Risk Assessment Report: Charity's Transition to SaaS HR System
VerifiedAdded on 2023/06/08
|18
|5178
|369
Report
AI Summary
This report provides a risk assessment for a charity organization considering a move to a Software-as-a-Service (SaaS) Human Resource (HR) system. It compares the security risks of an in-house data center versus a cloud-based SaaS solution, focusing on potential threats to employee data, digital identities, and ethical considerations. The assessment covers risks like unauthorized access, data breaches, inference attacks, and vulnerabilities associated with Cloud Service Provider (CSP) APIs. It highlights the challenges related to data portability, deletion, and the potential for malware attacks, ultimately evaluating the severity of these risks and their impact on the organization's operations and data security.
Running head: RISK ASSESSMENT REPORT 1
Risk Assessment Report
Student
Institution
Risk Assessment Report
Student
Institution
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
RISK ASSESSMENT REPORT 2
Abstract
Cloud computing offers a variety of advantages ranging from online storage space, lower costs
of storing large chunks of data, customized computer software, and digital identities. In the last
few years, people who use Software as a Service (SaaS) have dramatically increased. Extensive
files of data have also been stored in cloud software. At the same time, threats and risks to the
security and privacy of the data have emerged. In this paper, two types of databases were
compared (In-house data center and a cloud community data center particularly SaaS). The risks
and threats they both pose to the organization employees’ data were discussed. In the paper, I
also discussed the impacts SaaS software may pose to employees’ digital identification. Besides,
ethical issues that the organization needs to protect were also presented.
Key words:
Cloud computing, Human Resource management system (HR system), Software-as-a-Service
(SaaS solution), In- house HR system and digital identity.
Abstract
Cloud computing offers a variety of advantages ranging from online storage space, lower costs
of storing large chunks of data, customized computer software, and digital identities. In the last
few years, people who use Software as a Service (SaaS) have dramatically increased. Extensive
files of data have also been stored in cloud software. At the same time, threats and risks to the
security and privacy of the data have emerged. In this paper, two types of databases were
compared (In-house data center and a cloud community data center particularly SaaS). The risks
and threats they both pose to the organization employees’ data were discussed. In the paper, I
also discussed the impacts SaaS software may pose to employees’ digital identification. Besides,
ethical issues that the organization needs to protect were also presented.
Key words:
Cloud computing, Human Resource management system (HR system), Software-as-a-Service
(SaaS solution), In- house HR system and digital identity.
RISK ASSESSMENT REPORT 3
Introduction
A lot of speculations have been made regarding what a community cloud is. Some people
believe that it is a trend representing the next evolutions stage of technology. Others view it as
hype as it puts into use already existing computing technologies. So, precisely what is cloud
computing? A community cloud is a cloud service design which avails cloud computing results
in a restricted number of persons or organizations (Youssef, 2012).
The service is controlled, handled and secured by a third party service provider or by its
users. They are designed for business or charity organizations to help them execute their roles
without a great hustle. The system gives excellent flexibility as well as readily avails computing
data at a lower cost. Various models exist which help organizations as well as individuals to
store their data. Each design has its good and bad side with each revolving around security,
confidentiality, and security of data. In this paper, I am going to offer a risk assessment report to
a charity organization which has planned to move to SaaS application offerings.
All in one Human Resource Management System popularly known as HR system is a
database that came to the rescue of human resource managers (Bhuvaneswaran, 2018). There are
two types of HR databases, in-house, and cloud-based HR systems. An HR system is a
combination of processes and systems which join human resource management together with
information technology through an HR system. The system helps in several managerial functions
such as management of payrolls, storage of employees’ data, recruitment processes as well as
keeping tracks on employees’ attendance records (Monks et al., 2013). The system makes sure
that each day's human resource progress is organized and easy to reach. It merges data according
Introduction
A lot of speculations have been made regarding what a community cloud is. Some people
believe that it is a trend representing the next evolutions stage of technology. Others view it as
hype as it puts into use already existing computing technologies. So, precisely what is cloud
computing? A community cloud is a cloud service design which avails cloud computing results
in a restricted number of persons or organizations (Youssef, 2012).
The service is controlled, handled and secured by a third party service provider or by its
users. They are designed for business or charity organizations to help them execute their roles
without a great hustle. The system gives excellent flexibility as well as readily avails computing
data at a lower cost. Various models exist which help organizations as well as individuals to
store their data. Each design has its good and bad side with each revolving around security,
confidentiality, and security of data. In this paper, I am going to offer a risk assessment report to
a charity organization which has planned to move to SaaS application offerings.
All in one Human Resource Management System popularly known as HR system is a
database that came to the rescue of human resource managers (Bhuvaneswaran, 2018). There are
two types of HR databases, in-house, and cloud-based HR systems. An HR system is a
combination of processes and systems which join human resource management together with
information technology through an HR system. The system helps in several managerial functions
such as management of payrolls, storage of employees’ data, recruitment processes as well as
keeping tracks on employees’ attendance records (Monks et al., 2013). The system makes sure
that each day's human resource progress is organized and easy to reach. It merges data according
RISK ASSESSMENT REPORT 4
to its discipline and functions and stores it in a database. It consequently provides a way through
which each organizations employee can acquire their information.
Software-as-a-service (SaaS) is a distribution software design whereby a third party
provider hosts applications and avails them to their customers when they need them over the
internet (Rajegore & Kadam, 2016). It is a data storage solution provided by an HR and
personnel management application. It is one of the three types of cloud computing. It assists
organizations with the hustle of installing and running applications on their own. The customers
can scale down or up their requirements. The third party who stores the data owns the whole
infrastructure. Security issues ultimately hamper the growth of this infrastructure.
Security of Employees’ Data
A lot has been said and written about the safety of data. IT experts, business leaders, and
organizations have had a tough time to make decisions on the best way to store their data. Speed,
security, and costs of keeping vast amounts of data have been the immense drivers towards
which system to use. Many have preferred to use outcropping SaaS design solutions while others
have resolved into clinging to the old in-house Hr systems. In this section, I will assess the
possible risks and threats that both the cloud-based HR system providing SaaS solutions and the
in-house HR system databases may pose to the security of the data and information of the
Charity organization employees.
In-House HR System
Data in this charity organization is generated at a rapid rate. The data’s final destination is
the organization’s premises-based small data center which makes it easy for the organization to
to its discipline and functions and stores it in a database. It consequently provides a way through
which each organizations employee can acquire their information.
Software-as-a-service (SaaS) is a distribution software design whereby a third party
provider hosts applications and avails them to their customers when they need them over the
internet (Rajegore & Kadam, 2016). It is a data storage solution provided by an HR and
personnel management application. It is one of the three types of cloud computing. It assists
organizations with the hustle of installing and running applications on their own. The customers
can scale down or up their requirements. The third party who stores the data owns the whole
infrastructure. Security issues ultimately hamper the growth of this infrastructure.
Security of Employees’ Data
A lot has been said and written about the safety of data. IT experts, business leaders, and
organizations have had a tough time to make decisions on the best way to store their data. Speed,
security, and costs of keeping vast amounts of data have been the immense drivers towards
which system to use. Many have preferred to use outcropping SaaS design solutions while others
have resolved into clinging to the old in-house Hr systems. In this section, I will assess the
possible risks and threats that both the cloud-based HR system providing SaaS solutions and the
in-house HR system databases may pose to the security of the data and information of the
Charity organization employees.
In-House HR System
Data in this charity organization is generated at a rapid rate. The data’s final destination is
the organization’s premises-based small data center which makes it easy for the organization to
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
RISK ASSESSMENT REPORT 5
manage it. It is only the authorized employees of the organization who have the opportunity to
access, analyze or enter data in it. As the definition suggests, a database contains large chunks of
data. The database is the backbone for the companies HR model (Malik & Patel, 2016). Since
this organization keeps enormous confidential and essential information for its employees in the
database, there are tremendous possibilities of attacks. These attacks revolve around the security
of the employees' data. In this section, I have reviewed some possible threats to the employees’
data ranging from access control into the system to data scrambling and data corruption. Some of
the threats that the organizations' HR database maybe posing to the employees' data stored in it
are discussed below
To begin with, since all the five hundred employees of this organization have the
privilege to access the database, some of the employees may decide to exceed what their job
function in the organization requires (Gerena, 2012). Some unauthorized workers may use this as
an opportunity to gain access to the other employees’ confidential information. For example,
since, it is a requirement for every employer to know the health status of their employees, an
employer who is not authorized to see the health status of the other employees may gain access
to such information. He or she may use it against the fellow employees’ thus causing stigma to
any employee who might be suffering from some incurable diseases such as HIV/AIDS.
Secondly, some of the employees of the organization may opt to abuse the privilege they
have to access the database (Rohilla & Mittal, 2013). For example, an employee with an
opportunity to view individual payroll status may abuse that status and retrieve all employees’
payment records via MS-Excel software. This may put the lives of the employees earning huge
amount of salaries into dangers of being robbed. On the same note, an attacker may use such a
manage it. It is only the authorized employees of the organization who have the opportunity to
access, analyze or enter data in it. As the definition suggests, a database contains large chunks of
data. The database is the backbone for the companies HR model (Malik & Patel, 2016). Since
this organization keeps enormous confidential and essential information for its employees in the
database, there are tremendous possibilities of attacks. These attacks revolve around the security
of the employees' data. In this section, I have reviewed some possible threats to the employees’
data ranging from access control into the system to data scrambling and data corruption. Some of
the threats that the organizations' HR database maybe posing to the employees' data stored in it
are discussed below
To begin with, since all the five hundred employees of this organization have the
privilege to access the database, some of the employees may decide to exceed what their job
function in the organization requires (Gerena, 2012). Some unauthorized workers may use this as
an opportunity to gain access to the other employees’ confidential information. For example,
since, it is a requirement for every employer to know the health status of their employees, an
employer who is not authorized to see the health status of the other employees may gain access
to such information. He or she may use it against the fellow employees’ thus causing stigma to
any employee who might be suffering from some incurable diseases such as HIV/AIDS.
Secondly, some of the employees of the organization may opt to abuse the privilege they
have to access the database (Rohilla & Mittal, 2013). For example, an employee with an
opportunity to view individual payroll status may abuse that status and retrieve all employees’
payment records via MS-Excel software. This may put the lives of the employees earning huge
amount of salaries into dangers of being robbed. On the same note, an attacker may use such a
RISK ASSESSMENT REPORT 6
privilege to elevate his or her access authority from a normal employee privilege to an
administrator privilege. Without a query-level access control, the intruder may not be easily
detected. This might be a bigger threat to the security of the organizations' management as the
intruder may change so many administrative details.
The charity organization might have secured its database, but Inference stands to be a
significant threat to the security of the employees’ information stored in the database (Ali &
Afzal, 2017). It still stands out that there is a huge possibility for one of the employee to make
inferences from the information they excavate from the database. This can enable such a user to
make conclusions concerning more sensitive information from less sensitive the information
retrieved from the database. An inference presents a security breach to the organization's
database if the highly classified information is guessed from less sensitive information.
The two critical problems which can arise from inference include aggregation and data
association problems. Aggregation problem might arise if a section of the employees’
information is not highly classified while another one highly classified. For example, the general
medical status of the employees might be classified while polio status of each employee is less
classified. This is a great threat as an intruder can excavate employees’ personal information and
expose it to the black market.
SaaS Application
Of late, cloud storage has become common within IT. However, it might pose some
challenges to the employees’ data. For instance, since the whole process involves giving the
organizations data to a third party, it is a point of concern on who gets access to the information
privilege to elevate his or her access authority from a normal employee privilege to an
administrator privilege. Without a query-level access control, the intruder may not be easily
detected. This might be a bigger threat to the security of the organizations' management as the
intruder may change so many administrative details.
The charity organization might have secured its database, but Inference stands to be a
significant threat to the security of the employees’ information stored in the database (Ali &
Afzal, 2017). It still stands out that there is a huge possibility for one of the employee to make
inferences from the information they excavate from the database. This can enable such a user to
make conclusions concerning more sensitive information from less sensitive the information
retrieved from the database. An inference presents a security breach to the organization's
database if the highly classified information is guessed from less sensitive information.
The two critical problems which can arise from inference include aggregation and data
association problems. Aggregation problem might arise if a section of the employees’
information is not highly classified while another one highly classified. For example, the general
medical status of the employees might be classified while polio status of each employee is less
classified. This is a great threat as an intruder can excavate employees’ personal information and
expose it to the black market.
SaaS Application
Of late, cloud storage has become common within IT. However, it might pose some
challenges to the employees’ data. For instance, since the whole process involves giving the
organizations data to a third party, it is a point of concern on who gets access to the information
RISK ASSESSMENT REPORT 7
or where the data is stored. The information may face several challenges such as deletion,
corruption or dissemination by unauthorized personnel. This is a big point of concern to the
organization stores sensitive information that might be detrimental if at all it falls in the hands of
other people.
Secondly, competition is seriously taking up the better part of this sector. Cloud services
are highly becoming popular (Morrow, 2018). This is a double-edged sword. On one side, it
means that more options for the users are cropping up which in return increases the quality of
services that a particular SaaS provider offers. On the other side, not every provider has kept up
with the growing market. This may give a rise to a scenario where the provider may get shut
down due to their inefficiency to compete.
From this point, the organization's data portability becomes a real challenge. This
implicates that all the money that had been invested in the program goes down the brain.
Unfortunately, this may be a risk the Charity organization has to take. Consequently, who knows
where the employee's data that was stored on the provider's servers remains a mystery. This is
because, after the shutdown, cybercriminals may decide to hack the servers and get hold of
whatever information stored in the database.
Cloud Service Providers (CSPs) exhibit a set of application programming interfaces
(APIs) that the employees use to manage and interact with the services that the provider offers.
The employees will be required to use these APIs to control, provide, monitor and orchestrate
their data and information (Intel, 2015). This APIs, as well as other software, are vulnerable to
malware as other APIs in operating systems such as libraries. CSP APIs are accessible via the
internet, unlike on-premise computing APIs. This broadly exposes them to potential
or where the data is stored. The information may face several challenges such as deletion,
corruption or dissemination by unauthorized personnel. This is a big point of concern to the
organization stores sensitive information that might be detrimental if at all it falls in the hands of
other people.
Secondly, competition is seriously taking up the better part of this sector. Cloud services
are highly becoming popular (Morrow, 2018). This is a double-edged sword. On one side, it
means that more options for the users are cropping up which in return increases the quality of
services that a particular SaaS provider offers. On the other side, not every provider has kept up
with the growing market. This may give a rise to a scenario where the provider may get shut
down due to their inefficiency to compete.
From this point, the organization's data portability becomes a real challenge. This
implicates that all the money that had been invested in the program goes down the brain.
Unfortunately, this may be a risk the Charity organization has to take. Consequently, who knows
where the employee's data that was stored on the provider's servers remains a mystery. This is
because, after the shutdown, cybercriminals may decide to hack the servers and get hold of
whatever information stored in the database.
Cloud Service Providers (CSPs) exhibit a set of application programming interfaces
(APIs) that the employees use to manage and interact with the services that the provider offers.
The employees will be required to use these APIs to control, provide, monitor and orchestrate
their data and information (Intel, 2015). This APIs, as well as other software, are vulnerable to
malware as other APIs in operating systems such as libraries. CSP APIs are accessible via the
internet, unlike on-premise computing APIs. This broadly exposes them to potential
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
RISK ASSESSMENT REPORT 8
exploitations. Cyber threat actors look for weaknesses in the management of CSP APIs. If they
discover them, they can successfully attack the employee's information and use it to execute
some crimes in the money industry utilizing the organization employees’ identity.
A critical problem has faced the CSP's infrastructure over time. They have found it not
easy to separate multiple tenants that they house their data. If this is the case with the SaaS
provider in hand, possible data leakage may be witnessed if at all the Charity Organization
agrees to be served by the provider. Through the exploitation of vulnerabilities contained in the
CSP application or a hypervisor, an attacker may accomplish subverting logical isolation control.
This can result from exploitation of the systems software. An attacker may gain access to the
information hence corrupting it.
If the Charity organization opts to delete some data, it is not possible to be sure that the
data was eliminated. This is because the employees will have a limited view of where their data
is stored. The cloud also has a minimum ability to verify that a particular data has been deleted.
This is a risk to the employees’ sensitive data that needs to be discarded, for example, medical
reports. This reason behind this is that CSP infrastructure spreads data over different types of
storage devices. Besides, the employees may have limited knowledge on how to initiate the
deletion process in the SaaS application HR databases.
The Severity of Risks and Threats to Employees’ Data
Several issues may result from the organizations' decision to shift the storage of their data
from their in-promise database to the HR and personnel management application from a US-
based company that offers SaaS solution. To begin with, malware such as ransomware may arise.
exploitations. Cyber threat actors look for weaknesses in the management of CSP APIs. If they
discover them, they can successfully attack the employee's information and use it to execute
some crimes in the money industry utilizing the organization employees’ identity.
A critical problem has faced the CSP's infrastructure over time. They have found it not
easy to separate multiple tenants that they house their data. If this is the case with the SaaS
provider in hand, possible data leakage may be witnessed if at all the Charity Organization
agrees to be served by the provider. Through the exploitation of vulnerabilities contained in the
CSP application or a hypervisor, an attacker may accomplish subverting logical isolation control.
This can result from exploitation of the systems software. An attacker may gain access to the
information hence corrupting it.
If the Charity organization opts to delete some data, it is not possible to be sure that the
data was eliminated. This is because the employees will have a limited view of where their data
is stored. The cloud also has a minimum ability to verify that a particular data has been deleted.
This is a risk to the employees’ sensitive data that needs to be discarded, for example, medical
reports. This reason behind this is that CSP infrastructure spreads data over different types of
storage devices. Besides, the employees may have limited knowledge on how to initiate the
deletion process in the SaaS application HR databases.
The Severity of Risks and Threats to Employees’ Data
Several issues may result from the organizations' decision to shift the storage of their data
from their in-promise database to the HR and personnel management application from a US-
based company that offers SaaS solution. To begin with, malware such as ransomware may arise.
RISK ASSESSMENT REPORT 9
This malware may hold the employees' data at ransom hence causing a persistent threat that
keeps on siphoning their data. This can cause significant damage to such data. Thousands of
viruses are being created daily. This may require the charity organizations to keep an extra eye
on these threats as they arise to avoid any possible attack on its employees’ data by attackers.
Employees’ data stored in the clouds can be shared online together with their private
data. Most of the employees of the organization might risk their colleague’s data to social media
as they browse various social media networks using the organizations' computers. Vulnerabilities
might use that chance to seep the organizations' data secretly. It becomes tough for the IT
department in the organization to curb this problem as the data moves online together with the
employees’ private data.
Smart phones have become common in today’s workplace. Many employees may opt to
use their phones to access their organizations’ data (Montalbano, 2010). This will offer the IT
department of the organization a limited control over their security because it is challenging to
implement platform-specific security given the full range of devices being used. As it is, mobile
phones have several applications. Who knows where the data each application collects goes?
Privacy of Employees’ Data
In-House HR System
In-house hosting of data may be a good choice for the organization if it can afford to
ensure security and proper operation of the database. As the argument is, everything that has
advantages on one side has disadvantages on the other side. The database hosted by the charity
This malware may hold the employees' data at ransom hence causing a persistent threat that
keeps on siphoning their data. This can cause significant damage to such data. Thousands of
viruses are being created daily. This may require the charity organizations to keep an extra eye
on these threats as they arise to avoid any possible attack on its employees’ data by attackers.
Employees’ data stored in the clouds can be shared online together with their private
data. Most of the employees of the organization might risk their colleague’s data to social media
as they browse various social media networks using the organizations' computers. Vulnerabilities
might use that chance to seep the organizations' data secretly. It becomes tough for the IT
department in the organization to curb this problem as the data moves online together with the
employees’ private data.
Smart phones have become common in today’s workplace. Many employees may opt to
use their phones to access their organizations’ data (Montalbano, 2010). This will offer the IT
department of the organization a limited control over their security because it is challenging to
implement platform-specific security given the full range of devices being used. As it is, mobile
phones have several applications. Who knows where the data each application collects goes?
Privacy of Employees’ Data
In-House HR System
In-house hosting of data may be a good choice for the organization if it can afford to
ensure security and proper operation of the database. As the argument is, everything that has
advantages on one side has disadvantages on the other side. The database hosted by the charity
RISK ASSESSMENT REPORT 10
organization in its premises might pose excessive privacy issues to its employee’s data. These
challenges range from excessive permissions to weak passwords as discussed below.
A large number of individuals in the organization have access codes to the firms’
database. Who does what with which information is the main privacy threat? An employee may
decide to use this priority in an unauthorized way. Each employee has information that has to be
accessed by only themselves and the organization's management. Some of the passwords to the
organizations' database might be weak. These passwords can be guessed, and brute may be
forced to allow an intruder to access the organization's data. Default credentials pose a great risk
to any organization. The system can easily be compromised. This expands the rate of attack of
the employees’ data by intruders. Data that is secretive may either be made public or used to
expose the individual, for example, a case where an employee’s loan status is made public.
Running a database is very costly to an organization more so to this charity organization
that deals with helping less privileged individuals. The company may sometime operate a
database running on outdated software. This might result to lack of essential patches. An updated
patch updates the database program hence fixing any possible malfunctions it might be
experiencing. The fixes include security vulnerabilities and other bugs. If a patch is designed
poorly, it might introduce a challenge to the privacy of the employees' data as the patch might
sometime change or corrupt some information that was not the target.
It will be challenging for the organization to maintain the in-house HR database free from
attacks by malware (Parms, 2017). The organization's IT department will not be able to identify
malicious employee computers connecting to the server. This will be a significant threat to the
organization in its premises might pose excessive privacy issues to its employee’s data. These
challenges range from excessive permissions to weak passwords as discussed below.
A large number of individuals in the organization have access codes to the firms’
database. Who does what with which information is the main privacy threat? An employee may
decide to use this priority in an unauthorized way. Each employee has information that has to be
accessed by only themselves and the organization's management. Some of the passwords to the
organizations' database might be weak. These passwords can be guessed, and brute may be
forced to allow an intruder to access the organization's data. Default credentials pose a great risk
to any organization. The system can easily be compromised. This expands the rate of attack of
the employees’ data by intruders. Data that is secretive may either be made public or used to
expose the individual, for example, a case where an employee’s loan status is made public.
Running a database is very costly to an organization more so to this charity organization
that deals with helping less privileged individuals. The company may sometime operate a
database running on outdated software. This might result to lack of essential patches. An updated
patch updates the database program hence fixing any possible malfunctions it might be
experiencing. The fixes include security vulnerabilities and other bugs. If a patch is designed
poorly, it might introduce a challenge to the privacy of the employees' data as the patch might
sometime change or corrupt some information that was not the target.
It will be challenging for the organization to maintain the in-house HR database free from
attacks by malware (Parms, 2017). The organization's IT department will not be able to identify
malicious employee computers connecting to the server. This will be a significant threat to the
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
RISK ASSESSMENT REPORT 11
employees' data kept stored in the system. This might result to breach of employees’ sensitive
information such as bank details to intruders.
SaaS Applications
There are many privacy issues facing clouds as they host large chunks of data (Tabassam,
2017). If the company shifts its data to SaaS application, employee’s data might meet storage
challenges. In this aspect, data segregation is the central aspect to be taken into account because
the infrastructure is shared among multiple customers. If this is not put into consideration, then
data from one person may mix data that belongs to another employee. Since this is a system,
separating that data might be a bit complicated.
Retention and destruction of data will also stand out to be a privacy issue in this case
(Woodriffe, Alonso, Zaaiman, & Shahim, 2010). The employees will not be in a position to
know the kind of information being extracted from them for them to stop the process. Secondly,
an employee will not be in a place to tell if the data they asked the provider to delete was entirely
deleted. Retention of personal information and how long it will be retained will be another big
question from the employees.
Employees’ data may face a side channel attack while at the SaaS software. Side channel
attack is an emerging concern for the cloud computing platform. It may lead to leakage of the
charity organizations data. This is an evolving risk. An attacker to the SaaS software provider
may penetrate the software’s infrastructure through the cloud’s perimeter (Sen, 2013). He or she
will pretend to be a rogue customer. He or she might use that information for research purposes
without the owner’s permission.
employees' data kept stored in the system. This might result to breach of employees’ sensitive
information such as bank details to intruders.
SaaS Applications
There are many privacy issues facing clouds as they host large chunks of data (Tabassam,
2017). If the company shifts its data to SaaS application, employee’s data might meet storage
challenges. In this aspect, data segregation is the central aspect to be taken into account because
the infrastructure is shared among multiple customers. If this is not put into consideration, then
data from one person may mix data that belongs to another employee. Since this is a system,
separating that data might be a bit complicated.
Retention and destruction of data will also stand out to be a privacy issue in this case
(Woodriffe, Alonso, Zaaiman, & Shahim, 2010). The employees will not be in a position to
know the kind of information being extracted from them for them to stop the process. Secondly,
an employee will not be in a place to tell if the data they asked the provider to delete was entirely
deleted. Retention of personal information and how long it will be retained will be another big
question from the employees.
Employees’ data may face a side channel attack while at the SaaS software. Side channel
attack is an emerging concern for the cloud computing platform. It may lead to leakage of the
charity organizations data. This is an evolving risk. An attacker to the SaaS software provider
may penetrate the software’s infrastructure through the cloud’s perimeter (Sen, 2013). He or she
will pretend to be a rogue customer. He or she might use that information for research purposes
without the owner’s permission.
RISK ASSESSMENT REPORT 12
The Severity of Risk and Threat to the Privacy of Employees’ Data
Privacy is the freedom from intrusion. The employees of the organization have a right for their
information to be kept as private as possible. Data breaching can have severe impacts on the
employees’ wellbeing. In this section, I am going to discuss some of the severe risks that may
face the organization in whole if its employee’s information is breached.
To begin with, breaching employees’ data might ruin their reputation. An intruder may
publish negative information concerning the employees. As it is, the internet never forgets. This
will mean such individuals will have fewer chances of being employed in other places. For
example, an enemy might break into the database and get the identification details of the
administrator of the Charity organization. He or she then might blackmail the administrator with
a child kidnap case. This will probably demean the administrator's respect from the groups'
clients and employees.
If in any case hackers break into the organization's database, you can be assured that they
will have an opportunity to access various employee bank account data. This could lead to theft.
For example, the Citibank security breach which sometimes happened back. This will be highly
disastrous for the organization's operations as employees trust in the organization will be limited.
Digital Identity Issues
Cloud computing represents one of the complex computing systems presently in
existence (Masood, Shibli, & Niazi, 2014). The present SaaS applications are using extensive
systems with varying degrees of connectivity. With the current growth of data being held in the
The Severity of Risk and Threat to the Privacy of Employees’ Data
Privacy is the freedom from intrusion. The employees of the organization have a right for their
information to be kept as private as possible. Data breaching can have severe impacts on the
employees’ wellbeing. In this section, I am going to discuss some of the severe risks that may
face the organization in whole if its employee’s information is breached.
To begin with, breaching employees’ data might ruin their reputation. An intruder may
publish negative information concerning the employees. As it is, the internet never forgets. This
will mean such individuals will have fewer chances of being employed in other places. For
example, an enemy might break into the database and get the identification details of the
administrator of the Charity organization. He or she then might blackmail the administrator with
a child kidnap case. This will probably demean the administrator's respect from the groups'
clients and employees.
If in any case hackers break into the organization's database, you can be assured that they
will have an opportunity to access various employee bank account data. This could lead to theft.
For example, the Citibank security breach which sometimes happened back. This will be highly
disastrous for the organization's operations as employees trust in the organization will be limited.
Digital Identity Issues
Cloud computing represents one of the complex computing systems presently in
existence (Masood, Shibli, & Niazi, 2014). The present SaaS applications are using extensive
systems with varying degrees of connectivity. With the current growth of data being held in the
RISK ASSESSMENT REPORT 13
order, digital identity has become a fundamental factor to help the provider clients access their
data more efficiently.
Digital identity is an online or networked identity claimed in cyberspace by either an
individual, electronic device or organization. It comprises of elements such as medical history,
date of birth, username and passwords and social security numbers. In the SaaS software, just a
username and password are enough for an intruder to access the organization's data. Thus the
organization will be at significant risk if by far it accepts to trust the SaaS provider with their
data.
Cybercriminals nowadays monitor an organizations landscape and technological traits for
them to exploit. They have diverted their attention to the growing SaaS offerings. They are on
the look trying to find organizations that have not sufficiently protected their identities. In recent
months, several SaaS providers such as Dropbox have beefed up their security to counter-attack
account take over (ATO) attacks. But still, the ATO attacks are rising day in day out. This has
been attributed to the accelerating adoption of the software by numerous people. From the
multiple cases around the world, it is crystal clear that SaaS software is harmful to digital
identities. Therefore, if this organization opts to seek the software services, attackers may see it
as a loophole to get access to the organization's data. We all know how disastrous that can be.
Provider Solution Issues
A faster network speed makes it easier for an organization to store its data anywhere in
the world. The place where the organization's data will be saved will have an enormous impact in
concern to either reducing or increasing the risks and threats of the employee data identified
order, digital identity has become a fundamental factor to help the provider clients access their
data more efficiently.
Digital identity is an online or networked identity claimed in cyberspace by either an
individual, electronic device or organization. It comprises of elements such as medical history,
date of birth, username and passwords and social security numbers. In the SaaS software, just a
username and password are enough for an intruder to access the organization's data. Thus the
organization will be at significant risk if by far it accepts to trust the SaaS provider with their
data.
Cybercriminals nowadays monitor an organizations landscape and technological traits for
them to exploit. They have diverted their attention to the growing SaaS offerings. They are on
the look trying to find organizations that have not sufficiently protected their identities. In recent
months, several SaaS providers such as Dropbox have beefed up their security to counter-attack
account take over (ATO) attacks. But still, the ATO attacks are rising day in day out. This has
been attributed to the accelerating adoption of the software by numerous people. From the
multiple cases around the world, it is crystal clear that SaaS software is harmful to digital
identities. Therefore, if this organization opts to seek the software services, attackers may see it
as a loophole to get access to the organization's data. We all know how disastrous that can be.
Provider Solution Issues
A faster network speed makes it easier for an organization to store its data anywhere in
the world. The place where the organization's data will be saved will have an enormous impact in
concern to either reducing or increasing the risks and threats of the employee data identified
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
RISK ASSESSMENT REPORT 14
above (Kozlowicz, 2015). United States where the HR management SaaS is located, the Charity
Organization’s data can only face disaster recovery issues. This is because; the HIPAA act
governs the provider. The government of the land has high surveillance programs which
administer the data hosting services. The provider has several places where they store their
customer’s data. This means that even when one center malfunctions, their clients can still access
their data from the other base. Therefore, the threats mentioned above and risks affecting the
secrecy and privacy of the employees’ data will be mitigated if it chooses the United Based firm.
Physical security is not to be neglected when selecting a data provider to use. The United
States, India, and Ireland are some of the safest countries in the world. Therefore, this will
merely keep insiders away from the stations hence improving the security of the employee data.
For example, considering what happened to Red Dot Corp, heating, and cooling Seattle area,
where intruders attacked it through garbage cans stealing employee information. The world saw
the attackers make away with thousands of dollars. Though this company is not a data hosting
provider, it can still help this organization to stay alert in matters where the database hosting
their employees’ is located.
Data Sensitivity
Ethical Issues and Data Sensitivity
Moral values are a set of established principles that govern good behaviors (Nygaard,
2016). Our case is an organization with high integrity and honesty to its clients. For it to ensure
that it maintains its values, it has to be concerned with the secrecy and sensitivity of data that
leaks to the public that will result from how the cloud HR management database will keep its
above (Kozlowicz, 2015). United States where the HR management SaaS is located, the Charity
Organization’s data can only face disaster recovery issues. This is because; the HIPAA act
governs the provider. The government of the land has high surveillance programs which
administer the data hosting services. The provider has several places where they store their
customer’s data. This means that even when one center malfunctions, their clients can still access
their data from the other base. Therefore, the threats mentioned above and risks affecting the
secrecy and privacy of the employees’ data will be mitigated if it chooses the United Based firm.
Physical security is not to be neglected when selecting a data provider to use. The United
States, India, and Ireland are some of the safest countries in the world. Therefore, this will
merely keep insiders away from the stations hence improving the security of the employee data.
For example, considering what happened to Red Dot Corp, heating, and cooling Seattle area,
where intruders attacked it through garbage cans stealing employee information. The world saw
the attackers make away with thousands of dollars. Though this company is not a data hosting
provider, it can still help this organization to stay alert in matters where the database hosting
their employees’ is located.
Data Sensitivity
Ethical Issues and Data Sensitivity
Moral values are a set of established principles that govern good behaviors (Nygaard,
2016). Our case is an organization with high integrity and honesty to its clients. For it to ensure
that it maintains its values, it has to be concerned with the secrecy and sensitivity of data that
leaks to the public that will result from how the cloud HR management database will keep its
RISK ASSESSMENT REPORT 15
data. The excellent public relation will help the organization to promote a set of desirable ethical
values to the communities it offers its accommodation and mental health services. Through this,
its respect and reputation will be kept high. This can only be gotten if the organization continues
its data as safe as possible.
The company operates under trustworthy and promise to keep values. Data breach targets
personal and classified information. For instance, financial data breach which can happen to the
SaaS provider houses the data can be awful. An employee or even the whole organization can
lose all its finances hence vandalizing the organization's operations completely. The breach may
make the organization’s reputation in the society be destroyed.
Conclusion
Cloud computing is a progressive development for the sake of satisfying different levels
of customers demand. The program provides a secure collaboration and reaches to files at any
locality and time. It is a new paradigm that makes it easy for individuals of every size to share
resources and services at a relatively low cost and manner. While many continue to enjoy the
benefits, it brings forth, security of the data stored in it is a fundamental challenge. There is much
vulnerability in the servers. Hackers are progressively making good use of these security holes.
For any individual, organization or company's data to remain secure, security gaps must be
rectified. In this paper, I examined different threats and risks that SaaS application and in-house
HR databases may pose to the data of a non -profit making community-based organization that
works with less privileged people in the society.
data. The excellent public relation will help the organization to promote a set of desirable ethical
values to the communities it offers its accommodation and mental health services. Through this,
its respect and reputation will be kept high. This can only be gotten if the organization continues
its data as safe as possible.
The company operates under trustworthy and promise to keep values. Data breach targets
personal and classified information. For instance, financial data breach which can happen to the
SaaS provider houses the data can be awful. An employee or even the whole organization can
lose all its finances hence vandalizing the organization's operations completely. The breach may
make the organization’s reputation in the society be destroyed.
Conclusion
Cloud computing is a progressive development for the sake of satisfying different levels
of customers demand. The program provides a secure collaboration and reaches to files at any
locality and time. It is a new paradigm that makes it easy for individuals of every size to share
resources and services at a relatively low cost and manner. While many continue to enjoy the
benefits, it brings forth, security of the data stored in it is a fundamental challenge. There is much
vulnerability in the servers. Hackers are progressively making good use of these security holes.
For any individual, organization or company's data to remain secure, security gaps must be
rectified. In this paper, I examined different threats and risks that SaaS application and in-house
HR databases may pose to the data of a non -profit making community-based organization that
works with less privileged people in the society.
RISK ASSESSMENT REPORT 16
I believe that the threats and risks I presented will help the organization work more round
the clock to make a right decision on which database to use to keep its employees' data secure. If
it embraces the SaaS software, it will put in place mitigating measures to help it fight with the
cybercrimes. The SaaS service provider will also continue looking for solutions to enable it to
continue protecting its infrastructure from potential malware. As they say, hard work pays. I
hope that as every stakeholder continues to discover new methods, more solutions will be found
to solve the existing one as well as future security and privacy threats. This will strengthen hence
make cloud computing a secure store for large chunks of data. I will be glad in the near future, to
help the organization in more risk assessment reports.
I believe that the threats and risks I presented will help the organization work more round
the clock to make a right decision on which database to use to keep its employees' data secure. If
it embraces the SaaS software, it will put in place mitigating measures to help it fight with the
cybercrimes. The SaaS service provider will also continue looking for solutions to enable it to
continue protecting its infrastructure from potential malware. As they say, hard work pays. I
hope that as every stakeholder continues to discover new methods, more solutions will be found
to solve the existing one as well as future security and privacy threats. This will strengthen hence
make cloud computing a secure store for large chunks of data. I will be glad in the near future, to
help the organization in more risk assessment reports.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
RISK ASSESSMENT REPORT 17
References
Ali, A., & Afzal, D. M. (2017). Database Security: Threats and Solutions. International Journal
of Engineering Inventions, 25-27.
Bhuvaneswaran, S. (2018). 10 Reasons why Cloud Based HR Software Solutions are the future
of HR Management. Kissflow, Online.
Gerena, E. (2012). Top 10 Database Threats. Verizon Data Breach Report, 1-34.
Gholami, A., & Laure, E. (2015). SECURITY AND PRIVACY OF SENSITIVE DATA IN
CLOUD COMPUTING: A SURVEY OF RECENT DEVELOPMENTS . Computer
Science & Information Technology (CS & IT) , 132-151.
Intel, I. (2015). SaaS Security Practice: Minimising Risk in the Cloud. White Paper, 1-11.
Kozlowicz, J. (2015). How Vital is Your Cloud Data Center Location? Green House Data Blog,
Online.
Malik, M., & Patel, T. (2016). Database Attacks and Control Measures. International Journal of
Information Sciences and Techniques (IJIST), 175-183.
Masood, R., Shibli, M. A., & Niazi, M. A. (2014). Cloud identity management security issues &
solutions: a taxonomy. Complex Adaptive Systems Modelling, Online.
Monks, K., Kelly, G., Conway, E., Flood, P., Truss, K., & Hannon, E. (2013). Understanding
how HR systems work: the role of HR philosophy and HR processes. Human Resource
Management Journal, 379-395.
Montalbano, E. (2010). 5 Data Security Threats Facing Companies Today. Business Insider,
Online.
Morrow, T. (2018). 2 Risks, Threats, & Vulnerabilities in Moving to the Cloud. SEI Insights,
Online.
Nygaard, A. (2016). Leading by Example: Values-Based Strategy to Instill Ethical Conduct.
Journal of Business Ethics, Online.
Parms, J. (2017). Emerging big data scenarios has caused privacy & security concerns. These
recautions can help to keep big data risk at bay. More Info, More Problems: Privacy and
Security Issues in the Age of Big Data, Online.
Rajegore, M. P., & kadam, M. S. (2016). Issues & Solution of SAAS Model in Cloud
Computing. IOSR Journal of Computer Engineering (IOSR-JCE) , 40-44.
References
Ali, A., & Afzal, D. M. (2017). Database Security: Threats and Solutions. International Journal
of Engineering Inventions, 25-27.
Bhuvaneswaran, S. (2018). 10 Reasons why Cloud Based HR Software Solutions are the future
of HR Management. Kissflow, Online.
Gerena, E. (2012). Top 10 Database Threats. Verizon Data Breach Report, 1-34.
Gholami, A., & Laure, E. (2015). SECURITY AND PRIVACY OF SENSITIVE DATA IN
CLOUD COMPUTING: A SURVEY OF RECENT DEVELOPMENTS . Computer
Science & Information Technology (CS & IT) , 132-151.
Intel, I. (2015). SaaS Security Practice: Minimising Risk in the Cloud. White Paper, 1-11.
Kozlowicz, J. (2015). How Vital is Your Cloud Data Center Location? Green House Data Blog,
Online.
Malik, M., & Patel, T. (2016). Database Attacks and Control Measures. International Journal of
Information Sciences and Techniques (IJIST), 175-183.
Masood, R., Shibli, M. A., & Niazi, M. A. (2014). Cloud identity management security issues &
solutions: a taxonomy. Complex Adaptive Systems Modelling, Online.
Monks, K., Kelly, G., Conway, E., Flood, P., Truss, K., & Hannon, E. (2013). Understanding
how HR systems work: the role of HR philosophy and HR processes. Human Resource
Management Journal, 379-395.
Montalbano, E. (2010). 5 Data Security Threats Facing Companies Today. Business Insider,
Online.
Morrow, T. (2018). 2 Risks, Threats, & Vulnerabilities in Moving to the Cloud. SEI Insights,
Online.
Nygaard, A. (2016). Leading by Example: Values-Based Strategy to Instill Ethical Conduct.
Journal of Business Ethics, Online.
Parms, J. (2017). Emerging big data scenarios has caused privacy & security concerns. These
recautions can help to keep big data risk at bay. More Info, More Problems: Privacy and
Security Issues in the Age of Big Data, Online.
Rajegore, M. P., & kadam, M. S. (2016). Issues & Solution of SAAS Model in Cloud
Computing. IOSR Journal of Computer Engineering (IOSR-JCE) , 40-44.
RISK ASSESSMENT REPORT 18
Rohilla, S., & Mittal, P. K. (2013). Database Security: Threats and Challenges. International
Journal of Advanced Research in Computer Science and Software Engineering, 810-813.
Sen, J. (2013). Security and Privacy Issues in Cloud Computing. Cloud Computing Topology
Towards Enhancing the Performance, 1-42.
Tabassam, S. (2017). Security and Privacy Issues in Cloud Computing Environment. Journal of
Information Technology & Software Engineering, Online.
Woodriffe, N., Alonso, I. M., Zaaiman, I. E., & Shahim, D. A. (2010). SaaS Data Privacy.
Thesis IT Audit, 1-48.
Youssef, A. E. (2012). Exploring Cloud Computing Services and Applications. Journal of
Emerging Trends in Computing and Information Sciences, 838-847.
Rohilla, S., & Mittal, P. K. (2013). Database Security: Threats and Challenges. International
Journal of Advanced Research in Computer Science and Software Engineering, 810-813.
Sen, J. (2013). Security and Privacy Issues in Cloud Computing. Cloud Computing Topology
Towards Enhancing the Performance, 1-42.
Tabassam, S. (2017). Security and Privacy Issues in Cloud Computing Environment. Journal of
Information Technology & Software Engineering, Online.
Woodriffe, N., Alonso, I. M., Zaaiman, I. E., & Shahim, D. A. (2010). SaaS Data Privacy.
Thesis IT Audit, 1-48.
Youssef, A. E. (2012). Exploring Cloud Computing Services and Applications. Journal of
Emerging Trends in Computing and Information Sciences, 838-847.
1 out of 18
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.