Discuss About The In Privacy And Security For Cloud Computing?
It is very important that Webb stores should not fully rely on the encryption services offered by the cloud vendors. As encryptions services consumer, huge resources, cloud vendors offer minimal encryption services. Instead Webb stores should also use encryption at their end before sending the data on the cloud. They also ensure that encryption key is located in on premise locations only and not on cloud.
Restricted access to employees: People should have restricted access based on their role and should see only the data they need. Critical data should be read only so that no one can change it.
Using RSA Secure ID systems for generating real time passwords and extra layer of prevention (Khanezaei, & Hanapi, 2014)
Ensure that all the machines have latest anti-viruses and all the fixes whether they belong to software, operating systems or any other should be installed as soon as possible. The only way to ensure is that controlling the updates features centrally and do not give users the choice of not installing updated (Hashizume, et al., 2013). Recent attack on NHS hospitals of UK by malware WannaCry was happened because the company did not update the latest fix by Microsoft which Microsoft released 2 month before this ransomware attack.
Data loss risks applies to the database. In case of a provider going of a business or suffers from technical problem at their end, there is a risk of losing the complete databased for the Webb stores.
Data removal risk: This data is mission critical and suppose Webb stores wants to remove any data from their database, it will be removed from its database but how it will be permanently removed from the cloud as cloud is maintaining multiple copies at multiple locations.
Compliance risks: There are rules and polices of Cloud computing designed by the Australian and New Zealand government and each IaaS Infrastructure must abide by those polices. There are policies that prevent vendors from storing data outside the country but cloud vendors maintain numerous copies of their Cloud and stored them in their data centers across different parts of the world. There are various Audits like SAS 70 and many more and each cloud vendor must furnish the details of conducting these audits and thus it is mandatory that cloud vendor must abide by all such policies.
Vendor lock in risks: It is possible that IaaS vendor has suddenly increase the prices of their services or there can also be any other conflict and thus, Webb stores want to move their data out of the cloud on some other vendor cloud or on their premise, how it will be handled. Sometimes vendors claim their proprietary data if data is created or analyzed by using their tool, how such things will be handled is a big risk (ALi, Khan, & Vasilakos, 2015).
Data leakage risks: There is risk of intruders and attackers during data communication between Webb’s and their IaaS database (Chang, 2015)
Identity Access management risk: There is risk of identity verification and if right authorized person is accessing the data.
Too much time in restoring backup: Backing up the data is used so that in case anything goes wrong, backup data can be used. Now, Webb must ensure the timely retrieval of their backup data from the cloud. Restoring data from cloud using bandwidth will be very slow as compared to the restoring the backup from the tapes (Nicolini, et al., 2015)
Backup Windows size: For backup, Data needs to be moved from machines to servers on a continuous basis and thus it will be consuming the bandwidth making the overall network slow (Yao, Lu, & Zhu, 2014)
Data privacy risk: Webb stores having the confidential information related to payment details of customers and many more and any compromise of the cloud security vendor can put the company’s data on risk
iii. Retrieval of data from the cloud.
Identity Risk: Cloud vendors do not have strong mechanism in place to distinguish between the authentic traffic and malicious traffic which is a very high risk for the Webb stores.
Network risk: Cloud vendor will send the data after decryption to your systems and if the Webb stores is not using encryption/decryption at their end, unencrypted data transmission over the network can be very much vulnerable to attackers and intruders.
Earlier backup was maintained on the tapes in-house and hence retrieval is pretty much fast however in case of outsourcing backup services also to the cloud vendor, Disaster recovery plan must be changed. In this case, DR plans will make use of bandwidth and thus Webb stores should ensure that it is using high speed internet so that restoration can happen very quickly. Webb stores also plan to conduct a pilot project regarding restoring the backup and can analyses the time needed, costs and bandwidth requirements (Couto, et al., 2014).
Webb stores should give access to only authorized person based on their role. For example, a person responsible for buying should see only the relevant details based on his role and not everything that is stored on the cloud. Another way is to use services of specialized security and Access management vendors like RSA Secure ID that generates a password on real time basis and involves multi-factor authentication (Khalil, Khreishah, & Azeem, 2014). This will drastically reduce any unauthorized access.
Webb stores should use encryption at their end also and do not rely solely on the encryption and security services of the cloud network. In this case, if the data of the cloud is compromised, Webb stores data will still be encrypted. Web stores must ensure that it is storing the data encryption key somewhere else and not on the cloud.
The biggest challenge here is that cloud vendor does not have any firewalls that can differentiate the data from the Webb stores and the data coming from malicious users. In such cases, they should ensure that cloud vendor is using the virtual cloud firewall using virtual security device that will be deployed within your tenant environment and separate customer traffic from malicious traffic. Also, Webb stores should clearly bring this topic in contract with the cloud vendors and also adds clause of penalty in case of any default.
Backup and restoring is a time taking activity and involves a lot of challenges. It is recommended that Webb stores should ask their vendor to conduct a Pilot project where they will be showcasing their capability how fast they can restore the back up and also Webb stores should setup the Service Level agreements (SLAs) that restoration must happen within this time frame otherwise there will be a penalty. Also, there should be clauses like network should be up and available more than 99% of the time and any downtime must be communicated 2 weeks in advance (Almorsy, Grundy, & Muller, 2016).
Webb stores also need to educate its IT users how to handle phishing emails because clicking on malicious emails by any user on a network can pose a risk to entire network.
References
Ali, M., Khan, S. U., & Vasilakos, A. V. (2015). Security in cloud computing: Opportunities and challenges. Information Sciences, 305, 357-383.
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.
Chang, V. (2015). Towards a Big Data system disaster recovery in a Private Cloud. Ad Hoc Networks, 35, 65-82.
Couto, R. D. S., Secci, S., Campista, M. E. M., & Costa, L. H. M. K. (2014). Network design requirements for disaster resilience in IaaS clouds. IEEE Communications Magazine, 52(10), 52-58.
Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of security issues for cloud computing. Journal of Internet Services and Applications, 4(1), 5.
Khalil, I., Khreishah, A., & Azeem, M. (2014). Consolidated Identity Management System for secure mobile cloud computing. Computer networks, 65, 99-110.
Khanezaei, N., & Hanapi, Z. M. (2014, December). A framework based on RSA and AES encryption algorithms for cloud computing services. In Systems, Process and Control (ICSPC), 2014 IEEE Conference on (pp. 58-62). IEEE.
Nicolini, M. J., Wildes, R. A., Slawsky, J. E., Sabjan, C. A., Alexander, J. W., Freiheit, K., … & Gregory, R. D. I. (2015). U.S. Patent No. 9,122,711. Washington, DC: U.S. Patent and Trademark Office.
Pearson, S. (2013). Privacy, security and trust in cloud computing. In Privacy and Security for Cloud Computing (pp. 3-42). Springer London.
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation, management, and security. CRC press.
Yao, J., Lu, P., & Zhu, Z. (2014, June). Minimizing disaster backup window for geo-distributed multi-datacenter cloud systems. In Communications (ICC), 2014 IEEE International Conference on (pp. 3631-3635). IEEE.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download