Charity Data Infrastructure on the Cloud
The cloud computing concepts can be considered very advanced technology in the field of information technology and one of the major advancement in field of information technology (Ali, Khan & Vasilakos, 2015). The technology has maintained the security factors for the benefit of the clients and helps them in storing their data very efficiently in the virtual databases in the cloud so that the data integrity and redundant data solutions are available easily to their clients. The report is concerned with the organization name charity. On the present scenario the organization is making use of the small data centre that consists of 50 64-bit data servers which run in the windows for the desktop services and database files services are included for the support. There are 10 Red Hat Enterprise Linux 5 servers in the organization to service public facing Web pages, Web services and support. The organization is looking to join a community cloud which would be provided by a cloud vendor and this would enable them in providing the staffs and the administrative users which amounts to around 500 various type of applications to use and also this would data that would be generated from the use of the systems would also be very useful for the organization and would be both time sensitive and confidential.
The community cloud would provide the organization the option to store around 200 TB of data which would be used for the SaaS database that is currently being run on the public cloud vendor’s servers. I am the principle consultant for the community based Charity. The main details of the cloud services, risk assessment and security and privacy aspects of the Charity has been provided in this report.
The report consists the details of the data and information that the charity holds on its employees in the current HR system, Privacy of the data for those employees who will move to a SaaS application, Threats and risks to the digital identities of charity employees from the move to SaaS applications and additional information regarding the Operational solution and location(s) of the SaaS provider for HR management.
Threats and risks in the present data and information of the HR database
The designs of the intrusion of the data storage system to any type of organization designed frequently by the hacking experts. The confidential data of the organization are to be safeguarded from these attackers but often this is not possible for the developers to create systems which are fool proof and hence, the intrusion and the data loses takes place (Ali, Khan & Vasilakos, 2015). The main reason for which the databases of the organizations are targeted by the hackers are that all the information of an organization is stored in the database. Additionally, all the details of the employees are stored in the HR database of an organization and hence, the breach of security for the database would result in a huge amount of data to fall into the hands of the external individual and this might cause huge widespread effects on the organization. For instances if the salary information of the employees of the organization are leaked out to the other organizations then they can take advantages of the payment of the other organizations and can tempt them into signing for their organization. The main risks that the HR database faces from the hackers are that excessive privilege. In situations where the employees are granted the full access to the HR database of the company there can be abuse of power by the employees of the organization and these access can sometimes exceed the job functions of the employees (Ganbgwar & Ramaswamy, 2015). The companies also sometimes fail to set up the correct access control features for the employees of the organization and this can affect the organization to give rise to the data related issues within the organization. In addition to this, there are threats that can arise from the legitimate privilege abuse in which the people who are allowed the access control to the database are making a misuse of the access to the database and may leak out the access details to the outsiders which would be enabling the hackers and the wrong doers the chance of getting the important information about the employees of the organization and selling them out to the rivals or the people who can benefit from the data leak (Oliveira, Thomas & Espadanal, 2014). This also involves the storage media exposure and this process involves the attack on the backup storage which is left completely unprotected. If there is proper monitoring of the activities about the tasks performed on the database, then this type of intrusions can be detected and most probably avoided but the low –level access control to the backup disks and tapes would be increasing the risk of the data being exposed to the external individuals (Ali, Khan & Vasilakos, 2015). Additionally, it has also been noted that 30 percent of the breaches in the data of organizations takes place due to the human negligence, and it is often the case where there is lack of expertise in the field by the staffs and the security controls which are exposed.
Risks of Hacking and Vulnerability Exploitation
Exploitation of the vulnerable database also makes the databases of the organizations extremely vulnerable; this is because sometimes the organizations have difficulty in patching up their database and it take a long time after some error has occurred in the database and it requires efficient fixations which would bring it back to its previous state (Avram, 2014). This is utilized by the attackers who takes advantage of the unpatched sectors of the database and makes use of the default accounts and configurations of the database. Additionally, the organizations are sometimes inefficient in applying the patches to the database systems and make the mistakes of leaving their data unprotected and making it easier for the external agents. The data which is unmanaged also falls into the hands of the external agents and they use this opportunity to the fullest extent and saves the critical data objects to their accounts and sensitive data of the employees is then used against them to force them to make decisions which they would not have made in the other situations (Botta et al., 2014).
Additional risks and threats to employee data
Additionally, there are the risks of the database injection attacks that is used by the attackers. There are two types of injection attacks that takes place in a database system which is used as a SaaS. The injections are also of two types one is the SQL injections that is used for targeting the database which makes use of the conventional methods for storing the data and the NoSQL database which stores the data of the organization using the big data techniques. Although the big data solutions are no respondent to the SQL injection attacks therefore there is no use of the SQL based injections in the intrusion of the susceptible and classification of the attack (Yan et al., 2016). The other type of cyber-attacks that can be applied on the database is the denial of services, this would be interrupting the procedures of the organization and also make the processing systems of the organization unavailable to the intended for a long period of time. This halts the important tasks of the organization.
Assessment of the resulting severity of risk and threat to employee data
There are a number of risks and threat that are associated with the employee data stored in the HR databases of the organization. Additionally, there are threats in the system even after the migration of the databases to the SaaS services (Sanaei et v al., 2014). In addition to this, classification of these threats involved very complex procedures as all the processes hampers the organization. The migration of the database had helped the organization in their process of data storage to a great extent but the risks of the database still exists. The risks that are encountered in the system can be judged according to their severity which can be distinguished into three categories namely, High, Medium and Low risks. The high level risks would be causing widespread effects within the organization and the Medium and Low level risks would be causing effects which can be mitigated accordingly, but not as severe as the high level risks.
Data Breaches and Unprotected Data
For instances the risks of hacker attacks such as the denial of service is a high risk attack the effects of the attack can hamper the organization to a great extent and the effect would be very severe both for the organization and the employees (Avram, 2014). In addition to this there are other risks such as the compromises in the development of a secure database and also this would be enabling the attacker an easy access to the database of the organization, however this can be mitigated easily and hence, this would have considered as a medium level risk and the other risks can be considered as the low level risks.
Threat and risk in the present database
For the Charity organization there are various type of risks which are to be considered for the data security of the employees. The major concerns which are to be considered is that access to the data of the employees and only person to allowed access to the data of the employees are the people in the management and the administrator. The security of the data is to be judged from the different type of security solutions which would be provided by the cloud service providers. For instances there can be an insecure device which is connected to the network and the device would be able to perform the possible attack on the system of the organization and can fetch the details of the employee data (Oliveira, Thomas & Espadanal, 2014). The threat of data outflow is increased when employees use their mobile devices to access and share corporate documents via services that provides the cloud storage option such as Dropbox and Google Drive. Another huge factor that can affect the security of the employees’ data is the transfer of the password in between the cloud providers and the organization, this would enable the providers to leak the data and allow them unlimited access to the data of the users. In addition to this, the providers can also be too casual at times which might lead to the leaking of the data of the employees to the outsiders and this would hamper the privacy of data for both the organization and employees (Yan et al., 2016). Most Cloud service providers do not pay attention to the security of their APIs which will put into risk enterprise data with are related to privacy and data integrity This would not only hamper the privacy of the employees but also can cause various type of problems for them such fabricating their data for wrong purposes and using their data for wrong deeds (Sanaei et v al., 2014). The organization also holds a huge amount data and this is replicated among the various facilities issued by the organization. This also provides the intruders to access the data of the employees from the online databases of the organization. Encryption is technique that helps both the cloud service provider and the organization in protecting their data efficiently and makes the security contains very difficult to crack. Most government regulations (HIPAA, PCI) require that data encryption. Although encryption is widely used, it is often implemented poorly (Hasem et al., 2015). This can bring about various type of insecurities for the data of the organization and employees as well and this would allow the intruders to get into the private network of the organization.
Database Injection Attacks
Additional risks and threats to employee data
Additionally, it is recommended to the employees of every organization to maintain very strong and useful passwords that would protect their account and data from the external intruders but there are various options in the cloud services to provide their users with the facilities such as master keys but if the key falls in the hands of the intruder he can fetch all the data of the users and can make alterations to the actual data or stole very confidential information which are stored in the accounts of the users. Managing and storing these keys in a safe and secure location is of paramount importance when it comes to keeping the entire cloud database safe and secure. Most companies store both encryption and decryption key on the same database which can be detrimental for security (Yan et al., 2016). Multi-tenancy is process used by the hackers for thecustomers who share the same cloud database.
Assessment of the resulting severity of risk and threat to employee data
The assessments of the security risks for the threat to the data of the data of the employees is a complex procedure. The Cloud service provides generally provide the consumers with the parameters for safeguarding their data. Both the consumers and the providers of the cloud services are notified of the type of hazards that can take place due to the adoption of the cloud services. The cloud services generally look for the implementation of the safer methods for the organizations and their employees but the mitigation of the risks which are involved with the cloud solution acceptance generally depends on the complexities of the risks and services from which the risks arises (Sanaei et v al., 2014). The risks that are encountered in the system can be judged according to their severity which can be distinguished into three categories namely, High, Medium and Low risks. The high level risks would be causing widespread effects within the organization and the Medium and Low level risks would be causing effects which can be mitigated accordingly, but not as severe as the high level risks.
The high level risks are the risks of Key management and the Multi-tenancy. The threats arising from these are very high as if for once the data of the key is available to the hacker then he can gain an unlimited access to the data and the private information of the users. In addition to this, the Encryption is a risk of medium level as the threat arising from this risk are very severe, but the mitigation of the risk is also available and these procedures can be improved easily with the improvement in the overall procedures of the organization. The risk of insecurities in the API created by the cloud service providers are considered as the low level risks as these risks can be mitigated easily and with a bit of improvement in overall development features which can be used for the advanced features of security for the clouds functionalities.
Conclusion
Threats and risks to the digital identities of charity employees
The Charity Organization is making considerations about the SaaS services from the cloud vendors and this is can be very risky at times for the organization. Firstly, if the authorized digital identity of the users of the system are compromised by the organization, then the intrusion on the account of the user which would in turn make the whole organization vulnerable to the external threats. In addition to this, the authentication and the authorization of the users in the web can also take place without proper security checks as the data for the security check can be easily stolen by the attacker and the attacker would be able to gain access to the different sites which are accessed by the users. In addition to this, the web access management tricks can also be applied with the identity of the users to obtain important information so that they can be used against the users at point of time.
Secondly, the context of identity is also very important for the users as the this can cause very critical situation for the insider threats for the organization. In addition to this the cloud, mobile and social transformations taking place rapidly that would be eroding away the traditional security systems present in the different type of applications. As a result of this, the multiple perimeters around the resources of the enterprise, the interaction with the business partners and cloud –based services are also contributing greatly to the threats for the access to the key data of the individuals. For instances the extranet service access for the mobile users has a resemblance of the end of consumer access (Hasem et al., 2015). The IT employees who are outsourced having digital identity which is still authenticable from the previous organization can use it to fetch some important data from the organizations they previously they worked for and this data can be used to leverage against the organization and can turn them into a position of disadvantage. For instances the recent security features of google allows the individuals to bind all their devices to a single account and if this, account gets hacked by an attacker then the attacker might get access to all the devices which are being used by the user.
The charity organization had used the IT-driven identity management for the governance of the access control of the employees of the organization, the partners who are involved with the organizations and the contractors who would be supporting their compliance posture which are regulatory (Yan et al., 2016). It also offers the Charity organization the opportunity to be productive and introduce ways for the business to include the new era of computing the technologies and auditing and risking the teams for the demand of answering the simplistic queries (Hasem et al., 2015). The identity management systems which are very efficient and stores the identities of all the employees in the organization helps organization to keep a track of their employees and this helps them in auditing the performances of the employees and the risk management involving the security of the organization.
References
Additionally, there are cases of the Shared Vulnerabilities and Data Loss for the systems. The cloud provides the organizations with the preventive options for defending their data against the outsiders and protection of data of the employees of the Charity organization and major provides makes use of the security keys which are used by the access restrictions and files which are saved online for the individuals (Hasem et al., 2015). In addition to this, the multi-factor authentication is used by the cloud providers so that the individuals can safeguard their digital identities from the external attackers and data for the cloud can be lost through the attacks that are of malicious nature and the natural disasters and the data wipe by the service providers would be devastating to the organization in case there are no backup options available to the organization for restoring their data in the storage area (Etro, 2015). Hence there has been many recommendations about reviewing the data storage efficiently on the cloud before uploading the data online.
Operational solution and location(s) of the SaaS provider
Lately the adoption of the cloud based software as a Service option has been one of the major trends in the business of the organizations (Yan et al., 2016). However, the organizations have been facing various type of challenges in receiving out the expected benefits for the organization. The solutions would be very beneficial for the organization as they have been able to provide an efficient integration in between the HR and business objectives of the organizations.
For the company it can be suggested that the Charity organization makes use of the human Capital Management system that would be suiting them to align effectively with the business strategy of the enterprise-wide employee management strategy and data management strategy (Oliveira, Thomas & Espadanal, 2014). The Charity organization likewise trusted it would profit by maintaining a strategic plan from the overwhelming customization required with an ERP-based arrangement. The stage would give an expansive cluster of ability administration devices. For instances enlisting, on boarding, learning, execution, pay, and progression (Etro, 2015). The HR procedure of the charity organization puts the importance first: utilizing viable practices to convey HR usefulness to justify the business choices. There has been a huge in rese in the number of cybercrimes that are taking place in the organizations and the Charity Organization has been no exception in this field. In the case study this procedure can bolster execution of SaaS without additional; process reengineering. Charity organizations can utilize the HR system to scale new abilities for the expansion. It can be an excellent match for associations that would compare with their current HR frameworks and information. The procedure can likewise help associations that at present have manual procedures or utilize HR innovation on a restricted premise, and need to rapidly execute mechanized procedures on a far reaching premise (Sanaei et v al., 2014). In addition to this for the in-depth security for the data in the cloud storage of the organization the Charity Organization would be considering various type of security features. The cloud suppliers in any setting don’t give the security component which would be incorporated into the working of the information. In the idea of the cloud, the client or the association does not have any idea of the place the information is put away this can be considered as an issue since security perspectives would be broken in this specific circumstance. There are distinctive areas which ought to be thought about in the part of giving arrangement issue are the passageway of the staffs of the Charity Organization, the security of the information which is put away (Mei, Li & Li 2017). Before the organization is ready to adopt the cloud infrastructure for the storage of the data, they should be having a control on the data input and outputs and they should also be able manage the over cloud data features and infrastructure of the cloud facilities. The access control of the information onto who can have guide access to the information, how and from where the information can be gotten to and the time which is associated with the procedure which is engaged with the recovery of the information. The principle risk factor which can be incorporated into this setting is the issue identified with moral survey to the record. The username and the password word which are set ought to be sufficiently solid with the goal that assailants can’t straightforwardly get incorporated into the idea. The cloud supplier ought to have the capacity to identify the issue at a beginning time with the goal that it doesn’t fortify an issue which is identified with the break of data (Sadiku, Musa & Momoh, 2014). One of the exemptions which can be expressed here is that when a private cloud is being utilized on premises of the client. Protection, security and consistence can be considered as a duty which is legally binding between the client and the cloud supplier. It can be expressed that the cloud supplier’s risk is especially restricted. It is especially imperative to mull over that ones the information which are delicate are set in the cloud, the association can never again have control over the information, and it wins in the region of the cloud suppliers. Additionally, it is to be noted that there should be laws that would be used in the organization and the cloud provider should be incorporating those laws into their business which would enable them to provide their clients with the facilities of security data storing options (Diaz, Martin & Rubio, 2016). Hence, the Charity organization should be obtaining their solution from such an organization who would be able to provide them with such features and have the policies incorporated in their business agendas. There are also issues with the access points of the data storage which would be accessible only to the employees of the organization and should be sealed off for the outsiders of the organization. In case the organization makes use of the cloud databases and infrastructures the provider of the cloud services should be providing a detailed report of the services that they would be providing to the detailed report of the implementation of the cloud services for the organization (Gai et al., 2016). In addition to this, the organization is also to be notified about the procedures that are to be improved and the process that would be included in the development of the cloud security system.
Conclusion
For conclusion it can be said that the cloud technology has helped both the clients and the organization in rescuing the complexities regarding the data storage and platform procurement. There are other important techniques provided by the cloud facilities that would be helping the organization in providing the best services to their clients. In addition to this, the main purpose for the cloud concept is to include the facility of the adaptability for the organizations which would help them in acquiring the desired performance to help their client in achieving the desired results. The technology has also maintained the security factors for the benefit of the clients and helps them in storing their data very efficiently in the virtual databases in the cloud so that the data integrity and redundant data solutions are available easily to their clients. However, there are different type of risk factors which are to be considered during a cloud service deployment, although these security concerns are to be encountered with by the organization at the higher end technological advancements. The concepts of cloud have provided the organizations with the ability to spend time for the critical activities which takes places internally within the organization and doesn’t require them to concentrate on the security concern for the system of the organization. The report is concerned with the Charity who is looking to join a community cloud which would be provided by a cloud vendor and this would enable them in providing the staffs and the administrative users various type of applications to use and also this would data that would be generated from the use of the systems would also be very useful for the organization and would be both time sensitive and confidential. Hence, the report has been used for the description of the cloud security and privacy of the Charity and the different type of security features for the storage of the data of the organization by the cloud vendor.
References
Ali, M., Khan, S. U., & Vasilakos, A. V. (2015). Security in cloud computing: Opportunities and challenges. Information sciences, 305, 357-383.
Avram, M. G. (2014). Advantages and challenges of adopting cloud computing from an enterprise perspective. Procedia Technology, 12, 529-534.
Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2014, August). On the integration of cloud computing and internet of things. In Future internet of things and cloud (FiCloud), 2014 international conference on (pp. 23-30). IEEE.
Chen, X., Jiao, L., Li, W., & Fu, X. (2016). Efficient multi-user computation offloading for mobile-edge cloud computing. IEEE/ACM Transactions on Networking, (5), 2795-2808.
Díaz, M., Martín, C., & Rubio, B. (2016). State-of-the-art, challenges, and open issues in the integration of Internet of things and cloud computing. Journal of Network and Computer Applications, 67, 99-117.
Etro, F. (2015). The economics of cloud computing. In Cloud Technology: Concepts, Methodologies, Tools, and Applications (pp. 2135-2148). IGI Global.
Gai, K., Qiu, M., Zhao, H., Tao, L., & Zong, Z. (2016). Dynamic energy-aware cloudlet-based mobile cloud computing model for green computing. Journal of Network and Computer Applications, 59, 46-54.
Gangwar, H., Date, H., & Ramaswamy, R. (2015). Understanding determinants of cloud computing adoption using an integrated TAM-TOE model. Journal of Enterprise Information Management, 28(1), 107-130.
Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The rise of “big data” on cloud computing: Review and open research issues. Information Systems, 47, 98-115.
Li, J., Li, J., Chen, X., Jia, C., & Lou, W. (2015). Identity-based encryption with outsourced revocation in cloud computing. Ieee Transactions on computers, 64(2), 425-437.
Manvi, S. S., & Shyam, G. K. (2014). Resource management for Infrastructure as a Service (IaaS) in cloud computing: A survey. Journal of Network and Computer Applications, 41, 424-440.
Mei, J., Li, K., & Li, K. (2017). Customer-Satisfaction-Aware Optimal Multiserver Configuration for Profit Maximization in Cloud Computing. T-SUSC, 2(1), 17-29.
Oliveira, T., Thomas, M., & Espadanal, M. (2014). Assessing the determinants of cloud computing adoption: An analysis of the manufacturing and services sectors. Information & Management, 51(5), 497-510.
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation, management, and security. CRC press.
Sadiku, M. N., Musa, S. M., & Momoh, O. D. (2014). Cloud computing: opportunities and challenges. IEEE potentials, 33(1), 34-36.
Sanaei, Z., Abolfazli, S., Gani, A., & Buyya, R. (2014). Heterogeneity in mobile cloud computing: taxonomy and open challenges. IEEE Communications Surveys & Tutorials, 16(1), 369-392.
Soyata, T., Ba, H., Heinzelman, W., Kwon, M., & Shi, J. (2015). Accelerating mobile-cloud computing: A survey. In Cloud Technology: Concepts, Methodologies, Tools, and Applications (pp. 1933-1955). IGI Global.
Wang, B., Zheng, Y., Lou, W., & Hou, Y. T. (2015). DDoS attack protection in the era of cloud computing and software-defined networking. Computer Networks, 81, 308-319.
Wei, L., Zhu, H., Cao, Z., Dong, X., Jia, W., Chen, Y., & Vasilakos, A. V. (2014). Security and privacy for storage and computation in cloud computing. Information Sciences, 258, 371-386.
Xia, Z., Wang, X., Zhang, L., Qin, Z., Sun, X., & Ren, K. (2016). A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Transactions on Information Forensics and Security, 11(11), 2594-2608.
Yan, Q., Yu, F. R., Gong, Q., & Li, J. (2016). Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges. IEEE Communications Surveys & Tutorials, 18(1), 602-622.
Zhan, Z. H., Liu, X. F., Gong, Y. J., Zhang, J., Chung, H. S. H., & Li, Y. (2015). Cloud computing resource scheduling and a survey of its evolutionary approaches. ACM Computing Surveys (CSUR), 47(4), 63.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
