Order Now
Uncategorized

Understanding Risk Factors In Cloud Computing And Software As A Service (Saas)

39 min read
Posted on 
April 23rd, 2025
Home Uncategorized Understanding Risk Factors In Cloud Computing And Software As A Service (Saas)

Risk factors associated with In-house Database

Question:

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Examine the legal, business and privacy requirements for a cloud deployment model. Evaluate the risk management requirements for a cloud deployment model.

In the rapid advancement of the technology, many barriers can come along the way. Different ways are being implemented which make the task of handling the data or the personal information much easy from the point of view of the user. The cloud computing is one of such technological advancement sector, which is growing and is, expected to reach certain level of popularity in the near future. Most of the organization now days are moving to the concept of the cloud in order to gain advantage from the concept. The major issue, which are seen in the sector of handling of the data like the security issue, the managing of the data and the overall processing of the data, is well managed within the concept of the cloud. The main aspect which can be stated here is that all the manipulation of the data is done without the interference of the organization or the user using the service. This directly help from the point of view of the organization to engage themselves in more important activity than this (Dinh, Niyato & Wang, 2013).

The main aim of the report is to take into consideration the concept of cloud computing mainly the software as a service aspect of the service. The main factors, which are focused in the report, are the risk factors which are associated with the concept and the different remedy aspects, which can be directly, be applied to the technology to take full advantage of the technology.

Existing threats and risks

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

The main risk, which are associated with the in-house database, are as follows:

  • Excessive, inappropriate bad unused privileges: when someone is given the access to the database that exceed these privileges can be abused largely. Taking into consideration when someone’s role within the organization changes his or her access privacy also changes and this is not altered or changed. This mainly incorporates for the rights to the data, which are not more needed for the new role. The risk of the data being exploited is very much at hand in these scenarios. The leaking of the personal data of the organization can sometimes happen which can be a huge loss for the organization. The complexity which is involved to the application and the corresponding database structure means that the administrators are inclined to give excessive privilege by default to directly avoid the risk which is related to the application failure due to lack of privilege. Thus, the user have to directly be granted default or generic over the time. This concept facilitates the detection of a situation, which is compromising, termination of the access and the potential distraction of the local data, which is stored. When the device of the user in average is compromised in order to protect the sensitive data, it will be very likely that it would become harder to detect and if this user has an excessive of the privilege it can directly create a change to create a breach, which may lead to massive data lost incident.
  • Privilege abuse: Imperva research mainly stated that the data from multiple organization over a tenure of last two year period indicate that every organization human used database serve account to access the database and that these users were mainly misusing these privilege service account to access the sensitive data directly mainly by bypassing the interface of the application. In addition to this, certain “privileged user” may directly abuse the database of the legitimate user for unauthorized purposes. Certain group in an organization have the direct privilege to access the entire database due to the activity within the organization and the occupation. In this context, the term insider threat plays a very vital role. The explanation of the term is stated below:

Insider threat

Insider threat can be directly be categorized into three basic profiles – malicious, negligent and compromised

  • Malicious: The malicious insider threats comes from people within the organization who are directly or indirectly associated with the organization. For example former employee, present employee, contractors and business associates. They usually have the inside information of the organization which concerns the organizations security policy, computer system and the data which are of high propriety for the organization. The 2016 insider threat of the spotlight presented by the Palerra indicates that on an overage one in every 50 users is a malicious user.
  • Negligent: insiders are usually people within or who are directly associated with the organization that have malicious intention but they directly expose the sensitive data to breach the data due to the careless behavior.
  • Compromised: the user usually fall under the victim of the malicious activity that exploit or take over control of the system or the organization. Outside the attackers can use a variety of technique in order to attack the organization, including using the concept of computer virus, technique of social engineering techniques and phishing and other evolving techniques. The Verizon DBIR indicates that one in every six user will expose the data or misuse the data.
  • Weak audit trails: this mainly refers to the threats, which originate due to the gap of the internal processes or the gap. Monitoring the data access across the organization should be very much a part of the production database deployment. The main failure of monitor comes from the aspect of the security and the compliance and the collection of the non-appropriate audit trails of the database activity. This may incorporate a serious organizational risk at many levels of the organization. Moreover, organizations with weak database audit mechanism also find odds with the factors of the industry and the government regulatory requirement (Avram, 2014).
  • Unsecured storage medium: numerous security breaches have evolved over the past few years, which involve theft or incidental exposure if the database backup tapes and disks. Taking the appropriate measure to protect the backup files copes of the data, which is sensitive, is a very hectic job in hand of the authorized personal. On the other hand, it can be stated that it is very much essential to back up the files due to the factor that it may include data, which are highly sensitive. In addition to this privileged personal can have the direct access to the database server? This physical server proximately mean they can insert thumb or the USB drive and execute all the SQL commands directly to the database that will directly shut native audit and bypass all the mechanism which are related to the protection. The term combination of threat plays a very vital role in this aspect.

Each of the threats of the database which are discussed above are certainly enough to create a data breach but the opportunist bad actor would directly look for path of least resistance. Many times, the combination of the threats that speed the attacker’s access to the database and simplify their ability to exfiltration it undetected. Following are few example of the above stated facts:

  • SQL injection or the web shell expose the database directly to breach when the application has an excessive privilege.
  • Due to the factor of weak audit trails privilege abuse are very hard to detect.
  • Privileges abuse are very much severe when the user or the application have extra amount of privilege involved into it.

There are many risks, which are associated with the client moving to the infrastructure of the SaaS. The following gives an over view of all the possible risk factors that can be encountered.

  • Identity management in the cloud is very much immature: cloud providers themselves aren’t very much sophisticated about the concept of the integrating their platform with the identity service that exist behind the enterprise firewall. Some third party technologist direct let the information technology extent the role based upon the control access into the cloud with single sign on from ping identity and simplified. The Google has a secure data connector that form an encrypted connection between the customers data and the Google’s business application while letting the customer control which employee may get the access to the Google apps resources. On the other hand, it can be stated that the sales Forbes provides a similar tool. Unfortunately the evolution of the SaaS has basically outpaced the effort to directly build the comprehensive standard according to the cloud security alliance.
  • Cloud standard are weak: the concept of completing the SAS 70 audit is one of the things that is very much often heard from the cloud vendors touting its security concept. SAS 70 is an auditing standard designed to show that every service providers have sufficient control over the issue of the data. The standard was not created for the concept of the cloud computing but it’s become a stand in benchmark in the absence of the standard of the specific cloud providers.
  • Secrecy: cloud vendors usually argue that they are more able to secure the data then typically, the customer can do, and that the SaaS security is actually better than most of the people usually think. But some of the customers directly find this hard to believe that due to the factor that SaaS vendors tend to be rather secretive about their security processes. In particular cloud service providers providers release very few of the details about their operation and the data center calming it would compromise the aspect of the security. However, the customer and the analyst of the industry are being very much fed up with the entire unanswered question and the hush non-discloser of the agreement.

The main aspect, which is related to the severity of the risk, is associated with few of the question, which can come into the mind of the customer when moving into the infrastructure of the SaaS. The questions are:

  • Who manages the data?
  • Who has the access to the data?
  • Where is the data stored?
  • What laws apply to the data?
  • How secure is the data?
  • Will the user know when the data would be breached?
  • Will the data remain in the cloud even after the termination of the service?

The above stated question may directly arise with it few aspects that can play a dominating role are:

  • Data breaches: this concept directly stop many of the organization from adopting the concept of the cloud computing despite the various benefits it can have on any organization. Even though lots of technological advancement are seen in the sector of the cloud computing, the concept of the data breaches should be taken adequate care. The data breaches can result in a huge loss of data or data leakage. The data breach can occur both from the impact which is within the organization as well as outside the organization. The major causes of the data breach are the malicious insiders and the online cyber theft. Some of the reason, which can be stated for the cause of the breach, are the usage of weak password or password reuse by an employee of the organization.
  • Online cyber theft: most of the organization save their sensitive data into the concept of the cloud. This majorly becomes an attraction for the online cyber theft. Online thief can directly use the password to access the account of the user. Sometimes they also use scripts, which are automated to scan for a specific type of weakness across the field of the internet. Once they identify a vulnerability, which they could exploit, and they see the target is valuable enough, they will proceed with the attack. It can be stated that sometimes they take advantage of the cloud computing powers to launch the attack on other users. The best example in this scenario can be the Sony play station network attack, which was generated.
  • Data loss: most of the loss of the data happen due to the misplacing of the data or deletion of the data by mistake. If strict access control are not followed in this aspect the user or the cloud providers, it would be very much possible for the intruders to delete the data. Sometimes dissatisfied employee or malicious individual who gain access to the system due to relaxed access control can create a havoc by deleting customer data, which are very much important for any organization. Some of the best practice in this aspect is to ensure strict access control and need to have a good back up restore service in place, which could directly resolve such a scenario (Xiao, Song & Chen, 2013).

The resultant severity of the risks and the threats are:

  • Insecure interfaces and API: The cloud interface or the AIP’s related to the concept are used for the building up of the application in the market of cloud. These API’s allows the software to request the concept to request and computational from one or more services. If the application development is not done properly then there could be holes in the software in the deployment of the software that can lead to sector of compromises. If the API’s are secured properly then an attack could launch attack related to the DDoS. The best practice in this case is to basically secure the API’s using different forms of token or API’s key that are validated before the proper establishment of the connection and also using the application for the concept of development while bringing into cloud application.
  • Denial of service: Denial of service or DoS is a type of attack, which is intent to make a service very much unavailable. This concept is taken into active form my means of flooding the service with requests, which are illegitimate. This directly causes a threat, which is serious to the intended user by flooding the server with request, which are legitimate. This can directly cause a serious threat into the concept of the cloud as most of the organization expect 24/7 access to the cloud server provider. Most of the large cloud services providers have effective defense without a proper defense mechanism in place, which would directly increase the risk of Dos/DDos attack.
  • Insufficient due diligence: many of the organization move to the concept of the cloud without the proper understanding the service provider’s environment and the full scope, which is related to the concept. Operational responsibility for example incident response, security monitoring and data encryption. These concept can directly create a hit if the organization is not doing a due diligence before the concept of the cloud computing is taken into consideration. If the enterprise architecture does not understand cloud setup, then it is very much possible for the application to function according to the main requirement of the organization. In order to avoid the threat, customer should continuously monitor the cloud services infrastructure and the practices and do a due diligence before selecting the cloud service providers.

It can be stated that the SaaS have several advantages for the business bodies who move into the infrastructure. This directly helps in making the life of the user very much simple. However, the technology, which is related to the concept, can be considered very much new. Many of the organization who are using the concept have still concerns about the risk and the misconception, which are applied to the technology. The main field of judgment is due to the factor that the SaaS often does not rely on the concept of the internal Information technology department in order to store the data. and this directly can be a sense of worry for the users incorporating with the concept. Some of the threats and the risk factors, which are associated with the concept of the SaaS, are stated below:

  • Data access Risk: the factor that the concept is giving away the data to the third party, a number of users are concerned about who would get the access to the data. It can be very much seen that the data would be out control of the user and the potential fear of dissemination, corruption or deletion of the data by any authorized user. It can be a major concern when the organization decide to give away their sensitive data for storing and on the other hand if the data goes on to the hand of authorized people epically their competitors it would be a great loss for the business. On the other hand it can be stated that every customer can directly review and the discuss the procedures and the policies that are implemented by the SaaS providers. The level of access and to whom the data would be available can be mentioned. Taking into consideration the server providers, they should include that condition in the terms of agreement but from the point fo view of the user checking the terms is very much essential so that it would reduce the risk at a later stage.
  • Instability: the aspects of the stability and the security are two factors, which hold the true pillars of the issue, which is related to the SaaS software. The services are very much becoming popular on a daily basis, which can be a double-edged sword. It directly incorporated to keep up with the competition as it offers high quality service and different options to the user according to their need and necessary. A very much important in this context is that ,many of the organisation cannot keep up the pace with their own competitors as a result of which the employed providers may get shut down. The concept of the data portability can be a very much hassle from this point onwards. It can be a big concern due to the factor that all the money and the time, which is invested into the process, would be going into the drains. It can be stated that it is a risk factor that has to be taken in this competitive field market scenario. The situation might be unpredictable but it cannot be such a scenario that the whole system of the SaaS would be shut down. It can happen that the business bodies may encounter changes in the security policy band the rise of the price of the services, which can sometimes be a very much bother case for then organization who are taking service from it.
  • Lack of transparency: The SaaS providers always assure their customers that they would be keeping their data very much safe than any other out there. They assure that they would be keeping the personal information and the data more proficiently than the customer would himself or herself. However, it can be mentioned that not all the user take the words by their face value. There are numerous loopholes in the aspect of how they are keeping the data and there are numerous concerns on the providers lack of transparency on how the protocol which are related to the security are being handled from the providers side. It is a very much matter of debate. The aspect of lack of transparency may directly cause distrust from the point of view of the customers. Several security aspects are not being answered taking into account the questions, which are being dropped from the point of view of the industry experts and the clients. It directly leaves them in a speculation and empty space about the service, which is being provided, or the service they are reviewing and employing. However the SaaS providers mainly argue that the aspect which is related to the lack of transparency is mainly the factor which keeps their service very much secured. The factor of the divulging information about the operation and the data centers might eventually compromise the client’s security aspect. This field of argument may be very much reasonable for few of the customer but it may still leave other with a concern.
  • Identity theft: the SaaS providers always require the paymenet, which is done through the use of the credit card that can be manipulated remotely. It can be considered to very much convenient and quick method. On the other had few customers have doubt qbout the potential risk factors, which are associated with the concept. There are numerious security protocols, which are employed for he aspect of the prevention of the problem. The issue of the identity management can be within the framework of the companies LDAP direction, inside the firms firewall or on the SaaS site of the provider. The concept may very much depend, as there are many flaws due to the process being still in the stages of infancy. The providers do not have any other solution to the aspect of the identity management other than the company’s own firewall. The concept of the identity thief can also be encountered with the use of the security tools, which are numerous in count. The security tools directly imply that suing the software, which are additional, and perhaps the pavement of the services directly guarantee the safety of the credit cards information. The strategy, which is applied to the concept of the SaaS, may change thorough the course of time which is also one of the important issue in this sector.
  • Uncertain of the location of the data: Most of the SaaS providers does not disclose where the data is actually stored so the users are basically unaware where the data is stored. At the same time they much be very much aware of the regulation, which is set by the Federal information security management, act (FISMA) which directly states that the sensitive data of the customer much be saved within the country of the user itself. So within the framework of the law if a user of the data goes to another country the data would be directly transferred to that country. This keep the user with the uncertainty that where the data is actually located at that point of time. Some such as Symantec offer their services to a number of countries but there is no such guarantee that every provider would provide this type of service to the customer. This implies that the user would not have any knowledge about where their own sensitive data is located.
  • How the data is secured: the customer should have a knowledge of how their sensitive data is secured, but it can be stated that some of the explanation would not be precisely understood. Not every customer has pre knowledge of the protocols, which are related to the encryption or what it actually means. Clients may have an issue relating to the certain aspects which are related to the concept of the technology in a way that how their sensitive data would be restored and recovered. The knowledge, which is implied to the aspect, is that there are servers out there, which basically sort the sensitive data and keep the data safe. In a context the main question, which can arise, is that the data is stored but how safe is the data at that instance of time.
  • No direct control over the data: Along with the factor, that the SaaS providers could shut for good but there are worries and risk, which are associated regarding the data, is not really under the control of the user. The only good side, which can be related to the concept, is that the user does not have to manage, configure, and upgrade the software. On the other hand, the downside of the aspect is that the data is not really under the control of the user. If a situation arise that the data is lost the user have to contact the service providers and wait for the answer from their side about what actually went wrong and this might take a long period of time. It depends on the customization level that the providers offer which again may be very much limited. The SaaS providers are directly in charge of the responsibility of the concerns regarding the data storage issue. This may be directly be a relight from the user’s point of view. On the other hand, the issue, which is related to the data not being under the control of the user, is a worry factor. His factor may result in loss of money as well as time waiting for the answer from the server providers when the issue is faced (Almorsy, Grundy& Müller, 2016).

Risk factors associated with Software as a Service (Saas)

Management of personal information

The management of the personal information is a very important sector for any business organization. If there is a misuse of the personal information, it can directly cause reputational and financial loss to the customers as well as the reputation of the business body. A significant loss can directly indulge in loss of customer or the business partners and the would affect the revenue sector. The direct benefit of employing necessary implications in the sector of the personal information could include more processing efficiency. It also reduces the risk, which are related to the privacy breaches and the resources and the time, which is involved in addressing the breaches if they occur. The best example to explain the context is taking into consideration the aspect of the information life cycle. The life cycle of the management of the personal information may involve the following points.

  • Taking into consideration weather is actually necessary to collect and hold the information, which is personal in order to carry out the activities and the functions of the reorganization.
  • Planning on how the personal information would be taken care of by means of embedding protection privacy into the design of then sectors of the information handling practices.
  • Assessing the risk which are associated with the personal information taking into account the new practices, laws , change to an exciting project or as a part of infrastructure of the business as usual.
  • Taking and putting into impact the appropriate steps into the places of the strategy to protect the personal information that the organization holds.
  • Destruction or re identification of the personal information when the user no longer needs it (Rittinghouse & Ransome, 2016). .

The main aspect, which can be applied to the concept of the management of the personal information, is how the data is collected and how the data would be stored and holed. The main point of consideration is that the data is always dynamic and it can undergo changes without any necessary action or consciousness of the author of the data.

Collection and management of solicited personal information

The collection of the forms the basic concept when relating to the storage of any information or data in the concept of the cloud. The collection of the data should always be a single point from the service provider’s point of view. The collection of the data and the storage of the data is considered important, as it would directly affect the retrieval of the data when the user wants the view the data. It is very much crucial that the user gets the information or the data when the user wants it. In according to the principle the management of the data also plays a very vital role. The factor of the management and the security of the data comes hand in hand in this scenario. The security of the data should be always given top most propriety (Sanaei, Gani & Buyya, 2014).

Use and discloser of personal information

Accursing to the social science and humanities research council all the personals can have the access of the data according to the privacy act within their own government at any instance of their time according to their requirement. At the point of collection of the information, the user has to be informed how to exercise their personal right to access, correct they own data. The applicants would be asked for their consent in this context. The main aspect, which is disclosed here, is that if the personal information is to be used or disclosed for a purpose that is very much consistent with, or different form, the reason for which the information was originally collected. The report of the when the information is collected and how the data is stored can be disclosed in according to the access to information act. This also directly helps in the protection of the sensitive information. For example, records can be redacted to protect an personal information of an individual or where there is any obligation related to legal issue to withhold information.

Importance of Managing Personal Information

Use and security of digital identities

Identity can be considered as an entity and an entity is a set of unique characteristics. Entity is used for the purpose of authentication with the server providers for the access of the data or the information. Digital identity can be considered for a person to be an identity card, which is used for the purpose of the identification of the user. Managing the aspect of the digital identities is not a very easy task in hand and it can directly raise issue related to the privacy. For the purpose of the managing the digital identity different kind of identity management techniques can be incorporated. Identity management identifying a particular person on the ground of the a particular user id or code, email id and credit card number can be used. This practice eventually protects the system from unauthorized access, on the other hand it prevents only the authenticated user to access the information, and no other person is allowed to do so.  The digital identity model is based on the following aspects.

  • Service providers: service providers gives the access to the data to only the authorized users.
  • Identity providers: it issues the identification protocol, which can be a unique id or any number for the purpose of the identification and the authentication of the user.
  • Entity: for whom the user is actually calming to be.
  • Relying party: it is basically used to verify the claim for whom the particular use are claim. The server provider in order to justify to sends the claim to the relying party pf the purpose of the authentication.

There are several solution, which can be related to the IDM (identification detection management) like the federated IDM, centric identity model, and decentralized identity model. There are two aspects, which are involved in the identification purpose, or two approaches which are centralized and decentralized. In the aspect of the centric identity management, each of the user is assigned specific attributes for the purpose of the identification. These attributes are identifying the authorized user. Centralized is somewhat similar to the concept of the federated IDM. Federated management also involves the attributes, authentication, and credential for the entities and its domain.

These methods can be considered to Prime (privacy and identity management for Europe), Open ID, and Microsoft CardSpace

  • Prime: the prime can be considered as a console that is mainly handling the service of the requestor’s data. The console requires direct installation and the configuration by using the console service requestor. This directly implies that the personal information of the user is managed.
  • Open ID: For the access purpose, many of the web applications as well as data access in this case cloud need a username and a password. Every user has a specific user name and a password, which can be used for the purpose of the authentication of the user. This directly prevents authorized personals to access data.
  • Microsoft CardSpace: For the purpose of the identification, the Microsoft CardSpace is used for the clam’s value. Claims can be on the ground of the gender, name and so on. These claims can be used as a digital identity purpose for the authentication of the user.

Information security can be considered very vital part in the legal pact regulating the field of the protection of the data. Taking into consideration the narrow part of the personal data it refers to the protection of the confidentiality, integrity and the c=accessibility of the personal data. The data security aspect was essentially established by the Danish supervisory authority for the protection of the data, which directly did not grant the permission to create municipality to involve in the act of transferring the personal data to the cloud provider in the USA on the doubt ground regarding the measures of the security. An issue, which can arise in this context, is whether the data are better stored in the concept of the cloud. The main issue which basically arise in this context is that the data which is stored in a place and which is under the control of the user is more secured basically due to the factor that the data would be under the control of the user. Just as the user trust the operating system, software and the hardware of the system they are using, the user in the same way have to trust the cloud service providers. It is just another aspect of the service when the service of the cloud is related to the other services that the user eventually achieve in a daily life aspect. However, it can be stated that there is a big difference in the aspect of the service outsourcing. If the user have the computing capability under their own control, the user alone or in corporation with the third party can take of the data and along with it the security of the data with different security implications. The aspects, which can involve in this scenario is that the data can be backed, if the user does not properly trust the operating system or the web browser they eventually use. On the other hand, when the trust issue is applied to a third part (in this case the cloud service providers) the only aspects which are involved in the issue is not only the measures and the security procedures but also the accessibility, reliability and the continuity of the operations. The user must always take into consideration certain issue relating to the service which is being gained from the concept and whether it legal and the need issue s are meet. This cannot be be done without:

  • Transparent and adequate information from the providers of the service.
  • Assessment of the factors of the risk accepting that might come eventually with the offer.

Collection of Personal Information

The data controller of the organization have to take into consideration all the issue relating to the privacy of the data. If the aspect is not taken care of properly, it can be handed over to a third party who would eventually provide the service in this case the cloud server providers. The cloud server provider’s transparency is very much essential. The user have to be always presented with the information on the exact location of the data and from where it is being processed. The concept of the confidentiality, integrity and availability of the data are other factors that should also be taken into consideration.

The user who use the concept of the cloud should have the access of the information any instance of time. The provisions, which are implemented in the framework of the cloud, allows the user to store the information or the data within his or her own country. In times of travelling, the data would be transferred accordingly. This concept gives a direct guarantee that the user would be able to access the data at any time framework without any issue related to it. In a context the main issue, which arise, is that the user is unaware of where the data is actually stored at a particular time. On the other hand, the issue, which is related to the security of the data, also falls in the limelight in such scenarios. It is very much obvious that each user wants their sensitive data to be very much secured and easily accessible when they actually need the data.

The quality and the correction of the personal information can be considered as one of the most important aspect when lending the data to a third party (in this case the cloud providors). The data, which stored should not be modified in any way due to the reason that it could be some very important information whose alteration can be a huge loss form the viewpoint of the organization. The correction part of the data means the alteration of the data, which is stored in the server. The user can sometimes want to modify and change the information, which is being stored. In order to make provision of the aspect the data should be very much available for the user so that the alteration can be affected into the data.

Protection of personal information

The protection of the personal information can be considered very important aspect when it comes to moving to the concept of the cloud. Any organization when moving to the concept of the cloud wants their data to be very much protected. Protection directly means that the unauthorized person access to the data is denied. This directly implies that the security aspect which is related to the cloud computing should be very much advanced.

Authorized access & disclosure of personal information

The most important issue which is faced in the context is the authorized access. The data or the personal information when stored in the concept of the cloud the data should always be protected from authorized access. When a user saves a data in the concept of the cloud, the cloud providers should always give the guarantee that the data would be saved and protected. Authorized access of the data can directly lead to deletion or alteration of the data. In order to safeguard the data authentication process should be incorporated so that unauthorized person do not have the access to the data.

Storage of Personal Information

De-identification of personal data

The de identification concept can be applied to the connect of the authorized access to the data. The users discrimination should be applied to the connect on how can access what features of the concept of the cloud. If each user has the access to everything, it would be very much difficult to keep track of the data. The concept of the user authentication can be applied in a way that specific user should be given a unique password that the user only knows which usage would give direct access to the rights of the user. More advanced features of the identification purpose have to established which make the authentication concept more reliable and more user friendly.

Use of personal digital identities

The use of the digital identities can be applied to the concept when the data is being accessed from the point of view of the user. From the point of view of the cloud, provider’s ether can also be digital identification that would directly help in the discrimination of the fraud from getting access to information, which is of high importance to the user of the organization who make use of the service of the cloud. Password authentication and smart card can be some of the ways by which the identification process can be more relied upon.

Security of personal data

The security of the data should be a top most prosperity for any of the technology. The data being stored in the sever should always be safe guarded so that unauthorized personal do not the access to the data at any time. On the other hand, the data should be very much available for the user when they want to access the data. The concept which is applied to the connect of the cloud is that the user or the organization does not have any knowledge of where exactly the data is stored and who is manipulating the data. most of the organization due to the aspect of the security concerns related to the concept are not moving to the concept of the cloud though the concept has a waste range of advantages which are applied to it.

Archiving of personal data

The user or the organization who store the data should have the access to the data when they need to do so. In order to do so the cloud providers should make necessary provisions so that the aspect is meet. It would be of no use if the data is stored in a server and the author of the data does not get the data when it is needed. According to rules, which are stated the data of the user should be stored in the country in which the user resides during the time of travelling the data, would be transferred to that country so that the access to the data is made very much easy from the point of view of the user.

Conclusion

It can be stated from the above report that the concept of the cloud computing can provide a wide range of advantage from the point of view of the organization who is adopting the service. On the other hand, with any technological aspect disadvantage factor also comes into active play. In the scenario of the report the use of the in-house database system majorly faced major sort of problem but after the above discussion it can be stated that the movement towards the concept of the cloud computing and adopting the concept of the software as a service can directly help the organization and its overall working. The main issue, which is seen in the report, is the factor the risk that is related to the security. Security factors play a very vital role in any organizational scenario. On the other hand, it can be directly stated that if the issue, which are related to the security problem, are resolved it would be a huge advantage for the organization in the sectors which they initially want to improve in.

References

Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.

Avram, M. G. (2014). Advantages and challenges of adopting cloud computing from an enterprise perspective. Procedia Technology, 12, 529-534.

Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2016). Integration of cloud computing and internet of things: a survey. Future Generation Computer Systems, 56, 684-700.

Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of mobile cloud computing: architecture, applications, and approaches. Wireless communications and mobile computing, 13(18), 1587-1611.

Erl, T., Cope, R., & Naserpour, A. (2015). Cloud computing design patterns. Prentice Hall Press.

Erl, T., Cope, R., & Naserpour, A. (2015). Cloud computing design patterns. Prentice Hall Press.

Fernando, N., Loke, S. W., & Rahayu, W. (2013). Mobile cloud computing: A survey. Future generation computer systems, 29(1), 84-106.

Garg, S. K., Versteeg, S., & Buyya, R. (2013). A framework for ranking of cloud computing services. Future Generation Computer Systems, 29(4), 1012-1023.

Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The rise of “big data” on cloud computing: Review and open research issues. Information Systems, 47, 98-115.

Herbst, N. R., Kounev, S., & Reussner, R. H. (2013, June). Elasticity in Cloud Computing: What It Is, and What It Is Not. In ICAC (Vol. 13, pp. 23-27).

Li, M., Yu, S., Zheng, Y., Ren, K., & Lou, W. (2013). Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE transactions on parallel and distributed systems, 24(1), 131-143.

Lian, J. W., Yen, D. C., & Wang, Y. T. (2014). An exploratory study to understand the critical factors affecting the decision to adopt cloud computing in Taiwan hospital. International Journal of Information Management, 34(1), 28-36.

Manvi, S. S., & Shyam, G. K. (2014). Resource management for Infrastructure as a Service (IaaS) in cloud computing: A survey. Journal of Network and Computer Applications, 41, 424-440.

Oliveira, T., Thomas, M., & Espadanal, M. (2014). Assessing the determinants of cloud computing adoption: An analysis of the manufacturing and services sectors. Information & Management, 51(5), 497-510.

Rahimi, M. R., Ren, J., Liu, C. H., Vasilakos, A. V., & Venkatasubramanian, N. (2014). Mobile cloud computing: A survey, state of art and future directions. Mobile Networks and Applications, 19(2), 133-143.

Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation, management, and security. CRC press.

Sanaei, Z., Abolfazli, S., Gani, A., & Buyya, R. (2014). Heterogeneity in mobile cloud computing: taxonomy and open challenges. IEEE Communications Surveys & Tutorials, 16(1), 369-392.

Sultan, N. (2014). Making use of cloud computing for healthcare provision: Opportunities and challenges. International Journal of Information Management, 34(2), 177-184.

Toosi, A. N., Calheiros, R. N., & Buyya, R. (2014). Interconnected cloud computing environments: Challenges, taxonomy, and survey. ACM Computing Surveys (CSUR), 47(1), 7.

Wei, L., Zhu, H., Cao, Z., Dong, X., Jia, W., Chen, Y., & Vasilakos, A. V. (2014). Security and privacy for storage and computation in cloud computing. Information Sciences, 258, 371-386.

Whaiduzzaman, M., Sookhak, M., Gani, A., & Buyya, R. (2014). A survey on vehicular cloud computing. Journal of Network and Computer Applications, 40, 325-344.

Xia, Z., Wang, X., Zhang, L., Qin, Z., Sun, X., & Ren, K. (2016). A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Transactions on Information Forensics and Security, 11(11), 2594-2608.

Xiao, Z., Song, W., & Chen, Q. (2013). Dynamic resource allocation using virtual machines for cloud computing environment. IEEE transactions on parallel and distributed systems, 24(6), 1107-1117.

Yang, K., & Jia, X. (2013). An efficient and secure dynamic auditing protocol for data storage in cloud computing. IEEE transactions on parallel and distributed systems, 24(9), 1717-1726.

Order an Essay Now & Get These Features For Free:

Turnitin Report

Formatting

Title Page

Citation

Outline

Place an Order
Calculate the price
Pages (275 words)
$0.00
Course Scholars
Company
Legal
How Our Service is Used:
Course Scholars essays are NOT intended to be forwarded as finalized work as it is only strictly meant to be used for research and study purposes. Course Scholars does not endorse or condone any type of plagiarism.
Subscribe
No Spam
© 2025 Course Scholars. All rights reserved.
Course Scholars will be listed as ‘Course Scholars’ on your bank statement.

Order your essay today and save 15% with the discount code GINGER

Order Now