A lot of speculations have been made regarding what a community cloud is. Some people believe that it is a trend representing the next evolutions stage of technology. Others view it as hype as it puts into use already existing computing technologies. So, precisely what is cloud computing? A community cloud is a cloud service design which avails cloud computing results in a restricted number of persons or organizations (Youssef, 2012).
The service is controlled, handled and secured by a third party service provider or by its users. They are designed for business or charity organizations to help them execute their roles without a great hustle. The system gives excellent flexibility as well as readily avails computing data at a lower cost. Various models exist which help organizations as well as individuals to store their data. Each design has its good and bad side with each revolving around security, confidentiality, and security of data. In this paper, I am going to offer a risk assessment report to a charity organization which has planned to move to SaaS application offerings.
All in one Human Resource Management System popularly known as HR system is a database that came to the rescue of human resource managers (Bhuvaneswaran, 2018). There are two types of HR databases, in-house, and cloud-based HR systems. An HR system is a combination of processes and systems which join human resource management together with information technology through an HR system. The system helps in several managerial functions such as management of payrolls, storage of employees’ data, recruitment processes as well as keeping tracks on employees’ attendance records (Monks et al., 2013). The system makes sure that each day’s human resource progress is organized and easy to reach. It merges data according to its discipline and functions and stores it in a database. It consequently provides a way through which each organizations employee can acquire their information.
Software-as-a-service (SaaS) is a distribution software design whereby a third party provider hosts applications and avails them to their customers when they need them over the internet (Rajegore & Kadam, 2016). It is a data storage solution provided by an HR and personnel management application. It is one of the three types of cloud computing. It assists organizations with the hustle of installing and running applications on their own. The customers can scale down or up their requirements. The third party who stores the data owns the whole infrastructure. Security issues ultimately hamper the growth of this infrastructure.
A lot has been said and written about the safety of data. IT experts, business leaders, and organizations have had a tough time to make decisions on the best way to store their data. Speed, security, and costs of keeping vast amounts of data have been the immense drivers towards which system to use. Many have preferred to use outcropping SaaS design solutions while others have resolved into clinging to the old in-house Hr systems. In this section, I will assess the possible risks and threats that both the cloud-based HR system providing SaaS solutions and the in-house HR system databases may pose to the security of the data and information of the Charity organization employees.
Data in this charity organization is generated at a rapid rate. The data’s final destination is the organization’s premises-based small data center which makes it easy for the organization to manage it. It is only the authorized employees of the organization who have the opportunity to access, analyze or enter data in it. As the definition suggests, a database contains large chunks of data. The database is the backbone for the companies HR model (Malik & Patel, 2016). Since this organization keeps enormous confidential and essential information for its employees in the database, there are tremendous possibilities of attacks. These attacks revolve around the security of the employees’ data. In this section, I have reviewed some possible threats to the employees’ data ranging from access control into the system to data scrambling and data corruption. Some of the threats that the organizations’ HR database maybe posing to the employees’ data stored in it are discussed below
To begin with, since all the five hundred employees of this organization have the privilege to access the database, some of the employees may decide to exceed what their job function in the organization requires (Gerena, 2012). Some unauthorized workers may use this as an opportunity to gain access to the other employees’ confidential information. For example, since, it is a requirement for every employer to know the health status of their employees, an employer who is not authorized to see the health status of the other employees may gain access to such information. He or she may use it against the fellow employees’ thus causing stigma to any employee who might be suffering from some incurable diseases such as HIV/AIDS.
Secondly, some of the employees of the organization may opt to abuse the privilege they have to access the database (Rohilla & Mittal, 2013). For example, an employee with an opportunity to view individual payroll status may abuse that status and retrieve all employees’ payment records via MS-Excel software. This may put the lives of the employees earning huge amount of salaries into dangers of being robbed. On the same note, an attacker may use such a privilege to elevate his or her access authority from a normal employee privilege to an administrator privilege. Without a query-level access control, the intruder may not be easily detected. This might be a bigger threat to the security of the organizations’ management as the intruder may change so many administrative details.
The charity organization might have secured its database, but Inference stands to be a significant threat to the security of the employees’ information stored in the database (Ali & Afzal, 2017). It still stands out that there is a huge possibility for one of the employee to make inferences from the information they excavate from the database. This can enable such a user to make conclusions concerning more sensitive information from less sensitive the information retrieved from the database. An inference presents a security breach to the organization’s database if the highly classified information is guessed from less sensitive information.
The two critical problems which can arise from inference include aggregation and data association problems. Aggregation problem might arise if a section of the employees’ information is not highly classified while another one highly classified. For example, the general medical status of the employees might be classified while polio status of each employee is less classified. This is a great threat as an intruder can excavate employees’ personal information and expose it to the black market.
Of late, cloud storage has become common within IT. However, it might pose some challenges to the employees’ data. For instance, since the whole process involves giving the organizations data to a third party, it is a point of concern on who gets access to the information or where the data is stored. The information may face several challenges such as deletion, corruption or dissemination by unauthorized personnel. This is a big point of concern to the organization stores sensitive information that might be detrimental if at all it falls in the hands of other people.
Secondly, competition is seriously taking up the better part of this sector. Cloud services are highly becoming popular (Morrow, 2018). This is a double-edged sword. On one side, it means that more options for the users are cropping up which in return increases the quality of services that a particular SaaS provider offers. On the other side, not every provider has kept up with the growing market. This may give a rise to a scenario where the provider may get shut down due to their inefficiency to compete.
From this point, the organization’s data portability becomes a real challenge. This implicates that all the money that had been invested in the program goes down the brain. Unfortunately, this may be a risk the Charity organization has to take. Consequently, who knows where the employee’s data that was stored on the provider’s servers remains a mystery. This is because, after the shutdown, cybercriminals may decide to hack the servers and get hold of whatever information stored in the database.
Cloud Service Providers (CSPs) exhibit a set of application programming interfaces (APIs) that the employees use to manage and interact with the services that the provider offers. The employees will be required to use these APIs to control, provide, monitor and orchestrate their data and information (Intel, 2015). This APIs, as well as other software, are vulnerable to malware as other APIs in operating systems such as libraries. CSP APIs are accessible via the internet, unlike on-premise computing APIs. This broadly exposes them to potential exploitations. Cyber threat actors look for weaknesses in the management of CSP APIs. If they discover them, they can successfully attack the employee’s information and use it to execute some crimes in the money industry utilizing the organization employees’ identity.
A critical problem has faced the CSP’s infrastructure over time. They have found it not easy to separate multiple tenants that they house their data. If this is the case with the SaaS provider in hand, possible data leakage may be witnessed if at all the Charity Organization agrees to be served by the provider. Through the exploitation of vulnerabilities contained in the CSP application or a hypervisor, an attacker may accomplish subverting logical isolation control. This can result from exploitation of the systems software. An attacker may gain access to the information hence corrupting it.
If the Charity organization opts to delete some data, it is not possible to be sure that the data was eliminated. This is because the employees will have a limited view of where their data is stored. The cloud also has a minimum ability to verify that a particular data has been deleted. This is a risk to the employees’ sensitive data that needs to be discarded, for example, medical reports. This reason behind this is that CSP infrastructure spreads data over different types of storage devices. Besides, the employees may have limited knowledge on how to initiate the deletion process in the SaaS application HR databases.
Several issues may result from the organizations’ decision to shift the storage of their data from their in-promise database to the HR and personnel management application from a US-based company that offers SaaS solution. To begin with, malware such as ransomware may arise. This malware may hold the employees’ data at ransom hence causing a persistent threat that keeps on siphoning their data. This can cause significant damage to such data. Thousands of viruses are being created daily. This may require the charity organizations to keep an extra eye on these threats as they arise to avoid any possible attack on its employees’ data by attackers.
Employees’ data stored in the clouds can be shared online together with their private data. Most of the employees of the organization might risk their colleague’s data to social media as they browse various social media networks using the organizations’ computers. Vulnerabilities might use that chance to seep the organizations’ data secretly. It becomes tough for the IT department in the organization to curb this problem as the data moves online together with the employees’ private data.
Smart phones have become common in today’s workplace. Many employees may opt to use their phones to access their organizations’ data (Montalbano, 2010). This will offer the IT department of the organization a limited control over their security because it is challenging to implement platform-specific security given the full range of devices being used. As it is, mobile phones have several applications. Who knows where the data each application collects goes?
In-House HR System
In-house hosting of data may be a good choice for the organization if it can afford to ensure security and proper operation of the database. As the argument is, everything that has advantages on one side has disadvantages on the other side. The database hosted by the charity organization in its premises might pose excessive privacy issues to its employee’s data. These challenges range from excessive permissions to weak passwords as discussed below.
A large number of individuals in the organization have access codes to the firms’ database. Who does what with which information is the main privacy threat? An employee may decide to use this priority in an unauthorized way. Each employee has information that has to be accessed by only themselves and the organization’s management. Some of the passwords to the organizations’ database might be weak. These passwords can be guessed, and brute may be forced to allow an intruder to access the organization’s data. Default credentials pose a great risk to any organization. The system can easily be compromised. This expands the rate of attack of the employees’ data by intruders. Data that is secretive may either be made public or used to expose the individual, for example, a case where an employee’s loan status is made public.
Running a database is very costly to an organization more so to this charity organization that deals with helping less privileged individuals. The company may sometime operate a database running on outdated software. This might result to lack of essential patches. An updated patch updates the database program hence fixing any possible malfunctions it might be experiencing. The fixes include security vulnerabilities and other bugs. If a patch is designed poorly, it might introduce a challenge to the privacy of the employees’ data as the patch might sometime change or corrupt some information that was not the target.
It will be challenging for the organization to maintain the in-house HR database free from attacks by malware (Parms, 2017). The organization’s IT department will not be able to identify malicious employee computers connecting to the server. This will be a significant threat to the employees’ data kept stored in the system. This might result to breach of employees’ sensitive information such as bank details to intruders.
SaaS Applications
There are many privacy issues facing clouds as they host large chunks of data (Tabassam, 2017). If the company shifts its data to SaaS application, employee’s data might meet storage challenges. In this aspect, data segregation is the central aspect to be taken into account because the infrastructure is shared among multiple customers. If this is not put into consideration, then data from one person may mix data that belongs to another employee. Since this is a system, separating that data might be a bit complicated.
Retention and destruction of data will also stand out to be a privacy issue in this case (Woodriffe, Alonso, Zaaiman, & Shahim, 2010). The employees will not be in a position to know the kind of information being extracted from them for them to stop the process. Secondly, an employee will not be in a place to tell if the data they asked the provider to delete was entirely deleted. Retention of personal information and how long it will be retained will be another big question from the employees.
Employees’ data may face a side channel attack while at the SaaS software. Side channel attack is an emerging concern for the cloud computing platform. It may lead to leakage of the charity organizations data. This is an evolving risk. An attacker to the SaaS software provider may penetrate the software’s infrastructure through the cloud’s perimeter (Sen, 2013). He or she will pretend to be a rogue customer. He or she might use that information for research purposes without the owner’s permission.
Privacy is the freedom from intrusion. The employees of the organization have a right for their information to be kept as private as possible. Data breaching can have severe impacts on the employees’ wellbeing. In this section, I am going to discuss some of the severe risks that may face the organization in whole if its employee’s information is breached.
To begin with, breaching employees’ data might ruin their reputation. An intruder may publish negative information concerning the employees. As it is, the internet never forgets. This will mean such individuals will have fewer chances of being employed in other places. For example, an enemy might break into the database and get the identification details of the administrator of the Charity organization. He or she then might blackmail the administrator with a child kidnap case. This will probably demean the administrator’s respect from the groups’ clients and employees.
If in any case hackers break into the organization’s database, you can be assured that they will have an opportunity to access various employee bank account data. This could lead to theft. For example, the Citibank security breach which sometimes happened back. This will be highly disastrous for the organization’s operations as employees trust in the organization will be limited.
Cloud computing represents one of the complex computing systems presently in existence (Masood, Shibli, & Niazi, 2014). The present SaaS applications are using extensive systems with varying degrees of connectivity. With the current growth of data being held in the order, digital identity has become a fundamental factor to help the provider clients access their data more efficiently.
Digital identity is an online or networked identity claimed in cyberspace by either an individual, electronic device or organization. It comprises of elements such as medical history, date of birth, username and passwords and social security numbers. In the SaaS software, just a username and password are enough for an intruder to access the organization’s data. Thus the organization will be at significant risk if by far it accepts to trust the SaaS provider with their data.
Cybercriminals nowadays monitor an organizations landscape and technological traits for them to exploit. They have diverted their attention to the growing SaaS offerings. They are on the look trying to find organizations that have not sufficiently protected their identities. In recent months, several SaaS providers such as Dropbox have beefed up their security to counter-attack account take over (ATO) attacks. But still, the ATO attacks are rising day in day out. This has been attributed to the accelerating adoption of the software by numerous people. From the multiple cases around the world, it is crystal clear that SaaS software is harmful to digital identities. Therefore, if this organization opts to seek the software services, attackers may see it as a loophole to get access to the organization’s data. We all know how disastrous that can be.
A faster network speed makes it easier for an organization to store its data anywhere in the world. The place where the organization’s data will be saved will have an enormous impact in concern to either reducing or increasing the risks and threats of the employee data identified above (Kozlowicz, 2015). United States where the HR management SaaS is located, the Charity Organization’s data can only face disaster recovery issues. This is because; the HIPAA act governs the provider. The government of the land has high surveillance programs which administer the data hosting services. The provider has several places where they store their customer’s data. This means that even when one center malfunctions, their clients can still access their data from the other base. Therefore, the threats mentioned above and risks affecting the secrecy and privacy of the employees’ data will be mitigated if it chooses the United Based firm.
Physical security is not to be neglected when selecting a data provider to use. The United States, India, and Ireland are some of the safest countries in the world. Therefore, this will merely keep insiders away from the stations hence improving the security of the employee data. For example, considering what happened to Red Dot Corp, heating, and cooling Seattle area, where intruders attacked it through garbage cans stealing employee information. The world saw the attackers make away with thousands of dollars. Though this company is not a data hosting provider, it can still help this organization to stay alert in matters where the database hosting their employees’ is located.
Ethical Issues and Data Sensitivity
Moral values are a set of established principles that govern good behaviors (Nygaard, 2016). Our case is an organization with high integrity and honesty to its clients. For it to ensure that it maintains its values, it has to be concerned with the secrecy and sensitivity of data that leaks to the public that will result from how the cloud HR management database will keep its data. The excellent public relation will help the organization to promote a set of desirable ethical values to the communities it offers its accommodation and mental health services. Through this, its respect and reputation will be kept high. This can only be gotten if the organization continues its data as safe as possible.
The company operates under trustworthy and promise to keep values. Data breach targets personal and classified information. For instance, financial data breach which can happen to the SaaS provider houses the data can be awful. An employee or even the whole organization can lose all its finances hence vandalizing the organization’s operations completely. The breach may make the organization’s reputation in the society be destroyed.
Conclusion
Cloud computing is a progressive development for the sake of satisfying different levels of customers demand. The program provides a secure collaboration and reaches to files at any locality and time. It is a new paradigm that makes it easy for individuals of every size to share resources and services at a relatively low cost and manner. While many continue to enjoy the benefits, it brings forth, security of the data stored in it is a fundamental challenge. There is much vulnerability in the servers. Hackers are progressively making good use of these security holes. For any individual, organization or company’s data to remain secure, security gaps must be rectified. In this paper, I examined different threats and risks that SaaS application and in-house HR databases may pose to the data of a non -profit making community-based organization that works with less privileged people in the society.
I believe that the threats and risks I presented will help the organization work more round the clock to make a right decision on which database to use to keep its employees’ data secure. If it embraces the SaaS software, it will put in place mitigating measures to help it fight with the cybercrimes. The SaaS service provider will also continue looking for solutions to enable it to continue protecting its infrastructure from potential malware. As they say, hard work pays. I hope that as every stakeholder continues to discover new methods, more solutions will be found to solve the existing one as well as future security and privacy threats. This will strengthen hence make cloud computing a secure store for large chunks of data. I will be glad in the near future, to help the organization in more risk assessment reports.
References
Ali, A., & Afzal, D. M. (2017). Database Security: Threats and Solutions. International Journal of Engineering Inventions, 25-27.
Bhuvaneswaran, S. (2018). 10 Reasons why Cloud Based HR Software Solutions are the future of HR Management. Kissflow, Online.
Gerena, E. (2012). Top 10 Database Threats. Verizon Data Breach Report, 1-34.
Gholami, A., & Laure, E. (2015). SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT DEVELOPMENTS . Computer Science & Information Technology (CS & IT) , 132-151.
Intel, I. (2015). SaaS Security Practice: Minimising Risk in the Cloud. White Paper, 1-11.
Kozlowicz, J. (2015). How Vital is Your Cloud Data Center Location? Green House Data Blog, Online.
Malik, M., & Patel, T. (2016). Database Attacks and Control Measures. International Journal of Information Sciences and Techniques (IJIST), 175-183.
Masood, R., Shibli, M. A., & Niazi, M. A. (2014). Cloud identity management security issues & solutions: a taxonomy. Complex Adaptive Systems Modelling, Online.
Monks, K., Kelly, G., Conway, E., Flood, P., Truss, K., & Hannon, E. (2013). Understanding how HR systems work: the role of HR philosophy and HR processes. Human Resource Management Journal, 379-395.
Montalbano, E. (2010). 5 Data Security Threats Facing Companies Today. Business Insider, Online.
Morrow, T. (2018). 2 Risks, Threats, & Vulnerabilities in Moving to the Cloud. SEI Insights, Online.
Nygaard, A. (2016). Leading by Example: Values-Based Strategy to Instill Ethical Conduct. Journal of Business Ethics, Online.
Parms, J. (2017). Emerging big data scenarios has caused privacy & security concerns. These recautions can help to keep big data risk at bay. More Info, More Problems: Privacy and Security Issues in the Age of Big Data, Online.
Rajegore, M. P., & kadam, M. S. (2016). Issues & Solution of SAAS Model in Cloud Computing. IOSR Journal of Computer Engineering (IOSR-JCE) , 40-44.
Rohilla, S., & Mittal, P. K. (2013). Database Security: Threats and Challenges. International Journal of Advanced Research in Computer Science and Software Engineering, 810-813.
Sen, J. (2013). Security and Privacy Issues in Cloud Computing. Cloud Computing Topology Towards Enhancing the Performance, 1-42.
Tabassam, S. (2017). Security and Privacy Issues in Cloud Computing Environment. Journal of Information Technology & Software Engineering, Online.
Woodriffe, N., Alonso, I. M., Zaaiman, I. E., & Shahim, D. A. (2010). SaaS Data Privacy. Thesis IT Audit, 1-48.
Youssef, A. E. (2012). Exploring Cloud Computing Services and Applications. Journal of Emerging Trends in Computing and Information Sciences, 838-847
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download