Privacy, security and ethical reflection

The purpose of this report is to identify the risks associated with cloud computing, especially those linked to the use of personally identifiable information. The main focus of the paper is on the digital identities and personally identifiable data which are created uniquely for each user to access data on the cloud platform. The advantage of using cloud computing is that it poses no restriction to the accessibility of data even if the users are not available at the particular location (Mell & Grance, 2011). Data can be accessed anywhere anytime by keeping all of it stored in the cloud database.

This report presents risk and threats assessment for personally identifiable information data in which the major objective involved is to assure the security of the member’s confidential information. The first stage involves the determination of the various risks entailed in the use of PII data is followed by suggesting suitable measures that will act as ways to mitigate the identified issues. The strategy proposal is also defined to deal with the issues and the protection of digital identities will be discussed in the following report.

Personally identifiable information (PII) is used as the unique identification of users to enable accessing data stored on the cloud server (Personally Identifiable Information, 2018). The idea is to allow users with certain permissions so that they can access their sensitive information stored at one location. PII data is required to be managed with strict regulations and controls. The main aim is not to let any unauthorized users access data of an individual. PII is thus, deliberated as a means to protect the sensitive information of valid users. The security of the confidential data should not get compromised on a cloud platform. Thus, by the term, PII means that users will be assigned a unique identification code with the help of which they can access their personal information (Gieser, 2015). However, UMID numbers are not counted in the category of confidential or sensitive information. The social security numbers, on the other hand, could still be considered as PII data because of the control measures that are incorporated to assure its security. The protection of the data in PII also includes required privacy for formats of transferred data via any media and storage of data.

This section presents an analysis of the threats and risks associated with PII data. Technology is changing at a fast pace. The advancements made in the technology have influenced the ways the modern communication is taking place. The availability of the tools and the cloud networks has simplified the storage and accessibility of information, all at one location. This clearly means that with the storage of sensitive information comes a high risk for the security of data (Shwartz & Solove, 2011).

The process of threat and risk assessment consists of different phases. The first phase includes the identification of the privacy risks. Then, it is followed by the process of analysis which is to be followed by developing a plan to address issues and ultimately monitoring and responding to issues. All these processes are entailed as part of the risk management. The advantage of carrying out this risk and threat assessment is to enable accountability and compliance (Shwartz & Solove, 2011). Moreover, based on this evaluation, it further forms a solid basis for good decision making. The privacy or risk management can also be carried out efficiently by risk and threat analysis.

Assets are defined as tangible or intangible things that constitute an important part of the data. Threats refer to the potential risks that could compromise the security of the stored data on the cloud server. Vulnerabilities depict the attribute or variable that has an important role to play in interfering with the privacy of the sensitive information (Platero & Overton, 2014). Safeguard measures are applied to ensure the protection of the confidential data. Residual risks are the risks that still need to be addressed after applying safety measures for the protection of the data(Platero & Overton, 2014). Confidentiality of the personal information must be maintained to avoid any illegal users to modify or leak sensitive data. The integrity of the stored data is required to be maintained at any cost. The users will never be able to trust the parties that serve as a cloud provider if they no longer assure the integrity of the data storage. The last terminology here is the accessibility which takes care of the delivery of the information on the user’s requesting services to the cloud server.

The potential threats and vulnerabilities are identified in the first step. After applying the necessary safeguard measures, there is still a possibility for remaining residual risks. The next step involves identification of the residual risks, and based on which, recommended actions will be suggested to offer a solution to the various security issues. For example, possibilities are evaluated in which the user’s confidential data can be compromised. In a world where technology is blooming, it has not become difficult for hackers as well to crack the code of the company’s database. Thus, risks have to be analyzed in advance to cover all potential factors that could affect the sensitive data(Platero & Overton, 2014). Based on this analysis, preventive measures can be adopted to assure maintaining protection of the crucial data.

The flow of data takes place from end to end. The cloud server is mainly handled by the third parties who are known as cloud providers and are responsible for the storage and the management of the data. All of the client’s data is stored on a remote server. The users are given a unique id number to make all of their data access that is stored on a cloud database server. Personally identifiable information (PII) is different for each user and through digital identities, users are first authorized to transfer data to the cloud platform and later access their sensitive information (Gieser, 2015).

The outcomes associated with risks and threats assessment is to offer cessations on how to assure maximized security of the confidential data stored inside the cloud database. The integrity of the stored information is also of vital importance and must be included as an integral part of the risk management measures. The main purpose of carrying out risk and threat analysis is to check whether the protection of the sensitive data is maintained and all the existing policies and procedures are up to the mark(Platero & Overton, 2014). The privacy standards have to be maintained while planning to shift all of the charity’s data to the cloud platform.

The actual scope of risk and threats assessment can be determined only by evaluating the levels at which services will be provided to the individuals by the cloud providers. While the use of cloud computing platform has left remarkable impact bytransferring the entire data at one location, the protection of the sensitive data is the ultimate concern here (Cohen, Baudoin, & Dotson, 2015). The situation is the same in the use of various authorization controls such as that of digital identities and PII data. The users get authenticated by the unique identification number. However, it still could not guarantee the protection of the data. Thus, realistic bounds must get established at initial stages only. The lack of efforts to pinpoint risks and threats associated with the employment of personally identifiable information could interrupt the optimization and efficient working of the cloud computing.

Thus, keeping in mind the purpose of the charity to help ignored people and not evaluating risks in advance much before the implementation could lead to serious losses for the company. Besides this, the members will no longer trust the charity for advanced technical services. The risks and threats assessment are required to be carried out at high levels so that residual risks are not left and the crucial factors affecting the privacy of the data could be comprehended completely (Bayne, 2012). The potential issues could only be resolved efficiently provided the depth of the analysis conducted to address risks associated.

While carrying out risks analysis, there is a need for some practical considerations. The established standards of security are the main influencing factors among all. It is important to notice that the developed security standards must fulfill the criteria of protection of the sensitive data. The already existing security standards will not be able to cover all of the probable issues. Thus, the idea of conducting threats and risks management is to address all the issues that were not entailed in the security standards. Cost, time and resource constraints also forms a crucial part of the risk management analysis (Bayne, 2012). This is because all these factors are involved in carrying out a risk analysis. The risk and threats analysis can’t be executed in verbal form. In fact, proper resources are required to carry on with the testing of the cloud computing. The use of PII data can’t merely assure the protection of the data. The cost constraints could also pose a major hindrance while conducting a risk analysis. Further factors such as changes in the priorities of the operational values and augmentations needed in the delivery of services could add to the cost budgets (Bayne, 2012). To achieve the best outcomes out of the risk analysis procedure, the better way is to focus on the variable that could increase the efficacy of the method adopted. Emphasizing more towards the crucial factors will certainly help to deliver the best results.

This section defines mainly the solutions to control the issues that arise in the use of cloud computing. The purpose of the charity to help its members has been a great initiative and thus major aim involved in consulting with the technical team and the cloud providers are to enhance services. However, advancements in the services require a great need for the protection of the sensitive data. Like every other organization, the charity organization too, has made use of PII data for storage purposes. This clearly means that necessary preventive measures must get incorporated for the assured security of the stored data. The major threats posed to the data could be a loss of the data, non-availability of the data, interfered and manipulated data, loss of integrity, misuse, theft or data access by unauthorized users (Cohen, Baudoin, & Dotson, 2015). Besides disturbing reputation of the company, the compromised data can add to the serious increase in the financial budgets. Thus, the following report gives an insight into the challenges faced in the protection of the PII data and also defines the solutions to help deal with the identified issues. Assuring the security of the stored data is the ultimate objective so as to guard against the possible data breaches.

Initially, there was only one method to protect the personally identifiable information that is with the help of an unlisted telephone number (Stringer, 2011). It was a paid service. However, with evolution in the technology now there exists a number of PII. The use of PII is not just restricted to businesses but the schools, colleges, universities, healthcare are also increasingly making use of the PII data(Shwartz & Solove, 2011). The technology has brought about a revolution in the IT industry by offering greater flexibility and speed. However, it has also given rise to the major data loss concerns as well. The potential issues related to the loss of the data have put PII data at high risks.

Data loss could take any form of either malicious or accidental. The inadequacy in using standardized authentication measures for security purposes could be accounted as the main reason for the accidental loss of data. Malicious loss of data, on the other hand, is attempted by unauthorized users or hackers with an intention to modify and leak confidential data. Malicious attacks mostly take place by targetting the database or systems of the company either by external or internal means. PII data is used to uniquely identify the users. Thus, the examples of PII data could be phone number, date of birth, email address, gender, credit card numbers, medical records, city residence etc(Stringer, 2011).

1. Loss of confidentiality: External hackers can interfere with the data and its system (System Risk Analysis, 2018). This could ruin the charity’s database in which data of all the members have been stored. The data could be lost and further leaked within a fraction of seconds. The data no longer gets restricted to access by unauthorized users.

2. Loss of integrity: The members of the charity will no longer be able to trust the data stored on the cloud platform on losing its integrity. Loss of integrity is one of the major threats caused to the stored data(Gholami & Laure, 2015). The concept of PII in such a case can’t assure protection of the sensitive data.

3. Loss of availability: Hacked data can be further manipulated and leaked which means the stored data is no longer available. The users requesting for services on the cloud platform will not get valid response in return on the loss of data(System Risk Analysis, 2018). This means that any illegal users can access the data without the need for authorizations. The PII will not be valid in such scenarios as the privacy of the data is highly compromised. This will add to the frustation and fear among users.

The costs involved in a data breach could be so huge that the company will start incurring losses. This means that protection of the sensitive data is of vital importance. Losing personal data of the members could be very expensive for the charity to cover up for losses. Besides this, other potential consequences involved in a data breach is the loss of the member’s trust, damage to reputation, lost satisfaction of the members, and the increased costs factor(Kaplan, Rezek, & Sprague, 2013). Besides the loss of customer trust and loyalty, the company can be held accountable and there can be legal repercussions also.

· Data in use: The stage where the data is currently being used by the members of the charity.

· Data at rest: The stage where the data is stored remotely in the cloud or other web exchange servers(Stringer, 2011).

· Data in motion: The stage in which data gets transferred over the networks to offer services in response to the user’s requested services(Stringer, 2011).

It is crucial that the PII data must be sheltered with standardized authentication measures to allow for the protection of the data at all the above-explained three stages. The policies could be established as a means for the protection of the data that must be accepted. While creating acceptable policies, the rule is to check which users should be provided with permissions to access data. Further, it takes care of the transfer of the PII data over a secured medium, requirement of encryption techniques on storage or transmission of the data(Stringer, 2011). The objective of developing policies is to ensure the confidentiality, integrity and the protection of the data. In creating policies, the most sensitive data is identified and only the valid users with required permissions are allowed to access data.

The idea to promote prevention of the data loss could be accelerated by the efficient implementation of the policy creation. The first and the foremost step is to determine the PII data which needs protection as the top priority. The next step involves prioritizing PII based on its values(Stringer, 2011). Location of the PII is thus identified in the next step which is to be followed by the creation of the acceptable use policies(Shwartz & Solove, 2011). Members of the charity could also be guided for the comprehension of the working of the PII data.

The charity must also deploy single sign-on mechanism to manage fewer accounts and hence, making them less likely to track (Graciolli, 2015). When implementing the cloud solutions, the charity must engage in regular audits to ensure that the security is intact. End-to-end encryptions algorithms are necessary to strengthen the security triad. The technical team must consistently update patches and in-house software because outdated software is comparatively more vulnerable. To deal with the malicious insiders, the company must deploy logging and reporting modules to keep track about the important information (Graciolli, 2015). It is imperative to identify and create mapping for the zones that contain sensitive date.

Most importantly, identification of the sensitive data and establishing a plan for the creation of acceptable use policies is the first step towards protection of the data. The developed policies will help safeguard the use of PII data. The next immediate step required is the securing endpoints of the network so that any illegal users couldn’t interfere with the saved data(Stringer, 2011). The devices and the applications connected to it also needs protection in additional. This is because strong and standardized authentication controls can prevent the chances of accidental or malicious attacks on the systems.

Making use of encryption techniques can help protect the confidential data. Encryption can be added to any formats for PII data either during file sharing or transmissions(Sharma & Trivedi, 2014). The management of the central key and backup policies can further assure the security of the data included in the encryption methods. Threat protection can be applied by securing network endpoints, web vectors, email, etc. Detection of the potential malware attacks both known and unknown could help protect the systems from potential threats; hence deploying intrusion detection tools (Stringer, 2011). Getting the systems ready with installed firewalls, and system security features and use of antiviruses could be used as preventive measures to protect the PII data on cloud servers. The cloud providers are responsible for providing these necessary security services to its clients. Defending platforms (such as Windows, MAC, Linux) is suggested as other means to protect data(Stringer, 2011).

Then comes data loss prevention in which sensitive data is identified to stop the occurrence of accidental loss of data. The prevention of the data loss can only be attained provided the authentication controls have been set up at the server level(Stringer, 2011). The devices accessing cloud services also need a protection measure to safely access the data.

Probably, the best solution that will be valid in the long run also, is in system scanning a whole database to find out the exact location of the PII storage(Stringer, 2011). Along with the location of the PII data, another essential need is to determine the risks associated with the stored data plus the usage of it. The advantage of using such systems is that any probability of occurrence of potential data breaches could be determined in advance. Moreover, the solution will be in accordance with the needs of the organization. The customer’s trust should not get lost in the privacy issues of the stored PII data.

The solutions discussed here must be of vital significance to the charity. This is because the technical staff of the charity can address these points in advance much before the implementation of the storage of date using PII. The members will be familiar with the risks associated with the PII data. Based upon the evaluation, the preventive measures can be integrated at the initial stage only. These prevention techniques can further support the charity members to help secure the privacy of the confidential data.

The other essential solutions to mitigate the existing issues associated with the PII data are as follow. Identification of the gathered information is the foremost step towards controlling potential data breaches. This is because this step involves the determination of the most sensitive data of the businesses. Authorization controls can thus be integrated to help improve securing privacy of the sensitive data. After identification of the gathered information, the next step involves the determination of legal rules and procedures to help secure the personal data of the members(Breaux & Jo, 2014).

The applicable internal policies can help assure protection of the personal data stored inside the cloud database server(Breaux & Jo, 2014). The final approach is the design and implementation of the proposed solutions. Developing a plan in advance in response to the potential future data breaches could further act as preventive means for the protection of the confidential data(Paragon, 2018).

It is important to keep track of the PII data so as to suggest solutions to control issues associated with it. A management framework could be developed to help protect the privacy of the confidential data. Application identification is one such framework that could be developed by the businesses with details of the business name, functions, size and its benefits(Paragon, 2018). For example, in the given case, the organization here is the charity which is supporting unprivileged members. This way a framework will get designed with the main priority of the application it is supporting. Ultimately, based on this framework, a system will be developed with the desired capabilities and functionalities. The protection of the data will be a huge concern for the cloud providers.

Integrating legal security measures on both client and cloud servers will help the charity in gaining clear perspectives of the PII data used for the storage purposes. Analyzing the most crucial and less important data in PII is essential to keep track of the sensitive data which needs immediate protection(Bracy, 2016). The PII developed management frameworks will further help to propose suitable solutions for which the technicality, architectural structure gets a redesign to assure the maximum security of the saved data(Shwartz & Solove, 2011). The developed frameworks will help in to secure protection of the data.

The need for digital transformations has grown over the past few years where digital identities play the most significant roles among all other concepts. The digital identities are a means to protect the privacy of the personal data of the users(Benkoel-Adechy, 2012). It separates each user from other through the use of digital means. The digital identities are created in the electronic format. The information gets stored on the online server and thus is referred to as digital. The users get a unique identification code in order to access his/her data privately(Wladawsky-Berger, 2016). The examples of digital identities can be email, phone number, city address, birthplace etc. The notion of digital identities came into existence in making sure that the confidential data does not get accessed in public. Only the users with the required authorizations are allowed to access services on the online cloud platforms. The objective is to restrict any unauthorized users to interfere and modify the saved information. There is a high risk for the data gets stolen by an illegal user in cloud computing. Thus, the digital identities provide security by making users authenticated first to further access the information. This way only the valid users can access their confidential information.

The above part presents a brief introduction to the concept of digital identities. The main aim of this section is to reflect upon the risks associated with digital identities and the solutions are thus suggested to ensure the privacy of the personal data.

1. Authentication and Authorization methods

Digital identities assure that each user is identified uniquely based on the integrated authorization controls to promote secured data accessibility. Strong authentication controls can be incorporated by enabling the use of strong passwords, carrying out business transactions over the secured network medium and other protected means(Powley, 2018).

2. Identity management

The identity of the users is managed globally in the use of digital identities. The users can make use of their distinct details included in the creation of digital identities to access the data safely on the internet. Only the valid users will be provided with certain permissions to edit, read or delete data stored on the cloud platform after verifying the credentials of the users(Digital Identity Management, 2011). Any illegal user can’t access this data on failed authentications. However, managing identities of the users is a benefit of the digital identities but compromised security of the confidential data poses the biggest risk to the use of the digital identities.

3. Digital rights management

The digital rights not only takes care of the security of the sensitive data of the users but it also takes into account that the digital content available on the internet is free from risks and threats(Digital Identity Management, 2011). The privacy of the data is at the top priority and the accessible data should not get restricted by piracy, misuse, and loss of the data.

4. Privileged accounts management

The digital identities can be further amalgamated with services of privileged accounts management so as to make sure that the cloud systems do not get affected in the inside threats(Digital Identity Management, 2011). The objective is to minimize the risks associated with the privacy of the personal data.

5. Privacy laws, procedures, and policies

The policies could be established to assure the maximized the security of the confidential data(Digital Identity Management, 2011). The privacy laws have been enacted to protect the data from any unfair means. The charity must also get familiar with the various privacy laws of the country they are residing in. This acts as an essential means to protect a large piece of data stored on the cloud server.

The efficient management of digital identities will help the organization to gain the trust and loyalty of the customers. Just like it, the members can rely on the charity provided management of their digital identities is taken care of. Many processes are involved in the management of the digital identities. Following steps will allow management of the digital identities. The first step requires individuals to register for the cloud system through the use of digital identification techniques. The details entered by the users must fulfill all the criteria of valid login credentials(Digital Identity Management, 2011). By doing so, the individuals apply for the registration process via digital identities. The next step involves granting authorizations to the users who have registered through a valid process form. Only the users who have authentications to access to the cloud database will be able to read, edit or delete data. This means that a system gets secured by using digital identities that grant authorizations to certain users only. After providing the required permissions and privileges to the users, the next immediate need is the accessing resources on a system(Digital Identity Management, 2011). This involves verifying users credentials before giving them access to the systems. The process is simple. The users initially logs into the system and on matching credentials with those stored in the database, the users are now authenticated to access the stored data. The credentials details entered by the users must match with those typed during the process of registration. The confidence gets fostered in the digital identities created especially for users. It forms the unique identification for each user. After getting authorizations, the users are now free to enjoy access controls on the server. The system again verifies whether only a valid user has registered and been provided authentications to access data from the cloud server.

The digital identities play a very important role in promoting social interactions and those taking place via internet services(Digital Identity Management, 2011). The services could vary from organization to organization. However, the important thing is to validate the identity of the users before giving them access to the system. Ensuring the privacy of the individuals is the main aim involved in the creation of the digital identities. For example, opening up a bank account requires verification of the users credentials following which they can proceed with the processing. The management of the digital identities is much needed to address the risks and the issues connected to it. For example, loss and misuse of data, compromised security etc could act as the negative consequences of the poor or lack of management.

The digital identities management is essential from the security point of view. The unauthorized users should not be able to access the data illegally by using any unfair means. A trusted relationship can develop between the members and the charity if the digital identities are maintained efficiently. The concept of digital identities helps creates an assurance level where users feel protected when it comes to the storage of the data which can be accessed anywhere anytime(What is Digital Identity and how can you protect yours?, 2017). There is no restriction to it. The assurance levels must be greater than that of the risks levels involved in the digital identities. On founding the opposite case scenarios, the customers can no longer feel trusted towards the organization for providing digital services.

Through forming the creation of the digital identities, the technology has allowed users to assure that their privacy of the confidential data is placed at the top priority. It is easier to access the data kept at one location. However, it is required to pass the login tests with valid credentials status(What is Digital Identity and how can you protect yours?, 2017).

The major risks involved in the use of digital identities is the compromised security of the confidential data stored on the cloud servers. The hackers may attempt to interfere with the user’s personal data security where the intention is to gain authorization of the database at first and further leaking the data in public(Digital Identity and Privacy, 2017). This may be due to the malicious intention of unauthorized users to ruin the reputation of the company. However, the accidental loss of data could also occur due to the lacked security authenticated control features installed in the cloud systems. The data may get lost, modified or even the users can no longer access the data on the hacking of their account details. This could cause serious offenses to the company who may have to pay a large amount to cover up for the losses incurred. This means that clout platform has provided with the advancements in the services, but the security is still at risk provided essential control measures are not integrated at the systems level. Usually, a cloud provider will be responsible for the enhanced security services or poor management of the digital identities. Unauthorized users can hack the data of another user even if the digital identities are involved to offer protection to the saved data(Digital Identity and Privacy, 2017). The digital identity theft is becoming more sophisticated and hence, it becomes imperative to protect it with sophisticated tools and procedures.

It is generally advisable not to use the internet services available on public wifis or unprotected networks(Wladawsky-Berger, 2016). Making use of strong passwords has always been counted in the strong authentication controls. The users must create passwords that validate in the category of being a strong password. The advantage of using strong password is that the hackers can’t easily gain access to the personal data. Encryption techniques such as WEP or WPA must be used to protect data at the advanced level(What is Digital Identity and how can you protect yours?, 2017). Some sort of information gets stored with the users credentials to protect the user’s data in using encryption controls. The software used by the systems must get updated from time to time(Wladawsky-Berger, 2016). The privacy policies can be developed by the charity to further promote assurance of the security of the personal data of the members.

Outlining a plan for the governance of the digital identities and PII data requires that the charity should consult the trusted providers only. The cloud providers will be responsible for providing all the necessary control measures. Moreover, all the software updation and maintenance is handled primarily at the server level. Moving the entire data on a SharePoint PaaS platform could be an effective step towards the protection of the data(Miller, 2018). The data will get access from all platforms and the privacy of the data is assured. Similarly, the PII data for the DAS users can be managed by deliberating on the privacy concerns. Last, but not the least the COTS payroll suite is taken care of by employing required hardware and software to support the functionality of payroll systems.

A cloud-based server system software can be installed to further encourage the use of commercial on the shelf services in the organization.The plan is to promote the maximum security of the data stored on the cloud servers. Hence the tasks needed to be identified in advance so as to work further on the effective implementation solutions.

The number of tasks involved in outlining a plan is as follow.

1. Making use of SaaS applications will provide applicability of the DAS users with an HR suite(Deyo, 2018). The monitoring of performances will get simplified on shifting to a SaaS platform. Besides the actual location of the charity’s database, all the maintenance, updations and integrated security features can be maintained by the application provider.

2. The data of the DAS users can get uploaded daily which gets stored on the remote server.

3. The digital identities can be created uniquely for each user to allow them access to the cloud services(Powley, 2018).

4. The DAS intranet can provide necessary supporting services to monitor the management of human resources and performances.

5. The digital identities will authenticate the technical staff in the charity to have an easy access to the performance management and the HR suite(Powley, 2018).

6. Moving on to the COTS (commercial off the shelf) applications will help the charity organization to have an access to the necessary tools and services(The Basics of COTS, 2018).

7. The COTS application platforms offer services to manage payrolls in the organization.

8. The payroll of the DAS users can be further managed by using the functionality of a single sign-on(Graciolli, 2015).

9. A team is required to be established to work together in coordination to provide the necessary services to the charity.

10. The privacy policies could be developed at the company level to enable protection of the personal data of the users.

11. The policy formulation must consider all the necessary control measures including standardization to assure the security of the data stored on the cloud servers.

12. Collection of the personal information to its maintenance must be managed at the advanced level and with efficiency so that the personal data of the users gets stored safely on the cloud services (Kaplan, Rezek, & Sprague, 2013). Maximizing security of the data is the ultimate objective to be achieved in the following report.

Clearly, the SaaS, PaaS and the commercial on the shelf application platforms will guide the system to provide the necessary controls to allow protection of the data. The information described in the following reports presents a clear elucidation on the need for services and certainly holds a great value for the charity.

Cohen, E., Baudoin, C., & Dotson, C. (2015). Security for Cloud Computing. Retrieved from http://www.cloud-council.org/deliverables/CSCC-Security-for-Cloud-Computing-10-Steps-to-Ensure-Success.pdf

Deyo, J. (2018). Software as a Service (SaaS). Retrieved from http://www.isy.vcu.edu/~jsutherl/Info658/SAAS-JER.pdf

Digital Identity and Privacy. (2017). Retrieved from https://www.omidyar.com/sites/default/files/file_archive/Digital_Identity_POV_Oct17.pdf

Gholami, A., & Laure, E. (2015). Security and Privacy on sensitive data in cloud computing. Computer Science & Information Technology, 2015, 131-150.

Graciolli, M. (2015). Ways to mitigate cloud computing risks. Retrieved from https://www.neweggbusiness.com/smartbuyer/over-easy/5-ways-mitigate-cloud-computing-risks/

Benkoel-Adechy, D. (2012). 5 forces driving Trusted Digital Identity. Retrieved from https://blog.gemalto.com/mobile/2018/02/22/5-forces-driving-trusted-digital-identity/

Deyo, J. (2018). Software as a Service (SaaS). Retrieved from http://www.isy.vcu.edu/~jsutherl/Info658/SAAS-JER.pdf

Digital Identity Management. (2011). Retrieved from http://www.oecd.org/sti/ieconomy/49338380.pdf

Graciolli, M. (2015). Ways to mitigate cloud computing risks. Retrieved from https://www.neweggbusiness.com/smartbuyer/over-easy/5-ways-mitigate-cloud-computing-risks/

Kaplan, J., Rezek, C., & Sprague, K. (2013). Protecting information in the cloud. Retrieved from https://www.mckinsey.com/business-functions/digital-mckinsey/our-insights/protecting-information-in-the-cloud

Miller, J. (2018). SharePoint Cloud Solution Comparisons. Retrieved from http://summit7systems.com/downloads/S7S_SharePointCloudSolutionsComparison.pdf

Platero, M., & Overton, A. (2014). Assessing Privacy and Security Risks via the PIA Process. Retrieved from https://iapp.org/media/presentations/14Symposium/Assessing%20Technology%20and%20Privacy%20Risks%20via%20the%20PIA%20Process.pdf

Bracy, J. (2016). This startup offers data- and risk-mapping solution for PII. Retrieved from https://iapp.org/news/a/this-startup-offers-data-and-risk-mapping-solution-for-pii/

Breaux, R., & Jo, S. (2014). Designing and Implementing an Effective Privacy and Security Plan. Retrieved from https://iapp.org/news/a/designing-and-implementing-an-effective-privacy-and-security-plan/

Gieser, D. (2015). What is personally identifiable information? Retrieved from https://scholarship.shu.edu/cgi/viewcontent.cgi?article=1687&context=student_scholarship