Benefits of Cloud Computing Technology
Cloud computing is the major concept of IT, which solely and eventually enables the vast accessing of every type of the collective pool of configurable system resource and the high level service (Arora, Parashar & Transforming, 2013). These services could be quickly provisioned with extremely lesser effort of organization with the connectivity of Internet. The technology mainly relies on the various types of resource sharing for the purpose of achieving the economy of scale as well as coherence, which is absolutely similar to public utilities. The respective third party cloud is responsible for allowing the companies for focusing over their major businesses instead of spending resources on the computer maintenance and infrastructures (Dinh et al., 2013). The most important benefit of this particular technology is that it allows the organizations in avoiding or minimizing the upfront IT infrastructure costs. Cloud computing has the availability of the higher capacity networks, lower cost systems and storage device. Moreover, the hardware virtualization, utility computing and service oriented architecture are also utilized in this technology. The major characteristics of cloud computing are the improvement of organizational agility, cost effectiveness, independence of devices and locations, maintenance of the applications of cloud computing, multi tenancy, better performance, resource pooling, increment in productivity, business continuity and disaster recovery, high reliability, scalability, elasticity, data security and privacy and many others (Hashem et al., 2015). The three cloud computing services are the Infrastructure as a Service or IaaS, Platform as a Service or PaaS and Software as a Service or SaaS.
The following report explains a short discussion on the case study of Charity. There is a small data centre with Windows Server 2008 R2 and other web services. They have considered joining any community cloud that is being provided by the vendor of public cloud to provide several applications to the 500 staffs and administrative users. The confidential data or information is required to be secured with the help of cloud computing technology. This report will be outlining the various and probable risks or threats to the data within the HR database. Moreover, the risks of data after the migration of SaaS will also be provided here. The privacy and security of data is being checked by these risks. The possible risks to the digital identities of the charity employees for SaaS migration and issues related to ethics will also be given here.
Charity is a community that is involved for locating as well as providing accommodation, services for the mental health, and the services of training or support to all types of disadvantaged people within this community. This community mainly runs a small centre of data, which comprises of some 50 x 86 bit server running. The servers are database, file services and Windows Server 2008 R2 for the desktop services. The confidentiality of the collected PII data of the Charity is maintained eventually and these data even involves some of the digital identities for the disadvantaged clients (Fernando, Loke & Rahayu, 2013). The Board of the Charity is concerned regarding the security and privacy of the sensitive and confidential data so that no data breach occurs within the community. They have taken the decision for purchasing a HR and personnel management application from an American organization, which provides SaaS solution. Moreover, they also wish to move the payroll of the charity to a Commercial Off The Shelf or COTS application for managing within the public cloud and moving their intranet to a Microsoft SharePoint PaaS for providing intranet services to all the agencies in WofG.
Characteristics of Cloud Computing Technology
The data of the employees within the Charity often faces various types of security issues. The data is being stored in the human resources database and thus the confidential data or information is often under stake (Rittinghouse & Ransome, 2016). Due to this type of vulnerability, the identification of existing threats and risks is mandatory in the HR database. The major threats or risks to the security of employee data within HR database are given below:
i) Malware: The first and the foremost threat to data security in database is the presence of malware. A malware can be defined as the malicious software, which is intentionally designed for causing significant damages to the computers, computer networks and servers (Garg, Versteeg & Buyya, 2013). This type of malicious software is responsible for damaging the database completely in the form of an executable code, active contents and scripts. Malware is often described as Trojan horses, computer viruses, spyware, adware and many more. The database of the Charity can be easily hacked with the help of malware and thus al the confidential data would be stolen.
ii) Database Injection Attack: The second type of attack that is existing for the HR database of the Charity is the database injection attack (Hashizume et al., 2013). This type of injection is the technique of code injection that is being utilized for attacking the data-driven applications, where the nefarious statements of SQL can be put into to the entry fields for proper execution.
iii) Legitimate Privilege Abuses: The users, who have been given the authority to use the data of the employees, can easily exploit their privileges and can use the data for wrong purposes (Jain & Paul, 2013). This type of abuse is dangerous for any database and hence the database of the Charity is not at all safe from the privilege abuses.
iv) Denial of Service Attacks: Another significant risk or threat that is common for the database of the Charity is the DoS or denial of service attacks. This is done simply by subsequently denying the confidential service of the system or database and hence the legitimate user cannot access the sensitive or confidential data from that particular database (Botta et al., 2016). This is extremely dangerous and often brings major vulnerabilities since the user does not have any knowledge of this type of attack.
v) Weak Audit: The policy of weak audit solely represents the several risks or threats in terms of detection, compliance, recovery and forensics. The indigenous database management system and the audit capabilities significantly end up in the improper performance degradations and are extremely susceptible to the privilege related attack.
The Charity has taken the decision to move the cloud vendor for the betterment of their business and services. SaaS or software as a service is the software licensing as well as model of delivery, where this software is being eventually licensed on the bases of subscriptions. This type of cloud service model can be accessed by several users with the help of a thin client through the web browser (Arora, Parashar & Transforming, 2013). The payroll processing system, office software, CAD software, virtualization and many more are the major and the most significant business applications of software as a service. Therefore, after the successful migration to this particular cloud service model, there are various additional risks and threats. They are given below:
Risks and Threats to Employee Data Security
i) Reduction in the Visibility or Control: The first and the foremost risk after the SaaS migration is the reduction in the visibility or control of data. When the operations or assets are transitioned into the cloud, the organizations often lose some of the visibility or control from those operations or assets (Hashem et al., 2015). The shift of this cloud service models eventually lead to the paradigm shifting for monitoring of security or logging.
ii) On Demand Self Services Induce Unauthorized Uses: The on demand self services significantly induce several types of unauthorized uses and thus enabling the personnel of an organization for provisioning the additional services. For the low expenses and easy implementation of SaaS, the possibility of the unauthorized uses of the cloud services increments.
iii) Compromise in the Internet Accessible Management of APIs: Another significant risk that is common and dangerous after the SaaS migration in the Charity is the compromise within the internet accessed management of the APIs (Dinh et al., 2013). The application programming interfaces, which the clients utilize for managing or interacting with the cloud services are exposed to the public. There are numerous threats in these APIs and these threats could be easily turned to attacks.
iv) Deletion of Data: The fourth important risk or threat after a successful SaaS migration is the deletion of data. The threats that are linked with these data deletion eventually exist since the client has reduced the visibility to where the data is being physically stored within the cloud and the reduced ability for the proper verifying the security of the data. The procedure of deletion of data is extremely easy and thus often occurs in SaaS migration.
The identified risks and threats in the employee data of the Charity is being checked as per the severity of those risks (Fernando, Loke & Rahayu, 2013). These risks are subdivided into 4 categories. They are as follows:
i) Negligible: This is the lowest or the minimal severity of risk. This type of risk could be easily kept as negligible and does not bother much to the clients or the organizations. Due to the negligibility of the risks, it does not even affect the confidential data of the organization. Amongst the identified risks and threats to the employee data in the Charity, the negligible risk is the weak audit (Rittinghouse & Ransome, 2016). This type of risk does not directly affect the organization and hence can be termed as negligible in respect to others.
ii) Limited: The second type after negligible is the limited category of risk. This type of risk is limited and is not excessive vulnerable than the rest. However, if in action, this type of risk can be dangerous and can affect the organizational confidential data or information to the most. Amongst the identified risks and threats to the employee data in the Charity, the limited risk is the legitimate privilege abuses (Garg, Versteeg & Buyya, 2013). This type of risk could be easily avoided with proper mitigation plans or risk avoidance techniques. Hence, the severity is lower than the rest.
Possible Risks to the Digital Identities of Charity Employees for Saas Migration
iii) Significant: The third category of risk in the risk assessment plan according to the severity is the significant category. This particular category is much dangerous than the previous two categories. The significant risk category is responsible for providing massive destruction to the database and thus affecting the overall confidentiality of the data or information of that organization. Amongst the identified risks and threats to the employee data in the Charity, the significant risk category is the malware. This type of codes is used for hacking the data and spreading vulnerabilities.
iv) Maximum: The final and the most dangerous type of risk is the maximum category (Hashizume et al., 2013). The vulnerability is extremely high in this case and the data lost could not be recovered easily and promptly. The maximum category of risk should be avoided on time to stop the vulnerabilities. Amongst the identified risks and threats to the employee data in the Charity, the maximum categorized risks are denial of service attack and database injection attack.
The privacy of the confidential and sensitive data or information within the HR database of the Charity is often not checked properly. Due to the negligence in the securing the privacy of the data, the organizations often undergo several vulnerabilities (Jain & Paul, 2013). The various existing risks and threats for the privacy of data in the HR database of the Charity are given below:
i) Exposure of Backup Data: The first and the foremost risk for the privacy of data within the HR database of the Charity is the exposure of backup data. All the backups were to be encrypted and some of the vendors have the suggestions of the future database management system products and not supporting the unencrypted backup creation. When the backup data is exposed, the privacy and the confidentiality of the data are affected to a great level.
ii) Poor Authentication: The second type of risk is the poor authentication and authorization (Rittinghouse & Ransome, 2016). This type of authentication allows the hackers or attackers in assuming the identities of the legal database users. The various attack strategies mainly involve the brute force attack, social engineering attacks and many others. The proper deployment of the two-factor authentication or passwords is extremely for the authentication purposes. The authentication mechanisms for the scalability and easy to use techniques are to be integrated with the infrastructures of enterprise directory and user management.
iii) Database Protocol Vulnerabilities: The several vulnerabilities within the database protocols eventually enable any unauthorized access of data, availability and corruption. The attack codes are executed on the Microsoft SQL Server and on the targeted database servers. The protocol attacks could be easily defeated by the proper validation of SQL communications for not malforming. These types of vulnerabilities are often dangerous for the database, since they could not be avoided.
iv) Leakage of Personal Information: The next risk to the privacy of data is the leakage of personal information. This type of information could be easily leaked and exposed within the cloud and hence the sensitive information loses the integrity (Fernando, Loke & Rahayu, 2013). Leakage of personal information is extremely common and thus should be stopped with proper measures. The best method to stop this type of vulnerability is by using encryption and digital authentication.
Issues Related to Ethics
This specific community of the Charity has taken the decision to move their businesses to cloud and hence they have selected software as a service or SaaS as their cloud deployment model. However, there are various risks and threats that are extremely common after the successful migration of the software as a service (Dinh et al., 2013). The additional risks and threats after the SaaS migration of the Charity are given below:
i) Stolen Credentials: The most significant risk after the migration of SaaS is the stolen credentials. With the help of access of the cloud credentials, the hacker or the attacker can easily access to the authorized user’s services for the purpose of providing additional resources. They even target the assets of the organization and thus the attacker can easily leverage the resources of cloud computing for targeting the administrative uses of the organization.
ii) Increased Complexity for IT Staffs: Another important risk that can occur after the SaaS migration is the increased complexities for the information technology or IT staffs. The migration to the cloud could easily introduce the complexities to the IT operations. The management, integration and operation within the clouds will be requiring the existing IT staff’s data. This type of risk often affects the privacy of the employees’ data or information.
iii) Insiders Attack: The privacy of the employees’ data is also affected by the insiders’ attacks (Hashem et al., 2015). After the migration of SaaS, the cloud vendors or the organizational employees get the access of data and thus they can easily exploit them for their own benefit. This is known as insiders’ attack and it is common in SaaS cloud deployment model.
iv) Insufficient Due Diligence: The Charity after SaaS migration can perform insufficient due diligence and they can move the data to this cloud without even understanding the scope of the data migration. The security measures get affected due to this and various vulnerabilities occur eventually.
The distinct severity of these identified risks or threats for the privacy of the employee data is dependent on four distinct categories. They are given below:
i) Negligible: This particular category deals with those risks of the Charity that are negligible in nature. This type of risks could be easily avoided by the organizations and thus are considered as negligible (Botta et al., 2016). Among the few identified risks, the negligible risk of the Charity is the poor authentication. This type of risk is not at all vulnerable and hence could be easily avoided in Charity.
ii) Limited: The next category of risk is the limited category. This type of risk is vulnerable than the negligible risk, however, is less vulnerable from significant and maximum categories. Amongst the few identified risks, the limited risk of the Charity is leakage of personal information. This type of risk can be mitigated or reduced with the implementation of proper measures within the organizational database and thus the privacy of data is maintained.
iii) Significant: The third type of risk is the significant risks. This type of risk is dangerous and if measures are not taken on time, it can be extremely vulnerable for the organization (Jain & Paul, 2013). Amongst the few identified risks, the significant risk of the Charity is exposure of backup data. The hackers can easily use these data with wrong intentions and purposes.
Conclusion
iv) Maximum: The fourth and the final category of risk is the maximum category. This is considered as the most vulnerable risk from all the remaining risks. Amongst the few identified risks, the maximum risk of the Charity is database protocol vulnerability.
The above mentioned severity classification clearly classifies the identified risks or threats of the employees’ data privacy after the successful migration of SaaS of the Charity.
Digital identities can be defined as the information or entities that are utilized by the computer systems for properly representing any external agent. This particular agent can either be a person, or an organization, an application or a specific device. The confidential information is contained within a digital identity and it eventually allows the authentication and assessment of the user that is interacting with the business systems over the web (Garg, Versteeg & Buyya, 2013). This type of interaction does not involve any human operator. The digital identities enable the access to systems or services, they are providing for being automated and mediating relationships with the systems. The Charity has decided to move the employee data to the application of SaaS and hence the digital identities of these employees are to be moved to the cloud deployment model. There are various threats or risks to these digital identities of the Charity employees and they are given below:
i) Lack of Visibility or Control in Using Personal Information: The first and the foremost issue is the lack of visibility and control for using the personal information. Since, the employees’ data is confidential, proper visibility and control is highly required in the Charity digital identities (Hashizume et al., 2013). The proper management of this personal information is required as this is used in every aspect of the business.
ii) Verification of Identity: The second important risk or threat to the digital identity of the employee data of the Charity is the lack of proper verification of those identities. The verification of the identities of the individual transaction of the entity is required. This particular risk often becomes a major issue for the organization as they are unable to solve the authentication problems and stop the unauthorized access to the data of the digital identities.
iii) Lack of Authentication: Another important risk of the digital identities is the lack of authentication (Arora, Parashar & Transforming, 2013). This type of issue allows illegitimate access to the confidential data and thus the Charity can face significant issues of data security within their digital identities.
There are operational solution and operational location of the SaaS provider for the proper management of HR in the Charity. The operational solutions are the types of business analytics that mainly focus on the improvement of the existing operations. This particular type of business analytics includes the utilization of several tools for data aggregation and data mining for the purpose of getting more transparent and better information for the business planning (Rittinghouse & Ransome, 2016). The businesses could easily pursue the operational analytics in several methods. There are certain software packages that are effective for showing the operations in a business for real time in a specified time frame. Most of these tools would be providing visual models.
The operational location is the specific location where all the operations will be taking place and will be managed eventually. The operations management is the significant area of management that is concerned with the proper designing as well as controlling of the production process and the redesigning of the business operations within goods and service production (Hashizume et al., 2013). There are various threats or risks present and identified for the security and privacy of employee data for the Charity. These risks mainly include denial of service attacks, database injection attack, data deletion, insider attacks, poor authentication, lack of authorization, leakage of personal information and many more. These types of risks could be easily mitigated or reduced with the help of operational solution. This type of operational solution eventually reduces the risks to a greater level without involving much hassle. These operational solutions are utilized with the help of certain software packages and these software packages could be easily implemented within the organization (Jain & Paul, 2013). Therefore, the operational solutions could easily mitigate these threats or risks that are identified for the security as well as privacy of employee data in the Charity.
There are various issues related to ethics, data sensitivity as well as jurisdiction, which must be considered by this Charity for their employee data. The most significant ethical issues that should be considered by the charity are given below:
i) Employee Behaviour: This is the most important issue of ethics. The behaviour of the employees should be ethical and proper and the employees should not be discriminated on the basis of gender, religion or even ethnicity (Fernando, Loke & Rahayu, 2013). If any such activity is noticed, proper legal actions should be undertaken.
ii) Ethics of Humanity: Since, this charity will be dealing with mentally ill people, humanity is highly required. No person should be ill treated under any condition and everybody should be respected properly.
The issues related to data sensitivity within the charity are given below:
i) Strict Access of Data: The confidential data should not be accessed by everyone and hence a strict access should be maintained properly and proper actions should be taken if any type of discrepancy is being noticed regarding this (Dinh et al., 2013).
ii) Proper Authentication: The data should be authenticated and only authorized and authenticated user can access that data. If this rule is not maintained, proper steps should be taken.
The issues related to jurisdiction within the charity are given below:
i) Legal Issues: The legal issues should be kept on high priority and hence no such issues should be avoided at any cost.
ii) Cyber Crime: The second issue is cyber crime (Hashem et al., 2015). This is extremely common for the confidential data and if any such activity is noticed, proper actions should be undertaken.
Conclusion
Therefore, it can be concluded that the technology of cloud computing is known as the delivery of several distinct hosted services over the Internet. This particular technology is responsible for enabling the organizations in consuming the computing resources like the virtual machines, an application or even a storage. The various computing infrastructures are well maintained and built within the organizations. The first and the foremost benefit of this cloud computing technology is that the end users could easily spin up the computing resources for every type of workloads on demand. The self service provisioning eradicates the traditional requirement for the IT administrators for provisioning and managing computing resources. The next significant advantage of this technology is that the organizations could promptly scale up the computing requirements according to the demands of the clients. Thus, the huge investments in the local infrastructure are massively eliminated and maintaining elasticity. Moreover, the computing resources could be measured at the granular level and hence the users can only pay for the workloads and resources they are utilizing. The next important advantage of this technology is that the clients could easily migrate from place to another and can move their workloads to the cloud or even to the various platforms of cloud. Due to the cost effectiveness, cloud computing is being utilized by almost all organizations worldwide. The main applications that share features with the technology of cloud computing are client server model, computer bureau, fog computing, grid computing, mainframe computers, utility computing, peer to peer, green computing, cloud sandbox and many more. The four models of deployment of the cloud computing technology are private cloud, public cloud, hybrid cloud and community cloud. The above report has successfully outlined the popular case study of the community named, Charity. This charity has taken the decision to purchase the personnel management applications from any specific US based organization, which is providing SaaS solution and also moving the intranet to the Microsoft SharePoint PaaS for providing intranet services to every agency in WofG. This report has assessed the several risks and threats to the charity for their planned moves within the HR area. The issues related to data sensitivity, digital identities and provider solutions are also mentioned here with relevant details. Moreover, the security and privacy of employees’ data are also secured with the identification of risks and mitigation plans.
References
Arora, R., Parashar, A., & Transforming, C. C. I. (2013). Secure user data in cloud computing using encryption algorithms. International journal of engineering research and applications, 3(4), 1922-1926.
Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2016). Integration of cloud computing and internet of things: a survey. Future Generation Computer Systems, 56, 684-700.
Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of mobile cloud computing: architecture, applications, and approaches. Wireless communications and mobile computing, 13(18), 1587-1611.
Fernando, N., Loke, S. W., & Rahayu, W. (2013). Mobile cloud computing: A survey. Future generation computer systems, 29(1), 84-106.
Garg, S. K., Versteeg, S., & Buyya, R. (2013). A framework for ranking of cloud computing services. Future Generation Computer Systems, 29(4), 1012-1023.
Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The rise of “big data” on cloud computing: Review and open research issues. Information Systems, 47, 98-115.
Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of security issues for cloud computing. Journal of internet services and applications, 4(1), 5.
Jain, R., & Paul, S. (2013). Network virtualization and software defined networking for cloud computing: a survey. IEEE Communications Magazine, 51(11), 24-31.
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation, management, and security. CRC press.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
