The technology of cloud computing is one of the most discussed and the best promising innovations within the IT sector of the recent technological market. This form of technology has been one of the most attractive based on the needs of different organizations (Arora, Parashar & Transforming, 2013). The cloud computing technologies and applications would bring efficiency within the potential of the companies to provide savings of cost and increased efficiency. With the implementation of the cloud applications within organizations, there is a high chance that there might be misuse of the essential data that would belong to the organization. These public clouds are generally handled by third-party cloud service providers. There are many higher chances of the mishandling of data and breaches within the data of the organization (Rittinghouse & Rittinghouse, 2016).
The current topic of study mainly focusses on the use of cloud computing technologies within an organization. Based on the current project scenario, it can be understood that a consultant of cloud services would be needed to be appointed in order to provide various form of suggestions and support to a charity based organization. The charity organization provides various services and applications to their administrative users and 500 support staff. A very substantial amount of the applications based on cloud would be critical. The data used by the applications would be time-sensitive and highly confidential. This organization possesses their existent data centre, which makes use of the Linux operating system based on Red Hat (Hat, 2014). The servers within the organization would be mainly owned by different cloud vendors who are able to provide cloud based services. It should be also taken into consideration that the cloud services of the community would be able to store around 200TB of data. This data would be deployed on a SaaS database that would be mainly run by the public cloud vendor (Andrikopoulos et al., 2013). The cloud consultant has been majorly approached by the organization for auditing the privacy policy and security aspects within the organization. The information that is provided is that the company has been in the process of purchasing some applications based on personal management from a company based in the US that would be working within the SaaS environment. The functionalities based on privacy of employee data would be evaluated. There would be further analysis, which would present the issues based on digital identity within the organization. In the end, the report would be able to include the issues based on the sensitivity of data and thus would be able to evaluate the use of vital data based on the control of data within the organization (Sherwood, Bony & Dufresne, 2014).
Security of the Data of Employee
Imminent Threats and Risks – Each organization stores and maintains the data of their employees. The data of their employees is a very crucial aspect within the organization and hence this has to be secured with high level of security patches. The in-house HR database within the organization has the potential to collect the employee related information. Despite having a high level of security within the storage of information, there are various impending forms of threats and risks within the database of the organization (Waqar et al., 2013). The consultant who would deliver advices based on the cloud services had audited the cloud services within the organization. Based on the audit, it has been found that there are several forms of problems, which are primarily associated with the implementation of the cloud computing technology based on the storage of data of employees (Kasperson & Kasperson, 2013).
The description of the problems, which might be face with the implementation of cloud computing technologies within the organization are:
APIs – The Cloud Application Programming Interface (Cloud API) is a form of API that would help in enabling the development of several services and applications. The use of these kind of APIs would help in the provision of cloud based softwares, hardware and platforms. These APIs mainly serve as a form of interface or gateway that would be able to provide direct as well as indirect form of cloud infrastructure and services within the use of software for their users. Though the API are the core component within the use of cloud computing, there are still several kinds of possibilities of vulnerabilities of attacks within the systems (Ali & Soar, 2014).
Risks of SaaS – The risks within the SaaS service provider based on cloud would mainly occur when the organization would migrate or adapt to a newer form of technology. The implementation of the SaaS cloud provider service would also inherit various form of threats related to data security. There might be several accounts of breaches within the databases of the organization, which might be able to pose a serious harm for the organization and the underlying data of the organization (Hashizume et al., 2013). In order to help the organization to mitigate the various serious implications of threats that are incurring within the system, it would be highly necessary for the consultancy firms to suggest such form of security measures.
The network technology based on SaaS has a pre in-built feature based on the protection of the vital data of the organization. The applications based on the SaaS interface are not able to handle the security measures independently. Hence, this special security criteria should be taken care by the security consultant or cloud service providers who are majorly responsible for securing the data network (He, Yan & Da Xu, 2014). There is another impending risk that might be prone to the systems of the organization when they would migrate to the cloud platform, which is down time of the cloud platform. As the entire data of the employee within the organization are being moved on to the cloud platform, it would be highly necessary to depend on the cloud services providers for the proper running of the data. After the shift of data to the cloud, the user would not have any control over their data. There is a high potential of risks within the transfer of data on to the SaaS application. The proper form of plan based on implementation of SaaS based applications need to accord to the set standards based on the country. There might be legal risks if the laws based on the implementation of the cloud platform are violated. Hence, it would be very much necessary for the environment of SaaS applications to work based on a lower down time such that various risks within the cloud platform would be mitigated (Zhou et al., 2013).
Hijacking of Accounts – One of the most common phenomenon based on the implementation of SaaS services within cloud platform is the imposed danger of accounts to get hijacked. In order to gain access over the data of an individual or organization, the attacker has to firstly gain access over an entire account. The various acts based on the phishing of accounts would mainly occur due to several form of vulnerabilities based within the systems of security in the cloud environment (Modi et al., 2013). This would mainly result in the acts of violation based on the wrong acts within the cloud platform. Hence, the hijackers would be able to breach into the cloud platform and servers that would be mainly unauthorized for them.
Breach of Data – The most potential attack within the cloud servers and environment is the threat based on the breach of data of the organisation. The database of cloud based within the organisation would be vulnerable based within the environment of the cloud (Rao & Selvamani, 2015). Different malicious attackers could be able to access the cloud environment and thus gain access to the delicate information about the specific details of an individual or an organization. The information stored within the cloud platform could be of any form that might range from the name, contact information, address, payment details and important credentials that would be the main hub of the attacker for misusing within the account of the individual (Demirkan & Delen, 2013). This is one of the primary reason for many people to get affected from attackers within the cloud computing environment.
Accumulated Results based on the Threats – Based on the above discussion, it could be discussed that each threats and the impending form of threats and risks should be discussed in regards to the several problems within the cloud environment. The primary form of threats that are imposed within the system of cloud platform is that with the attack on the particular organization would lead to a huge amount of impact on the data of the entire organization (Fernandes et al., 2014). With the passage of time, the risks that are mainly imposed on the cloud platform would increase in number. This happens particularly due to the reason that the cyber attackers would make the most use of the latest form of technologies and would make a devastating effect on the organizations. The details present within the cloud platform are so delicate that a single attack within the system might prove to be devastating effect on the individual bank accounts. The monetary details of the individual employees might be at stake if an attacker gets an access to the payment section of the organization (Zhou & He, 2014).
Hence, it would be highly recommend for the SaaS systems to implement security strategies and proper form of security measures in order to protect the vital data of the organization. The attacks based on phishing might prove to be extremely harmful for the organization and for the benefits of the attacker. In the recent times, there is a huge advancement within the rise of emerging form of technologies that are much advanced for the benefit of the attackers (Ahmed & Hossain, 2014). The attackers are able to make full use of these form of technologies in order to steal the vital data of the clients in order to pose a threat to the organization who are making use of the SaaS cloud services. With the wide range of newer technologies, there is a widespread domain in front of the attackers for exploiting with the data within the organization. The attackers also possess a considerable amount of space and time in order to get full access to their proposed target and thus be able to pursue their activities based on attacking into the networks. Thus any form of loophole within the existing systems of the organization would be able to cause a considerable amount of harm to the organization along with the individual (Chung et al., 2013).
Privacy of the Data of Employee
Maintenance of the privacy of data within the organization is a much important case, which needs to be taken into consideration. Without the proper form of maintenance within the privacy based on the data of the organization would lead to tremendous impacts on the employees as well as the organization. The attackers of cyber space are able to access the details of any kind of company within the market and thus would be able to maintain a track and monitor the different activities within the organization (Gupta, Seetharaman & Raj, 2013). One of the example of activities occurring within the organization is the exchange of emails from one organization to another organization. There are several forms of vital information that are primarily being shared with the help of emails. Several form of queries and their related answers are also being shared and communicated with the help of emails. Hence, the use of sharing of email based content should be performed with extreme level of cautiousness such that any form of confidential information would not be shared with the wrong persons (Yu et al., 2013). Additionally to protect the information systems from the various threats imposed on them, it should be taken into consideration that the users should not click on any form of unsolicited or suspicious links that are shared with the help of emails. Another form of fact should also be ensured that no other employee should be able to access the data of other person unless the permission or proper authorization of the concerned person. Any form of negligence or repeated mistakes that would be in operation within the premises of the organization would lead to strict form of actions on the individual thus treating the mistake as a criminal offense. These offense could be in relation with the personal, health or banking related information.
Existing Threats within the Cloud Environment – There are various forms of impending threats within the security aspects of the cloud environment. The prime form of threats, which majorly exist within the cloud platforms that are used within organizations are listed as follows:
Human based Threats – This form of threat occurs mainly due to the interaction of humans with any form of computing device based within the cloud. These kinds of threats are mainly imposed within the system due to various forms of negligence on the part of humans in handling various matters within the organization (Ziegeldorf, Morchon & Wehrle, 2014). Due to these kind of human negligence, there might be several problems based on breach of data within the organization. Each of the individual within the organization should be much more careful in dealing with the several problems that are accounted within the working of the systems. There are various forms of emails that are based on causing harm to the system processes. Hence, a person should be very much cautious while opening emails or clicking on links, which might pose a serious threat to the entire system of the organization (Zonouz et al., 2013).
Excessive Permission based Threats – These form of threats are mainly imposed within the systems when an individual would be given excessive permission for use within the systems. There should be some amount of restrictions based on the use of computing devices within an organization. Too much grant of access to the systems might lead to severe threats within the system procedures. Providing too much access to an individual leads to peeking into the accounts of other individuals within the organization (Jamshidi, Ahmad & Pahl, 2014). This might lead to exploitation or invasion of the personal space of other individuals or organization. Hence the organization should limit the grant of system access to only some extent for the betterment of system processes.
Malware based Threats – The malwares are mainly defined as various form of malicious softwares, which carry viruses within them. The malwares have the potential of infecting a connected device and thus be able to gain access to the sensitive data within the organization. Once these softwares are installed within the system, they are used to trace important data within the computer that might be the prime target of hackers. There is always the threat of some form of malicious software that would infect the in-house systems (Yan et al., 2016).
Unmanaged Threats to Data – There are several different organizations that have a negligent way of handling the data of their employees. The involvement of humans within the process of maintain the storage systems of data poses a major amount of problem that would be the main cause of breach of data within the organization (Kunz et al., 2014). There is a huge amount of risk that the unmanageable data would pose a huge amount of risk for the employees as well as the organization as the data might get exposed and would fall into the hands of the hacker (Liu & Cai, 2013). The unmanaged threats to the security of data would serve as an open and wide opportunity for the hackers to pry within the networks and gain access to the entire unmanageable data.
Database Injection based Threats – There are various forms of attacks based on injection that would be performed within the database for the purpose of breaching within the datasets of the organization. The threats posed by the database injection would be mainly done by a malicious hacker who are efficient enough to barge into the vulnerable accounts that would hold the critically acknowledged data. The two form of typical databases that face these kind of threats are NoSql Database and the traditional databases (Chang, Kuo & Ramachandran, 2016).
Additional Threats to the Cloud Environment – There are some other forms of additional threats to the cloud environment that would be majorly posed during the transmission of the data of employees on to the SaaS based cloud service providers and applications . Some of these threats are described as follows:
Downfall within Cloud Standards – There are several standards based on the security credentials, which are highly advertised by different cloud vendors. There was a performance based audit with the SaaS systems based on which it was found that there was a major downfall within the standards of the cloud platform as there was no such form of security within the SaaS applications. Hence, it would be highly necessary for the organization to adopt to several standards of security that would be highly required for transferring highly confidential data with cloud based services (Jungck & Rahman, 2015).
Faulty Management of Identity – Various identities of the providers of cloud services are not highly sophisticated in terms of identities based on the services that would reside within the firewall deployed by enterprises. This is primarily due to the reason that the various third party applications would have the major form of responsibility for gaining access to vital forms of data. The data deployed within the SaaS provided applications do not have a unique identity. Hence, this would pose a major form of contemporary issue within the risks faced within the environment of the cloud (Roman, Zhou & Lopez, 2013).
Threats to Data Security – There are some vendors of cloud services who have a habit of advertising based on their providing of better form of secured cloud services without having the proper form of techniques that would be necessary for maintaining data privacy and security. Hence, most of the developed organizations have a better form of idea that the security within the SaaS cloud service providers would be able to provide a flexible form of environment within the securing of the data of the employees (Sun et al., 2014). The customers who are depending on the organizations for the security of their data have a wrong notion that the SaaS cloud vendors would not be able to provide a better form of level of security. These cloud vendors do not display their actual data and the type of operational services, which are provided by them. There is a high chance of compromising with the security of the data of customers as these vendors do not display the needed information. These response from the SaaS service providers poses a major risk to the concerned industry. Hence, the customer should not put their data within the cloud platform if the cloud vendor does not provide a transparent level of communication.
Risk Results – The various forms of attacks due to malware might cause severe form of problems within the organization. Many of the problems are mainly caused due to the negligence within humans. The lack of knowledge within the use of databases leads to the formation of threats. Hence, the employees would need to be provided with proper form of training in order to be much more cautious in dealing with issues of risks and threats.
Digital Identity Issues
There is a high risk of the digital identity to get hacked or getting exposed while migration of data to a SaaS based cloud service provider. The digital identity of confidential data would get stored within the database whenever an online resource or network would be used. The losing of digital identity would lead to tremendous form of problems as the digital data identity is primarily used to secure the users against cyber-crimes and potential threats to data (Singhal et al., 2013).
There are several advanced ways in which hackers are able to trace the vital data of the users and thus steal them. Hence, it would be extremely necessary to secure the digital identity of individuals and organizations within the cyber space environment.
Provider Solution Issues
The applications based on the SaaS platform have their own server that would be majorly owned by some third-party organization (Sen, 2014). The risks that would be associated within the SaaS services would be needed to be secured with an optimum level of security. In order to secure the data within the SaaS platform, it is extremely vital for organizations to adapt to some of the processes of mitigation that are listed as follows:
Contracts based on Cloud Provider – There should be a proper level of communication between the provider of cloud services and organization. The recovery of data on to a safer platform is the best solution that could be provided to the client and the organization.
Data Encryption – The breach of data within the organization could be secured with the encryption of data within the organization and email based content. The encryption of data would be able to provide a safe environment for everyone associated within the cloud platform (Liu, Wang & Wu, 2014).
Primary Cloud Provider – It is very much necessary to detect a cloud provider, which would be feasible in realizing the security of data and functionalities based on mitigating the risks within the securing of data within the SaaS environments.
Security of Business Services – The right methods to approach for the best security services should be decided by the SaaS cloud service provider. There should be proper form of discussions within the designed report on cloud security within an organization (Almorsy, Grundy & Müller, 2016).
Data Sensitivity
There are numerous databases within an organization in which vital data related to the employees are stored. This data is extremely sensitive and thus any form of threat within the system would make a major level of impact within the organizational databases. However the data that would be in relation with the databases of HR systems would be regarded as highly delicate. This is mainly due to the reason that the HR systems store the data in relation with the employees. These data might contain personal contact details, banking details and vital data such as health information and various other data (Zhang et al., 2013). The vulnerability of these forms of data would lead to tremendous level of implications on the part of employees as well as the organization. There are extreme higher chances on the perspective of individuals that the personal information of the employee might get mishandled by hackers. Hence, a proper level of maintenance of the data in an ethical manner would lead to initial integrity based on data sensitivity.
Conclusion
Based on the discussion from the above report, it could be concluded that the transfer of data of an organization to SaaS cloud environment is a critical aspect. There are huge level of impending risks and threats during the entire process of transformation. In this current scenario of the report, a cloud security consultant is responsible for providing suggestions based on the implementation of SaaS based systems. This report is based on providing the best form of suggestions for a charity organization who would shift their data on to the SaaS environment of cloud. Further deep analysis had been conducted on the issues based on Digital Identity that were currently being faced by organizations. The report had also included the various issues in relation with the issues related to data sensitivity that have the capability of evaluating the data based within the organization. The proper analysis of the shift of data within the cloud had led to further issues, which would be needed to be addressed in order to secure and ensure a healthy environment for individuals and organization.
Based on the conclusions drawn from the report, it could be recommended that there should be a proper maintenance of security impact within the process of transfer of data within the cloud platform based on SaaS systems. In the current scenario where the data within the charity organization would be shifted within the SaaS cloud environment, it would be highly recommended that the entire security aspects should be taken into deep consideration. There should be a high level of encryption within the data transfer systems, messaging systems and email contents, which are primarily vulnerable to attacks within the systems. The various levels of functionalities within the data of the employees should be analysed properly and thus the cloud services should ensure that the security experts based within the cloud domains should ensure on the aspect of security and high level of encryption technologies (Espadas et al., 2013). The team of cloud consultants should analyse the entire aspects that would include even the smallest patches related to security within the access to cloud services. Even a small loophole within the SaaS environment would lead to tremendous impacts for the organization. Hence, it would be recommended for the systems to adapt to secure environments for the betterment and efficiency within the system processes.
References
Ahmed, M., & Hossain, M. A. (2014). Cloud computing and security issues in the cloud. International Journal of Network Security & Its Applications, 6(1), 25.
Ali, O., & Soar, J. (2014, May). Challenges and issues within cloud computing technology. In The fifth international conference on cloud computing, GRIDs, and virtualization(pp. 55-63).
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.
Andrikopoulos, V., Binz, T., Leymann, F., & Strauch, S. (2013). How to adapt applications for the cloud environment. Computing, 95(6), 493-535.
Arora, R., Parashar, A., & Transforming, C. C. I. (2013). Secure user data in cloud computing using encryption algorithms. International journal of engineering research and applications, 3(4), 1922-1926.
Chang, V., Kuo, Y. H., & Ramachandran, M. (2016). Cloud computing adoption framework: A security framework for business clouds. Future Generation Computer Systems, 57, 24-41.
Chung, C. J., Khatkar, P., Xing, T., Lee, J., & Huang, D. (2013). NICE: Network intrusion detection and countermeasure selection in virtual network systems. IEEE transactions on dependable and secure computing, 10(4), 198-211.
Demirkan, H., & Delen, D. (2013). Leveraging the capabilities of service-oriented decision support systems: Putting analytics and big data in cloud. Decision Support Systems, 55(1), 412-421.
Espadas, J., Molina, A., Jiménez, G., Molina, M., Ramírez, R., & Concha, D. (2013). A tenant-based resource allocation model for scaling Software-as-a-Service applications over cloud computing infrastructures. Future Generation Computer Systems, 29(1), 273-286.
Fernandes, D. A., Soares, L. F., Gomes, J. V., Freire, M. M., & Inácio, P. R. (2014). Security issues in cloud environments: a survey. International Journal of Information Security, 13(2), 113-170.
Gupta, P., Seetharaman, A., & Raj, J. R. (2013). The usage and adoption of cloud computing by small and medium businesses. International Journal of Information Management, 33(5), 861-874.
Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of security issues for cloud computing. Journal of internet services and applications, 4(1), 5.
Hat, R. (2014). Red hat enterprise linux. RED, 1.
He, W., Yan, G., & Da Xu, L. (2014). Developing vehicular data cloud services in the IoT environment. IEEE Transactions on Industrial Informatics, 10(2), 1587-1595.
Jamshidi, P., Ahmad, A., & Pahl, C. (2014, June). Autonomic resource provisioning for cloud-based software. In Proceedings of the 9th international symposium on software engineering for adaptive and self-managing systems (pp. 95-104). ACM.
Jungck, K., & Rahman, S. (2015). Cloud computing avoids downfall of application service providers. arXiv preprint arXiv:1512.00061.
Kasperson, J. X., & Kasperson, R. E. (2013). Global environmental risk. Routledge.
Kunz, M., Hummer, M., Fuchs, L., Netter, M., & Pernul, G. (2014, September). Analyzing recent trends in enterprise identity management. In Database and Expert Systems Applications (DEXA), 2014 25th International Workshop on(pp. 273-277). IEEE.
Liu, Q., Wang, G., & Wu, J. (2014). Time-based proxy re-encryption scheme for secure data sharing in a cloud environment. Information sciences, 258, 355-370.
Liu, W., & Cai, H. (2013). Embracing the shift to cloud computing: knowledge and skills for systems librarians. OCLC Systems & Services: International digital library perspectives, 29(1), 22-29.
Modi, C., Patel, D., Borisaniya, B., Patel, A., & Rajarajan, M. (2013). A survey on security issues and solutions at different layers of Cloud computing. The journal of supercomputing, 63(2), 561-592.
Rao, R. V., & Selvamani, K. (2015). Data security challenges and its solutions in cloud computing. Procedia Computer Science, 48, 204-209.
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation, management, and security. CRC press.
Roman, R., Zhou, J., & Lopez, J. (2013). On the features and challenges of security and privacy in distributed internet of things. Computer Networks, 57(10), 2266-2279.
Sen, J. (2014). Security and privacy issues in cloud computing. In Architectures and protocols for secure information technology infrastructures (pp. 1-45). IGI Global.
Sherwood, S. C., Bony, S., & Dufresne, J. L. (2014). Spread in model climate sensitivity traced to atmospheric convective mixing. Nature, 505(7481), 37.
Singhal, M., Chandrasekhar, S., Ge, T., Sandhu, R., Krishnan, R., Ahn, G. J., & Bertino, E. (2013). Collaboration in multicloud computing environments: Framework and security issues. Computer, 46(2), 76-84.
Sun, Y., Zhang, J., Xiong, Y., & Zhu, G. (2014). Data security and privacy in cloud computing. International Journal of Distributed Sensor Networks, 10(7), 190903.
Waqar, A., Raza, A., Abbas, H., & Khan, M. K. (2013). A framework for preservation of cloud users’ data privacy using dynamic reconstruction of metadata. Journal of Network and Computer Applications, 36(1), 235-248.
Yan, Q., Yu, F. R., Gong, Q., & Li, J. (2016). Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges. IEEE Communications Surveys & Tutorials, 18(1), 602-622.
Yu, R., Zhang, Y., Gjessing, S., Xia, W., & Yang, K. (2013). Toward cloud-based vehicular networks with efficient resource management. IEEE Network, 27(5), 48-55.
Zhang, X., Liu, C., Nepal, S., Pandey, S., & Chen, J. (2013). A privacy leakage upper bound constraint-based approach for cost-effective privacy preserving of intermediate data sets in cloud. IEEE Transactions on Parallel and Distributed Systems, 24(6), 1192-1202.
Zhou, A. C., & He, B. (2014). Transformation-based monetary costoptimizations for workflows in the cloud. IEEE Transactions on Cloud Computing, 2(1), 85-98.
Zhou, X., Zhan, D., Nie, L., Meng, F., & Xu, X. (2013, April). Suitable database development framework for business component migration in SaaS multi-tenant model. In Service Sciences (ICSS), 2013 International Conference on (pp. 90-95). IEEE.
Ziegeldorf, J. H., Morchon, O. G., & Wehrle, K. (2014). Privacy in the Internet of Things: threats and challenges. Security and Communication Networks, 7(12), 2728-2742.
Zonouz, S., Houmansadr, A., Berthier, R., Borisov, N., & Sanders, W. (2013). Secloud: A cloud-based comprehensive and lightweight security solution for smartphones. Computers & Security, 37, 215-227.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download