Review of the Project with Respect to Financial Sector
In the present times, IT has been crucial in increasing the productivity and the efficiency of the business organizations. All the business organizations are using digitized mediums for different operations of the organization. Aztek Solutions is a financial business organization which deals with highly confidential data of the consumers. However, the risks and vulnerability dynamics of the organization has hanged with the increased with the advent of technology. Therefore, it is important that the organization should conduct a risk assessment and examine the risk associated with the deployment of technology. The company should examine several risks associated with the deployment of IT services and address them for increased efficiency. The data collected by the financial organizations is very crucial as it contains crucial details regarding the personal data of the organization like bank account details, credit or debit card number and passwords (Almorsy, Grundy & Müller, 2016). Therefore, it is important that the data is protected by the business organization. Other than that, there is also several compliance related risk faced by the business organizations. The government has made several laws related so that the privacy of the consumers can be protected. It is important for the financial organizations to abide by these laws to continue their operations. In this regard, the present report will examine the risk, vulnerability and the threat associated with the implementation of the cloud computing in the organization. Currently, the company is examining the deployment of various IT infrastructural services, namely, cloud computing, bring your own device and other technology for increasing the proficiency in the operations of the organization. The company has chosen the employment of cloud services in the organization (Almorsy, Grundy & Müller, 2016). There are several benefits of cloud computing deployment such as optimal use of the organization’s infrastructure and reduced expenditure of the organization. When deploying the cloud services, the organization will use the service of external service provider which will reduce the burden of work on the employees. The employees will be able to devote their time in more productive operations rather than the maintenance of their operations. The present report will discuss the issues associated with the cloud service deployment in the financial sector and how the organization can adapt to these changes.
The cloud computing is a technology which achieve optimization in resource utilization and cost by sharing of the resources. There is a cloud service vendor which allows the business organizations to store data on online mediums by charging specific fees (Armbrust, Fox, Griffith Joseph, Konwinski, & Zaharia, 2009).. Several business organizations can avail the services at a single time as the vendor offer different portions of memory storage to different clients. With this technology, the customers do not have to invest in infrastructure required for setting up the services. The organization can avail the services at a minimal cost by paying a rent for it (Grobauer, Walloschek, & 2011).
Currently, a large number of financial organizations are using cloud services due to its immense benefits. The cloud allows the business organizations to store large amount of information on online mediums at minimal cost. This information can be accessed from anywhere and any person can access it, who has the key or password to access this information (Hashizume, Rosado, Fernández-Medina, E& Fernandez,2013). It offers increased accessibility to the data which is beneficial for increasing the productivity of the organization. However, the security issues are the major concern in the deployment of IT services in the organization. The financial organizations regularly operate with highly sensitive data. These organizations have to handle large amount of sensitive data which pertains to the personal and the financial information of the users. Any leak in the private information of the users will result in tarnish to the image of the organization and loss of financial resources.
Moreover, as the organizations deal with highly confidential data of the consumers, the government has also made several privacy and security laws which can protect the consumers from any criminal offence. It is important for the organizations to comply by these laws. Although the organizations can legally collect the personal information of the users, they cannot share it with other organizations or distribute it publically (Jensen, MSchwenk, Gruschka & Iacono, 2009). The law includes that the organization should not disclose any personal information of the user or any other indirect information which discloses the personal information of the users. The financial service organizations are facing data breach threat from internal and external threats as well as a large number of unintentional mistakes. The organizations are constantly facing data breach risk from the malicious insiders. The economic recession has resulted in a large number of disgruntled employees who are maliciously can steal or disclose the customer information. There is also a growing threat of financial malwares which are designed with the intention of stealing the financial data of the customers. The unintentional data breach is another issue which can also impact on the security of the organization (Chou, 2013).
In large business organizations, there are a large number of employees who work at different departments and have different capabilities. However, the technical skills of some of the employees may not match the technical skills of other employees (Krutz & Vines, 2010). If these employees operate the IT infrastructure of the organization, they may mishandle it leading to the leakage of organization’s sensitive information. Other than that, there may be other reasons which may lead to unintentional information leakage from the organization. It is important for the financial organizations such as Aztek Solutions to identify the potential cause of the information loss and try to resolve these issues.
As per the above discussion, the information stored by the financial organizations is highly sensitive in nature. The deployment of external cloud service vendor will increase the security risk to the organization. The organization will need to handle all type of information to the third party vendor. Thus, the most significant risk is handing over the information to another person. It is important that the third party vendor or the cloud service provider follows all the privacy and confidentiality rules and regulations so that there is no risk of data breach to the organization. Moreover, with the change in the technology related to the storage, retrieval and access to the information, the employees will be required to provide training to handle the information appropriately (Li, Dai, Tian & Yang, 2009). The organization should be able to provide information regarding the new technology, its use and operations. It is important as if the employees will not be able the handle the new IT system, it will result in unintentional information leakage.
Although there are a large number of risks associated with the deployment of external cloud service vendor in the organization, it has a several significant benefits which will increase the efficiency and the productivity of the organization (Mell & Grance, 2011). Therefore, the new system will be deployed in the organization with appropriate security measures and approaches. The security protocols will assure that the organization operate safely with the new safety protocols (Mishra, Mathur, Jain & & Rathore, 2013).
As Aztec Corporation is a financial service organization, it has implemented a large number of security measures to prevent any data theft. Currently, all the information pertaining to the operations of the organization is stored in the database of the organization. Aztec has implemented intrusion detection system and firewalls to prevent any breach from the external or unauthorized users. The firewall detects any unusual or unauthorized traffic from the external sources and alerts the official personnel. It can be a false alarm or actual attack; therefore, the authorized personnel are notified of the result and they analyze the alarm. The system is shut down if there is any possibility of an external attack (Ogigau-Neamtiu,, 2012). The organization has also developed policies and rules related to the user and the organization privacy. All the employees are debriefed regarding the policies at the initial time of their employment. They are acknowledged regarding the workplace practices which they need to abide by or follow. In any case or situation, they should not reveal the private information of the users.
All the private files and the applications of the organization are password protected. The employees are provided with an access key or password which can be used to enter the system or access the files. The information is stored in the password protected files and the password is alphanumeric. The password is designed with special encryption keys and they are hard to detect or hack. Aztek also uses encryption methods to protect the system from external users. The organization uses encryption methods to save the sensitive information while transmitting them or storing them in internal database (Chen, Paxson, & Katz, 2010).
Iosup, Yigitbasi, Prodan, Fahringer, & pema, 2009). The encryption is considered as the best method for the protection of the information from the external users.
Moreover, there are other methods such as monitoring the user activity to enhance the security of the system. In the recent times, the major cause of information or data leakage is by a disgruntled employee or an internal employee of the organization (Dahbur, Mohammad, & Tarakji, 2011). Therefore, it is important to run a thorough background check on the candidates before employing them in the organization. Moreover, the organization should also monitor the user activity and if there is any unusual activity than that employee must be kept under radar (Krutz & Vines, 2010).
With the above analysis, it can be critiqued that the current Aztek security posture of the organization is appropriate; however, it needs to be modified according to the cloud service deployment. With the external cloud services, the organization will be requiring several adaptations and changes in its current security protocols. Firstly, novel risk from the cloud service deployment will be analyzed with the help of the risk assessment. With regard to the analyzed risk, the organization can develop new security policies (Hashizume, Rosado, Fernández-Medina, & Fernandez, 2013).
Cloud computing is a novel technology which is based on the fundamental of sharing resources so that optimization can be achieved in the operations and cost-allocation. However, while sharing the resource with other parties, other business organizations can accidentally or intentionally access the private information of a business organization. Other than that, by giving information management to a third-party, an organization also lose control over the information which makes them more vulnerable to security threats (Asma, Chaurasia & Mokhtar, 2012). In the present section, the major threats to the security of an organization due to cloud computing are identified and discussed.
The cloud computing is a preferable option when the services are obtained from a third-party vendor; however, once the services are attained, they are in the state of lock-in. There is little advancement in the portability option for the client and it becomes very difficult for the customer to transfer data from one cloud source to another (Jensen, Schwenk, Gruschka, & Iacono,2009).
As per the above discussion, it can be deduced that when an organization obtains the services of an external cloud service provider, he gives the control to manipulate the information to the service provider. Conflicts may arise between the service provider and the cloud service user. The service provider may not implement security protocols which can increase security threat to the organization (Li, Dai, Tian & Yang, 2009).
In the finance industry, a large number of regulations are made to protect the privacy and confidentiality of the users. It is important to abide by all these laws and regulations. However, the privacy laws are different in each country. Moreover, the service provider and the service obtainer reside in different countries. Therefore, it is difficult to comply with the laws and regulations in each very country (Mell & Grance, 2011).
While selecting an external service provider, it is important to check the reputation and the service quality of the vendor. If the service provider could not provide adequate service or fails to maintain the privacy and the interest of the users, the user vulnerability increases. Therefore, it is important that the service provider is selected after careful inspection (Grobauer, Walloschek & Stocker, 2011).
The reputation of the business is dependent upon the services it provides to its customers. Maintaining the confidentiality and the privacy of the consumers is important for the organization as the customers trust the organization with their crucial information. If the consumer data is stolen, it can result in heavy damage to the brand image of the organization (Buyya, Yeo, Venugopal, Broberg & Brandic, 2009).
Cloud services are dependent upon the principle of sharing resources with other organizations. The cloud service provider share resources according to the requirement of individual users. However, if the resource allocation is not conducted according to the requirements of the customers, it will create negative impact on the efficiency in the operations of the clients. The resource allocation can become a great issue if the demand of all the organizations increases suddenly (Chen, Paxson, & Katz, R.2010).
As the cloud customers share different resources, it is important that the resources are shared but different users remains isolated with each other. In cloud computing, the computing capacity, storage and network are shared between different users; however, it is important that proper isolation is made between different users so that they cannot access each other’s private information (Mishra, Mathur,, Jain & Rathore, 2013).
Although there are certain security and privacy risk for the cloud computing users, it is important to adopt the cloud computing services as it can assist a lot in reducing the overall cost to the organization. In the present section, a few recommendations are made to address the security and the privacy risk arising from cloud computing. The security risk to the organization is divided into six types, namely, infrastructural risk, role of users, availability, access, compliance and data. The infrastructural risk denotes the risk to the physical devices in the IT infrastructure. Technical glitches and fire are the most common hazard in the physical devices (Foster, Zhao, Raicu, & Lu, 2008). Other than that, the role of users is another important issue which can impact on the security of the organization. In a business organization, it is important to define the role and the responsibility of each user and the access to the system should be provided accordingly. The system access should be defined in various stages which mean that the user of lower stage cannot access the information stored at higher level. The users should be categorized at different stages (Qian, Luo, Du & Guo, 2009).
In the present times, the most important or the crucial asset to the business organization is data. Therefore, the organization’s security revolves around protecting this information from the external users. The organization should also focus on using several security mechanisms and algorithm so that the security of the organization is maintained. Other than that, the organization should also focus on following other security protocols and so that the data remains protected. The resource is allocated to different users according to their demand. The demand forecast for individual user is done according to their capacities and previous requirements (Carlin & Curran, 2011). However, if the service provider is not able to provide services according to the demand, then the efficiency of the service will be low. The legal and political compliance is another issue in IT risk management. Currently, most of the governments have made laws and policies related to the data security and the user privacy. It is important that the organization abides by all these laws to avoid any kind of legal hassle or penalties. The business organization should also analyze whether the service provider is following all the compliance laws and policies of the government (So, 2011).
In order to maintain the privacy and confidentiality of the organization using the external cloud services, a governing body can be formed. This body will be able to control the actions and the behavior of the service provider and the users in the cloud environment. The security risk will enhance in the organization with the use of cloud computing. The cloud service user should provide the operation policies which states that full consideration is given to the user privacy and security. Other than that, the customer organization should also focus that the keys to the data or information access is only provided to the authorized person. Tis information should not be leaked to other people (Srivastava & Kumar, 2015).
The organization should also develop organization’s policies which defines which actions are allowed in the organization and which actions are not. All the employees should understand that the prime responsibility of the organization and the employees is to protect the private information of the clients. Therefore, they should take all the appropriate measures to maintain the client privacy. The security policies of the organization should also contain the deployment of firewall and the intrusion detection system. They are important to maintain the privacy and the security of the system. Other than that, using password protected files and monitoring the user activity are also essential for maintaining the privacy of the organization (Subashini & Kavitha, 2011).
The user awareness is also important for maintaining the security of the cloud environment. It is important that the user remains aware with the security protocols and follow all the necessary steps to abide by security laws. It is important that the user acknowledge that the security is of prime importance and carelessness can result in the leakage of information (Zhang, Cheng and Boutaba, 2010).
The governing body should conduct performance evaluation on the services provided by the cloud service provider. The performance evaluation include the disruption of service, service quality and bandwidth allocation. It should also include different types of security breaches and attack on cloud of the service provider. The cloud service provider should also benefit from the evaluation as they can understand the quality of the service provided to the customers. The governing body should also provide various solutions and approaches which can be used to make the cloud security system more robust. The governing body should also provide strategies so that the organization can gain customer trust by providing a high degree of security to their personal information. They should be able to provide information regarding who will be responsible if the services shut down or the ban goes bankrupt (
Zissis & Lekkas, 2012).
Conclusion
It can be concluded that the IT security is important part of the IT infrastructure of the organization. The IT security is important in the present times wherein most of the organizations are using digital mediums for the transmission, reception and storage of the information. The organization should be able to defend itself from the external data breaches and attacks. Accessing information from the external environment has become easier with the digitalization of the services as a hacker can access the information database from any other part of the world. The information security is especially important in the financial industry as they collect sensitive data regarding the personal bank account number and credit or debit card details of the organization. The business organizations in the financial industry should be more careful regarding the confidentiality of the user data. The business organizations should be implement security measures and protocols so that no unauthorized user can access the information of the organization. Aztek Solutions is trying to increase the efficiency of the organization with the help of implementing new IT infrastructure. The deployment of external cloud service provider is considered as the most suitable option for the organization. It is cost-effective and can result in optimization of resource. The organization need not invest in the deployment of new IT infrastructure in the organization. However, several novel risks will emerge with the deployment of cloud services in the organization. The current security stance of the organization is incapable of protecting the confidential information of the organization. Currently, the company has implemented security protocols such as implementation of firewall and intrusion detection system for protecting the organization from the external attacks. Other than that, the organization has also started monitoring the user activity. However, the threat landscape for the organization will change if the cloud service will be employed in the organization. The business organization will lose control over the information and external access to the information will become easier. It is due to the fact that the information will be stored in shared resources. Other than that, there will be more regulations regarding the compliance and accessibility to the information. Aztek Corporation will also need additional policies and regulations to protect it from any future data breaches. A governing body should be made which can control the access to the data. It should also contain guidelines regarding the issues which will happen if the supplier fails to comply by the privacy guidelines. The selection of vendor should also be done on his past records.
References
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R. H., Konwinski, A., … & Zaharia, M. (2009). Above the clouds: A berkeley view of cloud computing (Vol. 17). Technical Report UCB/EECS-2009-28, EECS Department, University of California, Berkeley.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., … & Zaharia, M. (2010). A view of cloud computing. Communications of the ACM, 53(4), 50-58.
Asma, A., Chaurasia, M. A., & Mokhtar, H. (2012). Cloud Computing Security Issues. International Journal of Application or Innovation in Engineering & Management, 1(2), 141-147.
Buyya, R., Yeo, C. S., Venugopal, S., Broberg, J., & Brandic, I. (2009). Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Generation computer systems, 25(6), 599-616.
Carlin, S., & Curran, K. (2011). Cloud computing security.
Chen, Y., Paxson, V., & Katz, R. H. (2010). What’s new about cloud computing security. University of California, Berkeley Report No. UCB/EECS-2010-5 January, 20(2010), 2010-5.
Chou, T. S. (2013). Security threats on cloud computing vulnerabilities. International Journal of Computer Science & Information Technology, 5(3), 79.
Dahbur, K., Mohammad, B., & Tarakji, A. B. (2011, April). A survey of risks, threats and vulnerabilities in cloud computing. In Proceedings of the 2011 International conference on intelligent semantic Web-services and applications (p. 12). ACM.
ENISA. (2009). Cloud Computing: Benefits, risks and recommendations for information security.
Foster, I., Zhao, Y., Raicu, I., & Lu, S. (2008, November). Cloud computing and grid computing 360-degree compared. In Grid Computing Environments Workshop, 2008. GCE’08 (pp. 1-10).
Grobauer, B., Walloschek, T., & Stocker, E. (2011). Understanding cloud computing vulnerabilities. IEEE Security & Privacy, 9(2), 50-57.
Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of security issues for cloud computing. Journal of Internet Services and Applications, 4(1), 5.
Jensen, M., Schwenk, J., Gruschka, N., & Iacono, L. L. (2009, September). On technical security issues in cloud computing. In Cloud Computing, 2009. CLOUD’09. IEEE International Conference on (pp. 109-116). IEEE.
Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud computing. Wiley Publishing.
Li, H., Dai, Y., Tian, L., & Yang, H. (2009). Identity-based authentication for cloud computing. Cloud computing, 157-166.
Mell, P., & Grance, T. (2011). The NIST definition of cloud computing.
Mishra, A., Mathur, R., Jain, S., & Rathore, J. S. (2013). Cloud computing security. International Journal on Recent and Innovation Trends in Computing and Communication, 1(1), 36-39.
Qian, L., Luo, Z., Du, Y., & Guo, L. (2009). Cloud computing: An overview. Cloud computing, 626-631.
So, K. (2011). Cloud computing security issues and challenges. International Journal of Computer Networks, 3(5), 247-55.
Srivastava, H., & Kumar, S.A. (2015). Control Framework for Secure Cloud Computing. Journal of Information Security 6, 12-23.
Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of network and computer applications, 34(1), 1-11.
Zhang, Q., Cheng, L. and Boutaba, R. (2010). Cloud computing: state-of-the-art and research challenges. Journal of internet services and applications, 1(1), pp.7-18.
Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation computer systems, 28(3), 583-592.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
