Comprehensive Analysis: Security and Privacy of User Data in Web Sites

Verified

Added on 2020/01/07

AI Summary

This report provides a comprehensive overview of the security and privacy challenges associated with user data in web applications, with a particular focus on cloud computing environments. It addresses critical issues such as multi-tenancy, data loss, and unauthorized access, highlighting the importance of robust security measures. The report delves into various security solutions, including authentication, authorization, identity management, and incident response strategies. It also examines data security considerations, particularly regarding vulnerable data, and emphasizes the need for effective security policy management. The analysis covers technical and non-technical threats, presenting a detailed exploration of how to minimize data leakage risks and ensure user data confidentiality and integrity. The report concludes by summarizing current advances in cloud computer privacy and security, emphasizing the need for protecting crucial data through encryption and adherence to security guidelines.

Security and privacy of user data in a web
site

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Table of Contents
INTRODUCTION...........................................................................................................................3
CHALLENGES RELATED TO PRIVACY AND CLOUD SECURITY......................................3
SECURITY ISSUES INSIDE CLOUD COMPUTING..................................................................4
DATA SECURITY CONSIDERATIONS OF PROCESSING VULNERABLE DATA...............4
SECURITY SOLUTIONS...............................................................................................................4
Authorization and authentication.................................................................................................4
Accessibility and identity Management.......................................................................................5
Discretion, Integrity, and Availability.........................................................................................5
Security Monitoring as well as Incident Response......................................................................5
SECURITY POLICY MANAGEMENT........................................................................................6
Confidential data is to be protected in cloud processing:............................................................6
CONCLUSION................................................................................................................................6

INTRODUCTION
Information technologies has been developed to great extent but it has increased the
issues such as attack of viruses, malware activities of great extent. Due to this, hazardous
activities, IT security risk etc. has been raised. Unauthorized accessibility is major issue due to
this data leaking activities are rapidly increasing. For protecting the confidentiality, related
authorities such as educational agencies need to carry out strong procedure which can keep
secure data of individual and can minimize the risk of hacking. This particular short paper
outlines crucial threats to educational data and data systems. Threats are split up into two
categories: technical in addition to nontechnical. Individual can minimize the risk of leakage of
data security by implementation such strong security measures which can reduce the risk of
hacking.
The major issue which is currently faced by the world is related with their security and
privacy. Cloud computing is the technique which supports in reducing this threat to great extent.
It provides computerized solutions which can assist in minimizing such kind of IT risks. It offers
such secure platform in which individual can perform its task without any threat. Present
research will discuss the cloud computing and privacy challenges in this respect. It will provide
the solutions which can reduce the threats of confidentiality. The categorization of the report has
been done as per the cloud guide arrangement, handling of several resources. It will review the
current system and will develop solutions for preserving sensitive data.
CHALLENGES RELATED TO PRIVACY AND CLOUD SECURITY
Cloud computing is the computerized internet based system which provides storage based
solutions to uses. It makes capable to the individual that person can keep secure its personal
information in third party data centers. It has provides such safety measures which can maintain
confidentiality in the organization. Major threats which have been studied in this context are
such as loss of data, hacking, entrance of external virus etc. These issues in the workplace takes
place because of over trust, multi-tenancy etc. There are many cloud providers such as Amazon's
Simple Storage Assistance (S3)13, Citrix Foreign Platform15 and Google Calculate Engine14
etc. They all do not provide specific level of security assurance. They just provides privacy as
per the conditions of legal documents between service provider and end user. Privacy and
security are crucial parts so it is necessary to take it into consideration by all parties who are
involved in this entire system.

SECURITY ISSUES INSIDE CLOUD COMPUTING
 Multi-tenancy: Group of independent people can share virtual solutions and real time
devices amongst themselves. This is multi-tenancy. This implies that the attacker and the
victim are arranged on one similar machine. Hence, this feature is used by developers and
providers of cloud for constructing such surfaces that can efficiently meet customer
requirements. Despite great efficiency, sharing of the same platform creates opportunities
for hackers to target more files.
 Loss of Control: When customer's valuable data including software are vulnerable, a
security breach takes place and all the data is accessible by the hijackers at the cloud
base. All the valuable data is vanished or lost by the users as soon as they fail their
controls. Trust on the service providers is the only support for the consumers once they
lose control over all their valuables. Users can rely only on the chain of clouds assured by
the sellers.
DATA SECURITY CONSIDERATIONS OF PROCESSING VULNERABLE
DATA
Privacy is the first thing that comes to the mind of the consumers when coming to cloud
computing. The scope of privacy depends totally upon the service providers. Privacy and
protection are separate sections of the consumer policies and ethics. Personal belongings is
privacy while preservation of this personal space from casualties is protection. Although pains
and practices had been formulated since ages to determine the line between these two,
complexity remains with the processing of thoughts. Much better view about the two issues can
be gathered with reference to the work of Alan Westin in 1960 regarding personal data privacy
and protection of consumers.
SECURITY SOLUTIONS
These are solutions for issues like authentication, consent and management of identities.
Quick fixes are necessary with minimal payments for securing actions of cloud providers.
Authorization and authentication
Cloud ecosystems are complex and cannot be easily accessed. Strategies have to be
developed for making easy management of these. Several studies devised categories that were
congruous for authentication and authorization of cloud hosting depending on the basic

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

organisational structure. One of them is classification of credentials. Belittling factors are
considered at the time of establishment or adoption of a solution intended for the same: as an
illustration, designs, life cycles, stipulations, etc. Following other studies, a better model was
proposed for multi-factor authentications in cloud computing. It had the ability to detect probable
threats to security in a suggested model. Additional fix was viewed with MiLAMob that
provided software authentication for IaaS foreign application purchasers.
Accessibility and identity Management
For full satisfaction of consumers in relation to successful atmosphere important utilities
of identity management devices are discussed. For sign on with different cloud workers the
actual author has present an agreement by using shiboleth – a type of guidelines for security
assertion mark-up language regarding cloud federation. An organization can outsource
authentication and agreement to third party cloud through identity management. It also provide
an important information for cloud processing management. When a given user and SaaS
domains user can easily assess the resources and application that sre offered is a true
relationship. To accept the user's request a PaaS domain has an interceptor that acts as new proxy
and execute all of them. WS-Trust specification is used to request security expression when the
interceptors interacts with secure token services.
Discretion, Integrity, and Availability
To maintain the integrity in the entity Terra style was introduce by Santos and other
authors. Granular host within Terra is not suitable in the organization and complete Iaas is to be
used in the system .The TCCP is to be followed in particular system. To protect the digital
machine the virtual machine is being monitored on time basis. Through the foreign manager
component user can assess the usage of cloud services. To record the trusted VM in the cluster,
the exterior trusted entity (ETE) provides a confidence coordinator service in the organization.
To attest the security of the VM, ETE technique should be adopted. Before starting the projects
TCCP gives guarantee for data which is used for integrated, confidential purpose. These features
are essential for data integrity purpose
Security Monitoring as well as Incident Response
Various files, system and real estate agents and advertisement agency are some of the
policy used for monitoring the system. Limited scalability low performance and single point of
failure can be avoided by redundancy and automatic policy adopted in the organization. All the

different protocol use different policy for monitoring purpose. Various assumption are laid down
for such purpose. Through specific implementations data is being gathered for company point of
view. Cloud software, virtualization libraries and OS-level tracking tools are correlated with data
supplier. The VM-level intrusion system should be implemented for breaching the gap of
detection systems. Multi-tenancy, scalability and availability - are some of the requirement of
efficient breach detection system.
SECURITY POLICY MANAGEMENT
Critical safety measures should be adopted for safeguarding the assets of entity. Proper
policy should be design for managing the safety measures. In computer system all the
information is preserved and inspected for future references. All reliable and fake information is
to identify by employee working in the organization. Procedure and rules are to be framed
according to the requirement of the organization. The data management system is being analysed
by the organization regarding the old and new system. Some changes have been design regarding
this policy.
In the entity certain procedure are to be protected and monitored from manual sources to
online basis. Access control is imparted by using PMaas technique which is to be adopted in the
corporate climate. For insurance policy the entity has to manage the service provider technique
for administration purpose.
Confidential data is to be protected in cloud processing:
Crucial data is being preserved by the organization for making changes in the report e.g.
IT files. For better data security researcher have to evaluate the data and should compute the
financial data. Confidential data need to be protected for safeguarding purpose. Encryption of
data should not evaluated in entity. Certain confidential data is preserved by the organization for
safeguarding the assets. Organization are not following this principle and guidelines for data
security purpose.
CONCLUSION
Current advances in cloud computer privacy and security study. It explained several
cloud computing essential technologies and concepts, like online technology and their
advancement. HIPPA DVD are some of the technique useful for facing the challenges in the
organizational tasks.

Providing orchestration, resource hysteria, and physical resource and impair service
management layers are some of outcome of cloud provider activity. Customers data is been
identified through confidential activity being conducted in the organization and overall inclusion
of IT information is publish in the report.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

REFERENCES
[1] S. Pearson, “Privacy, security and trust in cloud computing,” in Privacy
and Security for Cloud Computing (S. Pearson and G. Yee, eds.), Computer
Communications and Networks, pp. 3–42, Springer London, 2013. Computer
Science & Information Technology (CS & IT) 147
[2] E. U. Directive, “95/46/EC of the European Parliament and of the Council
of 24 October 1995 on the Protection of Individuals with Regard to the
Processing of Personal Data and on the Free Movement of such Data,”
Official Journal of the EC, vol. 23, 1995.
[3] U. States., “Health insurance portability and accountability act of 1996
[micro form]: conference report (to accompany h.r. 3103).”
http://nla.gov.au/nla.catvn4117366, 1996.
[4] “Hypervisors, virtualization, and the cloud: Learn about hypervisors,
system virtualization, and how it works in a cloud environment.” Retrieved
June 2015.
[5] M. Portnoy, Virtualization Essentials. 1st ed., 2012.Alameda, CA, USA:
SYBEX Inc.,
[6] P. Mell and T. Grance, “The NIST Definition of Cloud Computing,” tech.
rep., July 2009.
[7] F. Liu, J. Tong, J. Mao, R. Bohn, J. Messina, L. Badger, and D. Leaf, NIST
Cloud Computing Reference Architecture: Recommendations of the National
Institute of Standards and Technology (Special Publication 500-292). USA:
CreateSpace Independent Publishing Platform, 2012.
[8] R. Dua, A. Raja, and D. Kakadia, “Virtualization vs containerization to
support paas,” in Cloud Engineering (IC2E), 2014 IEEE International
Conference on, pp. 610–614, March 2014.

[9] D. Bernstein, "Containers and Cloud: From LXC to Docker to Kubernetes,"
IEEE Cloud Computing, vol. 1, no. 3, pp. 81-84, 2014.
[10] NIST Special Publication 500–291 version 2, NIST Cloud Computing
Standards Roadmap, July 2013, Available at
http://www.nist.gov/itl/cloud/publications.cfm.