Possible Risks and Threats of Cloud Computing

The purpose this report is to discuss about the privacy and security that are needed to be implemented by the cloud computing technology. The main objective of the charity is to provide health care facility to the peoples who do not get benefits from the society, and does not receive any advantages . As a principal consultant of the charity, I need to prepare a report that will provide the guidelines for managing the privacy and policies while using this technology. For managing their personal data , the charity bought application from an organization which is US based for providing the SaaS platform (Pearson, 2013). The report will focus on all the possible risks that can get provoked by the use of cloud computing technology and their services. The main concern of the organization is to protect the data of the employee, so that unauthorized person does not get the access over it.  The data of each employee needs to keep secured and safe. Charity needs to plan things in order to preserve the security and privacy of the data provided by them in the cloud system (Xiao & Xiao, 2013). The report will discuss about the effects that may arise once the system is being migrated to the SaaS application. The possible risk that may arise with this is also being discussed in the report. The data is being stored in such a way so that it can maintain the privacy and the confidentiality of this information from getting data breached. Further, the stored data needs to be encrypted, so in case of data breaching the confidentiality of the data will be maintained.  

Every organization prepare some set of rules in order to provide their employee with security. An employee will join an organization after learning about the privacy and security provided by them and a good security provided by any organization will attract attention and trust of their employee. Several risks are faced by the database that is maintained by cloud system, this will affect the system adversely. This cloud database contains a lot of precious and personal database that are needed to be protected from the attackers (Kshetri, 2013). The concern is to discuss about the risk and threats that can affect the data of the Charity. The risks and the threats are discussed below: 

APIs: API stands for application programme interface. API establishes a communication with the cloud by user. The organization that adopted cloud-computing technology had modified their security process, in order to protect the system from cyber attackers. Still their remains chances of facing problems in the area of API administration.

Preventive Measures for Securing Private Data

Data Breach: Data breaching is a method of altering someone else data without their permission. This is a major threat faced by cloud computing. Through this method of data breaching the attackers get information from the cloud database and as this re sensitive data that’s why this are stored in the cloud (Wei et al., 2014). The details of users like the name, address, bank information and other personal details are exposed to the hackers. Data breach can affect million of peoples at a time.

Hijacking account: Account hijack is another risk that are likely to be faced by the users. The account of the users is hacked by the victims. This is done by the method of phishing. Phishing is a method through which the data can be effected, this search for the holes in the network and enters through their to attack the system. With the help of this method the one who is in search of hole for attacking the system can easily, access data and information stored (Suo et al., 2013).

When a database is migrating to a SaaS application, many risks are generated and one of the main threats is the security of the data. It is possible with every SaaS application that the data is breached. When migrating to the SaaS application the main responsibility of the data is taken care of by the provider of the SaaS. But it is not sure that they will treat this data as the highest priority  (Hashizume et al., 2013). It is the responsibility of the SaaS provider to take care of the database and maintain the safety.

Once the data are being migrated to the SaaS application, users need to rely on the vendor for getting the update about their data. The users will not have any power to control their data .In case anyone tries to destroy the data externally it will directly affect on the organization and the employee. This are the main risks that are involved with the database migrating to SaaS application. It becomes essential for the SaaS provider to collaborate with such team which will provide better risk assessment strategies (Sen, 2014).

Another factor that is a reason of risk is the location factor. The data are being migrated to SaaS platform from different countries and this becomes a matter of risk as the data are being exposed to everyone over that platform.  Their also remains chances of having legal risks on migrating data from countries.  

Risks and Threats to Database Security

There are several risks and threats that are associated with the use of technology is discussed in the previous part of the report. These threats can affect both the organization and the individual largely. The main concern of the Charity is to maintain the security of the data stored in their database. The chances of greeting affected are increasing day by day as the attackers are using recent technologies now days. This is resulting in data breaching over last few years (Ryan, 2013). Data breaching has a very negative impact on individuals and even on the organization as they causes leak of data, which is very sensitive for that particular person. Hence, this becomes very much necessary to maintain the confidentiality and to secure this private data by implementing essential preventive measures. With the method of fishing all the details of the employee can be received and can be used to exploit their data . Attackers use phishing method to get into the victims personal data. Over last few years, the number of devices used by users is getting higher and higher. The attackers track the activities of the person, whose data they require then they find the loophole, get into the system, and destroy the data in the database.

The main concern of the organization is regarding data privacy of employees. It become necessary to maintain the privacy of data , as this are very confidential for each employee . This need to be kept with best security and not at any cost this information can be disclosed in front of any other person . There are companies who monitor the activities of their employee such as what they are doing on the net and their mail activities. The motive of the company is quite valid but they also ensure that the data privacy will be maintained The association should make sure that no employee can use the device or other employees data without their permission. This is a criminal offense , and this should be taken care of by the HR (Heath, 2013). This data also contains health information of the employee so this becomes necessary to maintain the privacy.  

There are several threats that exist for the database security purpose. The threats are discussed below that are likely to affect the in house database:

Malware: Malware attack is a perpetual threat for database. This causes great damage for the in house database (Rittinghouse&Ransome, 2016). Malware targets the affected devices and then steals the information that they require from database and then use this data to affect other databases

Risks Associated with Moving to SaaS

Unorganized Data: For every organization, it becomes necessary to maintain and manage their data properly, so that no mess and miscommunication occurs. This becomes necessary to organize data in a proper way, as it is very difficult to keep track on unorganized data. Sometimes it happens that the important data are not stored in the database and this lead to problem in finding details when required (Rewagad&Pawar, 2013). As there is no track of unmanaged data , it will not get monitored and attackers can easily exploit or alter with the database.

Excessive Permissions:  In case any employee is granted with excessive permission to access the database , it may generate risk for the organization. According to researchers , a minimal right of accessing the database is given to the employees. Because once the employee is being granted with excessive permission, they may use this power to exploit or harm the database maintained by some other employee. So it is essential to grant right which is required no less than that , no more than that limit (Rong,Nguyen &Jaatun, 2013).

Database affected by Injection Attacks:

Injection attacks in several ways can affect database. This can exploit database and can expose data to third person. The targeted database of this kind of attackers is basically the database with no SQL and the traditional database.  

On moving to SaaS application there are several risks that are likely to arise. The risks that may arise with the data security are listed below:

Fragile Cloud Standard: Cloud vendor providers are touting regarding the security credentials and this has been observed after auditing SAS 70. Due to low standard of the SaaS platform, it is providing less security and privacy towards their customer. The business should implement rules that will ensure high privacy and security towards the data of the employees who have recently moved to SaaS.

Confidentiality: The cloud vendor tries to show that they provide the best security in their service and confidentiality will be maintained with them.  However, in reality they are not capable of giving that much of security. And people thinks SaaS provides best security , that’s why they migrate to SaaS application.  The thinking of the clients using cloud server  is that SaaS does not provide that much of security in their platform .  

The cloud vendor has the tendency not to expose exact amount of centres and the functions and facility they provide. As the vendors does not expose all the information, so their remains a chance that the vendor may compromise with the security provided by them. SaaS providers should response to the organizations customer and analyst (Modi et al., 2013). The organization should only share the data of their clients and employee only if the vendor shows transparency in their work.  

Conclusion

This part of the report will discuss about the result of risks that are likely to be faced by any organization .The risks are already being discussed in the previous part of the report, there are several outcome of this threats and have some adverse effect on individual. Malware attack can cause a major part of data getting breached from the organization database  The malware attack in the database can cause a major data breach in the company and can affect most people by just one malware. Individuals are required to secure their systems from malware attack. According to the research it has been found that around 40 percent of data breaches is a result of human negligence (Sun et al., 2014). Sometimes this happens when there is lack of knowledge regarding the security issues. For securing the network, it becomes necessary for every individual to defend his or her service from cyber attackers. It becomes the responsibility of the organization to manage the database of the employees and the patients. As the data, security is only applied on the organized and the unorganized data can’t be protected. So this becomes necessary to protect the data.  Organization must eliminate those systems, which are infected, as attackers wait for the loopholes to get into the system, and an infected system is fool loopholes.  It becomes essential for organization to control the advantage of security officer (Yan et al., 2013).This ensures that the officers will not get excessive permission and will not be able to access the data on the cloud system.

With the migration of normal database to SaaS application , there is a high chance of digital identity getting exposed to outsiders. Digital identity gets stored in cloud database while using online resources or any type of network. The main aim of using digital identity is to maintain the data security and to protect the system from cyber crimes. Several threats may arise while moving the digital identity to SaaS.

There are chances of several risks getting generated in case anyone compromises with someone else identity. This attacks on online will harm the society on real basis,. As with this online attack one can withdraw all the money without letting them know. This will create financial issue for that individual.  However, it is the responsibility of each online website to maintain the security and privacy of the data of their users. Nevertheless, sometimes situation occurs that due to lack of attention, this data is leaked and questions the security of the website (Xia et al., 2016). The department that gets affected from this data leak is the department of finance. All the credential identity is being stored by the system. The attacker keeps an eye on the activities on the social media and gets the password from their login with any social platform . It is the tendency of people to maintain same password for several website on internet, this helps the website to change their password automatically and attackers can easily get into their account. Wide range of threats arises in the online website as they targets the security and privacy of an individual.

Recent times addressed that identity leak occurs while accessing to some websites. Websites ask for the individual’s password while giving the permission to access a particular, that time they track their activities and later on attack their system. The way they are tracking the data of an individual is very sophisticated and without the knowledge of that individual . They are unaware of the fact that their data are getting used by someone else (Rahimi et al., 2014).

Sometimes digital identity theft also occurs. This leads to initiate activities that are not ethical by using someone else identity One of the main threat that possessed on the digital identity is the identity theft. The attackers uses others identity to impersonate others information. This is done by a method called “Phishing”, this takes an individual’s identity and then this will be used to attack other individual.  

Another risk that is likely to arise in this situation is related with identity tampering. This type of attacks can be prevented by the method of property integrity. This kind of attack can only be prevented by the integrity property. There are several standards proposed to prevent tampering of data identity. Tampering of data occurs because the private key is being shared between the receiver and the sender (Zhang et al., 2017).

Another issue is the personal data theft in which the confidential data is being theft by the attackers. The digital identity like the passwords and the data of biometric is a data which is needed to be kept secret. The property of confidentiality says that the private data is only to be used by the person owns it and no other unauthorized user will be able to use the data without the permission of the concerned user (Fernando,Loke&Rahayu, 2013).

Property Authorization is also a part of digital identity. Some rights are reserved for the authorization. This falls under the classic access control. There are several number of risks associated with authorization of property is known as privilege escalation (Stojmenovic& Wen 2014). Issues arises with data identity, the main issues that arise is that the misuse of identity. The attackers uses someone else identity to attack others profile. The revocation becomes essential in case when identity is used for accessing someone else sensitive data. The time of revocation is valid up to a certain period for preventing the access of data by unauthorized person.

There are various problems associated with the SaaS application. Growing technology are having both positive and negative effects on the organization . As their increases the ration of gaining success , with this their also increase the chances of threats towards the database stored in the cloud server. Maintaining security is getting difficult day by day. In order to achieve the best security for the data it becomes necessary to mitigate the risks that are expected to arise with this situation.  Safety towards the data of the organization is provided by the SaaS application (Almorsy, Grundy & Müller, 2016). The help line provided byb the SaaS is throughout the day . Several mitigation methods are there and are discussed below:

Key cloud provider is the one who will provide the cloud service to the organization . the organization needs to find a provider who is reliable .There are different policies of different cloud provider for maintain their database and the security provided by them are also different  (Shahzad, 2014). Before choosing the vendor they should be aware that the data vendor will not get closed.  

Before starting any work , every vendor provides a contract to the one with whom they are collaborating . It becomes necessary for every organization to go through the contract very carefully before signing it . Once the contract is being signed no one can back out , so it is required to understand the terms and condition very well before signing the contract

(Ali,Khan &Vasilakos, 2015).

 Facilities Recovery:

The vendor to organization provides facility recovery. This ensures that there will be policies available which will help to recover data in case there arises a situation of data loss in the organization. Every vendor provides such facility , as the data are very important for every organization.

Infrastructure of enterprise is the main factor for every organization. For better growth, it is necessary to have infrastructure with best facilities. Appropriate safety infrastructure needs to be implemented in enterprise for maintaining data security.

Data encryption method is a way to encrypt the data. Only those who have the encryption keys, this helps to maintain the privacy of the data. It becomes necessary for every cloud vendor to use encryption method in the time of maintaining the records. Once the cloud vendor do the encryption for the database , there is no need to worry about the security of the data as no one will be get the permission to access(Arora, Parashar, & Transforming,2013). Data encryption also prevents data from being breached. The HR should identify the encryption method required for maintaining the data security in the database cloud.

Cloud database stores lot of information of people. In the case of the database maintained by the charity, it will store the information regarding to the people they are helping and their employee details. As the database contains detailed information of every people associated with the charity, all the data cannot be considered as the important data. In this case, the cloud vendor is needed to safeguard those data in the cloud storage, which are extremely private for a person (Botta et al., 2014). Organization needs to protect the data from outsiders and should not allow others to get the access over someone else data. As the charity deals with people who are having problems related to with mental health and other health, this becomes very much necessary to keep this fact private for a person . These facts are something that needs to be only kept within the consultant and the patients, so that they can feel free to discuss their problems without fearing about the fact that a third person may get to know about their personal issues (Chang, & Ramachandran, 2016). These data requires full confidentiality from the cloud vendor. Techniques are there which helps to protect the data from getting accessed by unauthorized person. Organization need to take care of the privacy , as this will build the trust among the employees towards the organization (Whaiduzzaman et al., 2014).

Ethical issues are the issues that arise when any organization or any employee try to violate some set of rules and try to harm others. According to the researches ,it has been observed that companies uses the records of their staff to calculate the effort given my their staffs in their working period. The data that are used by the organization should be professional; they should not access the personal data without their employees concern. Basically it is the responsibility of HR to set some ethical policy for the organization and should set some restriction. This will help the organization to charge any employee whenever they found them behaving unprofessional within the organization. This becomes very necessary for every employee to maintain the rules within the organization. With emerging technology, chances of getting data leaked become easy (Cuzzocrea, 2014). It becomes necessary for the HR to keep an eye over their employees, so that they can keep a track on their activities. Keeping track on the activities of the employee is different , but some company tracks their activities on their account which is against the ethics of organization (Ahmed,&Hossain, 2014). HR should be smart enough while appointing any staff, and they should know their intention. It becomes necessary for staff to maintain privacy and should not try to break others privacy. Employee need to be trustworthy enough. In the situation of data getting hacked both the organization and the HR will be questioned, as this is the responsibility of the organization to maintain the confidentiality of each employee (Tari, 2014).

Conclusion:

This report basically deals with the need of assess the risk that are likely to come while the database transferring to SaaS .The Charity basically deals with the people who does not gain attention from people of the society , the one who does not get any advantage from the society. Cloud computing has many benefits for organization. From the above report, it can be concluded that data are essential factors of every organization. This becomes very necessary for the organization to protect their information from getting disclosed to an unknown person. The report discussed the features and the risks that are likely to generate while moving to SaaS application. There are several risks also the results of this risks are being discussed in briefly in the report. The HR database contains all the details and information, so it becomes necessary for the HR to manage and keep the data in an organized manner. Charity needs to maintain the data well so that the data remains organized. The report discusses about the data integrity and the issues that are likely to be faced by the organization. The risks arises with data theft and all are discussed in brief. This becomes very necessary to maintain the security, the privacy of the data of employees from getting exposed in front of outsiders also this prevents unauthorized access . The issues that are likely to ge arise while migrating to SaaS application. The issue related to sensitive data leakage also being discussed in the report. The report came up with risk assessment methods.  The responsibility of the charity is to protect the personal data related to the staffs and their clients so that the data is not breached and the confidentiality can be maintained for long terms. As the principal consultant of Charity, it was my duty to address all the threats and risks that are expected to come along while moving to SaaS application. In this report, all the risks are being addressed and have given the possible solutions for this.

References:

Ahmed, M., & Hossain, M. A. (2014). Cloud computing and security issues in the cloud. International Journal of Network Security & Its Applications, 6(1), 25.

Ali, M., Khan, S. U., &Vasilakos, A. V. (2015). Security in cloud computing: Opportunities and challenges. Information sciences, 305, 357-383.

Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.

Arora, R., Parashar, A., & Transforming, C. C. I. (2013). Secure user data in cloud computing using encryption algorithms. International journal of engineering research and applications, 3(4), 1922-1926.

Botta, A., De Donato, W., Persico, V., &Pescapé, A. (2014, August). On the integration of cloud computing and internet of things. In Future internet of things and cloud (FiCloud), 2014 international conference on (pp. 23-30). IEEE.

Chang, V., & Ramachandran, M. (2016). Towards achieving data security with the cloud computing adoption framework. IEEE Trans. Services Computing, 9(1), 138-151.

Cuzzocrea, A. (2014, November). Privacy and security of big data: current challenges and future research perspectives. In Proceedings of the First International Workshop on Privacy and Secuirty of Big Data (pp. 45-47). ACM.

Fernando, N., Loke, S. W., &Rahayu, W. (2013). Mobile cloud computing: A survey. Future generation computer systems, 29(1), 84-106.

Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of security issues for cloud computing. Journal of internet services and applications, 4(1), 5.

Heath, S. (2013). U.S. Patent Application No. 13/712,919.

Khan, A. N., Kiah, M. M., Khan, S. U., &Madani, S. A. (2013). Towards secure mobile cloud computing: A survey. Future Generation Computer Systems, 29(5), 1278-1299.

Kshetri, N. (2013). Privacy and security issues in cloud computing: The role of institutions and institutional evolution. Telecommunications Policy, 37(4-5), 372-386.

Li, M., Yu, S., Zheng, Y., Ren, K., & Lou, W. (2013). Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE transactions on parallel and distributed systems, 24(1), 131-143.

Modi, C., Patel, D., Borisaniya, B., Patel, A., &Rajarajan, M. (2013). A survey on security issues and solutions at different layers of Cloud computing. The journal of supercomputing, 63(2), 561-592.

Pearson, S. (2013). Privacy, security and trust in cloud computing. In Privacy and Security for Cloud Computing (pp. 3-42). Springer, London.

Rahimi, M. R., Ren, J., Liu, C. H., Vasilakos, A. V., &Venkatasubramanian, N. (2014). Mobile cloud computing: A survey, state of art and future directions. Mobile Networks and Applications, 19(2), 133-143.

Rewagad, P., &Pawar, Y. (2013, April). Use of digital signature with diffiehellman key exchange and AES encryption algorithm to enhance data security in cloud computing. In Communication Systems and Network Technologies (CSNT), 2013 International Conference on (pp. 437-439). IEEE.

Rittinghouse, J. W., &Ransome, J. F. (2016). Cloud computing: implementation, management, and security. CRC press.

Rong, C., Nguyen, S. T., &Jaatun, M. G. (2013). Beyond lightning: A survey on security challenges in cloud computing. Computers & Electrical Engineering, 39(1), 47-54.

Ryan, M. D. (2013). Cloud computing security: The scientific challenge, and a survey of solutions. Journal of Systems and Software, 86(9), 2263-2268.

Sen, J. (2014). Security and privacy issues in cloud computing. In Architectures and protocols for secure information technology infrastructures (pp. 1-45). IGI Global.

Shahzad, F. (2014). State-of-the-art survey on cloud computing security Challenges, approaches and solutions. Procedia Computer Science, 37, 357-362.

Stojmenovic, I., & Wen, S. (2014, September). The fog computing paradigm: Scenarios and security issues. In Computer Science and Information Systems (FedCSIS), 2014 Federated Conference on (pp. 1-8). IEEE.

Sun, Y., Zhang, J., Xiong, Y., & Zhu, G. (2014). Data security and privacy in cloud computing. International Journal of Distributed Sensor Networks, 10(7), 190903.

Suo, H., Liu, Z., Wan, J., & Zhou, K. (2013, July). Security and privacy in mobile cloud computing. In Wireless Communications and Mobile Computing Conference (IWCMC), 2013 9th International (pp. 655-659). IEEE.

Tari, Z. (2014). Security and Privacy in Cloud Computing. IEEE Cloud Computing, 1(1), 54-57.

Wei, L., Zhu, H., Cao, Z., Dong, X., Jia, W., Chen, Y., &Vasilakos, A. V. (2014). Security and privacy for storage and computation in cloud computing. Information Sciences, 258, 371-386.

Whaiduzzaman, M., Sookhak, M., Gani, A., &Buyya, R. (2014). A survey on vehicular cloud computing. Journal of Network and Computer Applications, 40, 325-344.

Xia, Z., Wang, X., Zhang, L., Qin, Z., Sun, X., & Ren, K. (2016). A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Transactions on Information Forensics and Security, 11(11), 2594-2608.

Xiao, Z., & Xiao, Y. (2013). Security and privacy in cloud computing. IEEE Communications Surveys & Tutorials, 15(2), 843-859.

Yan, G., Wen, D., Olariu, S., &Weigle, M. C. (2013). Security challenges in vehicular cloud computing. IEEE Transactions on Intelligent Transportation Systems, 14(1), 284-294.

Zhang, Y., Chen, X., Li, J., Wong, D. S., Li, H., & You, I. (2017). Ensuring attribute privacy protection and fast decryption for outsourced data security in mobile cloud computing. Information Sciences, 379, 42-61.