night, any kind of disruption will halt the entire business.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7CLOUD PRIVACY AND SECURITY
Fig 2: Employees’ data risk assessment
(Source: Feng, Wang & Li, 2014, pp-57-73)
vii. The organisation must have a backup plan or risk management plan to get access gain of
the data; this can definitely mitigate the disaster or help to control the risks (Shameli-Sendi,
Aghababaei-Barzegar & Cheriet, 2016).
viii. They have to follow the rules and regulations related to the data security procedures as
these can diminish the risks associated and should make sure their cloud vendors also abide
by the rules and regulations of the laws related to digital security and should follow the
requirements.
2.3. Assess the resulting severity of risk and threat to employee data
The employees’ data can be breached and the security risks associated with it are-
Theft: Deliberate attacks include the attack on the system over the insecure network
and the theft of those vital data or information, this may occur due to some grudge against the
organisation.
Neglect: The data of the employees can be lost when the hard disk drives are sold in
the market, the employees do not aware their laptop contains the important data, also when
their devices or the laptops or the mobiles malfunctions they hand it over to the local shop for
repair, the devices' data thus can be lost or compromised and in another scenario, the
intruders can purposefully delete or erase the data from the computer (Kirti et al., 2017).
Fig 2: Employees’ data risk assessment
(Source: Feng, Wang & Li, 2014, pp-57-73)
vii. The organisation must have a backup plan or risk management plan to get access gain of
the data; this can definitely mitigate the disaster or help to control the risks (Shameli-Sendi,
Aghababaei-Barzegar & Cheriet, 2016).
viii. They have to follow the rules and regulations related to the data security procedures as
these can diminish the risks associated and should make sure their cloud vendors also abide
by the rules and regulations of the laws related to digital security and should follow the
requirements.
2.3. Assess the resulting severity of risk and threat to employee data
The employees’ data can be breached and the security risks associated with it are-
Theft: Deliberate attacks include the attack on the system over the insecure network
and the theft of those vital data or information, this may occur due to some grudge against the
organisation.
Neglect: The data of the employees can be lost when the hard disk drives are sold in
the market, the employees do not aware their laptop contains the important data, also when
their devices or the laptops or the mobiles malfunctions they hand it over to the local shop for
repair, the devices' data thus can be lost or compromised and in another scenario, the
intruders can purposefully delete or erase the data from the computer (Kirti et al., 2017).
8CLOUD PRIVACY AND SECURITY
Fig 3: Data security design based on data threats and risks
(Source: Albakri et al., 2014, pp-2114-2124)
Loss: If the device gets lost then the data can be breached very easily, many time the
employees or the users do not set a password for their devices, the personal data can be easily
lost in this way (Cherdantseva et al., 2016). The intruders can see the sensitive organisation
emails and thus the organisation's data can be threatened due to those pitfalls.
Fig 3: Data security design based on data threats and risks
(Source: Albakri et al., 2014, pp-2114-2124)
Loss: If the device gets lost then the data can be breached very easily, many time the
employees or the users do not set a password for their devices, the personal data can be easily
lost in this way (Cherdantseva et al., 2016). The intruders can see the sensitive organisation
emails and thus the organisation's data can be threatened due to those pitfalls.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9CLOUD PRIVACY AND SECURITY
3. Consideration of the privacy of the data for those employees who will move to a SaaS
application
3.1. Establishment of the existing threats and risks to the privacy of that data and
information contained in the in house HR database
Privacy risks and the threats include
i. Privacy breaches: The leaking of sensitive information can lead to embarrassment
of the individual or employee in this case since the HR database is not secure, the privacy
breaches are possible.
ii. Issues related to anonymisation: The database is not programmed effectively to
uniquely identify an individual, hence if the employee updates the data of the database there
is a chance of data duplication (Younis, Malaiya, & Ray, 2014).
iii. Issues related to data masking: Data masking is the procedure to create a
structure similar to the inauthentic version of the organisation data; however, it is not the
standalone procedure to ensure the safety of the employee however, the data the breaches
stay inside (Landucci et al., 2017).
3.2. The risks and threats to the privacy of the employee data after migration to a SaaS
application
After migration to the cloud, after migration to the SaaS applications, the privacy
issues pertain, those are-
i. Unethical action: The SaaS applications assist in the finding out each and every
detail of the employees, it basically keeps track of every move the employees, thus it may
happen unknowingly they can reveal the information of the employees which may not be
3. Consideration of the privacy of the data for those employees who will move to a SaaS
application
3.1. Establishment of the existing threats and risks to the privacy of that data and
information contained in the in house HR database
Privacy risks and the threats include
i. Privacy breaches: The leaking of sensitive information can lead to embarrassment
of the individual or employee in this case since the HR database is not secure, the privacy
breaches are possible.
ii. Issues related to anonymisation: The database is not programmed effectively to
uniquely identify an individual, hence if the employee updates the data of the database there
is a chance of data duplication (Younis, Malaiya, & Ray, 2014).
iii. Issues related to data masking: Data masking is the procedure to create a
structure similar to the inauthentic version of the organisation data; however, it is not the
standalone procedure to ensure the safety of the employee however, the data the breaches
stay inside (Landucci et al., 2017).
3.2. The risks and threats to the privacy of the employee data after migration to a SaaS
application
After migration to the cloud, after migration to the SaaS applications, the privacy
issues pertain, those are-
i. Unethical action: The SaaS applications assist in the finding out each and every
detail of the employees, it basically keeps track of every move the employees, thus it may
happen unknowingly they can reveal the information of the employees which may not be
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10CLOUD PRIVACY AND SECURITY
illegal but may cost lives of the employees. It can ruin the lives of the employees completely
(Band et al., 2015).
ii. Inaccurate SaaS applications: The cloud applications are still in testing mode or
beta mode, so it may happen the database holds the incorrect data of the employees,
implementing wrong data models or faulty algorithms can result in unpredicted result, the
employees can be in trouble due to the mess up, the organisation can take any wrong action
against the person, and can get into trouble (Szwed & Skrzyński, 2014).
Fig 4: The risks incurred due to migration to cloud and its management
(Source: Haynes & Giblin, 2014, pp- 30-53)
illegal but may cost lives of the employees. It can ruin the lives of the employees completely
(Band et al., 2015).
ii. Inaccurate SaaS applications: The cloud applications are still in testing mode or
beta mode, so it may happen the database holds the incorrect data of the employees,
implementing wrong data models or faulty algorithms can result in unpredicted result, the
employees can be in trouble due to the mess up, the organisation can take any wrong action
against the person, and can get into trouble (Szwed & Skrzyński, 2014).
Fig 4: The risks incurred due to migration to cloud and its management
(Source: Haynes & Giblin, 2014, pp- 30-53)
11CLOUD PRIVACY AND SECURITY
iii. Discrimination: The organisation based on the analytics can discriminate among
the employees. The data is available to all the time, anyone can take the opportunity and seek
advantage of the data, and thus the privacy issues can be threatening (Modi et al., 2013).
iv. No legal protections: Currently there are no legal enhance protection of the data,
no specific rules and regulations as the cloud computing are relatively new; some can
illegally use the data (Best et al., 2017).
v. e-discovery concerns: The organisation can create documentation based on the
finding results which is unethical and in this way some sensitive information can pop up of
the employees.
3.3. Assess the resulting severity of risk and threat to the privacy of employee data
The severe risk and threat associated is the reveal of personal information of the
employees to the public. Therefore, there is an authentication demand of the employees to
solve the privacy issues related to cloud computing. This privacy issue can take away the life
of the employees. The hackers or the intruders can hack the HR database and can exploit
data; the personal information residing within can be threatened by this approach (Erdogan et
al., 2015). As the HR database contains all the important data of the employees it must be
secured, but since the cloud databases, as well as the SaaS applications, are impossible, it will
take time to bridge the gaps.
4. The threats and risks to the digital identities of Government employees from the
move to SaaS applications
The threats and the risks associated with the digital identities of the Government
employees from the move to the SaaS applications-
iii. Discrimination: The organisation based on the analytics can discriminate among
the employees. The data is available to all the time, anyone can take the opportunity and seek
advantage of the data, and thus the privacy issues can be threatening (Modi et al., 2013).
iv. No legal protections: Currently there are no legal enhance protection of the data,
no specific rules and regulations as the cloud computing are relatively new; some can
illegally use the data (Best et al., 2017).
v. e-discovery concerns: The organisation can create documentation based on the
finding results which is unethical and in this way some sensitive information can pop up of
the employees.
3.3. Assess the resulting severity of risk and threat to the privacy of employee data
The severe risk and threat associated is the reveal of personal information of the
employees to the public. Therefore, there is an authentication demand of the employees to
solve the privacy issues related to cloud computing. This privacy issue can take away the life
of the employees. The hackers or the intruders can hack the HR database and can exploit
data; the personal information residing within can be threatened by this approach (Erdogan et
al., 2015). As the HR database contains all the important data of the employees it must be
secured, but since the cloud databases, as well as the SaaS applications, are impossible, it will
take time to bridge the gaps.
4. The threats and risks to the digital identities of Government employees from the
move to SaaS applications
The threats and the risks associated with the digital identities of the Government
employees from the move to the SaaS applications-
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 23
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.