Cloud Computing Assignmenton Cloud Migration, Privacy and Security
Question
Task: After your successful engagement to provide a security and privacy risk assessment for the charity, you and your team have again been engaged to develop privacy and personal data protection strategies for the charity.
The task:
Your team is to write a report that proposes appropriate policies for DAS in the following areas:
1. Develop a Privacy strategy proposal for the charity. The strategy should include the following items:
1. Management of personal information,
2. Collection and management of solicited personal information,
3. Use and disclosure of personal information,
4. Use and security of digital identities,
5. Security of personal information,
6. Access to personal information,
7. Quality and correction of personal information.
2. The controls that you recommend that would:
1. Mitigate the previously identified privacy risks,
2. Implement the privacy strategy.
3. Develop a personal data protection strategy proposal for the charity. This strategy should include:
1. Protection of personal information,
2. Authorised access & disclosure of personal information,
3. De-identification of personal data,
4. Use of personal digital identities,
5. Security of personal data,
6. Archiving of personal data.
4. The controls that you recommend that would:
1. Mitigate the previously identified security risks,
2. Implement the personal data protection strategy.
The team is to provide a written report with the following headings:
• Privacy strategy for personal data
• Recommended Privacy controls
• Personal data protection strategy
• Recommended personal data protection strategy.
As a rough guide, the report should not be longer than about 8,000 words. The report is to be written in Word format and posted in the Team File Exchange area in Interact.
The Privacy Strategy Group Wiki page in the Team area in Interact should be used to develop the strategy document and gather comments and suggestions from each team member. This Wiki should be exported as a single file and placed in the Team File Exchange area. Any strategy discussions in the team forum should be exported into a single document and loaded into the Team File Exchange area in Interact.
Answer
1. Introduction
This cloud computing assignment explores how information technology has changed the face of every sector in this world including from farming to the big size industries. Automation and accuracy are the two fundamental services that has changed the way of service delivery in every field of the world. Cloud services is the most trending technology in the present world that is being utilized for every purpose where there is the need of data availability and exchange of information for 24 X 7 hours. Cloud services provide organization the facility of information sharing from anywhere any time with the beneficial services such as sharing, storing, processing, and accessing of the data and information from anywhere via connecting to the internet. Three major models are being introduced to the industries for the collection, storing, and sharing of the data and information that includes IaaS (Infrastructure as a Service), SaaS (Software as a Service) and PaaS (Platform as a Service). The third parties who are popular in providing the cloud services include IBM Cloud, Google Cloud Platform, Microsoft Azure, Red Hat AWS (Amazon Web Services), and many more.
Cloud services can be a better option for the enhancement in the productivity and output of an organization through managing the operational activities in far better, easy, fast, and efficient manner. The targeted company for this report is the charity who is contributing in providing social services (such as “accommodation, mental health services, training and support services to disadvantaged people in the community”) to the community. However, the existing infrastructure of the organization is not capable of handling the increased demands and requirements of the consumers and so, an alternative information technology is required. Cloud service adoption can be the best course of action considering the management and processing of the collected data and information that can allow organization to meet the needs and requirements of the consumers. It can allow many benefits for DAS such as reliability, flexibility, scalability, expandability, virtual storage, on-demand software and services, and many more. Despite of the beneficial aspects, there are many disadvantageous factors those could influence the cloud adoption for the organization through targeting the privacy and security of the data and information being processed via cloudservices. This report will be highlighting the privacy and security issues in adopting cloud services as the integral part of the system for DAS. This cloud computing assignmentalso include the recommendations those could be adopted by DAS for the management of the privacy and security of the data and information being collected. A data protection strategy have been also proposed regarding the management of the different types of the data and information being collected for the processing of operational activities by the DAS. The next phase of the project will be discussing the mitigation strategies those could be adopted by DAS for the security purpose and the implementation of the data protection strategy for the management and processing of the personal and sensitive information being collected. The proposed threat mitigation and data protection strategies will be helpful in enhancing the reliability of the cloud services for the organization. The proposed strategies are the considerable aspects for the DAS in manner to manage the operational activities without any threat and issues. Thecloud computing assignment outlines aspects of the cloud services will be discussed in four phases as mentioned in the below report.
2. Privacy Strategy proposal
Privacy is always the most concerning factor for he individuals and the industries while sharing and collecting personal and sensitive information. The following paragraphs will be discussing the strategies those could be adopted by DAS for the management of the privacy of the collected sensitive and personal information and data.
2.1 Management of personal information
The charity will be collecting Personal Identifiable Information (PII) and sensitive information of their consumers and the staffs that makes privacy as the most considerable fact while adopting different technology or replacing the existing information system. The strategies must consider the present and past aspects of the privacy and security of the individuals connected with the organization. Following is the list of the activities those could be adopted for the management of the privacy of data and information being collected by the charity for the management of the operational activities and while migrating the same data over the cloud:
i. Strong password or password protection: the organization should assure that every individual accessing the database or the system of the DAS has the unique credentials for entering in the network and accessing the saved data and information. Other than this, strong password must be used by every representative in manner to assure that none but him or her can access the information system. Easy password can be accessed by an intruder or unauthorized user that can allow the access to the saved data and information and thus, use the same data for personal benefit influencing the privacy of the individuals whose data is already available in the database. Multi-factor authorization can be the best digital way for confirming the authenticated user for the data and information being accessed. Password change on regular basis is another simple measure that can be adopted by the individuals through assuring that even the unauthorized user have the access to the old password, it will be of no use once it is changed.
ii. Physical security of the database and anti-malware protectionare the efficient and effective strategies those could be adopted for assuring the privacy of the data and the management of the collected personal information. Different level of authorization within the organizational structure of DAS can be other effective measure for assuring the limited expose and access of the data and information related to the personal information being collected. is another major action that would ensure that the personal data’s privacy is maintained and is managed adequately. The malicious coding and intrusion programs can also be restricted and the intruders or hacker would not be able to enter the network.
2.2 Collection and management of solicited personal information
The case study states that the DAS will be collecting the PII data related to the consumers and the staffs in manner to manage the operational activities however, collection and management of those information will be the considerable point for the organization: following are some of the strategies those could be adopted by DAS for the collection and management of the collected data and information:
i. Data collection: the data and information being collected should be a reliable and credible source in manner to assure that malicious coding is not being transformed in the name of the personal information. It should be assured that there is not any attachment added while the personal data and information is being shared between two sources. ii. Data filtration: It is a possible effective strategy that can allow efficient and effective collection and management of the data and information. This cloud computing assignmentemphasizes on the is another potential measure that is capable of offering efficient and secured filtration for stopping the intruder from sharing and executing the malicious coding.comfortable collection and management of solicited PI. This will be helpful in enhancing the security and privacy of the entire database. iii. Re-evaluation of the is an effective and efficient way for validating the collected data and information that will be reviewing the sustainability of the collected data and information that can be suggested as the safe practice for DAS in manner to manage the data and information of the entire network.
2.3 Use and disclosure of personal information
The primary strategy for the use and disclosure of the personal information should be the adoption of the different level data access for the different level authorities of the organization. This management section for DAS will be considerable aspect as the Charity will be collecting PII and other sensitive information whose expose to an unauthorized user can violate the government policies and the whole organization can be legally alleged for violating privacy policies. Following are some of the measures those could be adopted for assuring the effective and efficient use and disclose of the data and information:
i. Session logout: this strategy could be applied on the online portal or the systems being used by the employees in manner to allow the system to be password protected after a certain period of time in manner to keep an unauthorized user away from the data and information. The internal resources could get access to the account that has not been attended for a while and could use the same personal information for personal benefits causing security and privacy issues for the individuals who are sharing their personal and sensitive information. Thus, this strategy will restrict other users to access the same information even if the system or the portal is not being accessed for certain instance of the time. ii. Different level Authorization for different personnel: Not every staff in the charity will need to access the entire data and information and thus, restricting the level of access for different personnel will be helpful in enhancing the privacy and security of the individuals.
2.4 Use and security of digital identities
Digital identity allow the system to be secured and authenticated for the respective user only and allowing only them to access the data and information saved in the database. It provide prominent advantages for the organization through introducing the digital technology that can analyze the digital signatures of the user and provide the access to the system to the respective users only. The authentication process at the digital level and information processing can be enhanced through this technology however, application of the digital identity has certain security issues that can be lagging factor for the organization. Following strategies can be adopted for the management and enhancement of the security of digital identities: multi-factor authorization, secured network, intrusion detection, and others. The intruder or hacker can enter the network and manipulate, delete or access the information related to the digital identity and thus, could possibly use the same information for accessing the data and information saved in the system.
2.5 Security of personal information
Personal and sensitive information being collected could possibly influence the functioning and operating of the charity as it will not be reliable enough to share the personal data and information and receiving the services. Compromising the data will not only influence the privacy of the individuals who are sharing their personal information but also the functioning and operating of the organization. Following are some of the strategies those could be adopted by the charity for enhancing the security of the personal information:
i. Monitoring and controlling tools: Personal information being saved, shared or accessed from the cloud are vulnerable to breach, intrusion, unauthorized access and many other trespassing those could influence the privacy and security of the individuals associated with the charity. Intrusion detection system will allow the organization to monitor the flow and exchange of the data and information and push a notification whenever an intruder tries to access the same information via any means.
ii. Strong and Unique Credentials: Password is the key to enter and access the saved information and thus, it is considerable fact that the individual protects it anyhow as these credentials could allow unauthorized user to access the saved personal information of others for personal benefits. Cloud adoption will allow the organization to limit and restrict the accesses at different levels and thus, unique credentials with strong password must be generated for every staff in manner to limit the use of the network and captured information.
iii. Using anti-malware or anti-virus:It will be helpful in blocking the malicious codes those could possibly influence the privacy and security of the data and information being exchanged over the cloud network.This will also be helpful in restricting the intruders fromexecuting the malicious coding that might influence the whole network. iv. Encryption: it allows the individual to share the file using a unique code that protects the information being shared and there’s only one cryptographic code that can allow the access to the information being shared.
2.6 Access to personal information
While talking about the personal information, confidentiality is the major aspect that must be considered while suing the cloud services for storing and accessing the personal data and information due to the vulnerabilities in the cloud services. As mentioned in the above report, different level of the authorities should have different level of the authorities in manner to manage the different data and information for every individual. Dividing the different level of the authorities for different level of personnel can be helpful in managing the privacy of the data and information related to the operational activities and the individuals connected with the charity. Following are some of the strategies those could be adopted by charity for managing the access of the data and information.
i. Limiting data and information access: This strategy emphasizes on the same concept as mentioned above as every staff or employee within the charity will not need to access the very personal and sensitive information and hence, limiting the different sections of the access of data and information. There are five hundred staffs in total and hence, the monitoring cannot be much effective in identifying who is ethically wrong and so it should be restricted. Limiting the use of the internet and not adoption of BYOD within the work place can be better and efficient in deploying this strategy is much more efficient and effective manner.
ii. Enhancing the security of the systems: This strategy should emphasize on the technical and policies related adoption considering the entire work environment and the types of information being collected.The policies of the organization must comply with the policy regulations deployed by the government in manner to assure that the information being collected and stored will be helpful in allowing the systems to be enough secured. The above mentioned strategies must be adopted considering the enhancement of the security of the information being migrated of over the cloud.
iii. Audit on regular basis: this strategy will allow the organization and the IT team of the charity to monitor the network being accessed by the staffs and employees and identify the leakages in the system. The IT team can look for the bugs and glitches those might possibly influence the privacy and security of the data and information.
iv. Secured Communication network: the cloud service providers claim to be highly secured however, the current attacks and issues in the news describe something different. The rate of the cyber-attacks have been increasing due to certain windows in the network and thus, allowing intruders to access the data and information saved in the network. The organization will need to connect with the cloud for further processing and hence, wireless or wired network connectivity will be required. The intruder might use the organizational network as a windowif proper security measures are not taken. The network engineers of the charity should consider it as a vital point of concern and should must deploy a secured networking model in manner to provide smooth and secured network connectivity.
2.7 Quality and correction of personal information
The above expressed explanation could be upheld by the way that key arranging, reception of new advancements and other significant changes in the association are done in light of the data. Data of an element isn't constrained just to the present utilize but at the same time is in charge of the supportability of the element. Consequently, the nature of the data ought to be high and it ought to likewise be right in nature. Subsequently, it is suggested that the philanthropy should center around the quality and rightness of their 200 TB information before they store it on the cloud administrations. The availability of the data will likewise get a lift on the grounds that the capacity will just hold the important information and that too will be restricted in measure. Undertaking the prescribed measure will empower the association to evacuate all the superfluous data and will even safe the capacity on the cloud stage which in the process will spare leasing expense of the capacity over the cloud. Besides, putting away the information in a library arranging over the cloud will likewise be useful for the availability of the individual data.
The philanthropy may have a few information that might be essential however off base which will affect the nature of the information antagonistically. Another striking measure that ought to be embraced is to guarantee that the information that is being moved to the cloud stage is right. In this way, it is of extraordinary importance that the information that is being relocated over the cloud is right. Information inspecting could be embraced to accomplish high caliber and right information. On the off chance that any inaccurate information is to be relocated over the cloud at that point, before movement, the information ought to be adjusted to keep any test for future activities.
Recommended Controls for Privacy
The discussed section is aimed at discussing the privacy threat that the charity may be exposed to due to migration to the cloud infrastructure. The section will detail the threats and the strategies to mitigate them. Furthermore, the strategy to implement them will also be provided with adequate attention so that the mitigation tools and techniques could be leveraged. The discussion has been divided in to two sub-sections, the first discussed threat and their mitigation strategy while the next would offer the mitigation strategy.
3. Recommended controls
3.1 Mitigation of privacy risks and privacy strategy implementation
The risks those have been identified in the above section are much severe for the ineffective and improper functioning of the organization and thus, following are the possible strategies those could be implemented as the privacy strategy for mitigating the privacy issues within the network.
It was identified that malicious coding, and malwarescould be the most emphasizing privacy strategies those could be mitigated at the prior of the cloud migration.These threats could allow the intruders to access the stored information that can be used for their personal benefits. This influences the security of the consumers of the Charity, directly or indirectly.The charity should install anti-malware, anti-virus, updated firewalls and secured network considering the restriction for the intruders or hackers to enter the system and access the stored data and information.
The adopted strategies will make sure that the intruder cannot enter the network or attempt certain technical attacks such as DoS, DDoS, or any other malicious attack that can restrict the functioning and operating of the organization. These services and application are available in the market and investment in security can be beneficial for the organization in its long-term running.
DDoS (Distributed Denial of Services): it can be described as the most practicable attack used by the intruders or the hackers in manner to gather the access to the data and information saved in the network. The talked about risk builds the activity in the correspondence channel that interfaces the client and the cloud service providers, which obstructs the client from getting to their information and administrating the authorized operation access. In any case, it ought to be noticed that the talked about attack isn't fit for containing on the information yet clears path for different attacks to include the security of the information.The purpose behind the noticeable quality that the talked about attack engages is on account of the client does not understand the attack, they trust that it is a system mistake and it gives the evildoer the chance to additionally abuse the information protection. The refusal of administrations to the client is then used by the digital identity and they access the information undermining the protection of the information.
Increment in the data transmission of the server will empower the system to clear path for more activity that would upset the plans of the evildoers to shut the verified client out of the system. As expressed over the talked about attack achieves its goal by expanding the activity in the system and subsequently, it could be alleviated by expanding the data transmission of the server. The cloud administrations offer such administrations and the philanthropy could prepare its advantages. Moreover, a flexible engineering is likewise fit for giving its help in moderating the risk of the DDoS. Equipment likewise assumes a noteworthy part in relieving the talked about risk be that as it may, as the philanthropy is intending to receive cloud administrations which prevents the convenience from claiming equipment in the examined situation. It tends to be achieved by disseminating the server farm into particular segments that are situated at various topographically far off positions.
It might be high on the financial plan of the association however will alleviate the danger of DDoS. The answer for DDoS incorporates expanding of the data transfer capacity which should be possible by purchasing more from the specialist organization. The engineering can be made strong by spreading the servers at various areas in various systems.
Personal Informationexpose: It is another considerable risk that can be mitigated to the extent level in manner to manage the information being collected and processed for the accomplishment of the daily operationalactivities of the charity. The information could be spilled using any and all means that incorporates the digital attack, information break, hacks or even because of inner components. It is additionally an eminent test that should be considered. The beneath talked about measures could help the clients in accomplishing the examined accomplishment. Consequently, it is the fate of incredible criticalness that the clients ensure their information even on the cloud stage.
The encryption will guarantee that regardless of whether the information is released nobody could read or change the information. Information Encryption is a standout amongst the most practical methods for reception to ensure the information protection. It ought to likewise be guaranteed that the information are scrambled at each phase of their cloud life be it in the resting stage or the movement organize. In the talked about measure the information are encoded into a figure information that must be gotten to by the encryption key that is possessed by the client. Standard secret key is likewise a measure that could guarantee the security of the information. Besides, the dangers of beast compel and other comparative attacks could be moderated by intermittently changing the passwords. The information ought to be secret key secured and in the event that it is standard in nature then the attacks, for example, savage attack have next to no shot of being achievement. As expressed over, the information spillage on the cloud could likewise occur because of inner blame and it could be alleviated via preparing the workers with sufficient utilization of the cloud benefits and keep them from tumbling to any phishing attack. Physical blame at the server farm are another conspicuous reason for information spillage and could be alleviated by support up the information. The inner danger could likewise be moderated by setting consents for openness and adjustment of the information.
The usage of information spillage moderation system regards requirement for encryption of the information. Symmetric key calculation scrambles the information in such a design, to the point that the encryption key and the unscrambling key are indistinguishable in nature. Besides, the representatives could be prepared by directing instructional courses. Firewalls could be utilized for setting up the consent for the utilization of information. The information can be scrambled through two unique means symmetric and can only be accessed through single key. The confirmation of the information availability could be guaranteed by utilizing institutionalized secret key, two factor validation, computerized marks and different means. While awry key calculation utilizes distinctive keys for encoding and unscrambling of the information. In light of the necessities of the association they could receive any measure.
Identity fraud: this is next considerable threat that needs to be managed as it could lead to severe damages for the organization and could lead the organization to closure. As a feature of danger the interloper goes about as the client and obtains entrance and control of the information. It is additionally a noteworthy test for the protection of the information since it offers the entire control to the gate crasher. To trade off the client's framework, the evildoers send malevolent connections or sends which when opened by the client sends the clients information to them.The personality of the clients could be stolen by trading off the arrangement of the client through various means. Consequently, moderation of the talked about risk is of incredible significance.
Another remarkable measure would be not letting the framework getting bargained or profiting the subtle elements to the evildoers. Not tapping on the malevolent connections or sends could guarantee that the client does not approves the transgressor to imagine as them. Encryption key is the most well-known measure for keeping away from the talked about risk which could be additionally increased by embracing two-factor validation and other propelled safety efforts. Preparing the group of the philanthropy in keeping up an institutionalized watchword and not tapping on the malignant connections and sends should be possible to guarantee the security from the data fraud.
Data or Information misfortune alludes to the condition where the information winds up unusable for the client. The reason for information misfortune could be n number of things, for example, inadvertent erasure, malignant attacks, specialist co-op blackout, maverick applications, representative flight and a few others. It might be because of any reasons, for example, information defilement, erasure or getting to be garbled. The 'n' number of explanations behind the cloud misfortune makes it a standout amongst the most conspicuous danger for the information over the cloud.
The measures in dialog are encryption, reinforcement, secret word security and others. The usage measures talked about for the alleviation technique of information misfortune are in a state of harmony with the procedure for the avoidance of information spillage and could be embraced.
Encryption, secret key assurance and support up of information are the most conspicuous estimates that could guarantee the security of information against the risk of information misfortune.
4Data protection Strategy
Data of an organisation is very crucial for its future development and hence, it needs to be provided with adequate attention. Furthermore, if the data is mission crucial as is the case with the Charity it becomes of high significance that the data is protected from both external and internal attacks. Additionally, the vulnerabilities that is offered by the cloud service, the challenges further amplify and hence, the discussed section details the data protection strategy. The data protection strategy has considered several aspects and has also discussed potential recommendations for the threats that the cloud may offer to the 200 Tb data of the Charity.
1. Protection of the personal data
Personal data of the charity is mission crucial and directly impact the sustainability of the organisation. However, the charity is concerned with threats that is posed by the cloud and hence, the need for the protection of the personal data becomes of major significance. The challenge offered to the personal data over data could be of many modes. Some of the most widely known modes are the data loss, DDoS attacks, Man-in-the-Middle attacks and several others. However, the challenges in discussion are mitigatable and some of the most basic security techniques that could offer its assistance in mitigating the threats are listed as follows:
i. Selection of adequate and viable security measures: The security measures in discussion details the protection that proper authentication approach and security tools can offer. Facial recognition, smart password, biometric systems and similar other disruptive measures are capable of offering the security to the personal data.
ii. Secure network: Keeping the network secure that will be used for communication between the cloud servers and the user’s system is one of the measures that will ensure that the data is protected. The attacks such as man-in-the-middle and similar other attacks uses the vulnerability of the network to attack the personal data. Moreover, adoption of a secure network will ensure that the transmission of information ends at the point that has been designated b without any theft, loss or manipulation of the information.
iii. Secure system: Hackers and cybercriminals uses the system which are insecure to plant botnets and when the user uses the compromised system to access the data, they expose the personal information to the former. Hence, it is vital to keep the system secure so that no one can trespass the system and leave the data unprotected.
4.2 Authorized access & disclosure of personal information
Authentication validity protects the data from the cybercriminal because to reach the data, the latter have to pass through the authentication wall. Moreover, if the system detects unusual activities or many failed attempts to get the authentication correct it will block the criminal from the system. Disclosure of the personal data is also a challenge for the charity because it may reveal the plans and mission crucial data of the organisation. Hence, safety measures should be adopted and some of them are listed below.
i. Firewalls:Firewalls are walls liked filter that allows safe and necessary information to pass from the network into the servers and blocks out the malware and harmful contents from the system.
ii. Antivirus acts similarly as the firewall but instead of just stopping the harmful contents it even scans the system for any harmful content. Moreover, firewalls are best for the network while, antivirus are designed to protect the data, system and its applications.
iii. Restricting others from using the user credential: It should be ensured that no other staff of the charity is using other staff’s credentials or system because it might compromise the security of the data.
5. De-identification of personal data
De-identification is the process of preventing the cyber attackers from gaining the identity of the user or the information that is contained in the datasets. The need for de-identification is important because if the identity of the user or the data is revealed it may challenge the strategic planning of the charity. The exposure of the strategic planning affects the bidding processes, product & service launching and many more activities that the organisation is planning to improve its operations and gain competitive advantage. Therefore, it should be made sure that the de-identification of the personal data is done and no security vulnerability is faced by the personal data. Several tools such as the antivirus and others are available to provide help in de-identification of the personal data. Moreover, encryption and other techniques could also serve for this purpose. Abiding by the security policies can also help in de-identification of the personal information.
5.1 Use of personal digital identity
Digital identity of a user, company or other is the detailed information of the user that is stored on electronic medium and can be used for different processes with the approval of the user. The statement above cites that the digital identity of the user holds the personal information of the user and hence, it should be ensured that the data is protected. Moreover, as the digital identity is stored on electronic medium, therefore making, it vulnerable to cyber-attacks. However, the benefits of the digital identity are also high and they have been detailed below:
i. Security: It has been mentioned above that digital identity is exposed to cyber-attacks but they even offer a high level of security with just minor consideration to the network and authentication.
ii. Speed and ease are also the benefits that is offered by digital identities. Electronic source as it base offers the benefit of being fast to the user. Moreover, it also offers ease of management, storage, processing and analysis to the user.
iii. Data integrity: The point above has made it evident that the information stored in digital identity is easy to store, process, analyse and management and it makes the data consistent, complete and accurate. In other words, the digital identity provides data integrity to the stored data.
5.2 Security of personal data
The importance of personal data protection is evident from the discussions above. Moreover, the objective of the discussions is to develop personal data protection strategy. So, it is important to discuss the security challenges of the personal data and how it can be managed. Data loss, identity theft, man-in-the-middle, information leakage and similar other threats are challenging the security of the personal information (Xiao & Xiao, 2013). So, the following recommendations can help the charity to counter the threats and protect their personal data.
i. Strict Authentication: Password and id are the basic safety measures that is adopted for the protection of the data. So, it is necessary that the passwords that are used for getting into the account for accessing of the data is secure and of high calibre. Safe password practice can be attained by keeping the password a combination of several special characters, numbers and letters in both upper & lower case. It makes it difficult for the cybercriminals to determine and crack the password making the data secure. Moreover, the brute force attack is also not very effective on this type of password.
ii. Antivirus and Firewalls: The security tools such as antivirus and the firewalls are also very effective in protecting the system. Antivirus scans for any anomaly that may be available in the system and also prevents such thing from coming into the system. On the other hand, firewalls act as a filter that allows only the needed content to enter the system while unwanted or harmful contents are blocked from entering the server or system. The techniques such as the VPN (Virtual private network) can serve in protecting the network related threat for data protection.
iii. Restricting accessibility: The discussed point recommends that users of the system should be restricted from accessing any harmful source or e-mails. As part of this the staffs should not be allowed to visit any harmful site that may be a source of malicious or inexplicit contents. Firewall could be utilised to block such sources which might content malicious contents.
iv. State-of-art tool: Cybercriminals are attempting new techniques to attack a system or server. Therefore, it becomes mandatory for the users to have state-of-art tool and techniques in place that can counter new malicious contents that are dropped by the cybercriminals. State-of-art nature can be adopted by upgrading the security tools on regular basis to counter new malicious contents. Moreover, new security measures such as the cryptographic protection and others can be deployed for further protection.
v. Security Audits: Auditing the system and the network for vulnerabilities is also one of the major ways that can ensure that the personal information is protected. The auditing will reveal the flaws in the system and can be mitigated by deploying necessary measures. Moreover, it will even detect botnets if there are any in the system. Hence, a monthly or quarterly security audit is recommended.
5,3 Archiving of personal information
Archiving of data is the process where the data that are crucial for future use but have no specific use currently are detained to keep them safe from any threats (Nafi et al., 2013). It helps in maintaining a secure data along with providing integrity and confidentiality to the data. It also mitigates the threat of data loss. Hence, it is recommended that the data should be kept archived until the need for the data arises.
|
|
S.No |
“Security Risks (Personal data)” |
“Mitigation Plans” |
“Implementation Methods” |
|
Student 1 Student ID |
1.
|
Compromising of the storage: Cloud services provides storage to each of the user that associates with it where all the personal and confidential data is stored. However, the chances of losing data due to a fault in the storage can prove to be a threat for the protection of the data and hence, demands attention. |
1. Upgrading Architecture: The discussed threat can be mitigated by having a state-of-art storage architecture in place that is capable of withstanding the challenges of storage (Mishra et al., 2012).
|
1. The cloud vendors offer several architecture options that are capable of keeping the storage and the data safe. It also offers the advantage of making the processes fast and effective. The charity can buy a stronger architecture with a little extra financial investment.
|
|
2. Maintenance: A periodic maintenance of the storage provides the owner with the opportunity to identify the flaws in the system and mitigate them. Moreover, a regular maintenance can also offer the advantage of speed and reliability in the accessing of the data. |
2. The charity is planning to move to the cloud which offers the service of maintenance of storage. However, the maintenance that will need internal access will have to be done by the organisation themselves to ensure that their data privacy is kept intact. |
|||
|
2.
|
Eavesdropping: One of the most well-established threat that the cloud services offer in terms of the data is the threat of eavesdropping where the intruder sniffs or hears the information (Gonzalez et al., 2012). It can reveal the strategies and other plans of the organisation to its competitors and will also reveal the identity and challenges of the mentally challenged people.However, this attack only identifies the content of the data and does not manipulate it |
1. Encryption: Encryption is one of the best methods to secure the data from attacks (Wu et al., 2012). As part of the discussed process the data is encrypted and could only be accessed or through the use of the decryption key which is owned by the owner of the data or the designated owner that had been decided by the owner. It is one of the most popular security measures and should be adopted by the charity. |
1. Encrypting of the data could be attained by two different measures the first being symmetric encryption where the encryption and decryption keys are the same and asymmetric key where the encryption key differ from the decryption key (Wei et al., 2012). Both type of encryption could be done by deploying adequate algorithmic measures. The advantage of both the encryption is different from each other but effective at the same time. While symmetric encryption offers simplicity and ease, asymmetric encryption offers enhanced security. |
|
|
2. Software Control: It should be ensuring that the system is not compromised in terms of software. Furthermore, appropriate control of the software will ensure that no malware gets into the system that would enable the eavesdropping. |
2. The foremost need for adequate control of the software is its genuineness (Garg, Versteeg & Buvya, 2013). The discussed measure is crucial because the pirated software does not gain the advantage of getting new updates and moreover, they might contain some illicit content and hence should be avoided for proper controlling of the software. |
|||
|
3.
|
Interception of Messages: Data or their contents could be intercept in the system, server or the network during transmission stage (Bonomi et al., 2012). It can pose the threat of data manipulation before reaching its designated location. |
1. Firewalls: The firewalls are thee wall like filters that enables only authorised users or content to get into the network (Lee & Zomaya, 2012). Hence, it can be deployed which will detect the threat before it acts and will mitigate it in the process protecting the data from any harm. It will also restrict deployment of malicious content by the cybercriminals which will protect the system and restrict any remote control to the malefactors. |
1. Firewalls are available in the market which could be purchased directly(Garg, Versteeg & Buyya, 2013). However, the configuration process of the firewall should be done with great caution so that it can be leveraged. |
|
|
1. Encryption: Encryption is one of the best methods to secure the data from attacks (Wu et al., 2012). As part of the discussed process the data is encrypted and could only be accessed or through the use of the decryption key which is owned by the owner of the data or the designated owner that had been decided by the owner. It is one of the most popular security measures and should be adopted by the charity. |
1. Encrypting of the data could be attained by two different measures the first being symmetric encryption where the encryption and decryption keys are the same and asymmetric key where the encryption key differ from the decryption key (Wei et al., 2012). Both type of encryption could be done by deploying adequate algorithmic measures. The advantage of both the encryption is different from each other but effective at the same time. While symmetric encryption offers simplicity and ease, asymmetric encryption offers enhanced security. |
|||
|
Student 2 Student ID |
4.
|
Man in the Middle: Xu, (2012), has stated this attack as one of the most vital threat for the data protection. The attack as its name suggest attacks in the middle stage when the data is in transmission stage. The attacker attacks the data in the middle stage and identifies the data content but does not manipulate or steal the data. |
1. Encryption: Encryption is one of the best methods to secure the data from attacks (Wu et al., 2012). As part of the discussed process the data is encrypted and could only be accessed or through the use of the decryption key which is owned by the owner of the data or the designated owner that had been decided by the owner. It is one of the most popular security measures and should be adopted by the charity. |
1. Symmetric encryption is best for the discussed type of attack and could easily be implemented through encryption (Xu, 2012). |
|
2. VPN: VPN abbreviated form of Virtual private network is one of the best ways to ensure that the data is safe (. As the name suggests it offers a private route for the transmission of the data which restricts any trespasser from entering the data transfer domain of th user. |
2. the implementation of the VPN can be completed in three steps the first being configuration of the remote server (Garg, Versteeg & Buyya, 2013). Following that the next step is providing of the IP address which completes the implementation. |
|||
|
5.
|
Network Traffic Manipulation: The attacks such as the DDoS attack increases the traffic in the communication network through which the users and the cloud server interact (Radut, Popa & Codreanu, 2012). It blocks the user out of the server which then could be utilized by the attacker. The discussed attack does not enable by the attacker to make any changes or steal data but makes room for other attacks to compromise the data. |
1. Firewalls: The firewalls are thee wall like filters that enables only authorised users or content to get into the network (Lee & Zomaya, 2012). Hence, it can be deployed which will detect the threat before it acts and will mitigate it in the process protecting the data from any harm. It will also restrict deployment of malicious content by the cybercriminals which will protect the system and restrict any remote control to the malefactors. |
1. Firewalls are available in the market which could be purchased directly(Garg, Versteeg & Buyya, 2013). However, the configuration process of the firewall should be done with great caution so that it can be leveraged. |
|
|
2. Antivirus: Most basic form of protection that could offer security against such attacks (Hashem et al., 2015). It protects the system by identifying the threat of intrusion in the network and mitigating it before any consequences happen. |
2. Antivirus are readily available for buying and could be bought from the market.However, buying of reliable antivirus is one of the crucial needs that needs to be taken into consideration.
|
6. Conclusion
The report in discussion could be emphasised to state that personal data is very important for the owner because it acts as the unit for the actions that the owner will take in future. The decision could be strategic that will define the actions for gaining a competitive advantage or so small that it does not change anything. Though the protection and privacy of the personal information is important and hence, the personal data protection strategy along with the privacy data protection. This cloud computing assignment explores different aspects of the need for the privacy and security along with offering an insight into the paper. The mitigation strategy along with the implementation techniques has also been discussed to offer a better understanding of the strategies.
Hence, it would be appropriate to state the personal data is very vital for all the operational bodies. The discussed on the cloud computing assignment measures will also assist the users in understanding foreign needs, benefits and challenges along with the implantation strategic.
Bibliography
Ahmad, R. W., Gani, A., Hamid, S. H. A., Shiraz, M., Yousafzai, A., & Xia, F. (2015). A survey on virtual machine migration and server consolidation frameworks for cloud data centers. Journal of Network and Computer Applications, 52, 11-25.
Arockiam, L., & Monikandan, S. (2013). Data security and privacy in cloud storage using hybrid symmetric encryption algorithm. International Journal of Advanced Research in Computer and Communication Engineering, 2(8), 3064-3070.
Batini, C., & Scannapieco, M. (2016). Data and information quality. Cham, Switzerland: Springer International Publishing. Google Scholar.
Beck, E. N. (2015). The invisible digital identity: Assemblages in digital networks. Computers and Composition, 35, 125-140.
Beloglazov, A., Abawajy, J., & Buyya, R. (2012). Energy-aware resource allocation heuristics for efficient management of data centers for cloud computing. Future generation computer systems, 28(5), 755-768.
Blocki, J., & Datta, A. (2016, June). CASH: A cost asymmetric secure hash algorithm for optimal password protection. In Computer Security Foundations Symposium (CSF), 2016 IEEE 29th (pp. 371-386). IEEE.
Bonomi, F., Milito, R., Zhu, J., & Addepalli, S. (2012, August). Fog computing and its role in the internet of things. In Proceedings of the first edition of the MCC workshop on Mobile cloud computing (pp. 13-16). ACM.
Cai, L., & Zhu, Y. (2015). The challenges of data quality and data quality assessment in the big data era. Data Science Journal, 14.
Cao, N., Wang, C., Li, M., Ren, K., & Lou, W. (2014). Privacy-preserving multi-keyword ranked search over encrypted cloud data. IEEE Transactions on parallel and distributed systems, 25(1), 222-233.
Chaisiri, S., Lee, B. S., & Niyato, D. (2012). Optimization of resource provisioning cost in cloud computing. IEEE Transactions on Services Computing, 5(2), 164-177.
Chen, D., & Zhao, H. (2012, March). Data security and privacy protection issues in cloud computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 1, pp. 647-651). IEEE.
Chen, H. C., & Lee, P. P. (2014). Enabling data integrity protection in regenerating-coding-based cloud storage: Theory and implementation. IEEE transactions on parallel and distributed systems, 25(2), 407-416.
Conejero, J., Burnap, P., Rana, O., & Morgan, J. (2013, June). Scaling archived social media data analysis using a hadoop cloud. In Cloud Computing (CLOUD), 2013 IEEE Sixth International Conference on (pp. 685-692). IEEE.
Cummings, R. G. (2014). The Case against Access to Decendents' E-mail: Password Protection as an Exercise of the Right to Destroy. Minn. JL Sci. & Tech., 15, 897.
Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J. H., Metayer, D. L., Tirtea, R., & Schiffner, S. (2015). Privacy and Data Protection by Design-from policy to engineering. arXiv preprint arXiv:1501.03726.
Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of mobile cloud computing: architecture, applications, and approaches. Wireless communications and mobile computing, 13(18), 1587-1611.
Gampala, V., Inuganti, S., & Muppidi, S. (2012). Data security in cloud computing with elliptic curve cryptography. International Journal of Soft Computing and Engineering (IJSCE), 2(3), 138-141.
Garg, S. K., Versteeg, S., & Buyya, R. (2013). A framework for ranking of cloud computing services. Future Generation Computer Systems, 29(4), 1012-1023.
Grassi, P. A., Garcia, M. E., & Fenton, J. L. (2017). Digital identity guidelines. NIST Special Publication, 800, 63-3.
Gupta, P., Seetharaman, A., & Raj, J. R. (2013). The usage and adoption of cloud computing by small and medium businesses. International Journal of Information Management, 33(5), 861-874.
Hamdare, S., Nagpurkar, V., & Mittal, J. (2014). Securing SMS based one time password technique from man in the middle attack. arXiv preprint arXiv:1405.4828.
Hamlen, K., Kantarcioglu, M., Khan, L., & Thuraisingham, B. (2012). Security issues for cloud computing. Optimizing Information Security and Advancing Privacy Assurance: New Technologies: New Technologies, 150.
Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The rise of “big data” on cloud computing: Review and open research issues. Information Systems, 47, 98-115.
Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of security issues for cloud computing. Journal of internet services and applications, 4(1), 5.
Jing, P. (2014). A new model of data protection on cloud storage. Journal of Networks, 9(3), 666.
Jung, T., Li, X. Y., Wan, Z., & Wan, M. (2013, April). Privacy preserving cloud data access with multi-authorities. In INFOCOM, 2013 Proceedings IEEE (pp. 2625-2633). IEEE.
Kahn, M. G., Callahan, T. J., Barnard, J., Bauck, A. E., Brown, J., Davidson, B. N., ... & Liaw, S. T. (2016). A harmonized data quality assessment terminology and framework for the secondary use of electronic health record data. Egems, 4(1).
Kao, Y. W., Huang, K. Y., Gu, H. Z., & Yuan, S. M. (2013). uCloud: a user-centric key management scheme for cloud data protection. IET Information Security, 7(2), 144-154.
Kertesz, A., & Varadi, S. (2014). Legal aspects of data protection in cloud federations. In Security, Privacy and Trust in Cloud Systems (pp. 433-455). Springer, Berlin, Heidelberg.
Khan, A. N., Kiah, M. M., Khan, S. U., & Madani, S. A. (2013). Towards secure mobile cloud computing: A survey. Future Generation Computer Systems, 29(5), 1278-1299.
Kshetri, N. (2013). Privacy and security issues in cloud computing: The role of institutions and institutional evolution. Telecommunications Policy, 37(4-5), 372-386.
Lee, Y. C., & Zomaya, A. Y. (2012). Energy efficient utilization of resources in cloud computing systems. The Journal of Supercomputing, 60(2), 268-280.
Lin, A., & Chen, N. C. (2012). Cloud computing as an innovation: Percepetion, attitude, and adoption. International Journal of Information Management, 32(6), 533-540.
Lin, C., Su, W. B., Meng, K., Liu, Q., & Liu, W. D. (2013). Cloud computing security: architecture, mechanism and modeling. Chinese Journal of Computers, 36(9), 1765-1784.
Liu, W. (2012, April). Research on cloud computing security problem and strategy. In Consumer Electronics, Communications and Networks (CECNet), 2012 2nd International Conference on (pp. 1216-1219). IEEE.
Mishra, A., Mathur, R., Jain, S., & Rathore, J. S. (2013). Cloud computing security. International Journal on Recent and Innovation Trends in Computing and Communication, 1(1), 36-39.
Nafi, K. W., Kar, T. S., Hoque, S. A., & Hashem, M. M. A. (2013). A newer user authentication, file encryption and distributed server based cloud computing security architecture. arXiv preprint arXiv:1303.0598.
Nguyen, K. T., Laurent, M., & Oualha, N. (2015). Survey on secure communication protocols for the Internet of Things. Ad Hoc Networks, 32, 17-31.
Pearson, S. (2013). Privacy, security and trust in cloud computing. In Privacy and Security for Cloud Computing (pp. 3-42). Springer, London.
Popa, L., Kumar, G., Chowdhury, M., Krishnamurthy, A., Ratnasamy, S., & Stoica, I. (2012, August). FairCloud: sharing the network in cloud computing. In Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication (pp. 187-198). ACM.
Radut, C., Popa, I., & Codreanu, D. (2012). Cloud Computing Security. REVISTA ECONOMIC, 171.
Rewagad, P., & Pawar, Y. (2013, April). Use of digital signature with diffie hellman key exchange and AES encryption algorithm to enhance data security in cloud computing. In Communication Systems and Network Technologies (CSNT), 2013 International Conference on (pp. 437-439). IEEE.
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation, management, and security. CRC press.
Rodrigues, J. J., De La Torre, I., Fernández, G., & López-Coronado, M. (2013). Analysis of the security and privacy requirements of cloud-based electronic health records systems. Journal of medical Internet research, 15(8).
Sen, J. (2014). Security and privacy issues in cloud computing. In Architectures and protocols for secure information technology infrastructures (pp. 1-45). IGI Global.
Shaikh, N., & Shrimali, V. (2016). Disaster Recovery Plan: Automating Backup Process for Library Databases.
Sun, Y., Zhang, J., Xiong, Y., & Zhu, G. (2014). Data security and privacy in cloud computing. International Journal of Distributed Sensor Networks, 10(7), 190903.
Suo, H., Liu, Z., Wan, J., & Zhou, K. (2013, July). Security and privacy in mobile cloud computing. In Wireless Communications and Mobile Computing Conference (IWCMC), 2013 9th International (pp. 655-659). IEEE.
Wang, B., Li, B., & Li, H. (2014). Oruta: Privacy-preserving public auditing for shared data in the cloud. IEEE transactions on cloud computing, 2(1), 43-56.
Wang, B., Yu, S., Lou, W., & Hou, Y. T. (2014, April). Privacy-preserving multi-keyword fuzzy search over encrypted data in the cloud. In INFOCOM, 2014 Proceedings IEEE (pp. 2112-2120). IEEE.
Wang, C., Wang, Q., Ren, K., Cao, N., & Lou, W. (2012). Toward secure and dependable storage services in cloud computing. IEEE transactions on Services Computing, 5(2), 220-232.
Wei, L., Zhu, H., Cao, Z., Dong, X., Jia, W., Chen, Y., & Vasilakos, A. V. (2014). Security and privacy for storage and computation in cloud computing. Information Sciences, 258, 371-386.
Williams, S., Fleming, S., Lundqvist, K., & Parslow, P. (2013). This is me: Digital identity and reputation on the internet. In Digital identity and social media (pp. 104-117). IGI Global.
Winkler, A. T. (2013). Password Protection and Self-Incrimination: Applying the Fifth Amendment Privilege in the Technological Era. Rutgers Computer & Tech. LJ, 39, 194.
Wu, L., Garg, S. K., & Buyya, R. (2012). SLA-based admission control for a Software-as-a-Service provider in Cloud computing environments. Journal of Computer and System Sciences, 78(5), 1280-1299.
Xiao, Z., & Xiao, Y. (2013). Security and privacy in cloud computing. IEEE Communications Surveys & Tutorials, 15(2), 843-859.
Xiao, Z., & Xiao, Y. (2013). Security and privacy in cloud computing. IEEE Communications Surveys & Tutorials, 15(2), 843-859.
Xiao, Z., Song, W., & Chen, Q. (2013). Dynamic resource allocation using virtual machines for cloud computing environment. IEEE transactions on parallel and distributed systems, 24(6), 1107-1117.
Xu, X. (2012). From cloud computing to cloud manufacturing. Robotics and computer-integrated manufacturing, 28(1), 75-86.
Yang, K., & Jia, X. (2013). An efficient and secure dynamic auditing protocol for data storage in cloud computing. IEEE transactions on parallel and distributed systems, 24(9), 1717-1726.
Zaveri, A., Rula, A., Maurino, A., Pietrobon, R., Lehmann, J., & Auer, S. (2016). Quality assessment for linked data: A survey. Semantic Web, 7(1), 63-93.
Zhang, L., Wu, C., Li, Z., Guo, C., Chen, M., & Lau, F. C. (2013). Moving big data to the cloud: An online cost-minimizing approach. IEEE Journal on Selected Areas in Communications, 31(12), 2710-2721.
Zou, Y., Wang, X., & Shen, W. (2013, June). Intercept probability analysis of cooperative wireless networks with best relay selection in the presence of eavesdropping attack. In Communications (ICC), 2013 IEEE International Conference on (pp. 2183-2187). IEEE.
Contribution
Student 1:
I contributed in identifying the threats that needs to be countered and also offered my support in determining the mitigation strategies along with other team members.
I believe that the need for data privacy and protection strategy is needed for ensuring that the personal data is safe and no manipulation or theft of the data is attempted.
Student 2:
I contributed in detailing the implementation strategy for the identified solution. My contribution also expanded to identifying of the potential security measures that could mitigate the identified threats for data privacy and security.
