Security And Privacy Guidelines For Cloud Computing In Charities Essay.

You have been engaged to provide a risk assessment for the planned moves to SaaS application offerings.

You are to write a report that assesses the risks to the charity for just their planned moves in the HR area.

Risks and threats related to Cloud Computing

The report is going to discuss about the security and privacy provided by the cloud computing. As a consultant of the charity, it is being advised to prepare a report that will propose guidelines for security policies and privacies while using cloud computing. The Charities aim was to provide facility to the people who never received any advantages from community. For personal management, charity purchased an application from an US based organization and provided explanation for the SaaS (Pearson, 2013). The report will calculate the risks that are likely to get generated while using cloud computing and its services. The main objective is to protect the information regarding to the people who are associated with this charity. The information of all the employees needs to be kept secured. There is a need of proper planning in order to maintain the security and privacy in the charity a proper plan is needed (Xiao & Xiao, 2013). The report will further discuss about the SaaS application and will analyse the risk with the implication of this application. The ways data are stored in the cloud storage so that data privacy and security can be controlled in a proper way is must be controlled in a proper way so that the data will not get breached. The data stored in the cloud needs to be encrypted ,so in case the data gets breached will still be protected.

Threats and Risk

The main aim of every organization is to provide their employee with security and trust towards the organization. An employee will always love to work with an organization, which will safeguard their data and will provide high security. There are several threats towards the cloud database also; it is affecting the technology of cloud computing adversely. This database contains a large amount of sensitive data which needs to be protected from cyber attackers (Kshetri, 2013). This part of the report will discuss about the threats that are likely to be faced by the charity while managing their database. The possible risks and threats related with cloud computing is listed below: 

APIs: 

This is an application programme interface, which enables the communication established by the user with cloud. Organization with cloud system adopted advanced security towards the APIs, in order to protect it from attackers. There remains some chances of vulnerabilities to occur allowing the access to areas of administration in APIs.  

Malware, Human Factors and Unmanaged Data as Threats

Data Breach:

Data breach is a common threat that is likely to be faced by the cloud technology. The result of data breaching is that, third party gets access to the personal information of an employee. Result of data breach is that, attackers can get the data of the employees or the organization from the cloud database and can alter the data according to their requirement (Wei et al., 2014). Data breach can influence millions of individuals at a time.

Hijacking account

Sometimes the account of the employee is hacked. This hijacking is done by the method known as phishing. This method searches for the gap in the security system and gets in through this gap into the network and breach the account on this network. This method can easily give the access to the hackers (Suo et al., 2013).

SaaS Risks:

With the migration data storage to SaaS, many risks are generated and the main threat regarding to this is the data security. There always remains a possibility of getting data breached (Hashizume et al., 2013). It becomes essential for the SaaS to take care of these data. Sometimes location also becomes factor of risk as the data is moved in SaaS provider by another country (Sen, 2014).

Results of Threats:

Because of threat, an individual or an organization may get affected. The main concern of an organization nowadays is to maintain the data security. The chances of threats is increasing day by day as cyber attackers are also getting advanced with the technology (Ryan, 2013). Data breaching impacts humans adversely as the data gets leaked contains some confidential data and this data leakage harms the individual in every aspects. Thus this becomes necessary to secure data by taking preventive measures. By phishing method, all the details can be exposed to the attackers and can destroy data according to their need. At first the cyber attackers analyses the activities of a person and then they get into their network through gaps in the system.  

The main concern of the organization is to maintain the data privacy of their employees, as this data contains information regarding to the employee and company as well. Several companies are there who monitor the internet activities. Company should also be aware of the fact that the data should not get disclose at any cost. Organization should make sure that no other employee can access to someone else data. This information also contains data related to health information and this is highly confidential.

Additional Risks and Threats with migration to SaaS

There are several threats exists for security. The threats are discussed below: 

Malware: Malware causes permanent threat for database. Malware attacks device and steals all the data.

Human Factor: The major reason behind data breaches is human negligence. According to the reports, humans need to be more careful about the network system (Rittinghouse & Ransome, 2016).

Unmanaged Data: Several companies are there who struggle to manage the data of their staffs properly. Sometimes it happens that people who preserve the record forget to store a data, which turns to be an important one (Rewagad & Pawar, 2013).

With the risks there are also many additional risk is generated while moving to SaaS platform. The additional risk that arises is not every time the cloud providers are sophisticated about the service that they provide. There are many third part involved in this which can access data in SaaS. The main problem faced by technology is how to manage the identity and access control (Li et al., 2013). Customer will only trust on vendor only when they keep the things transparent. Sometimes it is being observed that the vendors do not disclose the services provided by them in front of the customer (Modi et al., 2013).

The result of the risks discussed in the above part is that malware attacks the database and can lead to data breach. One malware is enough to affect many people. Approximately 30 per cent cases of data breaching happens because of human negligence towards the management of database (Sun et al., 2014). The corporation needs to organize their employee’s information properly. This becomes essential for organization to supervise the opportunity of the safety executive (Yan et al., 2013). So that there will be no permission granted to the officers to access database.

With the migration of database to SaaS application, there is a high chance of the digital identity being disclosed. Digital identity is being stored in cloud database of cloud. Digital identity is maintained mainly for preventing cybercrimes and for data security purpose. In case the digital identity gets leaked then there are chances of several risks affecting the database. Online website ensures the security towards the data, but sometimes due to some management problem private data gets leaked (Xia et al., 2016). The department that can get affected the most with this issue is the finance department, as any identity reveal can lead to gain a huge amount of money for the attacker. Recent time’s issues came up that stated, the attackers are tracking down the data in a very delicate manner without the individual’s prior concern (Rahimi et al., 2014).

Guidelines to mitigate the risks

Identity theft is also a major concern. The attackers use some other individual digital identity so that they can get to the data (Stojmenovic & Wen, 2014).  Phishing is the way through which one can steal another person’s identity and further this identity is used to attack other accounts. In addition to this, there lies an issue of identity tampering. This type of attacks can be prevented by property integrity. Many standards are proposed to handle this situation of identity tamper (Zhang et al., 2017).

Personal data theft also occurs, in this the confidential and an unauthorized person is accessing private data. Personal data is something that is to be accessed by an individual and unauthorized access to this data is a crime. The data such as biometric, passwords, account details are something which is extremely private and needs (Fernando, Loke & Rahayu, 2013).

Several risks are associated with SaaS. With the growing technology the chances of threats also increased affecting the people around them in different ways. Security of data is getting complex day by day. For providing best security of data it becomes necessary to mitigate this risks that are likely to come with this situation. SaaS offers safety towards company’s data. It becomes essential to manage data security (Almorsy, Grundy & Müller, 2016). SaaS provider is available for help at any time of the day. Several mitigation methods are there and are discussed below:

Key Cloud Provider: The main requirement is find a cloud provider who is reliable. Each cloud provider has different plans for maintaining the security in their management (Shahzad, 2014). The vendor must be aware of the security maintained, so that their remains the surety that the data vendor will not be closed. 

Contract: Contract made with vendor must be clear and both the side needs to clear with the terms and conditions before starting the contract (Ali, Khan & Vasilakos, 2015). 

Data Encryption: The cloud database needs to maintain the encryption method in order to protect the data on the cloud .Proper encryption of data provides security of the data and also does not allows unauthorized person to get the access (Arora, Parashar, & Transforming, 2013). Thus data encryption is necessary for maintaining the privacy of the data. 

The database of the cloud stores several type of information of the people. Not every data in the records can be considered as responsive data, there are specializations of data, which can be called as the responsive data, and for cloud vendor it is necessary to guard sensitive and personal data in cloud storage. The sensitive data are those that an individual would like to keep private such as bank credentials, account and other details (Botta et al., 2014). The main task is to protect the data from being disclosed in front of a third party. Health information is something that is needed to be kept confidential, as there are many diseases that causes a barrier among the peoples due to lack of awareness among the people , such as HIV, aids and many more (Chang & Ramachandran, 2016). These data needs privacy from vendor of the cloud provider. Several techniques are there in order to protect the data from being accessed by unauthorized users. The company’s main responsibility is to maintain the confidentiality of their employees and the people who come for help (Whaiduzzaman et al., 2014). With the concept of data security ethical issues arises. Next part of the report will discuss about ethical issues.

Find a reliable Cloud Provider

Several researches have made and from this, it has been analyzed that maximum organization uses records of employees for calculating the effort of the employees. The use of employee data must be done to a certain limit so that the use says within a limit and the data will not leaked to outside. With the growing popularity in tech, it will increase a chance of data getting easily (Cuzzocrea, 2014). HR needs to control the employee to access data for gaining the trust of the employee. Many company have the habit of tracking the activities of their staffs without informing them, and these are against the ethics of the organization (Ahmed & Hossain, 2014). Responsibility of HR is to identify the intention before they hire any employee who will collect data from their other staffs. In case the data is hacked, it will affect the trust and the HR should look after this matter and should not allow the company to face such situation (Tari, 2014).

Conclusion

From the discussion, it can be concluded that data are important for every organization and this are the key facts about employee. It becomes necessary to protect this data from outsiders. The report also discussed the time when the data moved from normal system to SaaS application and the risks that are likely to come along with this. In addition to this digital identity is also being identified and addressed with the possible risk. The main aim is to moderate the risk that are allied with data that are stored in the personal database of HR. This is essential for employees to maintain the privacy and security of their data, so unauthorized person cannot get the access over it. The report gives explanation for issues that is invoked while data is migrated to SaaS application. The charity needs to implement security measures for protecting the data of each employee who are associated with the charity, thus protecting data from being breached and maintains the authenticity. Being main consultant of the charity it was my responsibility to asses all the risks and threats that are likely to be faced by the charity and also I have suggested the solution for the same problem in my report.

References:

Ahmed, M., & Hossain, M. A. (2014). Cloud computing and security issues in the cloud. International Journal of Network Security & Its Applications, 6(1), 25.

Ali, M., Khan, S. U., &Vasilakos, A. V. (2015). Security in cloud computing: Opportunities and challenges. Information sciences, 305, 357-383.

Clear Contract

Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.

Arora, R., Parashar, A., & Transforming, C. C. I. (2013). Secure user data in cloud computing using encryption algorithms. International journal of engineering research and applications, 3(4), 1922-1926.

Botta, A., De Donato, W., Persico, V., &Pescapé, A. (2014, August). On the integration of cloud computing and internet of things. In Future internet of things and cloud (FiCloud), 2014 international conference on (pp. 23-30). IEEE.

Chang, V., & Ramachandran, M. (2016). Towards achieving data security with the cloud computing adoption framework. IEEE Trans. Services Computing, 9(1), 138-151.

Cuzzocrea, A. (2014, November). Privacy and security of big data: current challenges and future research perspectives. In Proceedings of the First International Workshop on Privacy and Secuirty of Big Data (pp. 45-47). ACM.

Fernando, N., Loke, S. W., & Rahayu, W. (2013). Mobile cloud computing: A survey. Future generation computer systems, 29(1), 84-106.

Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of security issues for cloud computing. Journal of internet services and applications, 4(1), 5.

Khan, A. N., Kiah, M. M., Khan, S. U., & Madani, S. A. (2013). Towards secure mobile cloud computing: A survey. Future Generation Computer Systems, 29(5), 1278-1299.

Kshetri, N. (2013). Privacy and security issues in cloud computing: The role of institutions and institutional evolution. Telecommunications Policy, 37(4-5), 372-386.

Li, M., Yu, S., Zheng, Y., Ren, K., & Lou, W. (2013). Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE transactions on parallel and distributed systems, 24(1), 131-143.

Modi, C., Patel, D., Borisaniya, B., Patel, A., &Rajarajan, M. (2013). A survey on security issues and solutions at different layers of Cloud computing. The journal of supercomputing, 63(2), 561-592.

Pearson, S. (2013). Privacy, security and trust in cloud computing. In Privacy and Security for Cloud Computing (pp. 3-42). Springer, London.

Rahimi, M. R., Ren, J., Liu, C. H., Vasilakos, A. V., &Venkatasubramanian, N. (2014). Mobile cloud computing: A survey, state of art and future directions. Mobile Networks and Applications, 19(2), 133-143.

Rewagad, P., &Pawar, Y. (2013, April). Use of digital signature with diffiehellman key exchange and AES encryption algorithm to enhance data security in cloud computing. In Communication Systems and Network Technologies (CSNT), 2013 International Conference on (pp. 437-439). IEEE.

Rittinghouse, J. W., &Ransome, J. F. (2016). Cloud computing: implementation, management, and security. CRC press.

Rong, C., Nguyen, S. T., &Jaatun, M. G. (2013). Beyond lightning: A survey on security challenges in cloud computing. Computers & Electrical Engineering, 39(1), 47-54.

Ryan, M. D. (2013). Cloud computing security: The scientific challenge, and a survey of solutions. Journal of Systems and Software, 86(9), 2263-2268.

Sen, J. (2014). Security and privacy issues in cloud computing. In Architectures and protocols for secure information technology infrastructures (pp. 1-45). IGI Global.

Shahzad, F. (2014). State-of-the-art survey on cloud computing security Challenges, approaches and solutions. Procedia Computer Science, 37, 357-362.

Stojmenovic, I., & Wen, S. (2014, September). The fog computing paradigm: Scenarios and security issues. In Computer Science and Information Systems (FedCSIS), 2014 Federated Conference on (pp. 1-8). IEEE.

Sun, Y., Zhang, J., Xiong, Y., & Zhu, G. (2014). Data security and privacy in cloud computing. International Journal of Distributed Sensor Networks, 10(7), 190903.

Suo, H., Liu, Z., Wan, J., & Zhou, K. (2013, July). Security and privacy in mobile cloud computing. In Wireless Communications and Mobile Computing Conference (IWCMC), 2013 9th International (pp. 655-659). IEEE.

Tari, Z. (2014). Security and Privacy in Cloud Computing. IEEE Cloud Computing, 1(1), 54-57.

Wei, L., Zhu, H., Cao, Z., Dong, X., Jia, W., Chen, Y., &Vasilakos, A. V. (2014). Security and privacy for storage and computation in cloud computing. Information Sciences, 258, 371-386.

Whaiduzzaman, M., Sookhak, M., Gani, A., &Buyya, R. (2014). A survey on vehicular cloud computing. Journal of Network and Computer Applications, 40, 325-344.

Xia, Z., Wang, X., Zhang, L., Qin, Z., Sun, X., & Ren, K. (2016). A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Transactions on Information Forensics and Security, 11(11), 2594-2608.

Xiao, Z., & Xiao, Y. (2013). Security and privacy in cloud computing. IEEE Communications Surveys & Tutorials, 15(2), 843-859.

Yan, G., Wen, D., Olariu, S., &Weigle, M. C. (2013). Security challenges in vehicular cloud computing. IEEE Transactions on Intelligent Transportation Systems, 14(1), 284-294.

Zhang, Y., Chen, X., Li, J., Wong, D. S., Li, H., & You, I. (2017). Ensuring attribute privacy protection and fast decryption for outsourced data security in mobile cloud computing. Information Sciences, 379, 42-6