Privacy And Security Strategy For Cloud Computing: A Case Study

Discussion

Cloud computing is a technique or tool that helps to transfer data and other services of computing. The computing services are of many types like the networking, storage, analytics, software, servers and many more (AlZain et al., 2012). These services transfers and delivers these services on the Internet. This internet is also known as cloud. The organizations that provide these types of services in the cloud are known as the providers of cloud or cloud providers. They get money for providing these types of services. This charge is taken on the basis of the amount of usage the other organization is incurring and the amount of time the organization is using those cloud services. In modern world, cloud computing is one of the most utilized technologies. It is not even realized when cloud computing is used. Cloud computing delivers software whenever they are on demand (Chaisiri, Lee & Niyato, 2012). It analyzes data and makes them secured. It streams several video and audio. The main advantage of cloud computing is that it is extremely cost effective. The other advantages include the speed and productivity of the services. It is extremely reliable and flexible, which makes it even popular for all organizations. In spite of having so many advantages, cloud computing do have several disadvantages. The main disadvantage of cloud computing is that it is completely dependent on the Internet. When the Internet connection is not up to the mark or is not working, it is evident that cloud would not work. The other disadvantage of cloud computing is its security and privacy (Gampala, Inuganti & Muppidi, 2012). Though cloud is extremely reliable, however, there is always a high chance that the data can get deleted or hacked in the cloud infrastructure. There are normally three types of cloud services, which include Infrastructure as a Service, Platform as a Service and Software as a Service.

The following report outlines a brief description on the cloud privacy and security on a given case study. DAS or the Department of Administrative Services provides all types of services to the State Government of Australia. The services are of various types and categories (Gellman, 2012). These services include payroll, personnel management, procurement management, contractor management and human resources management. The government of Australia has recently changed their policies. For this reason, the Department of Administrative Services is moving and shifting to an innovative cloud approach. This approach is known as Shared Service approach. The specialty of this approach is that the Department of Administrative Services or DAS will manage and control a constant and fixed number of services. The report describes about the personal data privacy strategy (Hamlen et al., 2012). This strategy includes the management of personal information, collection and management of solicited personal information, usage and disclosure of personal information, utilization and security of digital identities, security of personal identities, and access to personal information, quality and correction of personal information. Proper recommendations are also provided for privacy controls of personal information. The second strategy is for the personal data protection, which includes protection of personal information, authorized access and disclosure of personal information, de-identification of personal data, usage of personal digital identities, security of personal data, archiving or personal data (Jain & Paul, 2013). Proper recommendations are also provided for protection of personal data.

1.1 Management of Personal Information

1. Personal Data Privacy Strategy

Department of Administrative Services or DAS is worried about their security and privacy of data in the cloud (Liu, 2012). The quality of the strategy that is to be involved in DAS should be of good quality. However, the first step for this strategy is to manage and control the personal information. This will help in protecting the information easily. There are several steps that can help the DAS to manage their personal information. This particular step is in their hand only (Zissis & Lekkas, 2012). This management can stop other intruders to hack and intrude the information. The several steps for securing the information are as follows:

1. a) Passwords: This is the most efficient and basic step for securing information. Passwords should be present in all aspects of their cloud, so that there exists no loophole in the security. Moreover, keeping passwords is not only enough (Jadeja & Modi, 2012). Changing and altering these passwords on a regular basis is mandatory for the DAS. The passwords can easily mange and secure the information from hackers.
2. b) Secured Browser: The second most important way of managing and controlling the personal information in the Department of Administrative Services is utilizing a safe and secured browser (Yu et al., 2013). The safe browser does not allow any spam or virus to enter through it and even the hackers are unable to get into it. The personal information can be easily managed through a safe and secured browser.

1.2 Collection and Management of Solicited Personal Information 

The second step in the privacy strategy is to collect and manage the solicited or requested personal information. The collection of this data is easily done by following certain simple steps. These steps include:

1. a) Reliable Source: Solicited personal information can be collected and managed only when all the requirements are met and the information is absolutely necessary and are related to every action and function (Iankoulova & Daneva, 2012). The main step is to collect, gather and acquire the information from a reliable source.
2. b) Filtering of Information: This is the second most important step for secured collection and management of personal information. Once the collection is done from a reliable source, the information should be filtered (Yang & Jia, 2013). This includes the management portion. The filtering of information will eradicate all the unnecessary information and thus only the required information will be collected.
3. c) Review: The third step of this collection and management process is to review the information. This review is extremely important once the information is filtered out (Zissis & Lekkas, 2012). If the information is useful it will be kept and if the information is not useful, it should be deleted on immediate basis.

The above steps would be helpful for collection and management of personal information of DAS.

1.3 Use and Disclosure of Personal Information

This is the third step of the privacy strategy of personal information. The information should be used and disclosed by authenticated users (Garrison, Kim & Wakefield, 2012). There are various ways to secure and block the access of unauthenticated users. The ways are as follows:

1. a) Logging Out: This is most basic way of securing personal information from unauthenticated users (Gupta, Seetharaman & Raj, 2013). When a user logs in into an account that contains all the confidential data, there is always a chance that the data can be lost. The hackers and the intruders will be easily able to get the information if he does not log out from that account or of he closes the system without logging out (Jadeja & Modi, 2012). This phenomenon stops the hackers from using the information to some extent. Even, the information is not disclosed easily.
2. b) Limited Access to Systems: This is the second way of securing the personal information from being used and disclosed in front of the unauthenticated users (Pearson, 2013). The access should be limited so that the hackers are not able to track them down. Passwords play a significant role in this phenomenon.

The above ways would be extremely helpful for DAS to stop the use and disclosure of their personal information.

1.4 Use and Security of Digital Identities

The data of an organization, utilized to portray or represent an external representative is known as a digital identity (Yang & Jia, 2013). This digital identity can either be an organization, an application or a person. These identities have various advantages and benefits. The important benefits of digital identities are as follows:

1. a) Data Integrity: Digital identity helps to maintain the integrity of the data. It is extremely beneficial for DAS.
2. b) Security: The first and foremost thing that comes into mind in case of data is its security (Wu et al., 2012). Digital identities help to secure the data completely and thus data does not get lost.
3. c) Fast: The third advantage of digital identity is that it is extremely fast and the speed of this identity makes it popular amongst all.
4. d) Simple: Digital identities do not have many complexities and is extremely simple. This simplicity makes it easier to implement and use.

In spite of having many advantages, there always exists a chance of hacking in such identities (Iankoulova & Daneva, 2012). The security should be extremely high while implementing these digital identities. DAS should focus on their security and use of the digital identities in the privacy control strategy of personal information.

1.5 Security of Personal Information

This is the most important step in the strategy. The personal information contains all the necessary and confidential data that an organization wants to preserve (AlZain et al., 2012). This information cannot be leaked at any cost as it will increase vulnerabilities and cyber threats. There are several ways to secure the personal information. They are as follows:

1. a) Anti Virus: This is the simplest way of securing any system. If the system will be protected, it is evident that the information will also be protected (Hashizume et al., 2013). Each and every system should be secured with antivirus so that there exists no loopholes in security.
2. b) Passwords: This is the most efficient and basic step for securing information. Passwords should be present in all aspects of their cloud. Moreover, keeping passwords is not only enough (Yang & Jia, 2013). Changing and altering these passwords on a regular basis is mandatory for the DAS. The passwords can easily mange and secure the information from hackers.
3. c) Pop up Blocking: This type of software helps to block the pop up windows and thus the information cannot be hacked or intruded (Behl & Behl, 2012). The pop up windows are always attracting various hackers for phishing purposes.

These several ways will be helpful for the Department of Administrative Services in designing their personal information privacy strategy.

1.6 Access to Personal Information

2. Privacy Controls Recommendations

The personal information should not be accessible to everyone especially for the unauthenticated and unsanctioned users (Yu et al., 2013). There are various ways to stop these types of users from accessing the personal information. DAS have to take certain measures for securing the information. These security measures are as follows:

1. a) Access Control: The access to the system should be controlled and managed so that the personal information is accessed by all the users. This measure is needed and required for all the systems in the Department of Administrative Services.
2. b) Using Special Characters in Passwords: Passwords should be set in such a way that they could not encrypted easily (Ryan, 2013). This type of passwords is used by almost organizations for security purposes.
3. c) Limited Access to Systems: This is the third way of securing the access of the personal information from being used and disclosed in front of the unauthenticated users. The access should be limited so that the hackers are not able to track them down. Passwords play a significant role in this phenomenon.
4. d) Private WiFi Connections: Most of the security issues arises because of the open access of the Internet or most precisely the WiFi connections. These types of connections allow multiple users to access the information easily (Srinivasan et al., 2012). Department of Administrative Services or DAS should restrict the access of the Internet so that everybody is not able to access the WiFi connection. It should be absolutely private and only the authenticated users would be able to access them.

These security measures would help DAS for securing and preserving their personal information and their privacy strategy would be completed.

1.7 Quality and Correction of Personal Information

The quality of any information should be up to the mark to ensure that the organization is not securing and storing wrong information. Department of Administrative Services should preserve their personal information by taking several measures (Behl & Behl, 2012). However, it should be ensured at first that the information which is being stored is of the best quality. This will help the organization to eradicate all the unnecessary information and to store only the necessary and important information. The second part is to correct the information. Even if the information has some problems within it, it should be corrected immediately so that DAS do not face any problems in future (Khalil, Khreishah & Azeem, 2014). This quality and correction of personal information is the most important step in the strategy of privacy and security. Moreover, a system should be implemented to check the overall privacy and security of the system and the information.

The above-mentioned steps will complete the entire process of privacy data control strategy (Popa et al., 2012). Department of Administrative Services should opt for this strategy to control and secure their personal information.

S.No	“Privacy Controls Risks (Personal data)”	“Mitigation Plans”	“Implementation “
1.	Malicious Code or Software: This type of software or code is implemented in any system for hacking purpose (Rong, Nguyen & Jaatun, 2013). A hacker or an intruder does this type of job so that he is able to hack into the hack and obtain all the confidential and necessary data. This type of code can replicate itself and once it enters the system, the entire system is formatted.	1. Antivirus: This is the most basic and simple mitigation plan for any type of risk in the personal data (Khalil, Khreishah & Azeem, 2014). This type of software helps to detect and prevent the virus attacks and malicious codes or software from entering into the system.	1. Antivirus can be implemented in any system by installing the software in the system easily.
2. Firewalls:  This is the second way of securing personal information ( Dinh et al., 2013). The firewalls act ac walls in case of security. They eventually detect and prevent the security risks and threats of the data.	2. Firewalls can be easily implemented in any system for security. Software is available for implementation of firewalls (Rong, Nguyen & Jaatun, 2013). It does not incur any type of complexities. It can be easily installed in the system.
2.	Denial of Service: This is the second most vulnerable risk for all personal information. It is done by simply denying the service of a system ( Rittinghouse & Ransome, 2016). The user has no idea about this type of attack. The hacker or the intruder denies the access and this is turn increases the risk of the personal information.	1. Increase in Server Bandwidth: This is the simplest way to mitigate or reduce the denial of service attacks ( Chen & Zhao, 2012). The server bandwidth should be increased to mitigate such risks.	1. The server bandwidth can be increased by increasing the budget. It is a little bit expensive, however, if it is implemented, there is a sure chance of reduction of denial of service attacks.
2. Architecture: The architecture should be resilient to prevent these types of attacks ( Lin & Chen, 2012). If the architecture is not up to the mark it is evident that there will be a massive problem in the overall security of the personal information.	2. The architecture is the most important part of any system. The architecture should be resilient by locating the servers in several data centres and ensuring that the data centres are located in different networks.
3.	Personal Information Leakage: This is one of the most important threat or risk for any personal information. The information can be easily leaked or exposed in the cloud and the information loses all the integrity and confidentiality. This type of risk is extremely common for any organization.	1. Encryption: This is the most basic and simple way of securing data and information in any system ( Srinivasan et al., 2012). Encryption is the process of encoding a confidential message or text into a cipher text in such a way that only the receiver would be able to access that message or text. It is extremely popular for any organization for securing their information. DAS should implement this security measure.	1. Encryption has two basic algorithms. The symmetric key and asymmetric key algorithms. According to the symmetric key algorithm, the key that will open the message is same as the key that has encoded the message (Popa et al., 2012). The main advantage of this algorithm is that t is extremely simple to implement.  The second algorithm is the asymmetric key algorithm, which has two different keys within it. This is little complex as there are two keys involved in the case. The implementation is done by simply following the steps of the algorithms.
2. Digital Authentication: This is the second most popular way of securing the personal information. Digital authentication is the procedure of authenticating a person or an individual by digital means (Popa et al., 2012). The most basic examples of digital authentication include the face recognition software, digital signatures and fingerprint recognition.	2. Digital authentication is implemented by installing biometric entrance to all the systems in the organization (Ren,  Wang, & Wang, 2012). This is extremely simple to install and can be easily implemented without many complexities.
4.	Identity Theft: One of the most dangerous and vulnerable threat is the identity theft. The hacker or the intruder acts as the user and thus access all the information easily (Ren,  Wang, & Wang, 2012). The identity of the user is stolen in this type of risk.	1. Passwords: This is the basic security for reducing and mitigating identity thefts ( Herbst, Kounev & Reussner, 2013). Passwords protect the entire system from hackers and intruders to enter into the system and hack.	1. Passwords are set by users in any system. Special characters are used to set this password. Only authenticated users have the right to know the passwords. Moreover, they are changed and altered periodically. This will be helpful for DAS.
2. Not Responding to Unsolicited Mails: This is another simple way of mitigating such risks. Unsolicited e-mails attract various hackers and intruders into the system. Even such phones calls should be avoided, which wants confidential information.	2. No as such implementation is needed for this mitigating plan (Arora, Parashar & Transforming, 2013). The simple way is to avoid such phone calls and emails so that the intruder does not get any idea about the personal information.
5.	Receiving Unsolicited E-mails: This is also a vulnerable security threat for any organization. Such mails are known as spam. They have the ability to steal and modify all confidential information within few moments.	1. Avoid Clicking: This is the simplest step to mitigate reducing this type of emails ( Sefraoui, Aissaoui & Eleuldj, 2012). The user should avoid or stop clicking on all mails and open only the important and required emails.	1. No such implementation is required for this mitigation plan. Just the user has to be careful before entertaining any sort of emails.
2. Use a Disposable Email Address: A disposable email always protects the user from receiving all sorts of unsolicited emails from fake addresses (Wu et al. 2013). This in turn helps the user to avoid spam messages.	2. The Department of Administrative Services should use a disposable email address. They will only have to open their accounts in that email. This will protect their data from spam and thus integrity would be maintained.
6.	Loss of Data in the Clouds: This is an extremely significant risk in case of securing personal information. While storing or retrieving the data in the cloud, there is always a high chance that the data will be lost in the clouds. Often, these data cannot be retrieved once lost. This can lead an organization to a serious trouble.	1. Encryption:  This is the most basic and simple way of securing data and information in the clouds. Encryption is the process of encoding a confidential message or text into a cipher text in such a way that only the receiver would be able to access that message or text (Yu et al., 2013). It is extremely popular for any organization for securing their information. DAS should implement this security measure.	1. Encryption has two basic algorithms. The symmetric key and asymmetric key algorithms (Xiao, Song & Chen, 2013). According to the symmetric key algorithm, the key that will open the message is same as the key that has encoded the message. The main advantage of this algorithm is that t is extremely simple to implement (Wang et al., 2012).  The second algorithm is the asymmetric key algorithm, which has two different keys within it. This is little complex as there are two keys involved in the case. The implementation is done by simply following the steps of the algorithms.
2. Passwords:  This is the basic security for reducing and mitigating loss of data in the clouds (Xiao, Song & Chen, 2013). Passwords protect the entire system from hackers and intruders to enter into the system and hack.	2. Passwords are set by users in any system. Special characters are used to set this password. Only authenticated users have the right to know the passwords. Moreover, they are changed and altered periodically. This will be helpful for DAS.

3.1 Protection of Personal Information

DAS or the Department of Administrative Services is suffering from several security issues in their personal information. There are several kinds of risks and threats that prevent the information from getting secured (Arora, Parashar & Transforming, 2013). The hackers and the intruders get easy access of the data if the information is not completely protected. Personal information should be protected at any cost. There are several ways of protection of personal information. They are as follows:

1. a) Passwords: This is the most efficient and basic step for securing information. Passwords should be present in all aspects of their cloud, so that there exists no loophole in the security. Moreover, keeping passwords is not only enough (Sefraoui, Aissaoui & Eleuldj, 2012). Changing and altering these passwords on a regular basis is mandatory for the DAS. The passwords can easily mange and secure the information from hackers.
2. b) Secured Browser: The second most important way of managing and controlling the personal information in the Department of Administrative Services is utilizing a safe and secured browser (Wang et al., 2012). The safe browser does not allow any spam or virus to enter through it and even the hackers are unable to get into it. The personal information can be easily managed through a safe and secured browser.

3.2 Authorized Access and Disclosure of Personal Information

The authorized access and non disclosure are extremely important for any information. The data always has the chance of getting modified or altered by the hacker (Arora, Parashar & Transforming, 2013). The various ways to keep the access authorized include installing and implementing firewalls, antivirus, and access control.

3.3 De-Identification of Personal Data

The particular process that stops and prevents a hacker to know the identity of a personal information is known as the de-identification of personal data. There are various ways to prevent the identification of data (Xiao, Song & Chen, 2013). The security measures include antivirus, firewalls, security policies and many more. DAS should implement all of these for de-identification of their personal data or information.

3.4 Use of Personal Digital Identities

The data of an organization, utilized to portray or represent an external representative is known as a digital identity. This digital identity can either be an organization, an application or a person (Gonzalez et al., 2012). These identities have various advantages and benefits. The important benefits of digital identities are as follows:

1. a) Data Integrity: Digital identity helps to maintain the integrity of the data. It is extremely beneficial for DAS.
2. b) Security: The first and foremost thing that comes into mind in case of data is its security (Xiao, Song & Chen, 2013). Digital identities help to secure the data completely and thus data does not get lost.
3. c) Fast: The third advantage of digital identity is that it is extremely fast and the speed of this identity makes it popular amongst all.
4. d) Simple: Digital identities do not have many complexities and is extremely simple. This simplicity makes it easier to implement and use.

3.5 Security of Personal Data

The security of the personal data is the first and the foremost thing that is making DAS worried enough. The security should be high for the personal data. Several ways are there to secure the personal data (Wang et al., 2012). These measures include antivirus, firewalls, security policies, digital authentication, digital signatures and many more.

3.6 Archiving of Personal Data

This is the last step of the personal data protection strategy. Archiving or storing of all data is mandatory for its security and privacy (Gonzalez et al., 2012). It maintains the confidentiality and integrity of the data. Moreover, archiving of data does not allow them to get lost. DAS should take into account that their data should be archived.

S.No	“Security Risks (Personal data)”	“Mitigation Plans”	“Implementation Methods”
1.	Loss of storage: The storage stores or preserves all the necessary and confidential data in a particular storage (Beloglazov, Abawaj & Buyya, 2012). This storage is extremely important for any privacy security system. However, there is always a high chance of losing or destruction of that storage.	1. Upgrading Architecture: The storage should have the best possible architecture within it so that there is no chance of loss of that storage.	1. The architecture of the storage can be upgraded by simply increasing the budget to a certain level so that a better storage is affordable. This up gradation of architecture even will help DAS to store their data fast and with secured method.
2. Maintenance: This is the second way of mitigating the risk of loss of storage in case of data security ( Garg, Versteeg & Buyya, 2013). Maintenance should be done periodically so that there exists no chance of loss of storage and thus data will not be lost.	2. Maintenance is the most important step for any device or storage ( Wei et al., 2012). If the storage is not maintained properly, there is a high chance that the storage would be destructed and the data would be lost. DAS should organize a periodic maintenance so that this storage is not lost.
2.	Eavesdropping: This is one of the most vulnerable and dangerous security threat or risk in case of information or data (Gonzalez et al., 2012). It certainly means of hearing or sniffing the data. The hacker or the intruder gets into the network and gets to know all the confidential information that is sent from the sender to receiver.	1.  Encryption:  This is the most basic and simple way of securing data and information in the clouds. Encryption is the process of encoding a confidential message or text into a cipher text in such a way that only the receiver would be able to access that message or text (Wu et al., 2012). It is extremely popular for any organization for securing their information. DAS should implement this security measure.	1.  Encryption has two basic algorithms. The symmetric key and asymmetric key algorithms (Wei et al., 2012). According to the symmetric key algorithm, the key that will open the message is same as the key that has encoded the message (Mishra et al., 2012). The main advantage of this algorithm is that t is extremely simple to implement.  The second algorithm is the asymmetric key algorithm, which has two different keys within it. This is little complex as there are two keys involved in the case. The implementation is done by simply following the steps of the algorithms.
2. Control of Software: The software that is installed in the system should be controlled and managed so that there is no chance of eavesdropping in the network. Moreover, the software should be up to the mark and not a pirated version.	2. Controlling of software depends on the quality of the software (Wei et al., 2012). It should be kept in mind that the software is not of pirated version. For implementation, the software should be installed by proper means and by perfection.
3.	Interception of Messages: Message or information is intercepted easily in any security system. The hackers intercept the data. In most cases, they even modify or change the data completely before the receiver receives it.	1. Firewalls:  This is the best way of securing personal information. The firewalls act as walls in case of security (Wu et al., 2012). They eventually detect and prevent the security risks and threats of the data. The interception of information can be stopped by implementing firewalls in the system.	1.  Firewalls can be easily implemented in any system for security. Software is available for implementation of firewalls (Garg, Versteeg & Buyya, 2013). It does not incur any type of complexities. It can be easily installed in the system.
2.  Encryption:  This is the most basic and simple way of securing data and information from interception (Mishra et al., 2012). Encryption is the process of encoding a confidential message or text into a cipher text in such a way that only the receiver would be able to access that message or text. It is extremely popular for any organization for securing their information. DAS should implement this security measure.	1.  Encryption has two basic algorithms. The symmetric key and asymmetric key algorithms. According to the symmetric key algorithm, the key that will open the message is same as the key that has encoded the message. The main advantage of this algorithm is that t is extremely simple to implement ( Bonomi et al., 2012).  The second algorithm is the asymmetric key algorithm, which has two different keys within it. This is little complex as there are two keys involved in the case. The implementation is done by simply following the steps of the algorithms.
4.	Man in the Middle: This is another most vulnerable threat in case of security. A man in present between the user and the network (Xu, 2012). The moment the user sends the data, immediately the hacker is able to track down all the data. He does not change the data but he knows all of it.	1. Encryption: This is the best way of preventing man in the middle problem (Lin et al., 2013). The intruder will not be able to read the message and thus the message can be easily protected.	1. Implementation of encryption is extremely simple. There are two types of algorithms in encryption. The symmetric key algorithm is the best for this type of risk.
2. VPN: Virtual Private Network provides a private network in a public network for sending and receiving data ( Lee & Zomaya, 2012). This technology can easily prevent man in the middle attack.	2. There are few steps to implement VPN in a system. At first, the remote VPN server should be configured ( Garg, Versteeg & Buyya, 2013). Then the IP address should be given and finally the implementation gets completed.
5.	Network Traffic Manipulation: This type of security risk is extremely common in modern world. When the user sends a data, it travels through a distinct path or traffic ( Radut,  Popa & Codreanu, 2012). An intruder eventually manipulates the entire traffic of the network and the data does not reach to the receiver.	1. Firewalls:  This is the best way of securing personal information. The firewalls act as walls in case of security (Nafi et al., 2013). They eventually detect and prevent the security risks and threats of the data. The network traffic manipulation can be stopped by implementing firewalls in the system.	1.  Firewalls can be easily implemented in any system for security. Software is available for implementation of firewalls ( Xiao & Xiao, 2013). It does not incur any type of complexities. It can be easily installed in the system.
2.  Antivirus: This is the most basic and simple mitigation plan for any type of risk in the personal data (Hashem et al., 2015). This type of software helps to detect and prevent the any type of network manipulation or intruder from entering into the system.	2.  Antivirus can be implemented in any system by installing the software in the system easily.
6.	Destruction of Records: This type of risk is mostly caused unintentionally by the employees of an organization (Kliazovich, Bouvry & Khan, 2012). However, if the records are destructed, it can cause major problem in the organization.	1. Proper Storage: This is the most important mitigation plan in case of destruction of records (Behl & Behl, 2012). The storage of the records should be proper and secured.	1. The storage of information should be properly maintained and secured by DAS.
2. Proper Training: This type of destruction is mostly caused by the lack of training of the employees (Almorsy,  Grundy & Müller, 2016). They should be properly trained so that they does not make any mistake.	2. No such implementation method is present in this plan. Trainers should be hired by DAS for training purposes.

Student 1: What is cloud security?

Student 2: Cloud security is a broad range of strategies to secure the data with the help of cloud computing.

Student 2: What is the problem with DAS?

Student 1: DAS is planning to shift their services to a new approach, known as the Shares Service approach for better security.

Student 2: What are the major risks for privacy of personal information?

Student 1: The main risks include the eavesdropping, leakage of data in clouds, denial of service attacks, malicious code or software and many more.

Student 2: Are these harmful?

Student 1: Yes, these extremely harmful.

Student 2: Can these risks be mitigated?

Student 1: Yes, these risks can be mitigated by certain measures.

Student 1: There should be a strategy for security and privacy for DAS.

Student 2: Yes. This strategy should contain all the necessary and required information about security and privacy of any data.

Student 1: The strategy should be helpful for the Department of Administrative Services.

Conclusion 

Therefore, from the above discussion it can be concluded that, cloud computing is a technique or tool that helps to transfer data and other services of computing. The computing services are of many types like the networking, storage, analytics, software, servers and many more. These services transfers and delivers these services on the Internet. This internet is also known as cloud. The organizations that provide these types of services in the cloud are known as the providers of cloud or cloud providers. They get money for providing these types of services. This charge is taken on the basis of the amount of usage the other organization is incurring and the amount of time the organization is using those cloud services. Cloud security is a broad range of strategies to secure the data with the help of cloud computing. In modern world, cloud computing is one of the most utilized technologies. For every activity on the Internet, like sending emails, playing games, editing several documents, storing pictures, accessing other files, cloud is the most important service for them. It is the cloud that makes all of them possible easily. Cloud computing helps in several activities like creating brand new services and applications, storing of data, back up of data and even recovery of data after system is crashed. It even delivers software whenever they are on demand. It analyzes data and makes them secured. It streams several video and audio. The main advantage of cloud computing is that it is extremely cost effective. The other advantages include the speed and productivity of the services. It is extremely reliable and flexible, which makes it even popular for all organizations. In spite of having so many advantages, cloud computing do have several disadvantages. The main disadvantage of cloud computing is that it is completely dependent on the Internet. The other disadvantage of cloud computing is its security and privacy. Though cloud is extremely reliable, however, there is always a high chance that the data can get deleted or hacked in the cloud infrastructure. There are normally three types of cloud services, which include Infrastructure as a Service, Platform as a Service and Software as a Service. The above report describes about the case of the Department of Administrative Services or DAS. DAS provides all types of services to the State Government of Australia. The services are of various types and categories. These services include payroll, personnel management, procurement management, contractor management and human resources management. The government of Australia has recently changed their policies. For this reason, the Department of Administrative Services is moving and shifting to an innovative cloud approach. The specialty of this approach is that the Department of Administrative Services or DAS will manage and control a constant and fixed number of services. The main advantage of this activity will be obtained by the Whole of Government or WofG. However, various strategies are to be followed by them. The report describes about the personal data privacy strategy. This strategy includes the management of personal information, collection and management of solicited personal information, usage and disclosure of personal information, utilization and security of digital identities, security of personal identities, access to personal information, quality and correction of personal information. The report also provides a strategy for protection of personal data with proper details. Significant references are also given in the report for the two strategies.

References

Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.

AlZain, M. A., Pardede, E., Soh, B., & Thom, J. A. (2012, January). Cloud computing security: from single to multi-clouds. In System Science (HICSS), 2012 45th Hawaii International Conference on (pp. 5490-5499). IEEE.

Arora, R., Parashar, A., & Transforming, C. C. I. (2013). Secure user data in cloud computing using encryption algorithms. International journal of engineering research and applications, 3(4), 1922-1926.

Behl, A., & Behl, K. (2012, October). An analysis of cloud computing security issues. In Information and Communication Technologies (WICT), 2012 World Congress on (pp. 109-114). IEEE.

Beloglazov, A., Abawajy, J., & Buyya, R. (2012). Energy-aware resource allocation heuristics for efficient management of data centers for cloud computing. Future generation computer systems, 28(5), 755-768.

Bonomi, F., Milito, R., Zhu, J., & Addepalli, S. (2012, August). Fog computing and its role in the internet of things. In Proceedings of the first edition of the MCC workshop on Mobile cloud computing (pp. 13-16). ACM.

Chaisiri, S., Lee, B. S., & Niyato, D. (2012). Optimization of resource provisioning cost in cloud computing. IEEE Transactions on Services Computing, 5(2), 164-177.

Chen, D., & Zhao, H. (2012, March). Data security and privacy protection issues in cloud computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 1, pp. 647-651). IEEE.

Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of mobile cloud computing: architecture, applications, and approaches. Wireless communications and mobile computing, 13(18), 1587-1611.

Gampala, V., Inuganti, S., & Muppidi, S. (2012). Data security in cloud computing with elliptic curve cryptography. International Journal of Soft Computing and Engineering (IJSCE), 2(3), 138-141.

Garg, S. K., Versteeg, S., & Buyya, R. (2013). A framework for ranking of cloud computing services. Future Generation Computer Systems, 29(4), 1012-1023.

Garrison, G., Kim, S., & Wakefield, R. L. (2012). Success factors for deploying cloud computing. Communications of the ACM, 55(9), 62-68.

Gellman, R. (2012, August). Privacy in the clouds: risks to privacy and confidentiality from cloud computing. In Proceedings of the World privacy forum,.

Gonzalez, N., Miers, C., Redigolo, F., Simplicio, M., Carvalho, T., Näslund, M., & Pourzandi, M. (2012). A quantitative analysis of current security concerns and solutions for cloud computing. Journal of Cloud Computing: Advances, Systems and Applications, 1(1), 11.

Gupta, P., Seetharaman, A., & Raj, J. R. (2013). The usage and adoption of cloud computing by small and medium businesses. International Journal of Information Management, 33(5), 861-874.

Hamlen, K., Kantarcioglu, M., Khan, L., & Thuraisingham, B. (2012). Security issues for cloud computing. Optimizing Information Security and Advancing Privacy Assurance: New Technologies: New Technologies, 150.

Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The rise of “big data” on cloud computing: Review and open research issues. Information Systems, 47, 98-115.

Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of security issues for cloud computing. Journal of Internet Services and Applications, 4(1), 5.

Herbst, N. R., Kounev, S., & Reussner, R. H. (2013, June). Elasticity in Cloud Computing: What It Is, and What It Is Not. In ICAC (Vol. 13, pp. 23-27).

Iankoulova, I., & Daneva, M. (2012, May). Cloud computing security requirements: A systematic review. In Research Challenges in Information Science (RCIS), 2012 sixth international conference on (pp. 1-7). IEEE.

Jadeja, Y., & Modi, K. (2012, March). Cloud computing-concepts, architecture and challenges. In Computing, Electronics and Electrical Technologies (ICCEET), 2012 International Conference on (pp. 877-880). IEEE.

Jain, R., & Paul, S. (2013). Network virtualization and software defined networking for cloud computing: a survey. IEEE Communications Magazine, 51(11), 24-31.

Khalil, I. M., Khreishah, A., & Azeem, M. (2014). Cloud computing security: a survey. Computers, 3(1), 1-35.

Kliazovich, D., Bouvry, P., & Khan, S. U. (2012). GreenCloud: a packet-level simulator of energy-aware cloud computing data centers. The Journal of Supercomputing, 62(3), 1263-1283.

Lee, Y. C., & Zomaya, A. Y. (2012). Energy efficient utilization of resources in cloud computing systems. The Journal of Supercomputing, 60(2), 268-280.

Lin, A., & Chen, N. C. (2012). Cloud computing as an innovation: Percepetion, attitude, and adoption. International Journal of Information Management, 32(6), 533-540.

Lin, C., Su, W. B., Meng, K., Liu, Q., & Liu, W. D. (2013). Cloud computing security: architecture, mechanism and modeling. Chinese Journal of Computers, 36(9), 1765-1784.

Liu, W. (2012, April). Research on cloud computing security problem and strategy. In Consumer Electronics, Communications and Networks (CECNet), 2012 2nd International Conference on (pp. 1216-1219). IEEE.

Mishra, A., Mathur, R., Jain, S., & Rathore, J. S. (2013). Cloud computing security. International Journal on Recent and Innovation Trends in Computing and Communication, 1(1), 36-39.

Nafi, K. W., Kar, T. S., Hoque, S. A., & Hashem, M. M. A. (2013). A newer user authentication, file encryption and distributed server based cloud computing security architecture. arXiv preprint arXiv:1303.0598.

Pearson, S. (2013). Privacy, security and trust in cloud computing. In Privacy and Security for Cloud Computing (pp. 3-42). Springer London.

Popa, L., Kumar, G., Chowdhury, M., Krishnamurthy, A., Ratnasamy, S., & Stoica, I. (2012, August). FairCloud: sharing the network in cloud computing. In Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication (pp. 187-198). ACM.

Radut, C., Popa, I., & Codreanu, D. (2012). Cloud Computing Security. REVISTA ECONOMIC?, 171.

Ren, K., Wang, C., & Wang, Q. (2012). Security challenges for the public cloud. IEEE Internet Computing, 16(1), 69-73.

Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation, management, and security. CRC press.

Rong, C., Nguyen, S. T., & Jaatun, M. G. (2013). Beyond lightning: A survey on security challenges in cloud computing. Computers & Electrical Engineering, 39(1), 47-54.

Ryan, M. D. (2013). Cloud computing security: The scientific challenge, and a survey of solutions. Journal of Systems and Software, 86(9), 2263-2268.

Sefraoui, O., Aissaoui, M., & Eleuldj, M. (2012). OpenStack: toward an open-source solution for cloud computing. International Journal of Computer Applications, 55(3).

Srinivasan, M. K., Sarukesi, K., Rodrigues, P., Manoj, M. S., & Revathy, P. (2012, August). State-of-the-art cloud computing security taxonomies: a classification of security challenges in the present cloud computing environment. In Proceedings of the international conference on advances in computing, communications and informatics (pp. 470-476). ACM.

Wang, C., Wang, Q., Ren, K., Cao, N., & Lou, W. (2012). Toward secure and dependable storage services in cloud computing. IEEE transactions on Services Computing, 5(2), 220-232.

Wei, L., Zhu, H., Cao, Z., Dong, X., Jia, W., Chen, Y., & Vasilakos, A. V. (2014). Security and privacy for storage and computation in cloud computing. Information Sciences, 258, 371-386.

Wu, L., Garg, S. K., & Buyya, R. (2012). SLA-based admission control for a Software-as-a-Service provider in Cloud computing environments. Journal of Computer and System Sciences, 78(5), 1280-1299.

Xiao, Z., & Xiao, Y. (2013). Security and privacy in cloud computing. IEEE Communications Surveys & Tutorials, 15(2), 843-859.

Xiao, Z., Song, W., & Chen, Q. (2013). Dynamic resource allocation using virtual machines for cloud computing environment. IEEE transactions on parallel and distributed systems, 24(6), 1107-1117.

Xu, X. (2012). From cloud computing to cloud manufacturing. Robotics and computer-integrated manufacturing, 28(1), 75-86.

Yang, K., & Jia, X. (2013). An efficient and secure dynamic auditing protocol for data storage in cloud computing. IEEE transactions on parallel and distributed systems, 24(9), 1717-1726.

Yu, N. H., Hao, Z., Xu, J. J., Zhang, W. M., & Zhang, C. (2013). Review of cloud computing security. Dianzi Xuebao(Acta Electronica Sinica), 41(2), 371-381.

Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation computer systems, 28(3), 583-592.