Cloud Computing Final paper and presentation
Skantamn
Intersession7_Final_Project_Projection.docxRunning Head: Intersession 7 Final Project Projection
1
Intersession 7 Final Project Projection 4
Intersession 7 Final Project Projection
Shalini Kantamneni
Ottawa University
Intersession 7 Final Project Projection
Assessing and mitigating security and privacy issues
Risk profiling is one of the strategies used to tune the cloud adopters’ security and privacy needs according to the relevant and practical mitigation strategies (Dey, Islam & Arif, 2019). After establishing or identifying the risks faced, an order is established from the most prevalent risk to the least prevalent one. Security measures are then enacted based on this criterion. Risk profiling establishes a guided scheme through which only the concerns that are considered valid are addressed. Risk profiling prevents the issue of overbudgeting or overallocation of the limited resources to suits his or her interests which is common where the cloud service customer makes his or her own choices based on what he or she sees other customers to other cloud service providers are experiencing. They fail to recognize that each cloud service provider provides his own unique set of cloud services and infrastructure to meet the cloud service customers’ needs.
User profiling is usually done according to user groups. In most cases, access rights and privileges are set based on the user group to which a user belongs (Zhang et al., 2018). This is common practice by system administrators to assign the necessary rights and privileges to resources based on the least requirement. By doing this, the user's ability to efficiently perform his or her task is not impeded and both security and privacy of the cloud resource are upheld. One user group cannot access the resource uniquely provided to them based on access rights and privileges and they are limited to what they can see or do within the cloud environment. Security and privacy are usually affected in the case that the authentication standard used by the cloud adopter is ineffective, such as when passwords and usernames are intercepted by malicious people. Through user profiling, damage to the cloud architecture by the malicious people is prevented.
Orienting policies based on set standards is another convention that helps eliminate the issues surrounding overreaction and paralysis of the activities of the cloud adopter. The standards to be followed are the laws and regulations overseeing the resources and standards within the cloud environment. Examples are the SOX requirements, the HIPAA standards, the FISMA and NERC standards. All these laws and regulations oversee the security and privacy of the use of different resources along with the enaction of best practices (LIdster, 2018). Each regulation or standard is associated with its own unique set of requirements that complement the other standards. By orienting policies to meet these standards, the cloud adopters get the satisfaction and assurance they need that the cloud environment is safe for their use.
Mutual agreements between the cloud service provider and the cloud service customer in the form of terms and conditions of use of the cloud resources is one way through which the needs of the customer are matched to the provisions of the service provider. Each party is assigned specific roles and obligations which they need to adhere to whenever they transact within the cloud environment. By establishing these agreements, the party that is the source of an issue that paralyzes activities within the cloud environment admits liability. If it is the service provider that fails to ensure security or privacy is maintained, he is to face penalties as befit the cloud customer. If it is the cloud customer's actions that weaken the security and privacy standards put in place by the service provider, he is usually given a warning and the service provider has the right to terminate his or her account if the warning is not heeded. These agreements are placed to govern the mode of conduct of both the service provider and the cloud customer to prevent the paralysis of activities within the cloud environment. All in all, security and privacy is a provision that is to be guaranteed from the roles that both the service provider and the cloud customer are assigned as from the agreements they make. These agreements last throughout the period when the cloud service customer seeks the cloud services provided by the cloud service provider.
Reference
· Dey, H., Islam, R., & Arif, H. (2019, January). An Integrated Model To Make Cloud Authentication And Multi-Tenancy More Secure. In 2019 International Conference on Robotics, Electrical and Signal Processing Techniques (ICREST) (pp. 502-506). IEEE.
· LIdster, W. W. (2018). Factors that Influence Selection of Frameworks for Information Security Program Management: A Correlational Study (Doctoral dissertation, Capella University).
· Zhang, P., Liu, J. K., Yu, F. R., Sookhak, M., Au, M. H., & Luo, X. (2018). A survey on access control in fog computing. IEEE Communications Magazine, 56(2), 144-149.
