attached plg

profileDiscount Assign
CloudRiskandComplianceIssues.edited.docx

Running Head: CLOUD RISK AND COMPLIANCE ISSUES ANALYSIS 1

CLOUD RISK AND COMPLIANCE ISSUES ANALYSIS 2

Cloud Risk and Compliance Issues Analysis

Student name

Professor

Course

Date of submission

Privacy issues and mitigation measures

There are several privacy concerns which the organization needs to consider when shifting clouding computing. The organization should be aware of their data accessibility and information portability (Warren, 2017). There are concerns about the data being stored and processed in the cloud.

The second privacy issue is the erasure and destruction of data. Even if the stored information in the cloud enhances maximum availability, there is a point when the data is not required and needs to be securely archived. However, organizations may not be guaranteed the full erase of their data without maximum encryption. There are also concerns with legal, compliance, and regulatory requirements. The organization will not be sure of who will be responsible for their information on the cloud platform. Besides, the whereabouts and storage of the data will also be a concern. When data is stored in the cloud platform, there is no known about location and the nature of the storage.

Several measures can mitigate possible risks and enhance data privacy. There should be encryption of data at rest. Encryption protects the data, which is in transit or not in use. The data should be protected using firewalls and monitoring. There should also be a two-factor authentication; by combining a password with other authentication elements, the management should also eliminate all the shared accounts, including web services and cloud platform credentials. The I.T. expert should also focus on defining a well-shared responsibility model.

There should be no consideration whether the model is for software, infrastructure, and platform as a service. The organization should also utilize standard cloud assessment questions. The questions should be aimed at knowing whether the cyber security personnel comply with the objectives. The I.T. executives related to the cloud should consider inherent to cloud migration. Cloud migration will enhance data confidentiality and compliance-related issues. The movement also improves audibility as well as data residency issues.

Risk management matrix

Ballot online company is exposed to the risk of cloud adoption. The federal government has recently made the risk of cloud adoption a midst tenet due to its modernization strategies. Any organization which adopts cloud technology without fully implementation mitigation: Exposes itself to financial, legal, technical, and compliance risks. Cloud has its unique threats. The first threat is that consumers may have limited control and visibility. The platform demands self-service, which simplifies the process of unauthorized access. Besides, accessible internet APIS can be compromised. The separation between many tenants may fail.

There are several recommendations which the organization can utilize to mitigate cloud adoption risks. The organization should merge with a third party, which will assure cloud security regularly (Weippl et al., 2017). The company should work with industry-standard security certification. The third-party audits will help to ensure that the cloud providers being employed are following the security standards of the industry.

The organization should also aim at implementing end to end encryption. The encryption decreases the probability of the data being breached. Besides, there should be regular updates on the company's software. Running of outdated O.S. and internet browsers expose the system to risk despite third party and encryption audits. The I.T. analysts have also recommended using a single sign-on solution, which enhances security and convenience. The administration should not have multiple login accounts and passwords; they make it more complicated for the administrator and the user. Limiting to a single login account reduces the number of potential risk exploits and weaknesses. The analysts inventing cloud solution should practice their diligence. Additionally, thorough research on potential vendors is essential. The research includes checking for references, examining their security history, and analyzing risk and vulnerabilities.

References

Kittichaisaree, K. (2017). The public international law of cyberspace (Vol. 32). Cham: Springer.

Couzigou, I. (2018). Securing cyberspace: the obligation of States to prevent harmful international cyber operations. International Review of Law, Computers & Technology, 32(1), 37-57.

Schmitt, M. N., & Vihul, L. (2016). Respect for sovereignty in cyberspace. Tex. L., Rev., 95, 1639.

Khan, M. A. (2016). A survey of security issues for cloud computing. Journal of network and computer applications, 71, 11-29.

Venkatesh, A., & Eastaff, M. S. (2018). A study of data storage security issues in cloud computing. International Journal of Scientific Research in Computer Science, Engineering and Information Technology, 3(1), 1741-1745.