Discuss about the Security Risks and Concerns in Cloud Computing.
The purpose of making this report is to analyze and evaluate risks and security concerns with cloud computing in context of company that provides accounting software. In business organizations, cloud computing is used for various purposes and it has become an essential way to access information from remote system easily and quickly over internet. There are various other benefits of cloud computing that makes it useful for IT users. As we know that use of cloud computing is increasing among people, then it has become necessary for them to know about risk and security concerns of cloud computing. The major topics that we will discuss here in this report are background of cloud computing, risk and security concerns in cloud in context of accounting and applicant service providers.
XYZ Pvt. Ltd. is a company that provides account software. People are satisfied with products and services of this company. This company is using cloud computing services for running its business among people worldwide. While providing cloud computing services what kind of risks and security concerns are faced by this company, we will evaluating here in this report. Before moving towards discussion of risks and security concerns of cloud computing, here is requirement to emphasize on background of cloud and its literature concepts. (Journal of Accountancy, 2016)
Cloud computing has evolved through number of phases that consists of grid and utility computing, application service provision and software as a service (SaaS). But this primary concept of delivering computing resources was rooted in sixties. This was developed with the vision that everyone on the globe must be inter-connected to access programs and data at any site. This vision is actually related to cloud computing. With this vision, further amendments and improvements, this latest concept of cloud computing was introduced. Amazon EC2/S3 was the first widely accessible cloud computing. If at one side, advancements in cloud computing are increasing, then on other side, security and privacy concerns of cloud computing was also encountered by its users and it is still going on. In next segment of this report we will discuss that how XYZ Pvt. Ltd. Company is facing these problems. (ComputerWeekly, 2016)
For business organizations like given accounting company way of doing business has changed. It is commonly arguing that cloud computing is gaining a great deal of energy worldwide. According to analysis, revenue of cloud services is forecast to reach $68.3 billion in 2010. Most of the account base and other business organizations are running their businesses by using web cloud based applications. Cloud platform has eliminated the need for in-house technology infrastructure that includes servers and software to purchase, execute and maintain. Besides this, there are various other benefits available of cloud computing for business organizations and those benefits include quick implementation of business processes, less upfront costs that consists of cost of hardware and IT employees those are not required to be in-house and no hardware and maintenance cost is required in case of cloud computing. (Abraham, A., Muda, A., & Choo, 2016 )
With these benefits, risks and security concerns put influence over business organizations. XYZ Pvt. Ltd. Company will face following risk and security concerns of cloud computing.
Breaches of essential information is a common security issue that is encountered by cloud users. This is happened because cloud networks face threats like traditional networks. Due to this data breach, confidential information of organizations and their customers, that is stored into their databases may get lost. In this case, if XYZ Pvt. Ltd. Company is giving account software services to its customers through cloud computing then they need to be careful about personal information of its customers. Besides this, after selling of account software, customers will also pay online and in this case, credit card information of customers can be breached from company’s database by hackers. (Rashid, 2016)
Data breaches and other kind of attacks basically occur due to lax authentication, weak passwords and poor certificate management. These are some weak points of security management that must be seriously taken into consideration. In case of XYZ Company. if they will not manage security of databases and login credentials, then it is definitely possible hackers can easily guess passwords and can access confidential information. Precisely, compromise in login credentials directly leads to breakage in authentication. (Academia.edu, 2016)
In every cloud service and application, APIs are offered. Interfaces and APIs are used by IT teams to manage and interact with cloud services. In cloud computing, from authentication and access to controlling and monitoring of encryption and other activities, are depend upon security of API. Company XYZ also uses APIs to provide account software by cloud computing services. Therefore it is responsibility of technical department of this company to keep security of APIs. (SearchCloudComputing, 2016)
System vulnerabilities and other exploited bugs in programs are mostly encountered by users of cloud computing. This problem is becoming bigger with advent of multitenancy in cloud computing. When databases, memory and other resources are shared by business organizations then they create new surfaces for hackers for accessing this information. XYZ company also do this while using cloud services, so it will be better for them to be careful about their activities and actions. Otherwise heavy loss of information can occur. The practices like regular vulnerability scanning, prompt patch management and quick follow up regarding system threats are helpful for controlling system vulnerabilities. For regulated industries, it is necessary to patch quickly as possible. (incapsula.com, 2016)
Hacking, phishing, malware attacks and other network frauds are so much popular among IT users and cloud computing has enhanced these vulnerable activities. This is because attackers can spy on activities, manipulate transactions and can make modifications in data. Cloud applications may also use by them to perform their harmful attacks. Sharing of confidential information by organizations also lead to hijacking of accounts, because in this sharing, personal and business information is accessed by hackers. If company XYZ is sharing its information over internet without any security then it is possible that account can be hijacked by hackers. Accounts should be monitored properly so that online payment transactions can be done securely without any problem. The main thing is to protect credentials of account from hackers.
Malicious insiders is also a big problem for business organizations and it has many faces such as a current or former employee, a system administrator, a contractor or a business partner. The main agenda of malicious attack is from data theft to revenge. In cloud services it is also happened by hellbent insider that can destroy whole infrastructures and manipulation of data. All systems those depend solely on cloud service provider for security like encryption, they are considered at risk. That is XYZ Company should also have awareness about this concerning factor and it is recommended to XYZ Company to control encryption process and keys and minimizing access to users. These are some crucial factors to consider by this organization.
Permanent data loss is a big problem for all cloud computing users. Cloud is a matured service but still data loss occur due to provider error. When attack is conducted by malicious hackers then then they always try to permanently delete data which is difficult to recover if you don’t have any backup and recovery software. This can also be happened with XYZ Company and their confidential information may get lost. In this case, it is responsibility of this company to be carefully maintained its important information over network. Permanent data loss is not easy to perform by hackers, if cloud service providers will encrypt data on cloud database, then prevention is possible.
Denial of service attack is also a vulnerable attack that is also faced by cloud users. In this attack, hackers break the server access from all users who are connected with it and they cannot access any website from that server. DoS attack is not a new problem that is facing by cloud users and this problem has very bad impact. Denial of Service attack gets large amount of processing power. High volume DDoS attack is very common and main target of this attack is web server and database vulnerabilities.
For XYZ and other business organizations must be careful about this denial of service attack which is vulnerable for cloud database and its information.
These are some essential risks and security concerns of cloud computing that are commonly faced by business organizations like XYZ Pvt. Ltd. Company. After this whole discussion about risk and security concerns of cloud platform, further we will emphasize on protection mechanism that are discussed in theory and literature for security and privacy of cloud platform.
This is an important segment of this report and here we will emphasize that how security and privacy of cloud computing can be maintained. According to literature review of Al-Anzi, Tadav & Soni (2014), suggest that there is requirement to follow security model for cloud computing and this model should include governance, risk management and compliance. Today cloud security requirements are varied dynamically due to its dynamic nature and ownership of customer. This security model must be applied to each type of cloud such as private, hybrid and public. (Digital Guardian, 2014)
In cloud security model, security governance, risk management and compliance refers to fundamental responsibility of the organization for identifying and implementation of various important processes and control organizational structure to provide effective security to cloud users. Governance is set of policies, laws and technologies that are required in business organizations to achieve security objectives. (BlackStratus, 2015)
In case of people and identity management, only authorized users should be able to access information. This is known as authorization and authorized access of data. In case of cloud computing, authorized access is required to get rid of security issues and risks that we have already discussed above.( Chang, 2016)
According to Al-Anzi, Yadav and Soni (2014), Application security is also an essential way to maintain privacy and security into cloud platform. In this case, XML encryption and XML signature will be better to use. These are actually helpful to provide prevention from XML attacks and other web services attacks. (Chorafas, 2011)
Data and information security are also most important in cloud computing. For achieving data and information security, cloud computing management must focus on how data should be stored, processed and audited. Besides this, here recommendation to implement intrusion detection and protection system is also provided.
In every kind of web service, its infrastructure plays an important role. Similarly in cloud environment, its infrastructure needs to be secured and reliable. For physical measurements of structure there is requirement to use biometric access controls and computer access controls.
According to literatures’ review, above listed protection mechanism will definitely provide help to get prevention from risky cloud environment. These protection mechanism can be implemented in cloud environment and in case of other network technologies.
Conclusion and Future Trends
After this whole discussion we can say that it is necessary for XYZ Pvt. Ltd. Company to consider above discussed cloud computing issues, if it wants to provide better outcomes to its services. If this company is facing any kind of above discussed problem then it will be better to implement above discussed protection mechanisms. It is responsibility of technical department of this company to be careful about these issues of cloud computing security. If we talk about future of XYZ Company then this company is doing efforts to run advanced security tools in organization and they also providing better training to their employees for using cloud services properly and with appropriate security. To satisfy customers with quality results is responsibility of every business organization.
References
ComputerWeekly. (2016). A history of cloud computing. Retrieved 24 September 2016, from https://www.computerweekly.com/feature/A-history-of-cloud-computing
Journal of Accountancy.(2016). Cloud Computing: What Accountants Need to Know. Retrieved 24 September 2016, from https://www.journalofaccountancy.com/issues/2010/oct/20102519.html
Abraham, A., Muda, A., & Choo, Y. Pattern analysis, intelligent security and the internet of things.
Skyhigh Networks. (2015). 9 Cloud Computing Security Risks Every Company Faces. Retrieved 24 September 2016, from https://www.skyhighnetworks.com/cloud-security-blog/9-cloud-computing-security-risks-every-company-faces/
Rashid, F. (2016). The dirty dozen: 12 cloud security threats. InfoWorld. Retrieved 24 September 2016, from https://www.infoworld.com/article/3041078/security/the-dirty-dozen-12-cloud-security-threats.html
Academia.edu.(2016). Cloud Computing Security Challenges (Literature Review). Retrieved 24 September 2016, from https://www.academia.edu/20333158/Cloud_Computing_Security_Challenges_Literature_Review_
Digital Guardian.(2014). 27 Data Security Experts Reveal The #1 Information Security Issue Most Companies Face With Cloud Computing & Storage. Retrieved 24 September 2016, from https://digitalguardian.com/blog/27-data-security-experts-reveal-1-information-security-issue-most-companies-face-cloud
BlackStratus.(2015). How to Overcome Security Issues in Cloud Computing. Retrieved 24 September 2016, from https://blackstratus.com/overcome-security-issues-cloud-computing/
SearchCloudComputing. (2016). Cloud computing and application security: Issues and risks. Retrieved 24 September 2016, from https://searchcloudcomputing.techtarget.com/tip/Cloud-computing-and-application-security-Issues-and-risks
incapsula.com.(2016). Top 10 Security Concerns for Cloud based Services. Retrieved 24 September 2016, from https://www.incapsula.com/blog/top-10-cloud-security-concerns.html
Chorafas, D. (2011). Cloud computing strategies. Boca Raton, Fla.: CRC Press.
Chang, V. A proposed cloud computing business framework.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download