Discuss about the Security threat and risks evolving in the Australian Stare Government with the Implication of DAS in the scenario.
Introduction
Cloud Computing is an emerging topic in the modern world of Internet Technology. It has created many advancement in the market of technology. The deployment models of cloud computing has provided risks and security in the business organization. There are different types of applications are used in the cloud computing that helps in managing the risks and security threat issues in the business organisation.
This report deals with the risks and threats in security of the data and information in the Department of Administrative Services (DAS). There are various risks discussed in the report after the implementation of the SaaS application in the DAS.
This report outlines the distinguishing factor between SaaS cloud services and DAS services. This risks and threats involved are discussed in the report.
The Department of Administrative Services (DAS)
The Department of Administrative Services acts as an administrative body for providing help and space to save financial funds and information of different companies in the market. The Department of Administrative Services used to store various data related to the business organisation in the market (Carver & Wolsey, 2015). The Department of Administrative Services includes different accounts payable application, administrative management and payroll service in the agreement. The use of DAS has helped in maintaining the data and security of the data in the organisation. The financial stability of the companies are maintained by securing the data and information regarding the financial data of the company (McNeil, Frey & Embrechts, 2015). The DAS helps in controlling the accounts and budget and other procurement services in the organisation.
The shared approach of DAS controls the database of the Australian State government. This approach has helped in maintaining a centralized database management system. The data and information of the employee of government are stored in the centralized database. This helps in accessing the database form anywhere in the state (Lam, 2014). The communication making different employee have enhanced with this approach. The Australian Government has also succeeded in providing consolidated services to the employee in the organisation. The shared approach have maintained a distinctive approach towards the security of the data and information.
Security risk and threats in data and information in DAS
There are various security risks availing in the shared approach implemented by the DAS in the Australian State government. Some of the major risks are mentioned below:
Excessive privileges
The use of the centralised database system in the DAS has helped in enhancing the access to the database of the company. Different users can access the data and information of the employee at anytime. This has caused security risks in the company (Smith et al., 2015). The unauthorised user can leak the data and information of the employee in the market. The payroll accounting information of the employee can be lost due to data breaching in the database. Therefore, due to excessive privileges employee are generic to access the database and causes data loss for the company in the market. This can be very harmful for the company regarding the financial loss of the company.
Privilege Abuse
There are various legitimate issues in the databases that are identified with the shared approaches of the DAS in the market. Many private information if the employee are stored in the database that can be hacked and breached. The login credentials including user id and passwords are stored in the database that might cause a big loss for the company (Neves et al., 2014). The other employee and staffs might bad use the data and information of employee in the company. This has caused privilege abuse of data and information of the employee.
Input Injection in Database
There are two types of database injection including NoSQL Injection and SQL Injection. The SQL injection contains the unauthorised statement of the database caused during the input session in web application (Koks et al., 2015). The NoSQL injection attacks can be done by injecting malicious statements in the Big Data components. These attacks cause data breach from the database.
Malware
There are different malwares and viruses that can be injected in the server and database to track data and information stored in the database. Various viruses and malwares are used for making phishing mails to breach data from database. These viruses and malwares can crash the hardware causing full loss in data from database (DeMarco & Lister, 2013). The recovery of data and information is a difficult process for the company to handle. Therefore, the malware attack is a high-level risk for the database system in Department of Administrative Services.
Other security risks after implementing SaaS application
The security matter of the data and information in the database is a prime concern for the company in the market. The DAS has implemented the SaaS application by observing the limitations in the Shared approach. The cloud computing has a trending topic in the market. The SaaS application is based on the cloud computing that helps in enabling all the services provided by the cloud computing (Marcelino-Sádaba et al., 2014). There are some limitations of the SaaS applications that are mentioned below:
Security of the Employee data
The SaaS application involves the services by the cloud computing in the market. The data and information of the employee are stored in the cloud server using internet. Therefore, there is a chance for the cyber-attacks on the SaaS application. The SaaS application is connected with the cloud server over the Internet (Pritchard & PMP, 2014). The security of the data and information are maintained by different security protocols that are installed in the SaaS application. Although there is a chance of cyber-attacks on the application that can cause data loss in the company.
Privacy of the Employee Data
The privacy of data and information of the employee in the organisation are secured properly. The sensitive data of the employee. The cloud deployment model including the SaaS application helps in controlling the account details of the employee in the organisation. Therefore, the private information of the employee are stored in the SaaS application. The hacker can hack the private data of the employee from the SaaS application (Schwalbe, 2015). The private data include the phone number, address of the employee and other personal dat. These data loss might cause a huge loss to the employee. The private data and information of the employee are important to be secured by providing proper security protocol in the cloud server. The SaaS application provide different software for the service in the company.
Digital Identity Issue
As mentioned by Haimes, (2015), the employees of the organisation are provided with a digital identity that helps in controlling the data breach in the organisation. The digital identity contains all type of data and information of the employee in the organisation. Therefore, the access to the digital identity can cause a huge loss to the company. The hackers might hack the digital identity and breach the data stored in the server. The digital identity acts as an authentication factor for the employee in the organisation. There are important data and information stored in the digital identity.
Provider Solution Issue
There are various security tools installed in the SaaS application that helps in protecting the data loss in the organisation. The data and information are shared with the cloud service provider. Therefore, the hackers can attack the main server of the service provider and hack the data from there. Therefore, there is a high-level risk involved in the service provider side. The legal standards and rights have to be strong for the cyber security over the internet.
Data Sensitivity
The sensitivity of the data and information refers to the necessity of the data in the market. The sensitive data is stored over the internet with high security provided by the cloud server. There is a huge risk of losing the sensitive data due to the cyber-attacks. As stated by Teller & Kock, (2013), these cyber-attacks are severe for cracking the security protocols of the cloud server. The security certificates of cloud server are not updated properly causing prone to hack. The cloud industry is pushing the standards to the level that helps in maintaining the data and information of the employee in the cloud service by the SaaS application.
Security and risks in the SaaS application
The Department of Administrative Services has able to apply the Cloud first approach that helpsmin maintaining te data and information in the ckiud server. There are vatius risks and security threats of the data I the database (Kerzner, 2013). The unauthenticated users of the database might cause breach in the database. The attacker tries to access the security protocol installed in the cloud server. The accountancy payroll and financial information of the employee are stored in the cloud server that might be lost due to these stacks. Therefore, the private information of the employee are stored in the SaaS application. The secured data and information of the employee are stored in the SaaS application. The centralized data format provides access to all the data and information of the employee in the organisation. Therefore, this is a high-level risk in the security of the data and information of the employee. The SaaS application involves the services by the cloud computing in the market. The data and information of the employee are stored in the cloud server-using internet. Therefore, there is a chance for the cyber-attacks on the SaaS application. The SaaS application is connected with the cloud server over the Internet. The security of the data and information are maintained by different security protocols that are installed in the SaaS application. Although there is a chance of cyber-attacks on the application that can cause data loss in the company.
![]()
Figure 1: SaaS
(Source: Haimes, 2015)
The HR department of the organisation provides various information of the employee in the organisation. The Shared approach have caused difficulties for the employee as there information are shared to everyone in the organisation. The Australian government has able to provide different consolidated service to the employee by the use of the shared approach of Department of Administrative Services. The framework for the security issues has been prepared for maintaining various vulnerabilities of cloud security problems.
Privacy of employee data in SaaS application
The private data of the employee including mobile number and address are stored in the database of the cloud server. This information is used for creation of an account in the database of the company. The data privacy is a confidential part of the company and data integrity has to be maintained in the organisation. The DNS and Mac address of the SaaS application have neglected the threat of cyber-attacks in the organisation. Therefore, the threat of cyber-attacks has been increased in the organisation privacy of the SaaS application is in the organisation. The DNS configuration of the organisation has hacked by the intruders. The intruders have breached the data stored in the online server out.
![]()
Figure 2: Risks in SaaS
(Source: Ndungo, Tobias & Florence, 2017
Threats and risks to digital identities of Government employees from the move to SaaS applications
The government has provided the digital identities to the employee. This digital identity contains all the necessary information. The digital identity of the employee helps in authenticating the employability in the company (Ndungo, Tobias & Florence, 2017). The external attackers can be effective for the security if the infrastructure of the company in the market. The risks management in the company has been initiated for maintaining the risks and security treats involved in it. The employee have to upload the data at a fixed time to complete the data transparency in the organization.
![]()
Figure 3: Risk management in cloud
(Source: No et al., 2017)
The digital devices are connected with the internet on the cloud. Therefore, the data and information can be hacked from the cloud server over the internet. The data accessed by digital identity can be breached out by any attackers. The malicious users and employee can damage the database and breach all the data in the database (Agca et al., 2017). The data stored in the online server are monitored in order to maintain the security level of the data and information stored in the SaaS application. The data and information of the employee are secured in the cloud server that can be hacked by the hackers. Therefore, there is a high-level risk involved in the use of the digital identity in the government.
Operational Solution using SaaS application
The challenges that are listed in the report are related to the security threats of the data and information in the Australian State Government. The use of the SaaS application has helped in managing the security of the data and information in the organization.
The COTS and Microsoft Share Point PaaS have provided services to the Australian government. The companies have helped in storing the data and information of the employee of the governmental agencies. The SaaS providers have interconnected the applications with the cloud server that has provided various benefits including less cost in external hardware (No et al., 2017). The HR department and Contractor management has helped in maintaining the risk assessment in the organization. This assessment of risk has minimized the about of risks prevailing in the cyber world of the company. The cyber security of the organization has helped in providing operational solution to the service providers. These providers have been providing cloud services that has been promoting the cultural diversity in the work environment (Chu et al., 2017). There are various new services provided by the cloud service providers that includes the enhanced quality of firewall that restricts the viruses and malwares to enter into the cloud server. The HR department of the companies gave helped in understanding the needs of the employees in the companies. Communication among the employees have enhanced with the implementation of the Shared approach in the DAS. The Data protection Act has helped in protecting the personal information of the employee
Conclusion
It can be concluded that the cloud computing has helped in storing the data and information of the employee of the company. The risk management is integral element of the organization to secure their data and information of the employee. The DAS has implemented the shared approach that has shown many limitations including the excessive privilege. The HR department has been affected by the shared approach of the DAS in the organization. The DAS has then approved the SaaS application with the Cloud first approach that helps in storing the data and information online in the cloud. There are some limitations including the cyber-attacks. The use of government digital identity has helped in making a proper data record of the employee and store in the cloud server. The Data protection Act 1998 has helped in securing the data of the employee and are not shared with anyone without any permission.
References
Andersen, T. J., & Roggi, O. (2016). Strategic Risk Management and Corporate Value Creation.
Barger, L. K., O’Brien, C., Sullivan, J., Wang, W., Lockley, S., Qadri, S., ... & Czeisler, C. A. (2017). 1176 fatigue risk management program increases sleep and alertness in firefighters. Journal of Sleep and Sleep Disorders Research, 40(suppl_1), A439-A439.
Chu, J., Hoeflein, B. T., Goldblum, P., Bongar, B., Heyne, G. M., Gadinsky, N., & Skinta, M. D. (2017). Innovations in the practice of culturally competent suicide risk management. Practice Innovations, 2(2), 66.
DeMarco, T., & Lister, T. (2013). Waltzing with bears: Managing risk on software projects. Addison-Wesley.
Lam, J. (2014). Enterprise risk management: from incentives to controls. John Wiley & Sons.
Maloni, M. J., Hiatt, M. S., & Astrachan, J. H. (2017). Supply management and family business: A review and call for research. Journal of Purchasing and Supply Management, 23(2), 123-136.
Marcelino-Sádaba, S., Pérez-Ezcurdia, A., Lazcano, A. M. E., & Villanueva, P. (2014). Project risk management methodology for small firms. International Journal of Project Management, 32(2), 327-340.
Medina-González, S., Pozo, C., Corsano, G., Guillén-Gósalbez, G., & Espuña, A. (2017). Using Pareto filters to support risk management in optimization under uncertainty: Application to the strategic planning of chemical supply chains. Computers & Chemical Engineering, 98, 236-255.
Ndungo, J. M., Tobias, O., & Florence, M. (2017). Effect of risk management function on financial performance of savings and credit co-operative societies in kenya. International Journal of Finance, 2(5), 38-50.
No, W. G., Vasarhelyi, M. A., Lin, Y. C., Lu, Y. H., Lin, F. C., Lu, Y. C., ... & Raschke, R. L. (2017). Journal of Emerging Technologies in Accounting A Publication of the Strategic and Emerging Technologies Section of the American Accounting Association.
Deresky, H. (2017). International management: Managing across borders and cultures. Pearson Education India.
Cohen, J., Krishnamoorthy, G., & Wright, A. (2017). Enterprise risk management and the financial reporting process: The experiences of audit committee members, CFOs, and external auditors. Contemporary Accounting Research, 34(2), 1178-1209.
Status of Marine Ecosystems, 411.
Bryce, H. J. (2017). Financial and strategic management for nonprofit organizations. Walter de Gruyter GmbH & Co KG.
Burke, R. (2013). Project management: planning and control techniques. New Jersey, USA.
Carvalho, M. M. D., & Rabechini Junior, R. (2015). Impact of risk management on project performance: the importance of soft skills. International Journal of Production Research, 53(2), 321-340.
Kerzner, H. (2013). Project management: a systems approach to planning, scheduling, and controlling. John Wiley & Sons.
Palermo, T. (2017). Risk and performance management. The Routledge Companion to Accounting and Risk, 137.
Pritchard, C. L., & PMP, P. R. (2014). Risk management: concepts and guidance. CRC Press.
Schwalbe, K. (2015). Information technology project management. Cengage Learning.
