Privacy And Personal Data Protection Strategies For Charity In Cloud Computing

Discussion

Cloud computing is defined as the major hypothesis of IT, which significantly enables the access to the sharing pools of each and every configurable system resource as well as high level services, which comprise of the capability for being quickly provisioned with the least effort of management on the connectivity of Internet (Arora, Parashar & Transforming, 2013). This cloud computing is completely dependent on the specific resource sharing for the proper achievement of economy of scale as well as coherences. These are quite similar to the respective public utility. The third party clouds could easily allow the various companies or organizations in focusing over the core or major business areas and not only expending major resources on the computer infrastructure as well as maintenance (Dinh et al., 2013). The specific technology of the cloud computing even enables the organizations for avoiding or reducing the up front expenses of the information technology infrastructure. The next significant advantage of cloud computing is that each and every service provider of cloud utilizes the basic “pay as you go” model, which refer to the fact that the unexpected operating expenses are solely eradicated and the users would have to pay for only those resources, which they are utilizing (Hashem et al., 2015).

The availability of the higher capacity networks, storage devices or lower cost systems allow the users of cloud computing technology to widely adopt hardware virtualization, utility computing, autonomic computing and SOA or service oriented architecture (Fernando, Loke & Rahayu, 2013). The major objective of this cloud computing is to agree to the users in taking all types of benefits or services from the technology, without even having a deeper knowledge of the technology or having an expertise of the same. This cloud even has the objective to reduce the expenses and hence helping the users in focusing on the major business and not being significantly imbedded by the obstacles of information technology. One of such important services for this cloud is virtualization (Li et al., 2013). This particular software of virtualization eventually separates the physical computing devices to at least one virtual device. Each and every virtual device could be easily and promptly utilized as well as managed for the better performance of computing tasks. The operating system level virtualization helps in the creation of scalable system, having several independent computing devices. Thus, the idle computing resource could be utilized as well as allocated more efficiently and effectively (Rittinghouse & Ransome, 2016). The overall speed of the information technology operations are increased with virtualization and the expenses are reduced by the increment of infrastructure utilizations.

There are three major architecture models as well as four distinct deployment models in the cloud computing. The first and the foremost architecture model is the Infrastructure as a Service or IaaS, which eventually provides virtualized architecture to the users (Garg, Versteeg & Buyya, 2013). The second architecture model of this technology is the Platform as a Service or PaaS, which significantly provides application platform for the users, for creation of applications and the third architecture model of cloud computing is the Software as a Service or SaaS, which is responsible for providing virtualized software for the users to create software on it (Xiao, Song & Chen, 2013). The four distinct deployment models are the respective private, public, community and finally hybrid cloud. The first and the foremost deployment model of this technology is private cloud. This is considered as the safest cloud model since it is not accessible by everyone. The second model is the public cloud, which is accessible by everyone and hence is often risky (Hashizume et al., 2013). The third deployment model would be the community cloud, which is accessed by only a group of people and the final deployment model is hybrid cloud that is the amalgamation of any two clouds.

The following report will be outlining a brief discussion on the Charity. This Charity is involved for locating as well as providing accommodations, services of mental health, and trainings or even support service for the disadvantaged people present within a community. The small data centre is being run, which comprises of 50 x86 64 bit servers running. The major services are Windows Server R2 2008 for the desktop service, the database as well as the file services. Moreover, the Charity even has servers of 10 Red Hat Enterprise Linux 5 for the web pages, support and web services. This charity has decided to migrate to cloud and the report provides privacy and personal data protection strategies. Relevant details will be given here including the recommended controls for privacy strategy.

1. Personal Data Privacy Strategy

The Charity collects PII data for the clients, so that this data could be assisting them for the proper management of various service requirements. Since, they have decided to migrate to public cloud; a proper privacy strategy should be made as well as followed (Jain & Paul, 2013). The appropriate security and privacy policies for the PII data of the charity should be followed strictly them. The personal data privacy strategy for this Charity is given below:

The Charity is concerned regarding the privacy or security of thee data, since they have taken the decision to shift to cloud (Krishna, 2013). The overall quality of this particular strategy, which should be involved within the charity must of an excellent quality. However, in this case, the very first stage in this strategy is the proper management as well as controlling the personal information. Hence, this particular factor helps in the protection of the personal information easily and promptly. Various stages are present for Charity to eventually manage and control the personal information (Botta et al., 2016). Hence, the intruders or attackers would not be able to hack the information at any cost and the integrity of the information would be maintained. The major steps for the security of their personal information are given below:

1. a) Using Passwords: The first and the foremost step to secure and manage the personal information are utilizing passwords. These passwords are considered as the safest and the basic method of securing the information (Yang & Jia, 2013). Since, they have decided to shift their services to cloud, they should keep passwords for protection and hence no loophole will be present for their security. The significant change or the alteration of passwords is also required for the Charity within a specific period and hence the management as well as security of personal information is easily possible.
2. b) Using Secured Browser: The next significant method of securing, managing as well as controlling the personal information within the Charity is using the safe or secured browser (Herbst, Kounev & Reussner, 2013). This safe browser will be stopping from all types of viruses and spam from entering into it and thus the hackers or attackers could not get it. This personal information could be promptly managed by the safe or secured browsers.

The next step for this privacy strategy would be the collection as well as management of the requested or solicited personal information (Wei et al., 2014). The total collection of the data could be simply done by following the several steps. All of the steps are given below:

1. a) Reliable Sources: The first and the foremost step is the solicited personal data could be easily collected or managed when each and every requirement is being met and then the personal information is highly important and are associated with the actions or functions (Rong, Nguyen & Jaatun, 2013). The major step is for the collection, gathering and finally acquiring this information from the most reliable sources.
2. b) Filtering the Information: The next step is to collect and manage the personal information. When this collection is being completed from any specific reliable sources, this information must be eventually filtered (Gao et al., 2013). The management of this information is included in this filtering and hence this filtering would be eradicating the unauthorized and unimportant data. Therefore, only the important information is being collected.
3. c) Reviewing the Information: The third significant step in this collection and management of personal information is to review the collected information after filtering it properly (Gupta, Seetharaman & Raj, 2013). This reviewing of information will be helpful or useful for the charity since it would help in keeping the unused information and must be eradicated on an immediate basis.

Another important stage of this privacy y protection strategy would be using as well as disclosure of personal information. Hence, this information must be utilized or disclosed by only the authenticated and authorized users (Almorsy, Grundy & Müller, 2016). Several steps are present for the security as well as blocking of the unauthenticated users’ access. These several methods are given below:

1. a) Logging Out Every time: The first and the foremost method of using and disclosing the personal information for the Charity is that they should log out from the system each and every time, they are working (Whaiduzzaman et al., 2014).  When any specific user is logging into his personal account that is containing all the sensitive and confidential information, a high chance always prevails that this information might be lost. The attackers or the hackers might be able to easily access that information, if the user is not logging out from the system. This can also happen if the user is closing the system without specifically logging out from it (Avram, 2014). Thus, this particular phenomenon would be stopping the attackers from properly utilizing the information to a better extent. Moreover, this would even keep the information from not getting disclosed.
2. b) Restricted Systems’ Access: The second significant method for the collection and management of personal information from any unauthenticated user is to restrict the access of the systems that are to be utilized (Oliveira, Thomas & Espadanal, 2014). This particular access must be limited with the purpose that attackers cannot get into the system and even track them. The use of passwords is the best phenomenon in this type of restriction.

These two above mentioned methods would be extremely beneficial for the Charity since the data security will be extremely higher with these.

The fourth part of this privacy strategy of Charity is the utilization and security of the digital identity (Xiao & Xiao, 2013). This digital identity can be defined as the specific information over any entity that is being utilized by the computer systems for the proper representation of any external agent. This type of information present within the digital identity is responsible for allowing the users to assess as well as authenticate the user by properly interacting with the business system over the Internet and hence not involving the human operators (Sanaei et al., 2014). All of the digital identities comprise of several benefits and features. The most significant advantages of these digital identities are given below:

1. a) Integrity of Data: The most important advantage of digital identity is that the respective data integrity is being maintained eventually (Tao et al., 2014). Hence, the Charity would be benefitted from this.
2. b) High Security: The digital identity helps in the security of data or personal information and hence it provides high security to the users.
3. c) Extremely Faster: Another important benefit of the digital identity is that it is very fast and thus because of the total speed of the digital identity is highly popular and acquired in the cyber world (O’Driscoll, Daugelaite & Sleator, 2013).
4. d) Simpler: The next important advantage of this digital identity is that it is extremely simpler and hence do not comprise of any complexity.

The above mentioned factors clearly define that the digital identities have several advantages. However, few security issues are also present. The security of these digital identities must be extremely high during implementing these identities (Sadiku, Musa & Momoh, 2014).

Another important step of the privacy control strategy of the Charity is the security of the personal information. This personal information comprises of each and every confidential and important data and could not be leaked (Khan et al., 2013). The vulnerabilities as well as cyber risks are eventually incremented with the leaking of this sensitive or confidential data. However, certain methods are present for securing this type of data and these are given below:

1. a) Implementation of Anti Virus: The first and the foremost method of securing the respective personal information is the implementation of anti virus within the organizational systems (Alshamaila, Papagiannidis & Li, 2013). When this system would be protected, it is ensured that the confidential data present within it, is also safe and secured and the hackers could not access it. Antivirus is a specific software that gives security to the sensitive data without any type of complexity.
2. b) Using Passwords: The second significant step for the proper security of the personal information is using relevant passwords (Xia et al., 2016). These passwords are considered as the safest and the basic method of securing the information. Since, they have decided to shift their services to public cloud, they should keep passwords for protection and hence no loophole will be present for their security (Lian, Yen & Wang, 2014). The significant change or the alteration of passwords is also required for the Charity within the specific period and hence the management as well as security of personal information is easily possible. Moreover, their movement will be to a public cloud, passwords would be restricting the entry of unauthenticated or unauthorized users to the specific systems (Botta et al., 2014).
3. c) Blocking the Pop up Messages: Another significant and vital method that would be beneficial for the Charity to secure the sensitive or confidential data is the blocking of the pop up messages or any other window (Chen et al., 2016). This kind of software helps in the blocking of pop up window and hence this information could not be intruded or hacked. All of these pop up messages or windows would often attract several attackers and hackers for the purpose of phishing.

The above mentioned three methods would be extremely helpful for the Charity for securing the personal information within the privacy strategies.

This confidential information must not be accessed for each and everyone for all types of unauthorized or unauthenticated users. All the several methods that help in stopping the kinds of users to access personal data and information are present within the charity (Suo et al., 2013). The most significant security measures that would be helpful for the charity to secure the sensitive information are given below:

1. a) Controlling Access: The significant accessing to all the systems must be managed or controlled so that this sensitive information could be accessed by each and every user (Manvi & Shyam, 2014). This particular measure is highly required and important for each and every system within the Charity.
2. b) Utilizing Specialized Characters within Passwords: The passwords must be set in such a way that these passwords cannot be easily and promptly encrypted. The special characters make the passwords unique and hard to guess for the attackers (Carlin & Curran, 2013). Thus, these passwords with special characters are utilized by all types of companies for their security.
3. c) Limited System Access: Another significant method of securing the personal information is by limiting the overall access of the organizational systems from getting the data utilized by the unauthenticated or unauthorized users (Aazam & Huh, 2014). This particular access is kept restricted with the core purpose that the intruders or the attackers are not getting any idea about tracking these systems and are completely protected by passwords.
4. d) Non Public Wi-Fi Connections: This particular charity has taken the decision to migrate to public cloud for their business. The Internet connection that they would be utilizing should be absolutely private so that this type of connection is not accessed or used by every user (Pearson, 2013). This particular step would be restricting the overall access of their Wi-Fi connection and thus the Charity would be highly benefitted with this step. Only the authenticated user or the employees would have the access to this type of connection.

The above mentioned security measures will be extremely helpful for the Charity for the purpose of securing as well as preserving the personal data and hence the privacy strategy is almost completed.

The quality of data is extremely vital for any organization to maintain their data privacy and security (Rahimi et al., 2014). If the personal data of the Charity has a better quality, the users would be extremely benefitted from this. Moreover, a proper correction of the data is highly needed so that only the best quality of data is being stored in the organizational database (Hwang, Dongarra & Fox, 2013). Moreover, the Charity could even eradicate the unnecessary or false information from the database and only correct and appropriate information is kept there. When any type of issue arises regarding the false information, there should be an expert of information technology present within the organization of Charity, who could correct the information (Moreno-Vozmediano, Montero & Llorente, 2013). Furthermore, a specific system must be present and implemented for checking the total security and privacy of the personal information or sensitive data.

The above mentioned seven steps would be completing the compete process of the privacy data control strategies (Yang et al., 2013). The Charity should be implementing this particular strategy for control as well as securing the personal information.

There are several privacy controls, which would be extremely useful for the organization of Charity (Barbera et al., 2013). The proper mitigation plans for the privacy related risks and threats with the implementation of those strategies are given in the following paragraphs.

There are several privacy control risks vulnerable for the systems of the Charity. These security risks with their mitigation plans are given below:

Serial Number	Privacy Control Risks	Mitigation Plans
1.	Malicious Codes or Software: The first type of privacy control risk is the malicious code or software that is being implemented within a specific system to hack these coded (Ali, Khan & Vasilakos, 2015). The hacker or the intruder will be doing this, with the major purpose that he or she could hack into the system and the confidential data would be obtained eventually. The malicious codes or software could even replicate itself and as soon as this code enters within the system, it would be formatting the entire system (Sen, 2014).	1. Anti Virus: The first and the most important plan for mitigating the malicious codes or software is the implementation of anti virus software (Ryan, 2013). The significant risk of malicious codes or software to the personal data or information is mitigated perfectly with the help of this software. Anti Virus software has the core capability of detecting as well as preventing the several virus attacks or malicious software and codes from entering it within the system.
2. Firewalls: The second important method of securing the confidential or sensitive information is by the implementation of firewalls. These specific firewalls are responsible for acting as walls for the purpose of maintaining security (Aazam et al., 2013). The security threats and risks related to the personal information are properly detected as well as prevented.
2.	Denial of Service Attacks: The next significant vulnerable attack for any type of personal data or information is the denial of service attack (Ergu et al., 2013). This denial of service attack eventually occurs when the service or system is denied by the attacker and hence the system becomes unavailable. The authenticated user hence does not have any idea about the attacks. The intruder or the hacker eventually denies the access and hence the risks or threats of this personal information are increased subsequently (Chen, 2015).	1. Increasing the Server Bandwidth: The most basic way of mitigating or reducing the attack of denial of service is by increasing the server bandwidth. The respective server bandwidth must be increased for the proper mitigation of these risks and threats (Patel et al., 2013).
2. Architecture: This architecture must be resilient for the proper prevention of kinds of attacks. When this architecture is not perfect, it is absolutely evident that a major and significant problem would be arriving for the total security and privacy of the personal data or information (Dasgupta et al., 2013).
3.	Leaking the Personal Information: This is again one of the most significant risks or threats for the personal information of the Charity (Gai et al., 2016). This type of information could be easily exposed as well as leaked within the cloud and the then the sensitive information would be losing the confidentiality as well as integrity. The leaking of the personal information is absolutely common phenomenon for the cloud based companies (Modi et al., 2013). Hence, the Charity would be in danger.	1. Using Encryption Technique: One of the most basic as well as the simplest method to secure any type of confidential and personal information and data within any specific system is the significant utilization of encryption technique. This encryption is the specific procedure by any which particular message or data is being encoded to the cipher text. This is done is such a manner that only the sender and receiver will be able to acquire that data or message (Jula, Sundararajan & Othman, 2014). This is a simplified process of lock and key, where a typical lock is utilized to lock as well as unlock the confidential data. This is extremely popular and common all the cloud based companies and hence the Charity must implement this particular security measure within their business.
2. Implementation of Digital Authentication: The next significant and common method to secure the confidential or personal information is the implementation of digital signatures (Toosi, Calheiros & Buyya, 2014). This digital authentication can be easily defined as the specific process of authentication of any individual or person with the help of digitalized systems or technology. There are some of the most basic examples of digital authentication such as fingerprint recognition system, face recognition system and digitalized signature systems. These are also termed as the biometric methods (Li et al., 2015).
4.	Identity Theft: The next vulnerable as well as nefarious risk of threat to the systems of the Charity is known as the identity theft. An intruder or a hacker eventually acts or behaves like the authenticated user and then access the confidential information easily and promptly (Shiraz et al., 2013). Hence, the respective identity of the authorized or authenticated user is being stolen by the hacker in this particular kind of threat.	1. Using Passwords: One of the most basic methods for reducing as well as mitigating the several identity thefts is using passwords within each and every system of the Charity.  These passwords are considered as the safest and the basic method of securing the information. Since, they have decided to shift their services to public cloud, they should keep passwords for protection and hence no loophole will be present for their security (Zhang et al., 2013). The significant change or the alteration of passwords is also required for the Charity within a specific period and hence the management and security of personal information is easily possible.
2. Not Giving Response to the Unsolicited Emails: Another significant method of treating or mitigating the vulnerable threat of identity theft is not giving any response to the various unsolicited electronic mails. The unsolicited electronic mails are responsible for attracting several intruders or hackers within the system (Wu et al., 2013). Moreover, the phone calls with recorded messages, or the phone calls that ask for any personal and confidential details should also be subsequently avoided for proper security.
5.	Receiving any type of Unsolicited Emails: The fifth significant nefarious and dangerous threat or risk for the systems of the Charity is receiving any type of unsolicited electronic mails. These types of mails are called the spam emails (Papagianni et al., 2013). These spam electronic mails have the specific capability for stealing as well as modifying the confidential information within fewer moments.	1. Avoiding of Clicking: The first and the foremost mitigation technique to receive any kind of unsolicited emails is that the user should avoid clicking in that email. Only those electronic mails should be answered that have proper acknowledgment from the senders (Sultan, 2013).
2. Using a Disposable Email Address: The disposable electronic mail would be protecting the respective user from getting every type of unsolicited electronic mails from the various fake addresses (Yan et al., 2016). Moreover, the spam messages could be avoided by this type of fake address.
6.	Losing Confidential Data within the Clouds: The sixth important and significant cyber threat for the security of systems of the Charity is losing the confidential or sensitive information present in the clouds. When the sending or receiving of the information within the cloud is being done, a high chance is always present that the data is getting lost (Sultan, 2014). In several occasions, the data could not be retrieved, when being lost and hence leading the organization to a major problem.	1. Using Encryption Technique: The simplest as well as the most significant method that helps to secure the data or sensitive information within the clouds (Etro, 2015). Encryption is the specific procedure by any which particular message or data is being encoded to the cipher text. This is done is such a manner that only the sender and receiver will be able to acquire that data or message. This is a simplified process of lock and key, where a typical lock is utilized to lock as well as unlock the confidential data. This is extremely popular and common all the cloud based companies and hence the Charity must implement this particular security measure within their business (Arora, Parashar & Transforming, 2013). Thus, they should implement encryption technique within their business subsequently.

The proper implementation of the privacy strategy and the privacy control risks’ mitigation plans are given below:

Serial Number	Mitigation Plans	Implementation
1.	Anti virus	The software of anti virus could be implemented within the systems of Charity by the simple installation of software within those systems (Fernando, Loke & Rahayu, 2013).
2.	Firewalls	The firewalls could be eventually implemented within the computer systems for the purpose of security. This type of software is being available in markets and the users could easily utilize them. There are no such complexities and the overall installation is also easier (Rittinghouse & Ransome, 2016). The Charity hence, should implement the firewalls for their systems.
3.	Increasing the Server Bandwidth	The significant server bandwidth could be incremented by simply increasing the total budget. Although, the costs of the server bandwidth is higher in comparison to other bandwidth, if this particular mitigation technique is used, it is being ensured that the denial of service attacks or DoS attacks would be reduced to a greater level (Garg, Versteeg & Buyya, 2013).
4.	Resilient Architecture	This architecture is the one of the most significant parts of all systems. Hence, this architecture must be resilient by simply locating all the servers within the various data centres for ensuring the fact that these data centres are located within the various networks (Xiao, Song & Chen, 2013).
5.	Using Encryption Technique	The technique of encryption comprises of two significant algorithms, which are symmetric key algorithm and asymmetric key algorithm (Khan et al., 2013). As per the algorithm of symmetric key, a specific key would be opening the message and that particular key would be also locking the message for encryption. The most significant benefit of symmetric algorithm is that this is absolutely simple (Herbst, Kounev & Reussner, 2013). The next algorithm is the asymmetric key. In this case, both the keys are different. This is even more secured than the former one, since the other key is unknown to the sender or receiver.
6.	Using Digital Authentication	The digital authentication could be implemented by the installation of biometric machines within every system in Charity. The implementation is extremely easier (Krishna, 2013).
7.	Using Passwords	The passwords are eventually set by the respective users within any specific system. Specialized characters are being utilized and only the authorized users have access of these (Yang & Jia, 2013). Furthermore, changing of passwords is also required.
8.	Not Giving Response to Unsolicited Mails	There is no proper implementation for this particular mitigation plan. Avoiding of such mails or phone calls is the only solution for this (Hashizume et al., 2013).
9.	Avoiding of Clicking Unsolicited Mails	There is no proper implementation for this particular mitigation plan. If any such main is found in the mailbox, the user should not click or open it and discard the mail (Hashem et al., 2015).
10.	Using a Disposable Email Address	The Charity should utilize a specific disposable address (Dinh et al., 2013). This particular email address would be identifying the spam and hence data will be secured.

The private data protection strategy is the next vital strategy that is required for the Charity (Jain & Paul, 2013). Various types of risks or threats that are vulnerable to the systems are present and for mitigating these risks or protecting the personal data, a privacy strategy is required.

The Charity is extremely concerned regarding the privacy or security of their data in their cloud. As, they have taken decision for shifting to public cloud, the personal data is often vulnerable to the nefarious or the dangerous data (Rong, Nguyen & Jaatun, 2013). The respective intruders or hackers get hold of that data easily, when that data is not completely protected by with proper means. A proper protection is required in this case and various methods of protecting the personal data are given below:

1. a) Using Proper Passwords: The most effective or efficient method for securing the personal data within the information systems of cloud is utilizing proper passwords (Gao et al., 2013). These passwords are considered as the best way to secure the data without any type of complexity. The problems related to these data security are absolutely eradicated with the proper usage of passwords. The Charity should use passwords for their each and every information system in the cloud for restricting the entry of any type of intruder or hacker. Although, the presence of passwords is only the requirement for data security and privacy, these passwords should also be changed or altered on a monthly basis with special characters, so that the hackers could not easily guess it (Gupta, Seetharaman & Raj, 2013). Hence, these passwords would be beneficial for them.
2. b) Using a Secured Browser: The browsers play the most important role for data privacy. Since, the browsers are the only way that any user utilize for accessing the Internet connection, a secured browser is highly recommended in this case (Almorsy, Grundy & Müller, 2016). The safe or secured browser will be extremely good for the Charity systems as it would stop the entry of the virus or spam to the respective machine and hence the hackers would also not get the access of that data. Hence, they should use any safe as well as secured browser.

 The personal information of the Charity should be kept securely with an authorized access as well as non disclosure to the external bodies. This type of authorized access and non disclosure of data is possible by restricting the access of the data. Only authenticated and authorized users should have the access of such data (Whaiduzzaman et al., 2014). Moreover, this type of data should not be disclosed in front of anyone expect for the organizational members. The proper installation and implementation of firewalls and anti virus will be the best solution in this case. This software would be restricting the access of personal data and thus the issues would be resolved easily.

A procedure that ceases or prevents any hacker from knowing the proper identity of the data of the user is termed as the de-identification of personal data. Several significant ways are there for the prevention of this data identification (Oliveira, Thomas & Espadanal, 2014). The most significant security measures of this identification of the personal data majorly involve various security policies, firewalls, anti virus and many others. The Charity should eventually implement each and every above mentioned methods for de-identifying the personal information.

The confidential and personal data of any company is significantly used for portraying or even representing any external representative is termed as the digital identity. The digital identity could either be any application, an individual or even an organization (Xiao & Xiao, 2013). The digital identities are highly efficient for the personal data of the Charity. The personal digital identities comprises of several significant advantages or benefits and these benefits are given below:

1. a) Integrity of Data: The digital identities are extremely helpful for maintaining the data integrity and confidentiality.
2. b) Better Security: Digital identities provide better security to any type of data and hence the Charity would be benefitted from it (Sanaei et al., 2014).
3. c) Faster: Another significant benefit of this identity is that these are fast and hence data extraction is done quickly.

Data security is one of the vital and significant factors for any company. The Charity is concerned about their personal data security and hence proper measures should be undertaken by them in these cases (O’Driscoll, Daugelaite & Sleator, 2013). There are a couple of security measures that would be beneficial for the personal data. The main security measures are the firewalls, digital authentication, anti virus, digital signatures, security policies and many others.

The final stage of this protection strategy for the Charity is archiving the personal data. The data archiving is quite important for the privacy and security and it helps in the maintenance of integrity as well as confidentiality of the personal data (Sadiku, Musa & Momoh, 2014). Furthermore, this data archiving does not enable the data from getting lost. The Charity must archive their data for protecting the personal data.

The protection strategy of personal data is recommended for the mitigation of the security risks (Khan et al., 2013). The following paragraphs would be depicting the mitigation plans of the risks with their implementation methods.

Serial Number	Security Risks	Mitigation Plans
1.	Loss of the Storage: This storage would be storing or preserving the confidential data. It is extremely important for the privacy or security systems. However, a high chance is present of destructing the storage (Alshamaila, Papagiannidis & Li, 2013).	1. Up Gradation of Architecture: The storage must comprise of the best architecture, so that no data loss occurs here (Sen, 2014).
2. Proper Maintenance: The loss of data storage could be also mitigated or prevented by properly maintaining it. The maintenance of this type of storage would eventually reduce the chance of data loss to a greater level (Lian, Yen & Wang, 2014). Moreover, the periodical maintenance would reduce the costs of the organization.
2.	Eavesdropping: Another popular and vulnerable data security risk and threat for the Charity is eavesdropping. This specifically means that the hacker is sniffing or hearing the confidential or private conversations (Chen et al., 2016). The intruder or the hacker sneaks in the network for getting proper access of the confidential and sensitive data, which is being sent from sender to the receiver.	1. Implementing Encryption: This is one of the simplest methods to eradicate eavesdropping and also to secure the personal data. This is the significant process by which ay confidential data is being hidden or kept encoded, is termed as encryption (Suo et al., 2013). The message is being converted to a cipher text with the significant motive that only the respective receivers would be able to obtain that data. This is very popular for all the companies to secure the data or information. The Charity must implement this particular security measure (Manvi & Shyam, 2014).
2. Software Controlling: The Charity should have a significant control on the software they are installing. This would restrict the entry of unauthenticated users within the software and hence eavesdropping would be stopped (Carlin & Curran, 2013).
3.	Intercepting the Messages: The confidential information could be easily intercepted within any specific security system. The attackers would then intercept the data easily and promptly. The data could even be modified by them (Aazam & Huh, 2014).	1. Firewalls: Firewalls are best methods to secure the information or data. These specific firewalls are responsible for acting as walls for the purpose of maintaining security. The security threats and risks related to the personal information are properly detected as well as prevented (Hwang, Dongarra & Fox, 2013).
2. Implementing Technique of Encryption: The process of encryption is helpful for encoding a specific message to hidden format so that it is safe and secured from the data interception. The specific sensitive data or information is easily encoded as a cipher text thus maintaining the confidentiality and integrity of the data (Moreno-Vozmediano, Montero & Llorente, 2013). This stops the intruders from hacking the data or even accessing the data. The Charity must implement the technique of encryption within their systems of cloud to gain proper security.
4.	Man in the Middle Attacks: The next popular and significant vulnerable threat for the personal data security and privacy is the main in the middle attack. The intruder is present within the network and the authenticated user (Yang et al., 2013). When the user is sending the sensitive data, this intruder or the “man” will be acquiring all the confidential data and can even change the data, thus losing the integrity and confidentiality forever.	1. Implementing Virtual Private Networks: VPN or virtual private networks would be providing a specific private network within the public network to send as well as receive any type of confidential data. Hence, the man in the middle attacks are avoided properly (Barbera et al., 2013).
2. Implementing Technique of Encryption: Encryption is the second best method for eradicating the significant man in the middle attacks. Since, the confidential data is being encoded with proper algorithms, the intruder gets no access of that data and hence that data is secured as well as protected (Ali, Khan & Vasilakos, 2015).
5.	Manipulating Network Traffic: The network traffic is often manipulated by any intruder or hacker and hence whenever the data is sent by the user, it eventually travels in a specific traffic or path, the hacker sneaks into the network and gets access of that data. Thus, the receiver does not receive any data from the sender (Ryan, 2013).	1. Using Firewalls: The firewalls can easily detect or prevent the manipulation of network traffic. It is a specific software that can easily detect as well as prevent the entry of hackers or intruders into a system and hence that intruder could not direct the path of the data. Moreover, with the help of firewalls, the data is not changed by the intruder and hence the confidentiality and the integrity of that sensitive personal data is being maintained (Aazam et al., 2014).
2. Using Anti Virus Software: An extremely efficient and effective method for securing network or system, the software of anti virus is utilized by every organization for their systems. This particular software of anti virus can restrict all types of virus attacks or network manipulation. The intruder could not enter into the system or network if that particular system or network is protected with anti virus (Sen, 2014).
6.	Destructing the Confidential Records: Another important and significant threat or risk to the systems or personal data is the specific destruction of the confidential records (Patel et al., 2013). These are mostly caused unintentionally by the various employees of that particular organization. These are extremely vulnerable and dangerous for the organization (Dasgupta et al., 2013).	1. Utilizing Proper Storage: A proper and perfect storage is required for mitigating the problem of destruction of the confidential records. Periodical maintenance of this storage is also required for this type of storage and this would mitigate the issues data destruction (Chen, 2015).
2. Providing Proper Training: A significant as well as proper training should be provided to all the employees or staffs of the particular organization. This would make them realize about the importance of confidential records as well as the proper usage of that storage. This would thus mitigate the risks of destruction of the confidential records (Jula, Sundararajan & Othman, 2014).

The execution of this personal data protection as well as mitigation plans for the Charity is given below:

Serial Number	Mitigation Plans	Implementation Methods
1.	Upgrading Architecture	The specific architecture of that storage could be eventually upgraded by the simply increment in the overall budget of the company, so that an even better storage is being affordable. Hence, the up gradation of the architecture would be helpful for the Charity to store the personal data faster and with better security (Toosi, Calheiros & Buyya, 2014).
2.	Proper Maintenance of Storage	The storage should be maintained properly, since this maintenance is an extremely significant step for all devices or storages. This type of maintenance will also be eradicating the extra costs that are required for treating the problematic machines (Shiraz et al., 2013). Moreover, the data will also not be destructed with this storage maintenance. The Charity should eventually organize a periodical maintenance for their storage.
3.	Encryption	This particular technique of encryption has two distinct algorithms, which are symmetric key and asymmetric key algorithms (Li et al., 2015). As per the algorithm of symmetric key, a specific key would be opening the message and that particular key would be also locking the message for encryption. The most significant benefit of symmetric algorithm is that this is absolutely simple. The next algorithm is the asymmetric key. In this case, both the keys are different. This is even more secured than the former one, since the other key is unknown to the sender or receiver (Papagianni et al., 2013). Hence, the personal data could be easily secured and protected with this encryption.
4.	Software Controlling	The software controlling mainly depends on the software quality. The elimination of pirated software is the most important method of controlling the software (Etro, 2015).
5.	Firewalls	Firewalls are easily implemented within any particular system for securing the data.  These could be implemented by installing a proper software (Toosi, Calheiros & Buyya, 2014).
6.	Virtual Private Networks	There are few important steps for implementing the virtual private network. In the beginning, the specific remote server of VPN must be configured. Next, the typical IP address must be provided and in the last step, implementation is completed (Dasgupta et al., 2013).
7.	Antivirus	Antivirus software could be eventually implemented within the systems of the Charity by properly installing that software within that specific system easily and promptly (Ergu et al., 2013).
8.	Using a Proper Storage	Maintenance of the storage should be done properly by the employees of the Charity and thus the data will not be destructed (Aazam et al., 2014).
9.	Providing Proper Training	There is no such method of implementation of this mitigation plan. The employees of the Charity should have respective knowledge about the using the records or information for using them. This type of training should be arranged by the organization by special trainers and thus this risk would be easily eradicated, without any complexity (Sen, 2014).

Conclusion

Therefore, it can be concluded that the cloud computing technology is the delivery of the each and every hosted service over the connectivity of the Internet. The significant building as well as the maintenance of the computing infrastructures in house is done easily and promptly with the help of this technology. There are three distinct features of this technology, which are extremely common for the vendors of cloud computing. The first characteristic is that the back end of this application is properly managed and controlled by all the cloud vendors. The next important characteristic of the cloud computing technology is that the user eventually pays for the several services like memory, bandwidth or processing time being utilized. Moreover, this particular technology of cloud computing is absolutely scalable and flexible. Thus, migration to this technology is much easier than any other technology. Most of the advancements of cloud computing are related to the virtualization. There is a distinct ability for paying on demand and thus scaling is done quickly as the result of huge number of cloud computing vendors. The resources are pooled and are then are sub divided amongst the several clients. Cloud computing is categorized as the services of IaaS or Infrastructure as a Service, PaaS or Platform as a Service and SaaS or Software as a Service.

The new paradigm within the software development, where all the small organizations can easily access the processing power, business processes and storage for being available to the larger companies is termed as cloud computing. The major characteristic or feature of this technology is that it helps in providing the self service provisioning, which refers to the fact that all end users can be spinning up these resources for each and every work load as per demand. This helps in the perfect elimination of the traditional requirement for the administrators of information technology for the major purpose of provisioning as well as managing the computing resources. Another significant and vital feature of this technology is that it eventually permits the enterprises in getting the applications up and also running much faster than any other technology. This is done with the improvement of manageability and lesser maintenance, for the core purpose that this cloud computing could enable the teams of information technology for more rapidly adjusting resources and meeting the unpredictable as well as fluctuating demands. The next feature of this technology is that it provides elasticity and thus the organizations could be scaling up as the computing need would be increasing s well as scaling down when the demands are decreasing. This elasticity is responsible for eradicating the requirement of huge investments within the local infrastructures that are absolutely active. Moreover, the cloud computing technology allows pay as per use service, which refers to the fact that computing resources are being measured at the granular level in the organization for allowing the users for paying only for those resources or work loads that are being utilized by them. The flexibility for migration is another important feature of this technology and thus the work loads are easily shifted or moved as the desire of the users. This provides a better cost savings.

Due to the presence of deployment models and architecture models, the technology is considered as the safest technology in the cyber world. However, there are some of the significant disadvantages present within this technology. The most vital problem amongst these would be the cloud security. Hence, data security is extremely important for this case. The above report has properly outlined the case study of the Charity. A privacy strategy proposal is provided in the report that includes managing personal information, collection as well as management of the solicited personal data, utilization as well as disclosure of the personal data, privacy or access to the personal data and many more. Proper recommendations are also provided for mitigating the identified risks and the personal data protection strategy is also developed for the charity.

References

Aazam, M., & Huh, E. N. (2014, August). Fog computing and smart gateway based communication for cloud of things. In Future Internet of Things and Cloud (FiCloud), 2014 International Conference on (pp. 464-470). IEEE.

Aazam, M., Khan, I., Alsaffar, A. A., & Huh, E. N. (2014, January). Cloud of Things: Integrating Internet of Things and cloud computing and the issues involved. In Applied Sciences and Technology (IBCAST), 2014 11th International Bhurban Conference on (pp. 414-419). IEEE.

Ali, M., Khan, S. U., & Vasilakos, A. V. (2015). Security in cloud computing: Opportunities and challenges. Information sciences, 305, 357-383.

Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.

Alshamaila, Y., Papagiannidis, S., & Li, F. (2013). Cloud computing adoption by SMEs in the north east of England: A multi-perspective framework. Journal of Enterprise Information Management, 26(3), 250-275.

Arora, R., Parashar, A., & Transforming, C. C. I. (2013). Secure user data in cloud computing using encryption algorithms. International journal of engineering research and applications, 3(4), 1922-1926.

Avram, M. G. (2014). Advantages and challenges of adopting cloud computing from an enterprise perspective. Procedia Technology, 12, 529-534.

Barbera, M. V., Kosta, S., Mei, A., & Stefa, J. (2013, April). To offload or not to offload? the bandwidth and energy costs of mobile cloud computing. In INFOCOM, 2013 Proceedings IEEE (pp. 1285-1293). IEEE.

Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2014, August). On the integration of cloud computing and internet of things. In Future internet of things and cloud (FiCloud), 2014 international conference on (pp. 23-30). IEEE.

Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2016). Integration of cloud computing and internet of things: a survey. Future Generation Computer Systems, 56, 684-700.

Carlin, S., & Curran, K. (2013). Cloud computing security. In Pervasive and Ubiquitous Technology Innovations for Ambient Intelligence Environments (pp. 12-17). IGI Global.

Chen, X. (2015). Decentralized computation offloading game for mobile cloud computing. IEEE Transactions on Parallel and Distributed Systems, 26(4), 974-983.

Chen, X., Jiao, L., Li, W., & Fu, X. (2016). Efficient multi-user computation offloading for mobile-edge cloud computing. IEEE/ACM Transactions on Networking, (5), 2795-2808.

Dasgupta, K., Mandal, B., Dutta, P., Mandal, J. K., & Dam, S. (2013). A genetic algorithm (ga) based load balancing strategy for cloud computing. Procedia Technology, 10, 340-347.

Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of mobile cloud computing: architecture, applications, and approaches. Wireless communications and mobile computing, 13(18), 1587-1611.

Ergu, D., Kou, G., Peng, Y., Shi, Y., & Shi, Y. (2013). The analytic hierarchy process: task scheduling and resource allocation in cloud computing environment. The Journal of Supercomputing, 64(3), 835-848.

Etro, F. (2015). The economics of cloud computing. In Cloud Technology: Concepts, Methodologies, Tools, and Applications (pp. 2135-2148). IGI Global.

Fernando, N., Loke, S. W., & Rahayu, W. (2013). Mobile cloud computing: A survey. Future generation computer systems, 29(1), 84-106.

Gai, K., Qiu, M., Zhao, H., Tao, L., & Zong, Z. (2016). Dynamic energy-aware cloudlet-based mobile cloud computing model for green computing. Journal of Network and Computer Applications, 59, 46-54.

Gao, Y., Guan, H., Qi, Z., Hou, Y., & Liu, L. (2013). A multi-objective ant colony system algorithm for virtual machine placement in cloud computing. Journal of Computer and System Sciences, 79(8), 1230-1242.

Garg, S. K., Versteeg, S., & Buyya, R. (2013). A framework for ranking of cloud computing services. Future Generation Computer Systems, 29(4), 1012-1023.

Gupta, P., Seetharaman, A., & Raj, J. R. (2013). The usage and adoption of cloud computing by small and medium businesses. International Journal of Information Management, 33(5), 861-874.

Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The rise of “big data” on cloud computing: Review and open research issues. Information Systems, 47, 98-115.

Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of security issues for cloud computing. Journal of internet services and applications, 4(1), 5.

Herbst, N. R., Kounev, S., & Reussner, R. H. (2013, June). Elasticity in Cloud Computing: What It Is, and What It Is Not. In ICAC (Vol. 13, pp. 23-27).

Hwang, K., Dongarra, J., & Fox, G. C. (2013). Distributed and cloud computing: from parallel processing to the internet of things. Morgan Kaufmann.

Jain, R., & Paul, S. (2013). Network virtualization and software defined networking for cloud computing: a survey. IEEE Communications Magazine, 51(11), 24-31.

Jula, A., Sundararajan, E., & Othman, Z. (2014). Cloud computing service composition: A systematic literature review. Expert Systems with Applications, 41(8), 3809-3824.

Khan, A. N., Kiah, M. M., Khan, S. U., & Madani, S. A. (2013). Towards secure mobile cloud computing: A survey. Future Generation Computer Systems, 29(5), 1278-1299.

Krishna, P. V. (2013). Honey bee behavior inspired load balancing of tasks in cloud computing environments. Applied Soft Computing, 13(5), 2292-2303.

Li, J., Li, J., Chen, X., Jia, C., & Lou, W. (2015). Identity-based encryption with outsourced revocation in cloud computing. Ieee Transactions on computers, 64(2), 425-437.

Li, M., Yu, S., Zheng, Y., Ren, K., & Lou, W. (2013). Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE transactions on parallel and distributed systems, 24(1), 131-143.

Lian, J. W., Yen, D. C., & Wang, Y. T. (2014). An exploratory study to understand the critical factors affecting the decision to adopt cloud computing in Taiwan hospital. International Journal of Information Management, 34(1), 28-36.

Manvi, S. S., & Shyam, G. K. (2014). Resource management for Infrastructure as a Service (IaaS) in cloud computing: A survey. Journal of Network and Computer Applications, 41, 424-440.

Modi, C., Patel, D., Borisaniya, B., Patel, A., & Rajarajan, M. (2013). A survey on security issues and solutions at different layers of Cloud computing. The journal of supercomputing, 63(2), 561-592.

Moreno-Vozmediano, R., Montero, R. S., & Llorente, I. M. (2013). Key challenges in cloud computing: Enabling the future internet of services. IEEE Internet Computing, 17(4), 18-25.

O’Driscoll, A., Daugelaite, J., & Sleator, R. D. (2013). ‘Big data’, Hadoop and cloud computing in genomics. Journal of biomedical informatics, 46(5), 774-781.

Oliveira, T., Thomas, M., & Espadanal, M. (2014). Assessing the determinants of cloud computing adoption: An analysis of the manufacturing and services sectors. Information & Management, 51(5), 497-510.

Papagianni, C., Leivadeas, A., Papavassiliou, S., Maglaris, V., Cervello-Pastor, C., & Monje, A. (2013). On the optimal allocation of virtual resources in cloud computing networks. IEEE Transactions on Computers, 62(6), 1060-1071.

Patel, A., Taghavi, M., Bakhtiyari, K., & JúNior, J. C. (2013). An intrusion detection and prevention system in cloud computing: A systematic review. Journal of network and computer applications, 36(1), 25-41.

Pearson, S. (2013). Privacy, security and trust in cloud computing. In Privacy and Security for Cloud Computing (pp. 3-42). Springer, London.

Rahimi, M. R., Ren, J., Liu, C. H., Vasilakos, A. V., & Venkatasubramanian, N. (2014). Mobile cloud computing: A survey, state of art and future directions. Mobile Networks and Applications, 19(2), 133-143.

Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation, management, and security. CRC press.

Rong, C., Nguyen, S. T., & Jaatun, M. G. (2013). Beyond lightning: A survey on security challenges in cloud computing. Computers & Electrical Engineering, 39(1), 47-54.

Ryan, M. D. (2013). Cloud computing security: The scientific challenge, and a survey of solutions. Journal of Systems and Software, 86(9), 2263-2268.

Sadiku, M. N., Musa, S. M., & Momoh, O. D. (2014). Cloud computing: opportunities and challenges. IEEE potentials, 33(1), 34-36.

Sanaei, Z., Abolfazli, S., Gani, A., & Buyya, R. (2014). Heterogeneity in mobile cloud computing: taxonomy and open challenges. IEEE Communications Surveys & Tutorials, 16(1), 369-392.

Sen, J. (2014). Security and privacy issues in cloud computing. In Architectures and protocols for secure information technology infrastructures (pp. 1-45). IGI Global.

Shiraz, M., Gani, A., Khokhar, R. H., & Buyya, R. (2013). A review on distributed application processing frameworks in smart mobile devices for mobile cloud computing. IEEE Communications Surveys & Tutorials, 15(3), 1294-1313.

Sultan, N. (2013). Knowledge management in the age of cloud computing and Web 2.0: Experiencing the power of disruptive innovations. International journal of information management, 33(1), 160-165.

Sultan, N. (2014). Making use of cloud computing for healthcare provision: Opportunities and challenges. International Journal of Information Management, 34(2), 177-184.

Suo, H., Liu, Z., Wan, J., & Zhou, K. (2013, July). Security and privacy in mobile cloud computing. In Wireless Communications and Mobile Computing Conference (IWCMC), 2013 9th International (pp. 655-659). IEEE.

Tao, F., Cheng, Y., Da Xu, L., Zhang, L., & Li, B. H. (2014). CCIoT-CMfg: cloud computing and internet of things-based cloud manufacturing service system. IEEE Transactions on Industrial Informatics, 10(2), 1435-1442.

Toosi, A. N., Calheiros, R. N., & Buyya, R. (2014). Interconnected cloud computing environments: Challenges, taxonomy, and survey. ACM Computing Surveys (CSUR), 47(1), 7.

Wei, L., Zhu, H., Cao, Z., Dong, X., Jia, W., Chen, Y., & Vasilakos, A. V. (2014). Security and privacy for storage and computation in cloud computing. Information Sciences, 258, 371-386.

Whaiduzzaman, M., Sookhak, M., Gani, A., & Buyya, R. (2014). A survey on vehicular cloud computing. Journal of Network and Computer Applications, 40, 325-344.

Wu, X., Deng, M., Zhang, R., Zeng, B., & Zhou, S. (2013). A task scheduling algorithm based on QoS-driven in cloud computing. Procedia Computer Science, 17, 1162-1169.

Xia, Z., Wang, X., Zhang, L., Qin, Z., Sun, X., & Ren, K. (2016). A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Transactions on Information Forensics and Security, 11(11), 2594-2608.

Xiao, Z., & Xiao, Y. (2013). Security and privacy in cloud computing. IEEE Communications Surveys & Tutorials, 15(2), 843-859.

Xiao, Z., Song, W., & Chen, Q. (2013). Dynamic resource allocation using virtual machines for cloud computing environment. IEEE Trans. Parallel Distrib. Syst., 24(6), 1107-1117.

Yan, Q., Yu, F. R., Gong, Q., & Li, J. (2016). Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges. IEEE Communications Surveys & Tutorials, 18(1), 602-622.

Yang, K., & Jia, X. (2013). An Efficient and Secure Dynamic Auditing Protocol for Data Storage in Cloud Computing. IEEE Trans. Parallel Distrib. Syst., 24(9), 1717-1726.

Yang, L., Cao, J., Yuan, Y., Li, T., Han, A., & Chan, A. (2013). A framework for partitioning and execution of data stream applications in mobile cloud computing. ACM SIGMETRICS Performance Evaluation Review, 40(4), 23-32.

Zhang, W., Wen, Y., Guan, K., Kilper, D., Luo, H., & Wu, D. O. (2013). Energy-optimal mobile cloud computing under stochastic wireless channel. IEEE Transactions on Wireless Communications, 12(9), 4569-4581.