IT Risk Assessment: External Cloud Solution Essay

Question:

Discuss about the IT Risk Assessment for External Cloud Solution.

Answer:

Introduction

Information technology has become an integrated part of each business. By adopting the IT technology, business can improve their customer’s services and the present business conditions. Through using the IT technologies, the business can easily overcome many other issues such as geographical limitation and the limited number of customers and high prices services. In this, the cloud hosting solution is one of the major emerging technologies in the IT. It refers to the upload the data from the manual format to the internet (Taylor, Haggerty, Gresty and Lamb, 2011). The use of the cloud services has increased in many industries such as finance, sports and many others. Aztek is an Australia based finance services provide company, which is moving to the adoption of external cloud services. Through this, the company can offer services to the 24/7 hours to customers and also they can access data from anywhere. In the present report, analysis is made on different aspects of the cloud computing (Ward and Sipior, 2010). It includes the merits of the cloud computing, cloud computing in financial sector and other regulations which create impact on the business. At last, it provides risks which are associated with cloud computing.

Merits Of The External Cloud Solution

Aztek is an Australia based company which offers different types of the financial services to its customers. The company is expanding its business services and using Information Technology (IT) for it. The company is presently trying to migrate with the business-critical applications and data resources into the cloud hosting solution (Almorsy, Grundy and M?ller, 2016.). Through the external cloud services, they can easily transfer data to the cloud. This cloud is remotely handled by the other person. Following are the merits of the present project:

Fewer capital expenses

The most significant cloud computing benefit is in terms of IT cost savings. The cloud solution helps the company to maintain the cost and charged to the minimum operations costs without matter of the size of the project. The lack of on-premises infrastructure also removes the associated operational costs in the form of power, air conditioning and administration costs (Bisong and Rahman, 2011). For the Aztek Company, it brings many opportunities and helps the business to maintain costs and through this, the companies also do not worry about the security of the cloud services.

Reliability

The external cloud services are much better than in-house services. In the external services, the company can easily store the data and other sensitive information about their company. It offers services 24/7 hours and organization can benefit from a massive pool of redundant IT resources. If any server fails to work then the company can easily transfer all data and the information to any other available server (Bruneo, 2014). Along with this, the company can also increase or decrease the scale of business operations according to its requirements.

Management of use of resources

Through the cloud services, the company can efficiently use its resources. With the help of present cloud services, the business can efficiently use its projects and reduce the operational costs incurred. The employees of the company need to spend less time on information managing and they can use their time in more useful activities (Buyya, Broberg and Goscinski, 2010). Another benefit of the company for resources is that it helps the company to enjoy the scalability of economics. The cloud services have less energy consumption and required less physical resources in order to maintain the services.

High level of storage capacity and flexibility

The external cloud services can offer high level of storage services to their customers. With the cloud, the company can easily store any type of the data without any limitation. Along with this the company also receives a high level of the flexibility. The cloud services offered to the company test and develop cloud services effectively (Dinh, Lee, Niyato and Wang, 2013). If one cloud is not working properly then the company can switch to another cloud. Along with this, Aztek can also able to access the own file through the internet anywhere.

Cloud Computing In Financial Sector And Other Regulations

The external cloud services in the financial services help to the company to manage their activities and operations costs effectively. The financial sector is also now engaged with the internet services. There are many organizations like Aztek which are using cloud services to efficiently use their resources. The main role of cloud services in the financial services to offers the financial services and also helps the company to maintain its internet services (Furht, 2010). Through the external cloud services, the business can offer a large number of services and they can also provides high level of the security to store personal information of customers. However, there are many types of the rules and the regulation which are needed to be maintained. The Australian government develops some laws and regulation through which they can control the activities and security of the cloud services. It imposed in accordance to the data security and the privacy act in which the company has obligation for not sharing personal information about the customers to any third party.

Government Regulations

Storing data in the cloud, rather than on other devices or on an inadequately secured in-house system, if done well, may reduce these risks (Bisong and Rahman, 2011). Following are the government and industrial regulations which should be implemented by the company:

The Privacy Act

The Australian Privacy Act is designed to regulate the collection and handling of the personal information of individuals. It states that the company cannot share any type of the information about the customers to any third party. In Aztec, there are many types of the customers who take the financial services. While, the receiving these services, they can also provide their information such as back detail, ID card detail and much more. It can lead to harm if the company provide this information to third party (Garg, Versteeg and Buyya, and 2013). Some personal information also involve sensitive information such as the person's race or ethnicity, their religious, political or philosophical beliefs or affiliations, and health information, including genetic information. All these laws are also applied to the company which is using the cloud services. While doing the business on the cloud, there are chances that the information may leak from the cloud. The business has to face many types of problems because it is considered as the breach of information.

Information on the cloud

The government is also provided guidelines to the organization to provide information about the cloud services. The company has to; under the privacy provide information about who can use their information. The major dealing in the cloud services is based on the cloud provider and the organizations (Iosup, Prodan and Epema, 2014 ). Aztek, in the cloud services, need to provide disclosure to the customers who can assess information and by what purpose. So, in future, no other problems can be created.

Collection of the information

The Privacy Act also involves the collection of the data. The company can collect only the data when it required for maintain its business functions. The company in order to monitor the personal records of the customers’ needs to take care of the information before providing services or data to the cloud vendor (Jadeja, and Modi, 2012). Along with this, the company also needs to provide information to the customers if the company is sharing the perusal data with any other third party.

Security

In the cloud services, the company should concern about the security. The external cloud hosting services are control by the third party in the remote area. The Aztek Company needs to make sure to use the high security in order to protect the data from the hackers (Jansen, 2011). In the privacy act, it is stated that if the company does not require any customer’s information then it is suggested as per the security point of view to destroy the data or permanently de-identify it. Through this, the companies can safely store on the cloud and also they can maintain the security of the data.

Law on breach of information

If the company fail to implement security measures on the data and personal information to the company’s database, and if any type of the information is leaked from the database, then it is considered as the breach of the information under which the company may face any type of the lawsuit from the government or customer. In the financial sector, the business needs to take care of the personal details of customer’s bank (Jansen, 2011). If such details are leaked and any type of the damaged occurred then it would be payable by the company. So, the Aztek Company needs to maintain its data information effectively and adequately.

External System’s Impact On Present Security Posture System

The Security Posture refers to the company’s network, information and the systems based on the IA resources (e.g., people, hardware, software, policies) and the capabilities in place to manage the defiance of the enterprise and to reach as the situation changes. The company has presently stored the data and the information within the personal database center. The company is moving to adopt the external cloud services to store the data and the personal information of the customers and the employees as well (Khajeh-Hosseini, Greenwood and Sommerville, 2010). There are many impact which will be created through the external services on present services. The company needs to change its structure, policies and provide training to their employees, so Aztek can effectively make interaction with the system. The business need to make sure that the external cloud services are integrated with present system effectively so they can reduce the IT threats and other security concerns. Following are the impact on external cloud services on the present security posture.

Impact on the Employees

The employees are big and important assets for the company. Employees are the major concern for the company while adopting external cloud services. For Aztek, it is essential to develop effective interactions between the cloud system and workers (Krutz, and Vines, 2010). By using the external services, the business can overcome with many problems but there are some security issues as well which are needed to be addressed the employees. The impact of the external services is that if the employees are not aware of the system then they need to face problems. In order to overcome these problems, the company needs to provide training to employees so they can understand the current services and also cloud system.

Impact on hardware and software

The impact of cloud services on hardware and the software of the company is that it needs to be updated according to the cloud system. The cloud is automatically updated; however, it is required to also update other IT functions effectively. The impact on the hardware and software of the company should be modified and it is also needed to make the focus on the integrated with new system effectively (Manvi and Shyam, 2014). When the company is using its own hardware and software, they can easily take control over the data and the sensitive information of the company; while, using the cloud services the business needs to make sure that they have to develop leverage between the present system and the prosed system. If any disaster appears the company can use its traditional system to recover or store the data.

Policies

At present the company is using the In-build cloud services; however, in order to improve the services the company should move to the external cloud services. The business needs to make sure that all the services are an offer to the customers effectively. In order to offer services the business needs to follow the security and the data integration act (O’Driscoll, Daugelaite and Sleator, 2013). Through it, they can control over the data integration and the security in an effective manner. The HR and administration should be making focus that all the laws and the regulations are effectively followed by the company.

Capabilities

At present, the company is offering services in the financial sector. Through the cloud services, the companies can offer its services to wide range of the people and they can also increase the number of customers in an effective manner (Ren, WangandWang, 2012). By using the cloud services, the business can collect the information and also they can offer efficient internet services. The impact of the cloud services on the current security posture is that it increases the capability of the system and the employees. They can attract more customers to the business and also they can offer better services. Although, use the external cloud services can increase the burden such as to maintained data and personal information, use of encryption while sending information to the cloud (Rittinghouse and Ransome, 2016). For using all of these, the company needs to hire experts such that information remains secure and also the company can use resources effectively.

Risk Of Using The External Cloud Services

The cloud computing brings any type of the new business opportunities for the company. Aztek which is financial company offer many types of the services which offer to the company. However, there are several other risks which are associated with the company. The cloud computing is handled by the third party in the remote environment. The company does not have any type of the control over the security network (Sanaei, Abolfazli, Ganiand, Buyya, 2014 ). It is identified that if the security vendors do not follow the guideline or while sending the data from the manual to the cloud system, then it can be access by the malicious users. So, the company needs to develop high level of security. Following are the risks of the using the external cloud servicing

Data Breaches

The first risks which occurred are the data breach. It refers to that if the sensitive data are leaked or use by any unauthorized users then it create problems for the company. The company has to face lawsuits and other regulations. It can create problems for the company (Sultan, 2014). The external cloud services have large amount of storage capacity so anyone can easily store the data on the cloud and the use the information by accessing the data. It is serious threats for the Aztek, because it can also damage the brand image and customer’s trust.

Permanent data loss

The permanent data loss is another IT threats which is faced by the company while using the cloud services. It is important for the business in order to protect data from the loss. Sometimes malicious hackers may delete or modification the data. It can increase threats for the customers and also for the company (Taylor, Haggerty, Gresty and Lamb, 2011). The company may lose their sensitive data and information from the database. Through this, the company has to face loss which can be in financial value or any other terms. The management of the company need to provide high security and the limit the access so no such harm can occur.

Increased Vulnerability

The cloud is riskier because it can be easily accessed by malicious users and hackers. The cloud computing is directly linked with the internet and on the internet, nothing is fully secured. The cloud computing is full interdependent on the internet so the business needs to take corrective measures to avoid such problems (Toosi, Calheiros and Buyya, 2014). Through the internet, the hackers can easily attack on the server and the collect the information from the database.

Limited Control and Flexibility

The cloud computing services provide only the limited services to the customers. On the external, cloud hosting services is control by the third party in a remote environment. So, Aztek has no control over the cloud computing. All the control is managed by the vendor so the company has only limited access to the software and the network security.

Backup window

Aztek can also face issues while storing or retrieving data from the network. The cloud computing is fully depended on the internet so while storing or collecting the information from the system the business need to make sure that there is availability of the robust connection of internet, because if the secure connection of internet is not established then hackers can access information (Ward and Sipior, 2010). So, the speeds of the backup data on the cloud are depended on the speed of internet which can bring many issues for the company and its workers.

Unauthorized access of data

The data and all other essential information of the company may be hacked by the users if the data iss not encrypted. The company while uploading the data to the cloud expects that the company need to encrypt the data so no users can access the data (Zhang, Cheng, and Boutaba, 2010). If management does not use the encrypted format then malicious users can take advantage of this opportunity and use the personal information for own benefits.

Insecure API

Applications programming interface is refers to the communication network of the company which makes the interaction of information between the company and the cloud system (Garg, Versteeg and Buyya, and 2013). It is set of routines, protocols, and tools for building the software applications. It is basically a medium of cloud vulnerable and the cloud. If the API is not secure then it is possible hackers can access the information from the security.

Security issues

The main concern for the Aztek Company is to maintain the security and provide a high secure environment to the cloud services. Thus, business owners need to evaluate each offer while making any decision related to the security (Malathi, 2011). It includes high security passwords, privacy and other formalities which need to be addressed effectively within cloud computing.

Recommendations to overcome Cloud System’s Threats

In order to overcome the IT threats and the security issues, the company can use various methods. By adopting the following recommendations the business can improve any kind of the problems and the overcome with IT threats and vulnerabilities (Almorsy, Grundy, and M?ller, 2016). Following are the recommendations for improving cloud system.

  • The first recommendation for the Aztek Company is to limit the access of network and the users. In order to provide a secure environment to the customers and the stakeholders, the company needs to limit the access of the cloud server and employees devices (Bisong and Rahman, 2011). The management of the company should make sure that only few members or employees get right to access the network and also only limited use available for the company. Through this, less interaction develops and the security is also maintained by the company.
  • The second recommendation for the company is using the vulnerability scanner. It is a computer program which is used by the company in order to scan the present computer design, system, and the networks; through this the company can identify the weak point in the system and the network (Bruneo, 2014). In order to run this operating system, business should also allow the vulnerability management to protect the data and the network.
  • The third recommendation of the company is that they should use firewalls in the systems. The firewall in that software system which creates a barrier between the internal and external gateways of the system (Buyya, Broberg and Goscinski, 2010). This system detects all information which sends from the internal environment to the external environment. It identifies information and assesses it, if system finds any mysterious information sent outside of the company then it creates barrier between gateways.
  • An intrusion detection system is devices of software application systems that monitor a network or the software applications that monitor network systems for malicious activity or policy violations these devices work on set protocols and monitors all the malicious activity in the network (Garg, Versteeg and Buyya, and 2013). This system is a combination of the multiple sources and the uses the filtering process and distinguishes malicious activity from false alarms. These systems are basically based on monitoring the operating system of the company and analyze incoming network traffic.

Data Security Threats For Using The External Cloud Computing

In the cloud computing, system is full of threats, there are a lot of problems which can be assessed by the company during migrating with business. Aztek Company need to secure data and sensitive information, by using the cloud computing services. In the external data computing, there are a lot of threats available which are related to the security of cloud (Zissis and Lekkas, 2012). Once the security breach, the business has no control over the information and it can be used by anyone in the company or outside of the organizations. Following are the security threats for Aztek for using the cloud computing services:

VN Attacks

The Cloud system is based on the VN technology. For the determination of the cloud, hypervisor such as VMware, Sphere etc are used. Developers need to take care of it as the business needs to make sure that there is use of the IDS and IPS coding system (Zhang, Cheng, and Boutaba, 2010). In addition, the company developers need to make sure that the coding system should be protected and confidential. During the coding of the system, the company can also use the suitable firewall system so they can control cloud system and business environment.

No control over data

The cloud services like Google and drop-box become a regular part of the business. Such cloud service offers a large amount of storage facilities which can lead to serious IT threats. Such types of the treats occur when company shares data with the third party so business has remained no control over the information (Zissis and Lekkas, 2012). So, it is possible that such information can be used by anyone.

Key management

The management of the cryptographic keys is always security issue for the company. The key management operations need to be jointly secure and the retrieval process should be difficult and tedious in order to project the data from attacks (Ward and Sipior, 2010). It can be only achieved by the company through securing the process of the key management from the starting point. But in the cloud, its effects have been overblown and it can easily work with efficiently.

Snooping

File on the cloud can easily be detected, modified or deleted from the system. All the files which are stores are available on the internet and it can easily use by anyone. Everyone is now aware of the usage of internet so the data should be encrypted. Even if the data are encrypted for files, data can easily be accessed by the hackers using the route to its destination (Toosi, Calheiros and Buyya, 2014). The best methods to prevent data from the secure connection the business need to secure connection and the use the cloud metadata as well.

Conclusion

Summing up the present report, it can be concluded that migration of data and information on the external cloud computing is respectable decisions for the company. With the use of the external cloud hosting services, the company can take advantage of the various opportunities and also they can store more data on the provider network. Aztek which is finance service Provider Company is moving to the external; cloud computing services, through which they can build internet services more strong and also they are able to provide more secure services to customers. However, there are certain security issues as well which can be overcome by using the security measure. The business can adopt various method secure data and information on a cloud system. By adopting such security system they can provide standard services to its customers and maintain the IT security.

References

Almorsy, M., Grundy, J., & M?ller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.

Bisong, A., & Rahman, M. (2011). An overview of the security concerns in enterprise cloud computing. arXiv preprint arXiv:1101.5613.

Bruneo, D. (2014). A stochastic model to investigate data center performance and QoS in IaaS cloud computing systems. IEEE Transactions on Parallel and Distributed Systems, 25(3), 560-569.

Buyya, R., Broberg, J., & Goscinski, A. M. (Eds.). (2010). Cloud computing: Principles and paradigms (Vol. 87). John Wiley & Sons

Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of mobile cloud computing: architecture, applications, and approaches. Wireless communications and mobile computing, 13(18), 1587-1611.

Furht, B. (2010). Cloud computing fundamentals. In Handbook of cloud computing (pp. 3-19). Springer US.

Garg, S. K., Versteeg, S., & Buyya, R. (2013). A framework for ranking of cloud computing services. Future Generation Computer Systems, 29(4), 1012-1023.

Iosup, A., Prodan, R., & Epema, D. (2014). Iaas cloud benchmarking: approaches, challenges, and experience. In Cloud Computing for Data-Intensive Applications (pp. 83-104). Springer New York.

Jadeja, Y., & Modi, K. (2012, March). Cloud computing-concepts, architecture and challenges. In Computing, Electronics and Electrical Technologies (ICCEET), 2012 International Conference on (pp. 877-880). IEEE.

Jansen, W. A. (2011, January). Cloud hooks: Security and privacy issues in cloud computing. In System Sciences (HICSS), 2011 44th Hawaii International Conference on (pp. 1-10). IEEE.

Khajeh-Hosseini, A., Greenwood, D., & Sommerville, I. (2010, July). Cloud migration: A case study of migrating an enterprise it system to iaas. In Cloud Computing (CLOUD), 2010 IEEE 3rd International Conference on (pp. 450-457). IEEE

Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud computing. Wiley Publishing.

Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud computing. Wiley Publishing.

Malathi, M. (2011, April). Cloud computing concepts. In Electronics Computer Technology (ICECT), 2011 3rd International Conference on (Vol. 6, pp. 236-239). IEEE.

Manvi, S. S., & Shyam, G. K. (2014). Resource management for Infrastructure as a Service (IaaS) in cloud computing: A survey. Journal of Network and Computer Applications, 41, 424-440.

O’Driscoll, A., Daugelaite, J., & Sleator, R. D. (2013). ‘Big data’, Hadoop and cloud computing in genomics. Journal of biomedical informatics, 46(5), 774-781.

Ren, K., Wang, C., & Wang, Q. (2012). Security challenges for the public cloud. IEEE Internet Computing, 16(1), 69-73.

Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation, management, and security. CRC press.

Sanaei, Z., Abolfazli, S., Gani, A., & Buyya, R. (2014). Heterogeneity in mobile cloud computing: taxonomy and open challenges. IEEE Communications Surveys & Tutorials, 16(1), 369-392.

Sultan, N. (2014). Making use of cloud computing for healthcare provision: Opportunities and challenges. International Journal of Information Management, 34(2), 177-184.

Taylor, M., Haggerty, J., Gresty, D., & Lamb, D. (2011). Forensic investigation of cloud computing systems. Network Security, 2011(3), 4-10.

Toosi, A. N., Calheiros, R. N., & Buyya, R. (2014). Interconnected cloud computing environments: Challenges, taxonomy, and survey. ACM Computing Surveys (CSUR), 47(1), 7.

Ward, B. T., & Sipior, J. C. (2010). The Internet jurisdiction risk of cloud computing. Information systems management, 27(4), 334-339.

Zhang, Q., Cheng, L., & Boutaba, R. (2010). Cloud computing: state-of-the-art and research challenges. Journal of internet services and applications, 1(1), 7-18.

Zissis, D. and Lekkas, D., 2012. Addressing cloud computing security issues. Future Generation computer systems, 28(3), pp.583-592.

How to cite this essay: