Research Paper on "Cloud Computing Several Organizations"

Home > Topics > Computers & Internet My Account

Research Paper 8 pages (2396 words) Sources: 8 Style: APA

[EXCERPT] . . . .

Additionally, rampant misuse of cloud resources occurs due to technological vulnerability which spammers exploit by disclosing sensitive information greatly undermining data integrity. However, it is hypothesized that most users are well-trained on data usage and cannot over-exploit the RFID resources; this makes this threat a medium to low risk level. Despite the possibility of jumbling of information by individuals, the data may be de-encrypted making the stored information accessible thus ensuring data availability as well as accessibility.

Malicious insiders pose high risks to cloud networks since they exploit people and technological vulnerabilities. These group of individuals have unlimited access to stored information and accidental or planned exposure of these data can seriously affect data confidentiality and integrity. Besides, these individuals constantly violate stored data due to insufficient audit controls which may increase this risk.

Data loss and leakages falls under low, medium and high risk levels depending on the nature of lost and leaked data. This emanates from the abuse of system vulnerabilities with the outcome being loss of data confidentiality and integrity. Accidental or intentional loss of documents about the organization's history is considered low risk while leakage of financial records is a high risk level. However, data erasure and alteration makes some data inaccessible thus violating information integrity and availability.

Risk Management

Despite the numerous challenges present in the cloud computing world, these problems are easily solved via implementation of modern security controls tackling al

Continue scrolling to

download full paper ⤓

l security issues arising from the cloud architecture. The security controls initiated to maintain data security are discussed below.

The first security control involves creating user identity management procedures. According to this countermeasure, all authorized cloud resource users are issued with personal identification codes and passwords vital in identifying them whenever they access the platform. To ensure this, the firms will integrate customer identity management system with their own infrastructure, using SSO technology. This measure will help reduce identity theft thus minimizing information violation and potential loss of integrity and availability.

The next security countermeasure is concealing the cloud network resources via the use of strong encryption databases. This involves encryption of stored data and ensuring data handlers have limited access levels. The initiation of this measure will safeguard against imminent information infringement and ultimate shortfalls related to accessibility and confidentiality (Tyler, 2010).

In addition to security and system countermeasures, it recommended the organizations integrating cloud computing in their operations comply with stipulated regulations outlined by authorities managing and storing classified and sensitive data. The authorities whose code of practice should be given great consideration include Payment Card Industry Data Security Standard (PCIDSS), the Health Insurance Portability and Accountability Act (HIPAA), and the Sarbanes-Oxley Act, among others. In addition, the company offering cloud services is obliged to educate customers as well as employees on the cloud's regulations and ensure they oblige to them.

Recommendations

Since its inception, cloud computing has been of great help to several organizations; cloud platforms have reduced operation costs, increased data security and made data accessible to most individuals. However, constant equipment failures and human faults have led to vulnerabilities of cloud networks a factor that has necessitated establishment of adequate information security by these organizations. Despite the numerous challenges, the use of cloud computing is assisting several organizations maintain work efficiency and quality of software development, while keeping information secure (Edwards, 2011). Therefore, cloud technology is reliable and securely transmits data to remote users. In this regard, according to the paper, the challenges faced by the cloud infrastructure is not complex and is easily solved thus, organizations integrating RFID in their businesses are advised to continue using the system while upgrading the security to bring about increased data security. The paper presents a hypothetical situation with real examples but for practical implementation of the model outlined in this paper, further research should be conducted to initiate the best way in handling cloud computing related issues.

References

Amies, A., Harm, S., Qiang, T.G., & Liu, N.G. (2012). Infrastructure as a Service Cloud Concepts: Developing and Hosting Applications on the Cloud. IBM Press.

Bernstein, D., Ludvigson, E., Sankar, K., Diamond, S., & Morrow, M. (2009). Blueprint for the Intercloud: Protocols and Formats for Cloud Computing Interoperability. IEEE Computer Society, (pp. 328-336).

Cattedu, D., & Hobben, G. (2009). Cloud Computing: Benefits, Risks and Recommendation for Information Security. European Network and Information Security Agency.

Duvall, M. (2010, March 4). What Are The Top Cloud Computing Threats? Retrieved December 8, 2012, from www.information-management.com: http://www.information-management.com/news/top-cloud-computing-security-threats-10017283-1.html

Edwards, J. (2011, August 18). DOD Adopts Tactical Approach to Information Assurance. Retrieved November 26, 2012, from www.defensesystems.com: http://defensesystems.com/Articles/2011/08/08/Cyber-Defense-information-assurance.aspx?Page=1

Jansen, W., & Grance, T. (2011). Guidelines on Security and Privacy in Public Cloud Computing. NIST Special Publication 800-144.

Mell, P., & Grance, T. (2011). The NIST Definition of Cloud Computing. NIST Special Publication 800-145.

Phillips, Z. (2007, August 1). Security Theater. Retrieved December 8, 2012, from www.govexec.com: http://www.govexec.com/story_page.cfm?filepath=/features/0807-01/0807-01s3.htm

Tyler, G. (2010). Cloud Computing: Silver Lining or Storm Ahead? The Newsletter for Information Assurance Technology Professionals, Vol. 13 No. 2, 1-44.

Vivek, K. (2010). 25 Point Implementation Plan to Reform Federal Information Technology Management. Retrieved December 6, 2012, from www.dhs.gov: http://www.dhs.gov/sites/default/files/publications/digital-strategy/25-point-implementation-plan-to-reform-federal-it.pdf

Vivek, K. (2011). Federal Cloud Computing Strategy. Retrieved December 6, 2012, from www.cio.gov: https://cio.gov/building-a-21st-century-government/cloud/

Winkler, V. (2011). Securing the Cloud: Cloud Computer Security Techniques and Tactics. Waltham, MA: Elsevier. READ MORE

Download Full Paper

Write a New Paper for Me

Quoted Instructions for "Cloud Computing Several Organizations" Assignment:

“

Below is some guidance and references for the paper. My topic is Cloud Computing.

================ GUIDANCE ON THE FINAL ASSESSMENT PAPER ====================

(1) You must specify the Assets of Value in this exercise ***** specifically their value for Confidentiality, Integrity, and Availability. For example, since the RFID will include sensitive information about the individual, Confidentiality must be considered important. Alternatively, since the Cloud will contain sensitive, government information, Confidentiality must be considered. Please also tell me your views on the importance of Integrity (i.e., medical information or government information not being changed) and Availability (i.e., information being available to authorized entities). The Assets of Value are the sensitive information (SBU/CUI) that is stored, processed, or transmitted/communicated.

(2) Once you define these value areas, you must address the Vulnerabilities (or *****Weaknesses*****) in the system. These would include People, Operations/Processes, and Technology. For example, weak encryption would be an example of a Technology Vulnerability, whereas poor training of authorized users would be an example of a People Vulnerability.

(3) Then, you must address potential Threats poised to exploit the Vulnerabilities you state. For example, identity thieves could be a Threat poised to exploit the Vulnerability of poor training, and thereby cause a failure of Confidentiality. Notice the chain of logic between the Assets of Value, the Vulnerability, and the Threat, linked to (in this example) Confidentiality.

(4) Next, you must address the Impact (or *****Consequence*****) that would result if the stated Threat were to exploit the stated Vulnerability. For example, there could be serious health consequences, maybe death, to a victim if a hacker changed a person*****s medical information on the RFID. Similarly, sensitive military information may be disclosed if someone hacked into the Cloud.

(5) This Impact, when combined with the credibility of Threat and degree of Vulnerability, yields a Risk level (High, Medium, or Low). You must state the Risk for each area (Confidentiality, Integrity, and Availability).

(6) Understanding Risk enables us to make intelligent, and defensible, Recommendations for Security. Therefore, this Risk Analysis becomes the driver, and support, for your Recommendations of Security Controls (Safeguards and Countermeasures) designed to Protect, Detect, and Correct. (Risk Management)

(7) You must give an ultimate Recommendation, as a security professional, that would be considered by upper management. This recommendation must state, explicitly, whether you recommend going forward with RFID tagging in humans or the use of Cloud Computing in government (depending on the option you choose for your paper).

(Optional) You might also include a simple Contingency Plan should things go terribly wrong.

This approach to Security builds a nice chain, or thread, from Assets, to Value, to Vulnerabilities, to Threats, to Consequences/Impact, to Risk, to your Recommended Controls (Safeguards and Countermeasures to Protect, Detect, and Correct), (and contingency plan) making for a complete security analysis. This also becomes part of the documentation for your Certification and Accreditation (C&A) Package (not in the scope of this class), which is signed and supported by management. We believe you can do this within the word count allotted for the assignment (3,000-5,000 words of content not counting references, cover page, or table of contents).

We look for concise writing that gets right to the point. Excellent papers will use the above, bolded items (in 1-7) as major headings or subheadings for sections of the paper.

NOTE: Please do not give a lot of background, history, and explanation of the history or technology of RFID or the Cloud. This is a security paper, not an RFID or Cloud technology paper. We use the RFID and Cloud as examples of a technology, but we are really looking for how you address Information Assurance issues, simply using RFID or Cloud as examples. We are interested in your critical analysis of the security implications of this proposed program. So, what we want to see is how you address the above issues.

Finally, please be sure to download any materials you may require from Blackboard in case it is not available to you during the holidays due to scheduled maintenance, outage, or similar. The paper is due close to the holidays so please ensure that you allocate enough time to complete this assignment

Below are some references.

2. Zack Phillips. (GovExec.com). (2007, August 1). Security Theater. Retrieved from http://www.govexec.com/story_page.cfm?filepath=/features/0807-01/0807-01s3.htm.

CLOUD COMPUTING

1. Kundra, Vivek. (2010). 25 Point Implementation Plan to Reform Federal Information Technology Management. Retrieved at http://www.dhs.gov/sites/default/files/publications/digital-strategy/25-point-implementation-plan-to-reform-federal-it.pdf (586.035 Kb) (Shifted the USG to a *****"Cloud First*****" Policy) (REQUIRED)

2. Kundra, Vivek. (2011). Federal Cloud Computing Strategy. Retrieved at https://cio.gov/building-a-21st-century-government/cloud/. (REQUIRED)

3. NIST Cloud Relevant Special Publications (REQUIRED)

SP 800-146, DRAFT Cloud Computing Synopsis and Recommendations. (Highly Recommended) *****

How to Reference "Cloud Computing Several Organizations" Research Paper in a Bibliography

“Cloud Computing Several Organizations.” A1-TermPaper.com, 2012, https://www.a1-termpaper.com/topics/essay/cloud-computing-risk-associated-confidentially/1843395. Accessed 3 Jul 2024.

Cloud Computing Several Organizations (2012). Retrieved from https://www.a1-termpaper.com/topics/essay/cloud-computing-risk-associated-confidentially/1843395

A1-TermPaper.com. (2012). Cloud Computing Several Organizations. [online] Available at: https://www.a1-termpaper.com/topics/essay/cloud-computing-risk-associated-confidentially/1843395 [Accessed 3 Jul, 2024].

”Cloud Computing Several Organizations” 2012. A1-TermPaper.com. https://www.a1-termpaper.com/topics/essay/cloud-computing-risk-associated-confidentially/1843395.

”Cloud Computing Several Organizations” A1-TermPaper.com, Last modified 2024. https://www.a1-termpaper.com/topics/essay/cloud-computing-risk-associated-confidentially/1843395.

[1] ”Cloud Computing Several Organizations”, A1-TermPaper.com, 2012. [Online]. Available: https://www.a1-termpaper.com/topics/essay/cloud-computing-risk-associated-confidentially/1843395. [Accessed: 3-Jul-2024].

1. Cloud Computing Several Organizations [Internet]. A1-TermPaper.com. 2012 [cited 3 July 2024]. Available from: https://www.a1-termpaper.com/topics/essay/cloud-computing-risk-associated-confidentially/1843395

1. Cloud Computing Several Organizations. A1-TermPaper.com. https://www.a1-termpaper.com/topics/essay/cloud-computing-risk-associated-confidentially/1843395. Published 2012. Accessed July 3, 2024.

Related Research Papers: